Network Strategy and Design Final assignment disaster rec

326 views

Published on

Network Strategy and Design

Published in: Business, Education
  • Be the first to comment

  • Be the first to like this

Network Strategy and Design Final assignment disaster rec

  1. 1. IT19 (Network Strategy and Design)
  2. 2. IT19 (Network Strategy and Design)Level 9,815 George street Sydney NSW 2000 AustraliaDepartment of InfrastructureDISASTER RECOVERY PLAN REPORTDec 2009© Department of Infrastructure (AICL)All rights reserved. No part of this publication may be reprinted, reproduced, stored in aretrieval system or transmitted, in any form or by any means, without the priorpermission in writing from the AICL Department of Infrastructure.
  3. 3. IT19 (Network Strategy and Design)ContentsContents....................................................................................................3Introduction:..............................................................................................4Overview.....................................................................................................................................4Scope:.......................................................................................................6Guidelines:................................................................................................6Roles of Team Organization:....................................................................6Risks:........................................................................................................8ANALYSIS...............................................................................................9Establish Role Departments:...................................................................10Policies and procedures:.........................................................................11Project Planning......................................................................................11Preparing to Handle Disaster:.................................................................12DR Plan/Procedures:...............................................................................13Testing the disaster recovery plan:.........................................................15The Recovery Planning Process.............................................................15Conclusion:-............................................................................................15Glossary of Terms:....................................................................................................................16References:..............................................................................................16Disaster Recovery, viewed on 20dec 2009.............................................16
  4. 4. IT19 (Network Strategy and Design)Introduction:In 2004, AICL formed a partnership with TAFE NSW - Sydney Institute to sequentiallydeliver the Advanced Diploma of Hospitality Management. AICL started delivery inFebruary 2005 at TAFE Loftus campus, but the partnership became so successfulwithin 12 months it delivered this course on four campuses:• - AICL• - Loftus TAFE• - Mount Druitt TAFE• - Padstow TAFEAs hospitality is very important industry where Australia is suffering from a skillsshortage, AICL have actively participated in industry to give concrete support. Studentshave been placed in industry working part-time in some very prestigious establishmentsto consolidate the skills they are acquiring whilst studying on campus.AICl has won three consecutive awards since 2006. AICL was awarded the TourismTraining Australia "National Training Legend Award" for outstanding achievement indelivery and positive contribution to the hospitality industry.In 2007 AICL won the Australian TAFE Marketing Association (ATMA) Award forBusiness Development - Innovative Commercial Service Category. An award titled TheMinister’s Student Achiever Award (for Tourism and Hospitality) was won by AICL in2008.OverviewPlanning for the business continuity of an organization in the aftermath of a disaster is acomplex task. Preparation for, response to, and recovery from a disaster affecting theadministrative functions of the organization requires the cooperative efforts of manysupport departments in partnership with the functional areas supporting the "business"of DOI.
  5. 5. IT19 (Network Strategy and Design)This document proposes disaster recovery plans to address various types of possibledisaster scenarios. The plans reflect the analysis and determination of appropriateresponses as agreed in discussions with representatives from Corporate IT and otherdepartments.This document is intended to provide a framework, with some possible solutions, of thebackup and disaster recovery plans for the DOI project. As with all disaster / recoverysituations, not all variations can be documented.Why Disaster Recovery?Planning for the business continuity of Disaster Action Team (DAT)/DOI in theaftermath of a disaster is a complex task. Preparation for, response to, and recoveryfrom a disaster affecting the administrative functions of the organization requires thecooperative efforts of many divisions in partnership with the functional areas supportingthe "business" of DOI.The objectives of a disaster recovery plan for information services are to make sufficientpreparations, and to establish a sufficient set of agreed upon procedures, forresponding to a disaster or emergency, in order to minimize the effect upon theoperation of the business.Need for a Disaster Recovery PlanThree areas need to be reviewed: legal responsibility, financial loss and businessservice interruptions.Legal Responsibility: Management has a legal responsibility to protect its corporateresources and information.Financial Loss: Because of the efficiency, accuracy, speed and control of informationservices methods, organizations are more dependent on their information services innormal business operations. If the information systems services break down, a greatfinancial loss to the company could develop, or even destroy the business if properdisaster planning has not been done.Business Service Interruption: This can be very damaging to future relationships withcustomers. It can also affect the public image of the organization. The costs of nottaking precautions could be much more damaging and costly than modest preparationfor disaster recovery.Purpose:The purpose of disaster recovery/business resumption planning is to assure continuityof computing and telecommunications operations needed to support critical agencyfunctions. The business resumption plan should aim at achieving a systematic andorderly resumption of all agency computing and telecommunications services. The planshould provide for restoring service as soon as possible. Those functions that are mostcritical to achieving the agency mission must remain in operation during the recoveryperiod.
  6. 6. IT19 (Network Strategy and Design)Scope:These guidelines apply to all executive and judicial branch agencies and educationalinstitutions, as provided by law, that operate, manage, or use IT services or equipmentto support critical state business functions.Guidelines:Emergency response/problem escalation procedures prescribe how to respond to twokinds of situation:• Disaster events: Fires, floods, earthquakes, and bombings are examples of disasterevents. They often take the form of unforeseen events that cause damage or lengthydisruption or threaten to do so. One can more readily recognize the situation is adisaster during this type of occurrence.• Problem: A disaster may evolve from a problem that disrupts normal operations andthen worsens or continues so long that disruption becomes critical.Roles of Team Organization:Planning for the business continuity of DOI in the aftermath of a disaster is a complextask. Preparation for, response to, and recovery from a disaster affecting theadministrative functions of the organization requires the cooperative efforts of manydivisions in partnership with the functional areas supporting the "business" of DOI.The following personnel are required to be present during pre and post recoveryprocess.Responsibilities of RolesIT System Administrator(Roshan B)Responsible for the verification andoperational maintenance of the system atthe Server levelShutdown of the Workgroup(TRIM) and MasterservicesShutdown of the Fulcrum Indexer, PDFGenerator and Encapsulator servicesReconcile Fulcrum and TRIM database with theexecution of the maintenance tool
  7. 7. IT19 (Network Strategy and Design)Perform store checkPerform shakeout testingExecute SQL query to determine missingrecords at the SQL Server database level withassistance from the SQL Server DBAExecute SQL query to remove unwanted recordinformation at the SQL Server database levelwith assistance from the SQL Server DBAIdentifying and recovering missing files frombackup or workgroup server cache withassistance from the SQL Server DBARecords Manager / System AdministratorResponsible for the verification andoperational maintenance of the system atthe business levelNotify all users of the DR procedures, advisingthem to log off and verify the processIdentifying records to be recreatedVerification and maintenance of the records atthe TRIM levelIdentification and removal of information from thesystem after the database restoration processfor records supposed to have been expunged orpurged with the assistance of the SQL ServerDBASQL Server DBAResponsible for the operationalmaintenance, backup and restoration of theSQL server database.Daily full backup of the SQL databaseHourly backup of the SQL log dumpBackup of the corrupted databaseBackup of the SQL log filesRestore last SQL backup from tapeApplication of SQL logs at SQL Server level
  8. 8. IT19 (Network Strategy and Design)Daily full backup of File System information withassistance from the IT System Administrator andNT AdministratorNT AdministratorResponsible for the maintenance of thesystem hardware, communications, securityand network operationExecution of standard hardware maintenanceMaintenance of the Server hardwareenvironment including communication, network,etcRisks:− There are many natural and Human made threats to service areas which couldcause business interruption. Potential threats to consider include personnel,physical environment, hardware/software systems, telecommunications,applications, and operations.Disaster Recovery Team proposed to develop a schedule back up within a week andhelp to maintain the Faculty as well as student database of the organization. The majorchallenge faced by the IT department was to be able to restore the original applicationsand database without having to go through the whole process of installation whichwould take much longer in the event of a failure. Specifically, they needed to identifyand tackle a large number of system issues such as which processes to stop, which andwho’s files to modify and which steps to automate or perform manually at the time of therecovery.− Threats affecting contingency planning.Natural hazards:∗ Earthquake∗ Tornado∗ Flooding∗ Landslide∗ Volcanic eruption∗ Lightning∗ Smoke, dirt, dust∗ Sandstorm or blowing dust∗ Windstorm∗ Snow/ice stormAccidents:
  9. 9. IT19 (Network Strategy and Design)∗ Disclosure of confidential information∗ Electrical disturbance∗ Electrical interruption∗ Spill of toxic chemicalEnvironmental failure:∗ Water damage∗ Structural failure∗ Fire∗ Hardware failure∗ Liquid leakage∗ Operator/user error∗ Software error∗ Telecommunications interruptionIntentional acts:∗ Alteration of data∗ Alteration of software∗ Computer virus∗ Bomb threat∗ Disclosure of confidential information∗ Employee sabotage∗ External sabotage∗ Terrorist activity∗ Fraud∗ Riot/civil disturbance∗ Strike∗ Theft∗ Unauthorized use∗ VandalismANALYSISTechnology and telecommunications systems are becoming increasingly important forbusinesses to perform their most basic business functions. Disruptive events, such asnatural disasters, intentional or unintentional errors in human judgment and
  10. 10. IT19 (Network Strategy and Design)vulnerabilities in computing hardware or software, can be so disastrous and debilitatingto a business that it renders itself inoperable.With a rising number of threats and an intense competitive business landscape, it isbecoming increasingly important that your organization have the ability to withstand adisaster. Certain organizations also have implied legislative requirements to fulfillvarious disaster recovery and business continuity obligations often resulting inadditional costs and complexities.Research shows that of those businesses that spend less than 5% of their IT budget ondisaster recovery strategies, less than 50% are likely to reopen or remain in businesswithin 2 years of experiencing a major loss of business information and less than 6%will survive long term.As such, the need to implement a Disaster Recovery Plan to protect businessinformation and core technology platforms are becoming an increasing priority for manybusinesses that want to operate in the unfortunate event that a disaster occursEstablish Role Departments:Disaster Recovery is all about planning and having a sound strategy for data protection.Our Disaster Recovery plan is relatively simple. Your data is stored within our DataCentres and we adhere to industry best practices for Disaster Recovery using the latestand most reliable technology, systems and procedures.Emergency ResponseThe strategies selected must provide a sufficient base upon which procedures can bedevised which afford all personnel the immediate capability to effectively respond toemergency situations where life and property have been, or may be, threatened orharmed.Backup OperationsMost backup sites will not have sufficient equipment, personnel, supplies, etc., tosustain the complete operational requirements or another facility. In this case, a moredetailed backup strategy must be developed.Server Farm - Load Balanced InfrastructureData Centers provide High Availability through the logical allocation of Hardwareresources to different users, minimizing the impact of a hardware failure or disaster.Multiple servers are grouped together. Applications can be configured to be deliveredfrom all servers in the farm or any subset easily from the application publishing allowingfor simple load balancing across the available platforms.
  11. 11. IT19 (Network Strategy and Design)Virtualization Infrastructure:Traditional disaster recovery plans require many manual, complex steps to allocaterecovery resources, perform bare metal recovery, perform data recovery, and validatethat systems are ready for use. Our Infrastructure service eliminates many steps in theprocess and simplifies the recovery process.Virtualization removes the need to have the correct hardware configuration, patchesand firmware in place and eliminates the challenges associated with recovering theoperating system and installing applications on different hardware.Virtualization converts a traditional Disaster Recovery Process and environment,including hardware configuration, firmware, operating system install and applicationinstall, into data stored in just a few files on disk. Protecting a complete system is just amatter of protecting a few files using backup and replication software. The files thatcomprise a virtual machine can be recovered to any hardware without requiring anychanges because virtual machines are hardware-independent. Servers can bereprovisioned in minutes not days in the event of a physical layer failure.Policies and procedures:The disaster recovery policy must be reviewed at least annually to assure itsrelevance. Just as in the development of such a policy a planning team that consists ofupper management & personal from information security, information technology,human resources or other operations should be assembled to review the disaster policy.Roles and responsibilities of the planning team should be as follows:• Perform an initial risk assessment to determine current information systemsvulnerabilities.• Perform an initial business impact analysis to document and understand theinterdependencies among business processes and determine how the businesswould be affected by and information systems outage.• Take an inventory of information systems assets such as computer hardware,software, applications and data.• Identify single points of failure within the information systems infrastructure.• Identify critical applications, systems and data.• Prioritize key business functions.Project PlanningGet preliminary management commitment.Gets agreement from senior management on the need for disaster recovery/businessresumption planning.Designate a disaster recovery/business resumption manager.Designate a person to manage the agencys recovery from a disaster. The designatedindividual must have sufficient knowledge of information management and informationtechnology (IT) within the agency in order to work effectively with IT hardware and
  12. 12. IT19 (Network Strategy and Design)software, the data centres, and service providers in re-establishing informationprocessing and telecommunications services after a disaster has occurred.Organize a disaster recovery/business resumption planning team.Organize a team that will be responsible for the detailed technical analysis and planningfunctions needed for a recovery plan.Identify individuals from management, data processing, telecommunications, businessoperating units, and consultants to participate in preparing the disasterrecovery/business resumption plan.Audit current recovery preparedness.Determine what security/disaster recovery/business resumption plans are in place.Identify what planning remains to be done.Develop the project schedule.Estimate task durations, identify responsibilities, assign resources, and document theschedule for plan development.Preparing to Handle Disaster:IT ThreatsBreach of Personal Information• All data owners must report any suspected or confirmed breach of personalinformation on individuals to the Chief Security Officer (CSO) immediately upondiscovery.• Location managers are responsible for ensuring all employees in their unit are awareof policies and procedures for protecting personal information.• Informs the Legal Department and the Chief Privacy Officer that a possible privacybreach has been reported and provides them an overview of the situation.• Contacts the individual who reported the problem.• Reviews the preliminary details with the Legal Department and the Chief PrivacyOffice.Denial of Service / Distributed Denial of Service• Inform relevant IT security personnel.• Ensure all communication links are up.• Ensure data integrity..• Provide alternate solutions in case primary communication channels are down.Virus Outbreak• Isolate system, devices, servers.
  13. 13. IT19 (Network Strategy and Design), etc from the network and switch over to backup equipments.• Report the situation to the Network Security Officer.Fire/Smoke• Activate the nearest fire alarm. You may find one at development lobby, serverroom, kitchen and corridor.• Call 16 and report location and source of fire, if known.• If it is possible and safe, turn off all electrical equipments.• Evacuate the building.• After reaching a safe location, contact other responsible departments.Bomb or other terrorist threat• Call (92-21) 2416626, Bomb Disposal Squad.• If the threat has been received via phone call then keep talking to the caller and tryto get as much information as possible.• Evacuate the building; depending on the instructions provided by the disposal squad.Power / Connectivity Failure• Switch off all electrical equipment• Determine extent of blackout by calling relevant department engineer.• Make sure that all doors will remain closed before evacuation. Consult the relevantperson if any door found unlocked.• Initiate the telephone tree to ensure that everyone arrives at home safely.Heavy Rain• Relocate the equipment and records to a dry location which may be affected.• Determine extent of the rain and its severity for the building.• Inform the management to take immediate actions for releasing the employeesearlier.• Evacuate the basements in case some rain water poured in.DR Plan/Procedures:Key ComponentsAn operational Disaster Recovery facility consists of three key components:• Facilities and Infrastructure – the underlying IT infrastructure and data must bestructured to be recoverable – this involves physical infrastructure and software• Processes and Procedures – Business Continuity/Disaster Recovery must beincorporated into standard processes and procedures• Operational Business Continuity/Disaster Recovery Plan – there must be anoperational and tested plan to recover
  14. 14. IT19 (Network Strategy and Design)A fundamental requirement of an operational Business Continuity/Disaster Recoveryplan is a High Availability IT infrastructure. This both tolerates some outages andminimizes the impacts of serious events by providing easy and fast recovery. A well-designed infrastructure will is a key enabler to achieving effective BusinessContinuity/Disaster..Recovery.Increased data dependency between systems and applications mean than anincreasing volume of data is critical for effective recovery.
  15. 15. IT19 (Network Strategy and Design)Testing the disaster recovery plan:The Recovery Planning ProcessThere are nine major phases in the recovery planning process:1. Project Planning: Define the project scope, organize the project, and identify theresources needed.2. Critical Business Requirements: Identify the business functions most important toprotect, and the means to protect them. Analyse risks, threats, and vulnerabilities.3. Recovery Strategies: Arrange for alternate processing facilities to use during adisaster. Make sure to store copies of computer files, work-in-process, software, anddocumentation in a safe place.4. Emergency Response/Problem Escalation: Specify exactly how to respond toemergencies and how to tell when a "problem" has become a potential "disaster."5. Plan Activation: Determine procedures for informing the right people, assessing theimpact on operations, and starting the recovery efforts.6. Recovery Operations: Develop the specific steps for reducing the risks of anoutage and restoring operations should an outage occur.7. Training: Make sure everyone understands the recovery plan and can carry it outefficiently.8. Testing: Make sure the plan works effectively.9. Plan Maintenance: Make changes and additions to keep the plan current.Conclusion:-Changes to organizations occur all the time. Products and services change as do theirmethod of delivery.The increase in technological based processes over the past ten years & particularlywithin the last few years, have significantly increased the level of dependency upon theavailability of systems and information for the business to function effectively. Thesechanges are likely to continue, and it is likely that the only certainty is that the pace ofchange will continue to increase.It is necessary for the disaster recovery plan to keep pace with these changes in orderfor it to be of use in the event of a disruptive emergency.To ensure this, the disaster recovery plan update process must be properly structuredand controlled. Further, whenever changes are made to the plan they are to be fullytested and appropriate amendments should be made to the training materials. This willinvolve the use of formalized change control procedures under the control of the plansowner.
  16. 16. IT19 (Network Strategy and Design)In short, update of the plan should not only be a formal process in its own right, butmust be part of business as usual.Glossary of Terms:Term DescriptionAPI Applications Programming InterfaceDR Data RecoveryEncapsulator Process that converts objectsGUI Graphic User InterfaceHTML Hyper Text Markup LanguageIE5 Internet Explorer version 5PDF Portable Document FormatTRIM Tower Records and Information Management SoftwareURL Uniform Resource Locator eg. Web addressXML extensible Markup LanguageReferences:Disaster Recovery, viewed on 20dec 2009http://searchenterprisewan.techtarget.com/sDefinition/0,,sid200_gci752089,00.htmlDisaster recovery, Disaster recovery, viewed on 21dec2009,http://en.wikipedia.org/wiki/Disaster_recoveryDisaster Recovery Plan, viewed on 2dec 2009,http://www.anbg.gov.au/cpbr/disaster-plan/Risk Analysis, viewed on 20dec , 2009http://www.devx.com/security/Article/16390
  17. 17. IT19 (Network Strategy and Design)DISASTER RECOVERY PLANNING FROM A-Z viewed on viewed on 25 Nov 2009http://www.disaster-recovery-guide.com/

×