7.
Information Technology Disaster Recovery Guide – ABC Bank Page 7
Assumptions
For purposes of development of this plan, the following assumptions are made:
Primary colo data center in El Segundo is partially or completely destroyed, or one or more critical line of
business (LOB) applications are unusable
The alternate processing site (DR site) is up and available to handle temporary data processing
All necessary utilities, data, and communication circuits are available as documented and tested within the
plan
Critical records and/or backup media are stored off‐site and have survived the disaster or disruption
Critical IT recovery team members, or appropriately skilled IT vendor personnel, are available to perform the
procedures as defined within the plan
Other departments within ABC have developed, implemented, and validated their own internal disaster
recovery plans
Business Partners, service providers, vendors, and other external organizations perform according to their
general commitments, and/or service level agreements, to support our organization in recovery from the
disaster
Business Partners, service providers, vendors, and other external organizations have implemented and
validated their own internal disaster recovery plans
12.
Information Technology Disaster Recovery Guide – ABC Bank Page 12
Disaster Preparation
1. Disaster Recovery Planning
The first and most important thing to do is to have a well‐developed and updated Disaster Recovery Plan, which can be
used in response to a disaster. The extent to which this plan can be effective, however, depends upon ABC IT
management and staff to review and update this plan, and practice for contingencies, as changes to the IT
infrastructure, personnel, and application portfolio occur.
2. Recovery Facility
If the primary data center is partially or completely destroyed in a disaster, repair or rebuilding of that facility could take
an extended period of time. In the interim, it would be necessary to failover to the DR site in Tukwila. This document
details procedures necessary to bring up all or part of the infrastructure at the DR site.
3. Replacement Equipment
Once completed, with input from ABC IT personnel, this document will contain a complete inventory of all servers and
network devices, including any software, that must be eventually restored at the primary data center following a
disaster. The inevitable changes that occur in the systems over time require that this plan be periodically updated to
reflect the most current inventory.
Where possible, agreements should be made with vendors to supply replacement equipment on an emergency basis.
To avoid problems and delays in the recovery, every attempt should be made to replicate current system configurations,
however, there will likely be cases where components are not available or the delivery timeframe is unacceptably long.
The recovery team should have the expertise and resources to work through these problems as they are recognized and
although some changes may be required to the procedures documented in this plan, using different models of
equipment or equipment from different vendors may be suitable to expediting the recovery process.
4. Backups
New hardware can be purchased, new buildings can be built, and new employees can be hired. However, the data that
was stored in the pre‐disaster IT infrastructure cannot be replaced or recreated; it must be restored from a copy that
was not affected by the disaster.
Disaster Recovery Site Data Replication
ABC has decided to employ a geographically separated DR site for all business critical IT infrastructure as well as other
redundant measures to protect specific information systems and infrastructures.
By utilizing a virtual server infrastructure and redundant Storage Area Network (SAN) storage devices, with automated
site‐to‐site data replication and a partially automated failover mechanism, ABC has effectively mitigated much of the risk
associated with a disaster at the corporate offices or primary data center.
This option could ideally provide a 12‐hour Recovery Point Objective (RPO), 24‐hours in the worst case, and a Recovery
Time Objective (RTO) of 24 – 72 hours.
Redundant Backup Processes
ABC is currently performing weekly full and nightly incremental backups to tape, and is rotating tapes three times per
week to a secure, climate‐controlled offsite storage facility. This process acts as a backup to the SAN replication process
and ensures the capability for a point‐in‐time restore in the event of an issue with the SAN or corruption of the virtual
machine data. In the unlikely event of data corruption, this corruption could potentially be replicated to the DR site,
rendering both the primary data center and DR site virtual machine(s) unusable.
14.
Information Technology Disaster Recovery Guide – ABC Bank Page 14
IT Disaster Recovery Plan Overview
This plan uses a general yet prescriptive approach to recover from an outage or disaster that destroys or severely
damages some or all of the IT infrastructure at the ABC primary data center.
1. Mobilize Personnel
Immediately following the disaster, a planned sequence of events should begin. Key personnel should be immediately
notified and the designated recovery teams should be mobilized to implement this plan. Personnel are listed in the plan
under Appendix A – IT Management & Staff Contact List. However, this plan can still be usable even if one or more key
IT and administrative personnel are unavailable.
2. Begin Damage Assessment & Salvage Operations at Disaster Site
Early efforts should be targeted at protecting and preserving any surviving computing equipment. Any salvageable
equipment should be identified and moved to a clean, dry environment away from the disaster site where a complete
system assessment can be performed.
At the same time, a survey of the disaster scene should be done by appropriate IT, and emergency services personnel, if
necessary, to estimate the amount of time required to put the facility, utilities, and systems back into working order.
3. Determine Activation of Disaster Recovery Plan
Based on damage assessment, a decision should then be made whether to activate the disaster recovery plan. If the
corporate office was also affected by, for example, a regional disaster, a decision to temporarily relocate corporate
office employees to a branch or other temporary work location should also be made.
4. Activate Disaster Recovery Site
Since failover to the DR site is not entirely automated, once the DR plan is activated, IT personnel should immediately
begin the process of bringing the DR site online, making any changes to the infrastructure as necessary to support the
movement of data processing activities to the DR site.
Depending upon the severity of the disaster, and the specific systems affected, it may become necessary for recovery
personnel to deviate from the plan; this point underscores the necessity to keep this plan up to date.
5. Restore Data from Backup
While SAN replication should keep the DR site systems mostly in sync with those in the primary data center, some of the
physical servers rely on alternate backup methods. Depending on the severity of the disaster, and the specific systems
affected, it may become necessary to restore servers from one of the backups. Individual application owners may need
to be involved at this point, so appropriate administrative/operations personnel, those considered subject matter
experts (SMEs) for their specific applications, should be assigned for each affected application to ensure the application
and data are restored properly.
6. Move Back to Restored Permanent Facility
When the utilities and infrastructure have been repaired and the primary data center is again ready for occupancy,
systems should be failed‐back to the primary data center. The logistics of this process are out of scope for this plan and
should be detailed in a separate document.
15.
Information Technology Disaster Recovery Guide – ABC Bank Page 15
Disaster Recovery Team
To function in an efficient manner and to allow independent tasks to proceed simultaneously, the recovery process will
be handled by several separate teams. This plan calls for six teams that work together, but for which specific portions of
the recovery effort are assigned.
The Disaster Recovery Teams are:
Recovery Management Team
Damage Assessment & Salvage Team
Technology Recovery Team
Applications Recovery Team
Operations Support Team
Administrative Support Team
Disaster Recovery Team Responsibilities
As the recovery process gets underway, it is imperative that each of the recovery teams remain in close communication
and strive to work together to complete the recovery as quickly as possible. The following section provides a brief
description of the responsibilities for each team.
1. Recovery Management Team
The Recovery Management Team is responsible for coordination of the entire recovery project and is comprised of
the following personnel:
Recovery Manager
Technical Coordinator
Operations Support Coordinator
Administrative Support Coordinator
The Recovery Manager is the leader of the Recovery Management Team and the overall recovery effort and has the
final authority regarding decisions during the recovery process. Each of the remaining individuals will be the leader
of a specialized team, or teams, which will each address a portion of the recovery tasks. As the recovery process
gets underway, there will likely be areas of overlap between teams and thus close communication will be required.
The Recovery Management Team will have regular meetings to provide for adequate communication between team
coordinators.
Each coordinator should schedule a meeting for members of his team well in advance of their first planned activities.
A first meeting agenda should include:
Reviewing the current status of the recovery operation
Emphasizing what the team's responsibilities are
Making sure that members are aware of any changes to the original disaster recovery plan
Assigning tasks to individual team members
Establishing time and location for future team meetings
2. Damage Assessment & Salvage Team
The Damage Assessment Team will be led by the Technical Coordinator or his designate. This team will be
responsible for
Providing a detailed damage assessment of the disaster site, including utilities and infrastructure
Providing an inventory of both salvageable and non‐salvageable equipment
16.
Information Technology Disaster Recovery Guide – ABC Bank Page 16
Managing the equipment salvage operations
Based on this assessment the Administrative Support Team can begin the process of acquiring replacement
equipment necessary to rebuild the IT infrastructure and systems once the disaster site is repaired and operational.
3. Technology Recovery Team
The Network Recovery Team will be led by the Technical Coordinator. This team will be responsible for:
Determining which specific infrastructures and systems are affected by the disaster
Reviewing the recovery steps documented in this plan, making changes as necessary to address any specific
circumstances, and communicating these changes to the Recovery Manager
Communicating with the Recovery Manager regarding the estimated scope and severity of the disaster
Communicating with the Recovery Manager regarding the estimated time to return to production (RTP)
Determining which hardware, software, and supplies will be needed to start the recovery process
Bringing the disaster recovery site online
Making any other necessary changes in the IT infrastructure to support RTP
4. Applications Recovery Team
The Applications Recovery Team will be led by the Technical Coordinator or his designate. This is an optional team
to be assembled in the event that business application owners and/or subject matter experts (SMEs) need to be
involved in the recovery process. Those considered SMEs for their specific applications should be assigned for each
affected application to ensure the application and data are restored properly.
5. Operations Support Team
The Operations Support Team will be led by the Operations Support Coordinator. This team will be responsible for:
Providing basic Help Desk services to provide phone support and recovery status information to end‐users
Assisting the Damage Assessment & Salvage, Technology, and Applications Recovery teams, as required
6. Administrative Support Team
The Administrative Support Team will be led by the Administrative Support Coordinator. This team will provide
administrative support to the other recovery teams as well as support to employees. One of the most important
functions this team can provide is to handle the burden of administrative details so that IT staff can focus on the
recovery efforts.
Some of the anticipated team tasks include:
Providing support for executing acquisition paperwork
Assisting the Recovery Manager and individual team coordinators with determining availability of staff to
help in the recovery efforts
Providing support to track time and expenses related to the disaster
Coordinating food and sleeping arrangements for recovery staff, as required
Providing or coordinating transportation and delivery services, as required
Assisting in contracting with outside vendors for assistance in the recovery process, such as IT consulting
services, for the installation or recovery of computing or infrastructure‐related systems
17.
Information Technology Disaster Recovery Guide – ABC Bank Page 17
Activating the Disaster Recovery Plan
1. Appointment of Recovery Manager
The first critical step is to appoint the Recovery Manager. The person most appropriate for this position is ABC Head of
IT. If the Head of IT is unavailable, the appointment should be made by the Head of Operations, Chief Information
Security Officer (CISO), or any available senior executive or member of the ABC Board of Directors. This person must
have at least some exposure to Information Technology and must have signature authority for any expenditures
incurred during the recovery process.
2. Assemble Recovery Team
One of the Recovery Manager's first duties is to contact and assemble all available members of the recovery team. The
Recovery Manager should also produce a list of any extra personnel, outside of the core recovery team, who can provide
additional assistance in the recovery process, if required.
3. Damage Assessment & Equipment Salvage
The Recovery Manager should immediately engage the Technical Coordinator so that he can begin the damage
assessment and the process of identifying and retrieving any salvageable electronic equipment.
4. Establish the Recovery Control Center
The Recovery Control Center is the location from which the disaster recovery process is coordinated. The Recovery
Manager should designate where the Recovery Control Center is to be established. The Recovery Control Center would
most likely be at a surviving branch location, or other suitable location near the disaster site.
5. Activating the Disaster Recovery Plan
The Recovery Manager sets the plan into motion. Early steps to take are as follows:
a. The Recovery Manager should retrieve the Disaster Recovery Lock Box located at DataLOK, or from one of the
other two locations described in the previous section, and open it to obtain an up‐to‐date copy of the Disaster
Recovery Plan. This plan is in printed form as well on CD‐ROM. Copies of the plan should be made and handed
out at the first meeting of the Recovery Management Team.
b. The Recovery Manager should appoint the remaining members of the Recovery Management Team. This should
be done in consultation with surviving members of the IT staff, and with management approval.
c. The Recovery Manager should call a meeting of the Recovery Management Team at the Recovery Control Center
or a designated alternate site. The following agenda is suggested for this meeting:
Each member of the team is to review the status of their respective areas of responsibility
The Recovery Manager briefly reviews the Disaster Recovery Plan with the team
Any adjustments to the Disaster Recovery Plan to accommodate special circumstances are to be discussed
and agreed upon
Each member of the team is to review the makeup of their respective recovery teams; if individuals key to
one of the recovery teams is unavailable, the Recovery Manager is to assist in locating others who have the
skills and experience necessary, including contracting with IT vendors or other appropriate personnel
The next meeting of the Recovery Management Team is scheduled; it is suggested that the team meet at
least once each day for the first week of the recovery process
21.
Information Technology Disaster Recovery Guide – ABC Bank Page 21
SANs to automatically replicate any block‐level changes from the primary data center to the DR site. The replication
process takes approximately 1‐3 hours, depending upon the amount of data that has changed since the last snapshot.
The Nimble SAN retains approximately 14 days of snapshots on the SAN located at the primary data center and
approximately 45 days of snapshots on the SAN located at the DR site. The Nimble SANs provide storage for the
following (29) VM guest machines:
CANONAPP
CANONOCR
CANONSQL
DC1
DC2
DEPCON
FTP
GLBA
HELPDESK
INTRANET
IS
MCAFEE
MPS
NESSUS
PRINTSVR
RDP
SCENTER
SOLARW
SOPHOS
SQL1
SQL2
TACACS
TSGW
TSOFT
WDS
WEBSENSE
WEBTEST
WSUS
PROLOGUE
4. vSphere Data Protection (VDP)
VMware vSphere Data Protection (VDP) is a backup and recovery solution that provides agentless, disk‐based backup of
virtual machines, regardless of their power state. Like with BESR, VDP takes a quiesced snapshot, essentially a replica of
the entire system taken at a specific point in time, and copies this to external, deduplicated storage.
Enterprise data is highly redundant, with identical files and data stored within and across systems. VDP utilizes a
patented deduplication technology to eliminate redundancy at both the file and block level.
VDP also uses Changed Block Tracking, a VMware feature that enables VDP to only backup disk blocks that have changed
since the last backup. This greatly reduces the backup time and size of a given VM image and provides the ability to
process a large number of VMs within a limited backup window.
ABC utilizes VDP to perform backups of the critical VM guest machines in two separate processes; the first process runs
at 8:00pm nightly and backs up approximately half of the VMs to the Nimble SAN located at the primary data center, the
second process runs at 11:00pm nightly and backs up the remaining VMs to a HP SAN, also located at the data center.
VDP backups are retained for 66 weeks to allow for extended point‐in‐time restoration capability.
5. Symantec Backup Exec (BUE)
Symantec Backup Exec (BUE) is an agent‐based system for performing server backup and recovery. Unlike BESR, BUE
performs file‐based backup and recoveries and in the ABC environment, these backups are ultimately written to tape.
BUE is installed on the BACKUP2 server located at the primary data center. Given constraints with the backup window,
BUE actually first backs up target devices to backup server direct‐attached (internal) storage, and then a subsequent
process writes this data to a direct‐attached tape backup unit (TBU). This TBU is manufactured by HP/Quantum and is
equipped with a 24‐tape magazine cartridge, an auto‐loader, and three LTO‐4 tape drives.
BUE is used to backup the following:
BESR images on BACKUP2
SQLAGENT database backups on BACKUP2
EXCHWEST
NASCOLO
OFFICER
All backup tapes are encrypted using 128‐bit AES encryption.
23.
Information Technology Disaster Recovery Guide – ABC Bank Page 23
Backup Process – IT Core Services
Current data backup processes for specific IT core services are detailed below:
1. Network Device Configuration
ABC utilizes software, specifically Solarwinds Engineer’s Toolset (SET), to automatically backup and compare firewall and
switch configurations any time there is a configuration change. These are also emailed, by SET, to Joseph Kim who
maintains a copy is his email archive.
2. Active Directory Domain Services
ABC utilizes a flat, single‐forest, single‐domain Active Directory (AD) structure. ABC maintains 15 AD domain controllers
(DCs): DC1 and DC2 are virtual machines located at the primary data center, DC3 is a physical machine located at the
corporate offices, and DC4 is a virtual machine located at the DR site; the remaining 11 DCs are servers running in each
of the branches. The FSMO (Flexible Single Master Replication) roles are shared among the first three “primary” DCs.
Active Directory is not backed up per se, however the AD environment at ABC is quite fault‐tolerant. AD data is
automatically replicated between all domain controllers through AD’s built in replication mechanism; this process occurs
in near real‐time. In the event of a failure of one of the DCs, users can authenticate against any other DC in the forest,
assuming there is network connectivity.
In the event of failure of one of the “primary” DCs, those holding the FSMO roles, an administrator would simply “seize”
the missing roles onto any one of the remaining DCs; a manual, but very simple process.
3. File Services
For user data storage, ABC utilizes an 18TB NAS (Network Attached Storage) server, running Microsoft Windows Storage
Server 2008 R2, located in the corporate offices (NASHQ). The NAS server replicates in near real‐time with its peer, an
identical NAS server located in the primary data center (NASCOLO), using Microsoft Distributed File System (DFS). DFS, a
feature of Windows Server, utilizes “remote differential compression” to transmit only block‐level changes and data
compression to reduce network traffic between DFS replicas.
The NAS provides file services for nearly all departments at the corporate offices plus some of the branches. There is
currently approximately 7.5TB of data in total.
ABC maintains a server in each of the branches; all run Microsoft Windows Server 2008 R2 Standard and provide AD DC,
file, print, and DNS services. User data storage varies anywhere between 500GB (Flushing) and 50GB (Milpitas) and is
backed up nightly to the backup server (BACKUP2) via BESR.
4. E‐Mail
ABC utilizes Microsoft Exchange Server 2007 Standard and maintains 2 separate mailbox servers; EXCHWEST is a physical
server located at the primary data center that serves the west coast corporate office and branches, EXCHEAST is a
physical server located at the Flushing branch that serves the east coast branches.
ABC utilizes Proofpoint, a cloud‐based service, for SPAM/virus protection, encryption, archiving, and other security‐
related functions. In the event the Exchange server is offline or otherwise unreachable, Proofpoint will provide backup
queuing (store and forward) which will retain all received messages and then forward them to the Exchange server
when it comes back online, ensuring no data loss.
In the event of a disaster where Exchange Server recovery will be delayed, Proofpoint can also temporarily host a virtual
Exchange Server environment which would be accessible by ABC personnel through Outlook Web Access (OWA), a web‐
based interface.
EXCHWEST is backed up nightly via BESR to BACKUP2; EXCHEAST is backed up nightly via BESR to a Lacie NAS device in
the Flushing branch.
26.
Information Technology Disaster Recovery Guide – ABC Bank Page 26
5. Paragon
The Paragon application is installed on PROLOGUESVR and would use the same restore procedure as listed above.
6. Patriot Officer
The Patriot Officer application is installed on a physical machine (OFFICER) located in the primary data center, and is
backed up nightly via both BESR and BUE. In the event of a server failure, the server can be restored from a BESR image
or from a BUE tape backup.
7. SQL Application Servers
Individual SQL databases on SQL1, SQL2, WEBSENSE, and PROFITS are backed up nightly via SQLAGENT. SQL1, SQL2, and
WEBSENSE are also backed up via both Nimble Replication and VDP. In the event of a database failure in an application,
the SQL database for that application can be restored from the SQLAGENT database backup. In the event of a server
failure, the server can be restored from either a Nimble or VDP snapshot.
29.
Information Technology Disaster Recovery Guide – ABC Bank Page 29
In the event of failure of one or more of the DCs, it may be necessary to “seize” the missing roles onto DC4 or one of the
other surviving servers. To perform this, execute the following steps:
a. Logon to DC4 (or another DC) with an account that is a member of the Enterprise Administrators group
b. Click Start | Run then type “ntdsutil” in the Open field then click [OK]
c. Type “roles” then press [ENTER], this will take you to the fsmo maintenance prompt
d. Type “connections” and then press [ENTER], this will take you to the server connections prompt
e. Type “connect to server DC4” and then press [ENTER]
f. At the server connections prompt, type “q” and then press [ENTER], this will take you back to the fsmo
maintenance prompt
g. Type “transfer <role>” then press [ENTER], where <role> is the specific FSMO role that you want to
transfer, FSMO roles are: Schema, Domain Naming Master, RID Master, Infrastructure Master, and PDC; repeat
the transfer <role> command for each role you wish to transfer
h. Once done transferring roles, at the fsmo maintenance prompt, type “q” then press [ENTER] to take you back to
the ntdsutil prompt, then type “q” and press [ENTER] to quit
Once the FSMO roles are seized from the failed servers, they cannot be reintroduced back into the AD domain;
they must be manually rebuilt and then promoted to a DC role, then the FSMO roles can be manually transferred
back to the rebuilt domain controllers
4. File Services
In the event of a regional disaster that causes a failure of the NAS systems in both the primary data center (El Segundo)
and the corporate office, there would be no file services available for the corporate office branch. Surviving branch
locations would still have file services available on their local branch servers but none of these locations have a server
with enough storage capacity to restore data from the NAS systems, which is where the bulk of the corporate data is
stored.
As documented in the Observations & Recommendations section, ABC should consider deployment of a third NAS
device in the DR site then initiating DFS replication between all three NAS devices.
5. E‐Mail
In the event of a disaster where recovery of the Exchange Server will be delayed, Proofpoint can very quickly spin up a
virtual Exchange Server environment which would be accessible by ABC personnel through Outlook Web Access (OWA),
a web‐based interface. To bring up this virtual Exchange Server environment, Proofpoint will require the encryption key;
this key is available for download from a secure Proofpoint server.
To bring up the temporary virtual Exchange Server environment, contact Proofpoint and provide them with the
encryption key; once the virtual environment is online, Proofpoint will provide the web site address and logon
credentials. Once email services are temporarily hosted by Proofpoint, ABC IT staff can then determine the next
appropriate steps to recover the physical server or failover to the Exchange DR server.
To recover the physical Exchange Server (EXCHWEST) using BESR, use the procedure detailed in the section
Restore Procedures – Symantec Backup Exec System Recovery.
If it is going to be an extended period of time before the primary exchange server can come back online, and ABC prefers
to host email internally vs. using the Proofpoint provided OWA interface, the decision can be made to failover to the
Exchange DR server.
The failover process assumes the Exchange DR server has been setup and prepared according to the documentation on
TechNet, available here: http://technet.microsoft.com/en‐us/library/bb676502(v=exchg.80).aspx.
31.
Information Technology Disaster Recovery Guide – ABC Bank Page 31
Restore Procedures – Business Application Services
1. Fiserv
There is a backup Fiserv router at the Tukwila DR site in the event of a failure at the primary data center. Bringing this
backup router online is a manual process, which requires assistance from Fiserv technical personnel.
To bring this router online:
a. Call Fiserv and connect to their networking support department
b. Connect an internet accessible laptop to the router via the Cisco (blue) console cable; a Savvis engineer will
perform this step
c. The Fiserv tech will connect remotely to the laptop and configure the router
d. IT staff should advertise (router protocol) over the MPLS network so that data is properly routed
2. Fundtech
In order for Fedline Advantage to receive wires, ABC must contact Federal Reserve to change the endpoint of the wires.
Only the IS department and the wire department is authorized to change the recipient of the wires; the IT department
will be unable to redirect wires.
In the event you wish to manually route all traffic through the Fedline Advantage backup router in the San Gabriel
branch, execute the following procedure:
a. Log into the primary data center router (172.20.5.1) and delete the route from 172.20.5.249 to 170.209.0.0; this
will cause the route advertisement from San Gabriel to propagate
b. To revert, simply reenter the route
3. SWIFT
In the event of a failure on SERVER, the SWIFT client can be reconfigured to use SWIFTDR. To reconfigure the client, IT
personnel or a knowledgeable end‐user would simply reconfigure the SWIFT client, under “Instance Configuration”, to
point to the backup server, SWIFTDR (172.20.20.8).
Once SERVER is back online, reconfigure the SWIFT client, under “Instance Configuration”, to point back to the primary
server, SERVER (172.20.5.72).
33.
Information Technology Disaster Recovery Guide – ABC Bank Page 33
Restore Procedures – Symantec Backup Exec System Recovery
ABC utilizes Symantec Backup Exec System Recovery (BESR) to backup physical servers.
The specific servers that can be recovered using BESR include the following:
All (11) branch servers, excluding corporate office branch
All (7) servers located in the primary data center, excluding the VMware hosts:
BACKUP2
EXCHWEST
NASCOLO
OFFICER
OWA
VCENTER
SERVER
REPORTPC – located in the Treasury department at headquarters
PROFITS – located at the Rowland Heights branch
Depending on the nature and timing of the server failure, BESR can be used to perform a server recovery.
To recover the physical server, execute the following procedure:
a. Build machine and configure RAID storage volumes as appropriate for the application
b. Boot from the BESR Recovery CD
c. Start networking services and configure the IP address for the primary network adapter; once configured, test
connectivity to the LAN
d. Connect to BACKUP2, browse to the BESR Images folder for the server, then select the latest or desired server
image; this will begin the recovery process
e. In the case of restoring the BACKUP2 server, browse the attached USB drive for the BESR server image
f. Once the recovery process is complete, remove the BESR Recovery CD from the CDROM drive then reboot the
server
34.
Information Technology Disaster Recovery Guide – ABC Bank Page 34
Restore Procedures – Nimble Snapshot
ABC uses Nimble snapshots to backup virtual machines; ABC retains approximately 14 days of snapshots on the SAN
located at the primary data center and approximately 45 days of snapshots on the SAN located at the DR site.
The specific servers that can be recovered using a Nimble snapshot include the following:
CANONAPP
CANONOCR
CANONSQL
DC1
DC2
DEPCON
FTP
GLBA
HELPDESK
INTRANET
IS
MCAFEE
MPS
NESSUS
PRINTSVR
RDP
SCENTER
SOLARW
SOPHOS
SQL1
SQL2
TACACS
TSGW
TSOFT
WDS
WEBSENSE
WEBTEST
WSUS
PROLOGUE
To recover a virtual machine from a Nimble snapshot, execute the following procedure:
a. From a web browser, access the DR site Nimble Web Client – https://172.20.50.29/
b. On the logon page, enter an administrator password then click [Log In]
c. Goto Manage | Volumes
d. Select VMSAN1 or VMSAN2, as appropriate, then goto the Snapshot tab
e. Select the latest, or desired, snapshot from the list of available snapshots
f. Click [Clone]
g. Goto Home then Manage | Volumes
h. Select the cloned volume then click [Online]
i. Select Edit Volume then goto the Access tab
j. Click [Add] and select Unrestricted Access then click [Ok]
k. Launch VMware vSphere Client and logon to DRVCENTER
l. Select the VMware host server you wish to restore onto
m. Goto the Configuration and select Storage then click Rescan All…
n. Click Add Storage… then select Disk/LUN and click [Next]
o. When prompted, choose Assign New Signature then click [Ok]
p. Browse the new datastore and right click on the *.VMX file, select Add to Inventory
q. The new VM will appear in the inventory in a powered off state
When snapshots are restored in the DR environment, they will be configured on the VMNET5 VLAN. At the
Tukwila DR site, VMNET5 is isolated and should be used for testing only. To bring the restored server into the
production DR environment, set the VLAN to VMNET50. Do not do a test restore onto the production DR
network, otherwise, once a test machine is powered up, it will cause IP address and hostname conflicts.
35.
Information Technology Disaster Recovery Guide – ABC Bank Page 35
Restore Procedures – vSphere Data Protection
ABC uses vShpere Data Protection (VDP) to backup virtual machines; VDP backups are retained for 66 weeks to allow for
extended point‐in‐time restoration capability.
The specific servers that can be recovered using a VDP backup include the following:
CANONAPP
CANONOCR
CANONSQL
DC1
DC2
DEPCON
FTP
GLBA
HELPDESK
INTRANET
IS
MCAFEE
MPS
NESSUS
PRINTSVR
RDP
SCENTER
SOLARW
SOPHOS
SQL1
SQL2
TACACS
TSGW
TSOFT
WDS
WEBSENSE
WEBTEST
WSUS
PROLOGUE
To recover a virtual machine from a VDP backup, execute the following procedure:
a. From a web browser, access the vSphere Web Client – https://drvcenter:9443/vsphere‐client/
b. On the Credentials page, enter an administrator username and password then click [Login]
c. On the vSphere Web Client, select vSphere Data Protection
d. On the Welcome to vSphere Data Protection page, select the appropriate VDP appliance then click [Connect]
e. Click the Restore tab then click the [Restore] button, this brings up the Restore Virtual Machines wizard
f. On the Select Backup page, specify the source from which to restore then click [Next]
g. If the VM has more than one backup point, deselect all except the point you want to restore
h. On the Set to Restore page, confirm that the client and backup restore point is correct
i. Select Restore to Original Location or, to restore to an alternate location for testing or other purposes, uncheck
the Restore to Original Location check box and specify the alternate Destination and Datastore
j. Click [Next] to confirm the selected options
k. On the Ready to Complete page, review the configuration then click [Finish] to begin the restore process
l. You can view the current restore process through the Recent Task pane
When backups are restored in the DR environment, they will be configured on the VMNET5 VLAN. At the Tukwila
DR site, VMNET5 is isolated and should be used for testing only. To bring the restored server into the production
DR environment, set the VLAN to VMNET50. Do not do a test restore onto the production DR network,
otherwise, once a test machine is powered up, it will cause IP address and hostname conflicts.