Disaster Recovery Plan Samuel Warren IS308-Internet Technologies Lawrence Masters City University May 2, 2012   Disaster Recovery Plan Executive Summary Disasters come in all shapes and sizes. While an organization could go bankrupt trying to plan for everything, Sambergraphix must focus on what makes logical sense for disaster recovery and business continuity management. The goal of the group should be to retrofit their web presence, as outlined herein, and create a regular cycle of data backups including multiple redundant locations, so that information is readily accessible in the event of a natural disaster or other major issue. That said, creating a strong Storage Area Network, or SAN, with direct connections to cloud-based backup providers would ensure the best flexibility of data continuity and ease of architecture. In the event of a web server or proxy server failure, there are additional servers to handle the additional load until such time as the network technicians can fix or replace the compromised hardware. Along with the proposed technical solution, creating a task force to evaluate Sambergraphix’s response to disasters and other business continuity related tasks will ensure the company remains viable in the event of a major disaster or cyber attack. Introduction In late 2000, the ability of Sambergraphix to serve content to the web was tested in an earthquake that practically decimated the onsite data center. Our web-servers that served content to the web took a major jarring physically. Combine that with Sambergraphix exclusive content that was being requested by news outlets across the United States and what one can see is a serious spike in web traffic and Application Portal Interface (API) calls that our physically shaken servers could not handle. Although Sambergraphix is still considered a small business, the quality of the content and the need for its relevancy to the earthquake response made the server and its proxy crash every time it was brought back online. For a short-term solution, the IT group purchased a replacement server and replacement proxy server to allow for the web presence restoration. Fast forward 12 years to the present and while Sambergraphix has the same size company and typical web traffic, the need for disaster recovery plan and business continuity for our web presence is undeniable. As one can see, this proposal makes a strong recommendation to the IT, management staff, and CEO of Sambergraphix for a solution to said plans for recovery and continuity. Current Environment The server diagram illustrates the current environment. As noted, the replacement servers, (PROX1 and WEB1), as well as the POP3 email server, sit behind the firewall with both PROX1 and WEB1 connecting directly to the database tier for storage of web user information and content. Users and information come in through the firewall and are routed via Access Control Lists (ACL) to the appropriate server for processing after passing through a proxy. However, due to the need for periodic maintenance on WEB1 and the POP3 server, it is necessary to add more hardware to help balance the load so the web presence is uninterrupted. At the present, should anything from “Acts of God” to cyber-crime hit the servers, the website will go down until it is resolved. The following proposal outlines some ways to protect information, as well as prepare for any possible disaster. Solution Proposal One detail to note from the beginning of this proposal: adding hardware and additional storage backup cycles will cost a fair amount of money. However, in the event of an emergency, they can reduce the amount of down time by quite a bit. As demonstrated in the proposed solution diagram, adding additional servers to maintain a web presence and additional proxy servers will enable a fair load balance in the event of large traffic spikes. Additionally, by adding a Storage Area Network (SAN) that is housed in a different location and is connected by secure VPN tunnel, Sambergraphix web presence will be able to handle anything from an earthquake to breach in security with minimal data loss. Also, by adding backup service that is cloud-based and in multiple locations, in the event the SAN becomes corrupted or destroyed, there are multiple locations where the precious data is stored. It is also recommended that all email services be hosted externally so that in the event of another local emergency, the employees still have the capabilities to communicate via corporate email. Implementation Recommendation During the implementation phase of this solution, it is recommended that all hardware is purchased ahead of time and setup behind the firewall as additional servers. Then the network technicians can connect all the pieces together, ensuring they are configured correctly, and begin transferring data off the database tier on WEB1 into SAN1 (see above diagram). As soon as all the information has transferred into the new SAN and the backups have run at least two cycles, the final decision will be made to change the flow of data to the new proxy servers and web servers. Finally, along with the network changes, there is a clear need for a Disaster Recovery and Business Continuity task force to be created. The role of the task force should be to prepare scenarios that should be tested to ascertain the quality of the current architecture and the business continuity plans. The goal should be to test the equipment, as well as the people in various low to extreme scenarios to do a comprehensive gap analysis to determine how to improve business continuity management. According to Chris Ollington’s “Secure Online Business Handbook,” there is a fine line between what makes sense for Sambergraphix and what does not. A trade-off needs to be achieved between creating an effective fit-for-purpose capability and relying on untrained and untried individuals and hoping they will cope in an emergency. The spanning of the gap between the plan and those who carry it out can be achieved by either formal tuition and/or simulations. The well-known maxim that a team is only as strong as its weakest link is worth remembering here. (2004) Having said that, the task force should not seek to mitigate tornado response, because the likelihood of that occurrence is minimal at best in this region; but earthquakes should definitely be considered. The task force should be a representative group from all major departments and each member should be responsible to inform their area of the business continuity management topics and information. Also, the director of the business continuity task force should provide direct guidance, training, and reporting to the president’s team and the director of Human Resources.   References (ed), Chris Ollington. ( © 2004). The secure online business handbook: e-commerce, it functionality & business continuity, second edition. [Books24x7 version] Available from http://common.books24x7.com.proxy.cityu.edu/toc.aspx?bookid=9923.