e-learning.com phyllis west theodore ly david devereaux disaster recovery plan uop cmgt 579 october...
TRANSCRIPT
E-Learning.com
Phyllis West
Theodore Ly
David Devereaux
Disaster RecoveryPlan
UOP CMGT 579October 15 2005
Table of Contents
• Introduction• Goals and Objectives of Company• Purpose of Plan• Team Resources• Team Members (Planning Team)• Goals and Objective of Plan• Scope of Plan• Physical Hardware
Table of Contents (Cont.)
• Application/ Function Priorities
• Risk Assessment
• Critical Assessment
• Threats and Risks
• Disaster Prevention
• Disaster Recovery Process
• Policies for Maintenance Plan
• Conclusion
Introduction
• E-Learning.com is an edu-commerce company specializing in IT content, which will fill the need to continually educate tomorrow’s Information Technology professionals.
Introduction
• E-Learning employees 200 employees and physically resides in a small San Diego building along the coast approximately 300 feet from the waterfront and approximately 10 feet above sea level. The company owns the building
Introduction
• Online corporate training is part of a growing trend in e-learning and is the fastest growing segment that is estimated to reach 23 billion people by 2005.
According to our research, content businesses are the most viable.
Goals & Objectives of Company
• Our Mission– provide a quality product,at a
competitive price, with minimum cost
A well-trained customer is a LOYAL customer
• Our target audience is working IT Pros that have corporate backing
A well-trained customer is a LOYAL customer
Introduction
Mission Statement
• E-Learning.com has requested the development of a Disaster Recovery Plan/Business Resumption Plan for the online courses
Goals and Objectives of the plan
• 24x7 environment– Anyone, Anytime, Anywhere
• Website and database both will be secure– Encrypt traffic to and from the web servers
• Full database backup
Purpose of Plan
• It is the intention of E-Learning.com to itemize the security risk concerns associated with our business and provide solutions for these risk.
• This includes risks as they relate to educational websites, e-commerce businesses, and internet security regarding online computer courses
Risk Management Cycle
Management Team Members
• Management Team will provide overall guidance• The below team members have been selected for
their knowledge in IT to prepare and maintain the plan:
• - Phyllis West – Senior Analyst• - David Devereaux – System Analyst• - Theodore Ly- System Analyst
Team Resources
• Senior Management Official Management Team
• Damage Assessment Team• Operating System Administration
Team • Systems Software Team • Server Recovery Team (e.g., client
server, Web server) • LAN/WAN Recovery Team • Database Recovery Team
• Procurement Team (equipment
and supplies)• Network Operations Recovery
Team • Application Recovery Team(s)
• Telecommunications Team
• Hardware Salvage Team • Alternate Site Recovery
Coordination Team
• Administrative Support Team • Original Site Restoration/Salvage
Coordination Team • Test Team • Transportation and Relocation
Team • Media Relations Team • Legal Affairs Team
• Physical/Personnel Security Team
Hardware Specifications
• Web server run on five Sun Microsystems E20K Systems
– Dual 900mhz Processors
– 16 Gigabytes Memory
– Two 64 GB SCSI Disks
– Two 560 Watt power supplies
– DVD Rom
– Solaris 8 operating system
• Clustered and load balanced
• No single point of failure
• Database Server
– Two p680 computers
– (24) 1.3ghz processors
– 128 GB memory
– 876 GB internal disk space
• No single point of failure
Web Server
Customers ISP
Cisco Router
Web Server
E-Learning HardwareDesign
Firewall
Customers
Oracle DatabaseServer
Web Server
Web Server
Oracle DatabaseServer
Web Server
Backup Server
Cluster of Webservers
Backup Server
Workstation
Workstation
Workstation
Workstation
Workstation
Offsite Servers
Software Specifications
• Database runs on Oracle 10– Enterprise ready database– Handle very high load transactions– Database will be encrypted
• Backup daily– Backup using L20 Tape library– Veritas Netbackup Software– Tape sent off site on one month rotation
Risk Assessment
Risks involved with e-learning have been broken
down into the following categories:1. Insufficient or uncertain human
resources2. Technical limitations of
solutions reached or exceeded3. Poor partnership working 4. Sustainability5. Unrealistic expectations6. Poor leadership7. Litigation in protecting
intellectual property rights
Risk Assessment (Cont.)
8. Application software not fit for purpose
9. Failure to meet technical standards 10. Failure to meet JISC's objectives 11. Unreasonable project schedule and
budget 12. Contract negotiation and
management 13. Poor Evaluation 14. Poor Quality Assurance
Threats and RisksAsset Relative Impact to
Operation Inherent Vulnerability To Failure
Natural Threat Technical Threat Human Threat Cost
DatacenterHigh x 550,000
Server Farm High x
50,000
Database High x x x
Cat5e Cable
Infrastructure
Medium x
10,000
Office Furniture Low x 10,000
Office PCs Medium x x x 30,000
Management PCs Medium x x 15,000
Software Medium x x 150,000
Disaster Prevention
• Practical measures for preventing or mitigating the damage resulting from the 3 general risk categories :
• Natural Disasters
• Technical Disasters
• Human Disasters
• Provide off-premise backup tape storage.
• All of the machines are backed up on a daily basis. Invoke effective insurance policies to cover damages.
Disaster Recovery Process• The target for full data and functional recovery should be
within 24 hours from the point of disaster in the order of importance.
• Disaster Recovery Team heads the recovery process
following the DRP previously developed.
• Make sure all employees have been safely evacuated.
• Locate Insurance policy in order to know what the insurance company will replace. (A copy of this policy should be kept offsite)
• If the building is destroyed locate a different building to
continue operating.
Disaster Recovery Process• Salvage, if possible, any materials such as furnishing,
hardware, an software etc.
• Purchase necessary hardware; servers, software and network
infrastructure
• Restore lost or corrupt data utilizing onsite data recovery
procedures, local data back-up sources, and installed back-up or spare hardware.
• Inventory database operations can be transferred to the warm site. Prior to public access, the warm-site database must be populated or updated from the latest back-up tape.
Policies for Maintenance Plan
• During the construction of our DR/BRP we must include policies to help maintain the standards they have been set forth for all to follow. Many of the policies are as follows:
• System Development Life Cycles• Change control policies• Data synchronization procedures• Employee training and communication plans• Insurance policies• Government, media, and community
relations policies and Security
Conclusion
This Disaster Recovery Plan itemizes all the potential risks and possible solutions for the E-Learning business operation. It provides a speedy system recovery and availability in the case of any of the disasters listed in the tables above in order to ensure that the business will continue operating.
THE WORLD IN OUR HANDS