E-Learning.com

Phyllis West

Theodore Ly

David Devereaux

Disaster RecoveryPlan

UOP CMGT 579October 15 2005

Table of Contents

• Introduction• Goals and Objectives of Company• Purpose of Plan• Team Resources• Team Members (Planning Team)• Goals and Objective of Plan• Scope of Plan• Physical Hardware

Table of Contents (Cont.)

• Application/ Function Priorities

• Risk Assessment

• Critical Assessment

• Threats and Risks

• Disaster Prevention

• Disaster Recovery Process

• Policies for Maintenance Plan

• Conclusion

Introduction

• E-Learning.com is an edu-commerce company specializing in IT content, which will fill the need to continually educate tomorrow’s Information Technology professionals.

Introduction

• E-Learning employees 200 employees and physically resides in a small San Diego building along the coast approximately 300 feet from the waterfront and approximately 10 feet above sea level. The company owns the building

Introduction

• Online corporate training is part of a growing trend in e-learning and is the fastest growing segment that is estimated to reach 23 billion people by 2005.

According to our research, content businesses are the most viable.

Goals & Objectives of Company

• Our Mission– provide a quality product,at a

competitive price, with minimum cost

A well-trained customer is a LOYAL customer

• Our target audience is working IT Pros that have corporate backing

A well-trained customer is a LOYAL customer

Introduction

Mission Statement

• E-Learning.com has requested the development of a Disaster Recovery Plan/Business Resumption Plan for the online courses

Goals and Objectives of the plan

• 24x7 environment– Anyone, Anytime, Anywhere

• Website and database both will be secure– Encrypt traffic to and from the web servers

• Full database backup

Purpose of Plan

• It is the intention of E-Learning.com to itemize the security risk concerns associated with our business and provide solutions for these risk.

• This includes risks as they relate to educational websites, e-commerce businesses, and internet security regarding online computer courses

Risk Management Cycle

Management Team Members

• Management Team will provide overall guidance• The below team members have been selected for

their knowledge in IT to prepare and maintain the plan:

• - Phyllis West – Senior Analyst• - David Devereaux – System Analyst• - Theodore Ly- System Analyst

Team Resources

• Senior Management Official Management Team

• Damage Assessment Team• Operating System Administration

Team • Systems Software Team • Server Recovery Team (e.g., client

server, Web server) • LAN/WAN Recovery Team • Database Recovery Team

• Procurement Team (equipment

and supplies)• Network Operations Recovery

Team • Application Recovery Team(s)

• Telecommunications Team

• Hardware Salvage Team • Alternate Site Recovery

Coordination Team

• Administrative Support Team • Original Site Restoration/Salvage

Coordination Team • Test Team • Transportation and Relocation

Team • Media Relations Team • Legal Affairs Team

• Physical/Personnel Security Team

Hardware Specifications

• Web server run on five Sun Microsystems E20K Systems

– Dual 900mhz Processors

– 16 Gigabytes Memory

– Two 64 GB SCSI Disks

– Two 560 Watt power supplies

– DVD Rom

– Solaris 8 operating system

• Clustered and load balanced

• No single point of failure

• Database Server

– Two p680 computers

– (24) 1.3ghz processors

– 128 GB memory

– 876 GB internal disk space

• No single point of failure

Web Server

Customers ISP

Cisco Router

Web Server

E-Learning HardwareDesign

Firewall

Customers

Oracle DatabaseServer

Web Server

Web Server

Oracle DatabaseServer

Web Server

Backup Server

Cluster of Webservers

Backup Server

Workstation

Workstation

Workstation

Workstation

Workstation

Offsite Servers

Software Specifications

• Database runs on Oracle 10– Enterprise ready database– Handle very high load transactions– Database will be encrypted

• Backup daily– Backup using L20 Tape library– Veritas Netbackup Software– Tape sent off site on one month rotation

Risk Assessment

Risks involved with e-learning have been broken

down into the following categories:1. Insufficient or uncertain human

resources2. Technical limitations of

solutions reached or exceeded3. Poor partnership working 4. Sustainability5. Unrealistic expectations6. Poor leadership7. Litigation in protecting

intellectual property rights

Risk Assessment (Cont.)

8. Application software not fit for purpose

9. Failure to meet technical standards 10. Failure to meet JISC's objectives 11. Unreasonable project schedule and

budget 12. Contract negotiation and

management 13. Poor Evaluation 14. Poor Quality Assurance

Threats and RisksAsset Relative Impact to

Operation Inherent Vulnerability To Failure

Natural Threat Technical Threat Human Threat Cost

DatacenterHigh x 550,000

Server Farm High x

50,000

Database High x x x

Cat5e Cable

Infrastructure

Medium x

10,000

Office Furniture Low x 10,000

Office PCs Medium x x x 30,000

Management PCs Medium x x 15,000

Software Medium x x 150,000

Disaster Prevention

• Practical measures for preventing or mitigating the damage resulting from the 3 general risk categories :

• Natural Disasters

• Technical Disasters

• Human Disasters

• Provide off-premise backup tape storage.

• All of the machines are backed up on a daily basis. Invoke effective insurance policies to cover damages.

Disaster Recovery Process• The target for full data and functional recovery should be

within 24 hours from the point of disaster in the order of importance.

• Disaster Recovery Team heads the recovery process

following the DRP previously developed.

• Make sure all employees have been safely evacuated.

• Locate Insurance policy in order to know what the insurance company will replace. (A copy of this policy should be kept offsite)

• If the building is destroyed locate a different building to

continue operating.

Disaster Recovery Process• Salvage, if possible, any materials such as furnishing,

hardware, an software etc.

• Purchase necessary hardware; servers, software and network

infrastructure

• Restore lost or corrupt data utilizing onsite data recovery

procedures, local data back-up sources, and installed back-up or spare hardware.

• Inventory database operations can be transferred to the warm site. Prior to public access, the warm-site database must be populated or updated from the latest back-up tape.

Policies for Maintenance Plan

• During the construction of our DR/BRP we must include policies to help maintain the standards they have been set forth for all to follow. Many of the policies are as follows:

• System Development Life Cycles• Change control policies• Data synchronization procedures• Employee training and communication plans• Insurance policies• Government, media, and community

relations policies and Security

Conclusion

This Disaster Recovery Plan itemizes all the potential risks and possible solutions for the E-Learning business operation. It provides a speedy system recovery and availability in the case of any of the disasters listed in the tables above in order to ensure that the business will continue operating.

THE WORLD IN OUR HANDS