| 2.6 Business Continuity
02 Plan | |
|---|
| 26.02 Busienss Continuity Plan: | | Business Continuity is the one overriding mission for provision of application services. | | 1. Downtime has been minimized with high levels of equipment redundancy. | | 2. Program errors have been minimized with very little software and a data centric application design. | | 3. Backup has been replaced with real-time encrypted Data Replication to multiple data centers. |
| Culture: | | The ASP is not an in-house team doing their best with a limited budget, the ASP operate many hundreds of web applications for thousands of users. | | Since 1999, the ASP have continually evolved the most modern of web data center infrastructure. | | All design decisions are taken with a long term view of 10 to 20 years - any short term opportunities have no place in this business. | | While the rest of the world is rushing into Virtual Machines, the ASP has chosen to continue with a large number dedicated servers. While dedicated servers are more expensive to operate, they are also much easier to manage and much more reliable. | | No visitor is ever permitted to visit any one of our data centers that house the UK Internet backbone - these are very secure buildings with thousands of servers in a lights-out environment that does not have visitors. |
| Policies: | | Wireless is never used for anything - ever. | | Data is never transported on any kind of media - ever. | | System Administrators do not have access to operational data - ever. | | DNS IP address shipping is never made to an operational domain - ever. | | Data is never backed up - it is replicated to a swarm secure data center locations. | | Asynchronous message switching is employed so transient Internet interruptions do not impact on the operation. |
| Data Centers: | | Multiple interconnected remote data centers have been nominated to be used. Other data centers are also available but these would take up to an hour to be made operational. | | By design, each data center is in a different part of the country so if a power or Internet connection failure should occue in one part of the country, then the possibility is that other data centers could continue to provide a service without any significant delay. | | By design, both BT and Virgin Internet connections are employed so if one supplier has an interruption to their service, the other is likely to be able to continue to continue their service. | | Multiple computers are provided that normally share the network load, but can continue on their own in the event of a single machine failure. Some loss of response may be experienced until a new machine can be powered up to replace the failed machine. |
| Backup: | | The ASP have not used 50-year old magnetic tape backup procedures since 2004 - data is continually replicated to a swarm of remote data centers. | | When more than 3 copies of any data have been stored in different remote data centers it is hard to imagine a disaster that would cause all copies to become unreadable. | | Message switch facilities using secure (encrypted) Internet tunnels ensure that each data center continually replicates its data with at least 2 other remote data centers. | | All data is stored in encrypted databases on spinning disks that ensure the data is always readable and available to continue the business at a moments notice. |
| Power Supply: | | Dedicated server racks have their own dedicated Uninterruptable Power Supplies (UPS) batteries that will last between 20 and 60 minutes. Each tier-iv data center has at least two independent power supplies so in the event of a failure from one power line an alternative power line will be used. Each tier-iv data center has its own independent power generator with fuel for at least 12 hours and facilities to top up the fuel supply during that time. | | So in the event of any power failure, dedicated servers will simply continue to operate for at least 20 minutes using UPS battery power. The UPS is designed to be more than adequate time for the data center to switch to an alternative power supplier. In the event that the alternative power supply is also not available, then the data center will switch on its backup generators and carefully manage its fuel levels. | | In the event that all these precautions are not good enough, business can continue from a different data center in a totally different part of the country. |
| Data Replication: | | The ASP employ encrypted replicated database servers with encrypted message switching though virtual tunnels from one data center to another. As soon as data is securely saved in one data center that same data is replicated to a swarm of other data centers. In a few moments many copies of all operational data is in remote secure data centers - it is hard to imagine how numerous copies of data could all be lost, corrupted or manually falsified. | | The ASP accept that data replication is not cheap, but the benefits of never loosing any data make it cost justified. |
| Disaster Recovery: | | In the event of any failure of one data center, traffic to redirected to a different data center that is all ready to take over at a moments notice. It will take some time to deduce that a data center has been lost and that it is not just a transient Internet connection failure, but as soon as a real disaster is identified, then business can continue from a different data center. Fire, flood, earthquake, tsunami, power failure, etc., are all planned for and resolved by employing multiple data centers. | | The ASP understand that IP redirection across multiple countries can take some hours, so alternative domain names are employed so people can instantly switch to a different data center without the delay of IP address changes having to be replicated by many DNS servers. It must be accepted that the transactions that were in progress at the instant of the failure may or may not have been lost. When people switch to the new data center, they must check that what they were doing last has been completed as expected - see "What Did I Do" report.. |
| Distributed Denial of Service (DDoS): | | In the event of significant DDOS attack on one data center, the ASP are fully prepared and can switch business to another data center using a different domain name. DDOS attackers will have no reason to know the alternative domain names and the different data center IP addresses, so any DDOS attack can have very limited impact on the business. |
| Document Control: | | 1. Document Title: Recruiting Values. | | 2. Reference: 161508. | | 3. Keywords: ITIL, Recruiting Values. | | 4. Description: Recruiting Values with evidence and committment. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 11 Dec 2016. | | 7. Edition: 1.2. |
|
|