5.6 Explain disaster recovery and continuity of operations concepts.

Question 1

Recovery Sites

Answer 1

Disaster involves more than your organization’s servers and the data on them; you need to ask yourself, “How can we continue business in the event of a disaster? What if our building burns down? Where can employees perform their work and continue business operations?” You need to investigate whether your organization will invest in an additional work location, known as a site, in case the original office building becomes unavailable because of fire, flood, or an extended power outage. When deciding on an alternative site, also known as a recovery site, to continue business operations in the event of a failure, you choose among a hot site, a warm site, and a cold site

Question 2

Recovery Sites - Hot Site

Answer 2

A hot site is an alternative location that provides adequate space, networking hardware, and networking software for your organization to maintain business operations if disaster strikes. This hardware and software should include any data that would be needed by your staff in the event of a disaster, so the provider of the hot site should ensure that the data is up to date and that the hot site is ready 24/7 for your organization to use. The hot site is 100 percent operational and the data from the main site is continuously replicated to the alternative site so it is always up to date.

Question 3

Recovery Sites - Warm Site

Answer 3

A warm site occupies the middle ground between a hot site and a cold site. It is an alternative location with office space and spare networking equipment such as a server and backup devices so that you can quickly restore your organization’s network in an emergency.

Question 4

Recovery Sites - Cold Site

Answer 4

A cold site is an alternative location where you typically have arranged to have the space available but not the networking hardware or networking software. Providing the hardware and software would be your responsibility in the event of a disaster. A cold site takes time to prepare following a disaster because only space is made available.

Question 5

Order of Restoration

Answer 5

After the disaster has passed, you will want to return all the functions to the primary site. As a best practice, organizations return the least critical functions to the primary site first. Remember, the critical functions are operational at the alternate site and can stay there as long as necessary. If a site has just gone through a disaster, it’s very likely that there are still some unknown problems. By moving the least critical functions first, undiscovered problems will appear and can be resolved without significantly affecting mission-essential functions.

Question 6

Backup Concepts

Answer 6

A critical task to help maintain the network and to ensure that users have access to their data is to regularly back up data on the network to another location. You can back up the data to tape drives, a backup file on another server, or to the cloud. A common backup strategy is to back up the data to a file on a hard disk and then later back that file up to tape. The reason this is common is that backing up to tape is much slower than backing up to disk, so you want to ensure the backup that is backing up files that users are using is as quick as possible. Cloud backup means your data is stored on the cloud provider’s storage hardware. This may not be acceptable for some businesses due to privacy concerns or regulations.

Question 7

Backup Concepts - Differential

Answer 7

A differential backup backs up the files that have changed or that were added since the last full backup by looking for any files that have the archive bit set.

The differential backup is different from the incremental in that the differential does not clear the archive bit after the backup is done. This means that if you were to do another differential backup the next time you did a backup, the same files (and any new ones) would get backed up.

As a result, every differential backup will have all changes since the last full backup.

The order of restoration strategy would be to

1) restore the last full backup and then
2) restore your last differential backup.

An important difference between differential and incremental backups is that …
… Incremental backups take less time to back up (because you are getting only changes since the last full or incremental backup) but more time to restore (because you are restoring multiple incremental backups).
… Differential backups take more time to back up, but less time to restore.

Question 8

Backup Concepts - Incremental

Answer 8

An incremental backup backs up only the files that have changed or that were added since the last incremental or full backup. It does this by backing up only files that have the archive bit set (meaning the file needs to be backed up).

This is different from a full backup in that a full backup will back up any file that is selected because a full backup does not read the archive bit to determine whether to back up the file—it simply backs up whatever you tell it to.

An incremental backup clears the archive bit to report that the file has been backed up. If you were to perform an additional incremental backup the next day, the same file would not get backed up (unless it was changed), because the archive bit would not be set.

Your restore strategy (known as the order of restoration) with incremental backups is to

1) restore the full backup and then
2) restore each incremental backup since the full backup.

This will ensure that you get the buildup of changes since the full backup.

An important difference between differential and incremental backups is that …
… Incremental backups take less time to back up (because you are getting only changes since the last full or incremental backup) but more time to restore (because you are restoring multiple incremental backups).
… Differential backups take more time to back up, but less time to restore.

Question 9

Backup Concepts - Snapshots

Answer 9

Many organizations use virtualization technology to create virtual machines (VMs) that run their servers on the network. With virtualization software, you can create a snapshot of a virtual machine, which essentially makes a quick backup of its state and configuration. You can then quickly revert to that backup at a later time. One of the drawbacks of reverting to a snapshot is that you lose all changes since that snapshot, so you must be sure you really want to do that.

Question 10

Backup Concepts - Full

Answer 10

A full backup backs up every file on the specified volume or volumes (or partitions). Many companies run a full backup every day, no matter what. Under such a system, the restore process requires only the most recent tape.

However, a full backup necessitates a large storage capacity and a lot of time. If you have large amounts of data, running a daily full backup may not be practical because it may take too long to perform.

In short:
Full backups back up every file that is selected and then clear the archive bit.

If you decide to take the simpler but more time-intensive approach by performing full backups each time, you can restore from the most recent full backup and get all the files restored in one session.

Question 11

Geographic Considerations

Answer 11

When planning for backups and disaster recovery as a whole, there are a number of geographic considerations regarding your physical location

Question 12

Geographic Considerations - Off-site Backups

Answer 12

Be sure to store a copy of your backups at another location in case of a disaster such as fire, flood, or earthquake.

Question 13

Geographic Considerations - Distance

Answer 13

You want the offsite backup close enough that you can get it quickly if you need it, but at the same time it should be far enough away that it does not get affected by any disaster that affects your current location.

Question 14

Geographic Considerations - Location Selection

Answer 14

Be sure to choose a site that can get a quick response from emergency services such as the fire department. You also want to be sure that the site gets quick responses from utility services such as the electric company. Also, review the surrounding area and be sure you are not in a flood zone or in an area with a high crime
rate.

Question 15

Geographic Considerations - Legal Implications

Answer 15

When selecting a physical location for your site and tape backups, be sure to understand any laws in that country or state that could affect how your data is accessed or managed.

Question 16

Geographic Considerations - Data Sovereignty

Answer 16

Related to the previous point (Legal Implications), be sure to understand who owns the data and has full rights and power over the data. By storing data in a specific country or state, are you giving any implicit right for a third party to access the data? With cloud storage you may want to find out where the cloud provider’s servers are located and be sure your data is placed within your country so that your country’s laws are governing that data.

Question 17

Continuity of Operations Planning

Answer 17

A business continuity plan (BCP) is an important element in the security of your organization because it is a plan that helps ensure that business operations can continue when disaster strikes by implementing failover not only in your technology, but in your business operations. The BCP is a comprehensive document that identifies procedures for the business to recover from any disaster in an acceptable amount of time. The BCP also includes all the risks to the business and how to mitigate those risks. The end value of the BCP is that it reduces the impact of a disaster on your organization because you are prepared for the disaster and business operations can continue.

Question 18

Continuity of Operations Planning - Exercises/Tabletop

Answer 18

The BCP will need to be thoroughly tested before it can be relied on in an emergency situation. You can test your BCP with different types of testing (Increase by the level of involvement):

1. Checklist review
   (*) 2. Tabletop exercise/structured walkthrough
   The BCP team gets together and reviews the BCP. With a tabletop exercise, the BCP team reviews recovery procedures that would be used in a disaster in order to identify anything missing in the plan. This also gives the team a chance to review everyone’s responsibilities during a disaster.
2. Simulation test
3. Parallel test
4. Full disruption test

Question 19

Continuity of Operations Planning - After-action Reports

Answer 19

After-action reports are created to inform management about the event that occurred and the steps that were taken to help continue business operations. You also include in the report anything that should change in regard to your BCP and DRP.

Question 20

Continuity of Operations Planning - Failover

Answer 20

Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored. In the case of a network, this means processing switches to another network path in the event of a network failure in the primary path.

Failover systems can be expensive to implement. In a large corporate network or e-commerce environment, a failover might entail switching all processing to a remote location until your primary facility is operational. The primary site and the remote site would synchronize data to ensure that information is as up to date as possible.

Question 21

Continuity of Operations Planning - Alternate Processing Sites

Answer 21

An alternate processing site is an alternate site that the company has set up, or has agreements with, to run IT infrastructure to support mission-critical business functions if there is a problem with the primary site. It should be noted that the alternate processing site is typically referred to as a disaster recovery (DR) site.

Question 22

Continuity of Operations Planning - Alternate Business Practices

Answer 22

In the case of a disaster, it may be necessary to change how the company does business temporarily. In the BCP, you want to ensure that you list any alternate business practices that could be performed in place of regular business practices during the disaster recovery interval.

Question 23

Bonus - Archive Bit

Answer 23

Every file has an archive bit that flags whether the file needs to be backed up. When you change a file, this bit is flagged automatically, which means that the file needs to be backed up. In theory, any file that has been changed needs to be backed up because you want to be sure you can always bring the file to its most recent state.

To view the archive bit in Windows, right-click the file, choose Properties, and click the Advanced button on the General tab. You will see the option File Is Ready for Archiving.

The important thing to understand when a full backup is performed is that it backs up all the files that you select (whether the archive bit is set or not), and then it clears the archive bit so that the operating system and applications know that the file has been backed up.