Gcert.mampu.gov.my
-
Upload
datacenters -
Category
Technology
-
view
618 -
download
2
Transcript of Gcert.mampu.gov.my
Bengkel Pengurusan Kesinambungan Perkhidmatan (BCM) Sektor Awam Anjuran MAMPU
Di Pusat latihan NUBE, Port Dickson
25 Ogos 2008 (Isnin)
For
Disaster Recovery for POWER System2
POWER SystemDisaster Recovery FacilityDisaster Recovery Project Activity
Risks Assessment
DRP Development
Asset Acquisition
DR Testing & Maintenance
Lessons LearntQ/A
Presentation Scope
Disaster Recovery for POWER System3
POWER System
Pensions integrated system (October 2004, outsourced)
Pensions portal (September 2005, in-housed) 548 users (Putrajaya, Kota Kinabalu, Kuching & Maju Junction),
Post: 625
512,000 pensioners & pensions recipients RM550M – 720M pensions benefits paid monthly
(RM7.04billion for 2007, RM6.73billion for 2008)
ICT maintenance 2007: RM931K (Servers, Network & DRF: RM781K; PCs, NBs, printers, scanners: RM150K)
ICT maintenance 2008: < RM800K Year 2008: DR services & PCs & printers maintenance - in house
(RM355K in 2007)
Pensions Online Workflow EnviRonment
Disaster Recovery for POWER System4
POWER System & Pensions Portal
SPPP
POWER DB
SPT
SKAP
SKP
Portal
POWERWEB
KNOWLEDGEBASE
Data
Information, queries
PensionsActs & Policies
Data
Image
Data
Data
Documents, Data
Data
Data
Data snapshot
Image
Image
Data
AA
AB
Feedbacks
Queries,Acknowledgement
Documents
Cheques
Warrants
Image
Statistics
POWERApplication
http://www.jpapencen.gov.my
IMAGEDB
EXTERNAL AGENCIES DB
AA
AB
Entities which provide or receive information to/or from POWER System including JPA top Mgt and external agencies
Pensioners & pensions recipients, Pensions Dept. Staff, public
SPPP: Pensions Registration & Processing System SPT : Derivative Pension SystemSistem Penyelarasan Pencen & Sistem Perubatan
SKAP: Pensions Financial & Accounting SystemSKP : Pensions Control & Enforcement System
Disaster Recovery for POWER System5
Disaster Recovery Facility
2004 – Qtr1 2008 HeiTech Padu DR Centre
Kelana Jaya/Bkt Jelutong
Services: offsite data storage facility, DR test facility & test reports, DRP maintenance, DRF (6 servers, 4 printers, LAN, 10 PCs, office equipment, work area)
Max. 10 users
3 tests per year
Set up: RM128,400
Service: RM260K per year
Qtr2 2008 onwards Kaunter Perkhidmatan JPA,
Maju Junction, Kuala Lumpur
Offsite data storage
DRF facility (H/W, S/W, LAN, physical security equipment): acquisition process (RM1milion)
Max 25 users
Temporary: 4 servers, 10 PCs, printers
2 tests: Sept 08 & Nov 08
In-house
Standby facility for processing of critical POWER applications
Disaster Recovery for POWER System6
DR Project Activity
Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy
Phase 2 – DR Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan
Phase 4 - Plan Testing/Maintenance• Periodic Testing • Review DRP• Amend DRP
Phase 3 – Infrastructure Acquisition • If outsource vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,
office equipment, etc.
Disaster Recovery for POWER System7
Risks Assessment Functions Assessment:
SKAP: most critical application
SPPP & SPT
SKP, Sistem Penyelarasan & Sistem Perubatan: least critical
Facilities & Data Evaluation: Physical security, power supply, air condition
Anti-virus protection for all (servers and PCs)
Backup procedure
“Clean desk” environment
Select Recovery Strategy: Location of DRF (building access, not disaster prone)
Hot, warm, cold site? Networked?
Offsite data storage facility
Disaster Recovery Cycle
Disaster Recovery for POWER System8
Disaster Recovery Cycle
Declare Disaster ?
Repair/Stay Home
Return to Normalcy
Implement Plan1. Assemble Team2. Retrieve Data/Docs3. Recovery Steps
Recovery Complete
Yes
No
Recovery
Incident
Supervisor
Damage Assessment& Recommendation
Escalation
Non Life Threatening
Life Threatening EmergencyResponse
Incident Report
Disaster Recovery for POWER System9
DR Project Activity
Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy
Phase 2 - Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan
Phase 4 - Plan Testing/Maintenance• Periodic Testing • Review DRP• Amend DRP
Phase 3 – Infrastructure Acquisition • Outsource vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,
office equipment, etc
Disaster Recovery for POWER System10
Disaster Management Team
Recovery Manager•Plan Implementation•Viability of the Plan•ICT Continuity
Recovery Coordinator•Plan Maintenance•Plan Testing•Staff Recovery Training
Corporate•Legal / Compliance•Image (public/customers)•Financial Loss
Operations•Effectiveness•Business Continuity•Resources Availability
Technology•Availability•Data Integrity & Security•Communications
Administration•Facilities & Security•Safety (staff & public)•Staff Availability
General Responsibilities
Authorized toDeclare Disaster
Management Team
Damage Assessment Team
Recovery CoordinatorPn. Siti Jauyah Sibo
Recovery Manager &Assessment Leader
Hjh Nor'ini Ab. Rahman
Corporate
Pn Munirah Abd Bajanudin
Technology
En Zulkarnain Rahimi
Operations
Pn Manuriani Tahir
Administration
En. David A/L Rowbin
Disaster DeclarersDato’ Yeow Chin Kiong - PrimaryPn Sadiah Abu Samah - Alternate
ICT Recovery Team Leaders
En Fadhil bin AwangDB, Image & Branch
En Zulhaizal ZulkifliNetworks & Technical
En Mokhzani MahmoodBatch, Apps & Web
Disaster Recovery for POWER System11
DR Plan - ContentsExecutive Overview Section1. Purpose of the Plan2. Scope & Assumptions3. Crisis Management4. Team Responsibilities5. Initiating Recovery6. Plan Administration7. Test Procedures8. Procurement9. Home Site Restoration
AppendicesA. Management Call ListB. Critical Functions ListC. Vendor/Suppliers ListD. Policy StatementsE. Recovery SiteF. Additional ContactsG. Insurance InfoH. Command CentersI. Contingency Planning Basics
Recovery Procedures Section1. Team Assembly2. Data Retrieval Procedures3. Detailed Recovery Steps
● Batch server● Application Server● Database Server● Image Server● Branch Server● Web Server
4. Return to Normalcy
AppendicesA. Department Call ListB. Critical InventoryC. Configuration Diagram
Disaster Recovery for POWER System12
DR Project Activity
Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy
Phase 2 - Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan
Phase 4 - Plan Testing/Maintenance• Periodic Testing • Review DRP• Amend DRP
Phase 3 – Infrastructure Acquisition
• Outsource vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,
office equipment, etc.
Disaster Recovery for POWER System13
DR Project Activity
Phase 1 - Risk Assessment1. Functions Assessment2. Facilities Evaluation3. Select Recovery Strategy
Phase 2 - Plan Development• Define Policies & Responsibilities• Build Team Structure • Develop Procedures• Document the Plan• Validate the Plan
Phase 4 - Plan Testing &Maintenance• Periodic Testing • Review DRP• Amend DRP
Phase 3 – Infrastructure Acquisition • Outsource: vendor • Building (acquire/rent)• Acquire H/W, S/W, A/C, Power Supply,
office equipment, etc)
Disaster Recovery for POWER System14
DRP Testing & Maintenance
Plan Testing Define Test Objectives
Define Activity, Activity Schedule
Walkthrough
Test Monitoring
Post-mortem report
Plan Maintenance Review DRP against
current operations
Review DRP against Test Report
Update DRP
Redistribute to key personnel
Disaster Recovery for POWER System15
Lessons Learnt Disaster Recovery Approach
Can afford downtime?
Down time - how long? <24 hours??
Data & application classification (very important, important, not so, etc)
Infrastructure: availability, accessibility
Compliance & investments on infrastructure
Interactions with management, users, vendors, suppliers
DRF location:● Building (not disaster prone, easy to access )● Physical Security (building, Server Room, work
area)● Office facility (air conditioner, telephones, coffee
corner, etc)
Disaster Recovery for POWER System16
Lessons Learnt (cont.)DR Test
Walkthrough session: users availability
Identify testers, test script preparation, data for testing
Logistics for testers (transport, meals, etc.)
Test Activity Log & Test Report
Post Mortem
DRP Management :Difficult to update
Back up procedures:● Data Centre & Offsite
Outsource or in-house ???
Disaster Recovery for POWER System17
Conclusion
BC or DR provides the tools to plan and react in a positive way. It eliminates the stress in case of a disaster, because:
- the framework is in place - the decision process is thought through- the action to be taken is prescribed
All we need to do “to recover” is just to activate the plan…..and … to keep our fingers cross..!
Thank [email protected]