Overview
Background
Disaster Recovery plans have not been reviewed over the last few years. While infrastructure and software components have been delivered with Disaster Recovery thoughts and procedures, there is a lack in having an overarching Disaster Recovery plan.
This means for IS Applications, by not having an up to date Disaster Recovery plan, will be a major risk to the University’s priority services.
To fit with the University's strategy, Infrastructure updates are required:
- to ensure infrastructure components are maintained and supported to ensure capacity, security and performance requirements
- for rationalisation of architecture where appropriate to enable easier maintenance and reduced costs
- to standardise delivery of the various operating system, database and application layer technologies across the enterprise IT estate.
We will look to ensure we are providing a stable, secure and available infrastructure by ensuring adequate maintenance for the hardware and supporting software required to provide the University services. This is seen as an on-going factor of our work where these elements are continually maintained year on year.
Scope
This project’s focus is to review the University’s priority services managed by IS Applications, this is to include Top and Medium Priority Services. Please note where any of these services are managed by 3rd party supplier (e.g. Cloud based) we will document components that are shared and collaborate with the owning infrastructure area, such IT Infrasructure, to link to their documented Disaster Recovery Plans.
| Top Priority Services (1) | Medium Priority Services (2) |
| Central WIKI Service | EBIS |
| DiscoverEd | EdWeb |
| Electronic Journals | E-Financials |
| EUCLID Web | eRecruitment |
| Exchange Mail & Diary | Events Booking |
| Kinetix (KX) | Hosted Websites |
| Learn | HR/Payroll |
| Moodle | ID Management |
| MyEd | Network Shared Drives |
| Office 365 | Polopoly (publishing) |
| Staffmail | PURE |
| University Website | Report & Analytics (BI Suite) |
| Timetabling | |
| Unidesk | |
| Worktribe |
Please note that there are other services which are not classed as top or medium priority.
Out of scope: This project is not tasked with completing a DR test for a Top or Medium priority service, it is envisaged that a future project will complete this activity based on information collated from this project.
Infrastructure components are listed as follows:
| Network |
| DNS |
| Central Firewalls |
| CheckPoint firewalls (being decommissioned in July 2016) |
| Load Balancers |
| EASE Authentication |
| Shibboleth Authentication |
| AD Authentication (ADFS) |
| Wireless authentication |
| Central Authorisation |
| Web Proxy Cache |
| Storage Area Network |
| Servers (Virtual & Physical) |
| TSM – Tivoli Storage Management |
Objectives, Deliverables, Benefits, Success Criteria and Priority
Objective | Deliverables | Success Criteria | Benefits | Priority |
1. To establish the set of components which are used by the priority services Applications | 1. Review all applications and components which make up the top and medium priority services 2. Establish a DR position for each application 3. Have a written document on how to recover that application. This may link to existing documentation.
|
| 1. Disaster Recovery plans have not been reviewed over the last few years. While infrastructure and software components have been delivered with Disaster Recovery thoughts and procedures, there is a lack in having an overarching Disaster Recovery plan. This project aims to assist with bridging this gap. | 1.1 Review all applications and components which make up the top and medium priority services (Must Have) |
2. To produce Disaster Recovery plan, where required, for each of the applications noted as top and medium priority services | 2.1 For each Top and Medium priority service have a DR document/plan. This may link to existing documentation
|
| 2. This project will identify any potential gaps in project and /or support documentation and inform possible changes to process for completion of technical documentation.
3. Reduce any reputational risk to IS Applications to support Top and Medium Priority Services in the event of a Disaster recovery situation | 2.1 Establish a DR position for each top priority application, where required (Must Have) 2.2 Establish a DR position for each medium priority application, where required (Should Have) 2.2 Produce a written document, if none already available, on how to recover each application - which may link to existing documentation (Must Have) 2.3 For each Top and Medium priority service, if none already available, have a DR document/plan. - which may link to other documents (Must Have) 2.4 Create a Priority Services DR template document to be completed when a new Priority Services has been agreed and communicate the process to key operational areas (Should Have) |
3. To store Disaster Recovery plans in a central repository and communicate to appropriate support teams
| 3.1 A master DR document which can be stored off site |
| 4. All key technical resource within IS Applications and IT Infrastructure have a central information source with up to date application and component relating to Disaster Recovery | 3.1 Review storage options for a master DR document which can be stored off site (Should Have) 3.2 Agree options for storage of Master Documentation containing DR position for each component and detailing each Top and Medium priority Service DR Document / Plan (Should Have) 3.3 Create DR Documentation Storage Area (Should Have) 3.4 Communicate DR plans to appropriate areas within University e.g. IS Applications, IT Infrastructure (Must Have) |