Disaster recovery
Part A: Planning
Open the provided document ITSAP XXXXXXXXXXentitled “Developing Your IT Recovery Plan” and
espond to the questions below justifying your opinion, supporting them with other sources if
necessary.
1. A company is increasing their cloud storage capacity so that the can more backup data by
increasing the backups retention. What parameter related to Disaster Recovery are the
adjusting?
2. This same company, located in Canada, opened an office in Munich, where a smaller
datacenter contains data copied every Saturday night. What kind of site is Munich’s
datacenter?
3. After setting all systems and networks in the new site to support an eventual disaster, the
company decided to test it while keeping the services running in the main site. What kind
of test is it?
4. One of the most widely used mi
oring solutions is RAID. What is the main difference
etween RAID-5 and RAID-6?
5. What function is used for the parity disk(s)?
6. Calculate the parity if the first ni
le of two disks was, respectively, 0110 and 0011.
Part B: Backups
Open the provided document ITSAP XXXXXXXXXXentitled “TIPS FOR BACKING UP YOUR
INFORMATION” and respond to the questions below justifying your opinion, supporting them
with other sources if necessary.
1. What is the difference between incremental and differential backups? Which one would
e best for daily backups if full backups are scheduled every 1st day of the month and
there is plenty of storage space for the backups? Why?
2. If you chose to store the backups on a shared folder over the network, what
considerations should be taken regarding the network bandwidth and the privacy of
communications? How an independent network for backups would help?
3. What is the rule 3-2-1 regarding backups? What benefit does it
ing?
4. Check the article below on how to perform full backups in Windows 11. Do you think
that strategy would help recover from a ransomware attack? Why or why not?
https:
www.lifewire.com/create-full-backup-with-windows XXXXXXXXXX
5. Would it be useful to recover from a fire in the office if the backup was performed
exactly as indicated in the article? Why or why not?
RAID configuration
Use Ubuntu VM (strong recommendation), you will configure RAID 5 in Linux with command-
line tool mdadm. Before proceeding, create a snapshot of the VM, so you can restore it after
finishing the assignment and go back in time.
Reference tutorial: https:
yourtoolbox.blogspot.com/search/label/mdadm
Capture a screenshot for every step and respond to questions on your own words.
1. How many disks are necessary, at least, to configure RAID 5? Create them in Virtual
Box, size 5 GB each and named data1, data2 and data3.
2. Once you log in, you would need to execute most commands as root, so “sudo su” is
advised. Create a primary partition in each disk and show them all with “fdisk -l
dev/sd[bcd]”.
3. Install the package mdadm. Then, create a RAID 5 a
ay on the target device file
dev/md/data that uses the first (and only) partition of each disk. Clearly show the
command you used and the output. Then, right after, execute “cat /proc/mdstat”.
4. What are two signs in the previous cat command that the a
ay is working properly?
5. Create a ext4 filesystem for the a
ay and mount it in /mnt/data (the mount point must
e created first).
6. If we sum up the 3 disks, the total space would be 15 GB. However, the actual size is far
less and the space available is even less, as shown by “df -h /mnt/data”. Explain why in
oth cases.
7. Create a big file with the command “dd if=/dev
andom of=/mnt/data
ig bs=1M
count=1024”.
8. Shutdown and add another SATA disk named data1new in VirtualBox’s settings. We are
going to simulate a faulty disk that will be substituted with another one of the same
characteristics. Then power on again. First, note that the a
ay was not mounted
automatically. Add the co
esponding line to the /etc/fstab and, then, mount it with
“mount /dev/md127”. Show the line you added and the mount without e
ors.
https:
yourtoolbox.blogspot.com/search/label/mdadm
9. Now, execute “mdadm --manage /dev/md127 --fail /dev/sdb1” and check the status
of the a
ay with “mdadm --details /dev/md127”.
10. As you can see, there is a faulty disk, so the a
ay is inactive. Nonetheless, it can still be
used. The a
ay will not tolerate anymore failures, though. Create another file of some
MB named as your first name.
11. The new disk must be partitioned. Then, to add it as spare, execute a similar command to
the one used to removed disks. What command did you use?
12. Finally, show the a
ay is being synchronized. Use the cat command.
13. Show the a
ay details.
14. How do you remove the faulty disk? After finishing, you might want to restore the
snapshot and remove any disks on your local filesystem from VirtualBox’s Virtual Media
Manager.
Developing Your IT Recovery Plan (ITSAP.40.004)
UNCLASSIFIED
Developing Your IT Recovery Plan
Unplanned outages, cyber attacks, and natural disasters can happen. If unprepared for these events, your organization may lose information or experience downtime, disrupting or halting critical business functions. Regardless of the
cause, unplanned down time is expensive and could have a lasting impact on your business. To ensure continued operations with minimal down time, your organization should have an IT recovery plan as part of its overall business
continuity approach. In this plan, your organization should identify critical data, applications, and processes and define how it will recover IT services that support business operations, products, and services.
Your recovery response should take many variables into consideration and should clearly identify and document what is to be recovered, by whom, when,
and where in a detailed recovery plan. In general, there are two types of plans you should consider developing for your business—disaster recovery and
incident response. These two plans take into consideration two major events that could cause an unplanned outage and require you to activate your
ecovery response.
1. Disaster Recovery Plan: The primary goal is to ensure business continuity during an unplanned outage or service disruption.
2. Incident Response Plan: The primary goal is to protect sensitive information during a security
each.
IDENTIFY YOUR CRITICAL BUSINESS FUNCTIONS, APPLICATIONS, AND DATA
To create an effective plan, you should identify your organization’s critical data, applications, and functions. Critical
information may include financial records, proprietary assets, and personal data. Critical applications are the systems running
your key business functions and are imperative to your business. These are the systems you need to have restored
immediately in the event of an unplanned outage, in order to have business continuity. To identify critical business functions,
applications, and data, you should conduct a risk assessment to help you identify threats and vulnerabilities. Run through
specific scenarios (e.g. cyber attack, significant power outage, or natural disaster) to help you identify key participants and
stakeholders, address the significant risks, develop mitigation strategies, and identify the recovery time and effort.
You can conduct a business impact analysis (BIA) to predict how disruptions or incidents will harm your operations, business
processes and systems, and finances. During your BIA, you should also assess the data you collect and the applications you
use to determine their criticality and choose priorities for immediate recovery.
JANUARY 2021| ITSAP.40.004
© Government of Canada | This document is the property of the Government of Canada. It shall not be altered, altered, distributed beyond its intended audience, produced, reproduced or published, in whole or in any substantial part thereof, without the express permission of CSE.
KNOW YOUR BUSINESS DISRUPTION TOLERANCE
For an effective recovery plan, you should tailor it to address the impact to your organization if an incident or a disaster occurs
and the level of disruption that your organization is willing to accept. There are three key measures to consider in your plan:
maximum tolerable downtime, recovery point objective, and recovery time objective.
Maximum tolerable downtime
(MTD) The total length of time
that a process can be
unavailable without causing
significant harm to your
usiness.
Recovery point objective (RPO)
The measurement of data loss
that is tolerable to your
organization.
Recovery time objective (RTO)
The planned time and level of
service needed to meet the
system owner's minimum
expectations
CREATE YOUR RECOVERY PLAN
1. Identify stakeholders including clients, vendors, business owners, systems owners, and
managers.
2. Identify your response team members, as well as their roles and responsibilities.
3. Take inventory of all your hardware and software assets.
4. Identify and prioritize critical business functions, applications, and data.
5. Set clear recovery objectives.
6. Define backup and recovery strategies.
7. Test your plan.
8. Develop a communications plan to inform key stakeholders.
9. Develop a training program for employees to ensure everyone is aware of their roles,
esponsibilities, and order of operations during an unplanned outage.
10. Optionally, engage with your Managed Service Providers (MSPs) to identify areas in
which they can assist you with your recovery efforts.
UNCLASSIFIED
© Government of Canada | This document is the property of the Government of Canada. It shall not be altered, altered, distributed beyond its intended audience, produced, reproduced or published, in whole or in any substantial part thereof, without the express permission of CSE.
Testing is critical. You can identify inconsistencies and address areas that need revision. Be sure to use a test environment to
avoid business inte
uptions. Some example test strategies include:
Checklist: Read through and explain the steps of the recovery plan.
Walkthrough: Walk through steps without enacting them.
Simulation: Use a simulated incident or disaster to familiarize the recovery team with their roles and responsibilities.
Parallel test: Set up and test recovery systems to see if they can perform operations to support key processes. You keep your
main systems in full production mode.
Cutover test: Your recovery systems are set up to assume all your business operations, and you disconnect primary systems.
This type of test causes business inte
uptions, requiring additional pre-planning.
CHOOSE YOUR RECOVERY STRATEGY
LEARN MORE
Visit the Cyber Centre website (cyber.gc.ca) to learn more about cyber security topics
and find our entire collection of publications, including:
ITSAP XXXXXXXXXXTips for Backing Up Your Information
ITSAP XXXXXXXXXXHave You Been Hacked?
ITSAP XXXXXXXXXXBest Practices for Passphrases and Passwords
ITSAP XXXXXXXXXXCyber Security Tips for Remote Work
ITSAP.00.70 Supply Chain Security for Small and Medium- Sized Organizations
ITSE XXXXXXXXXXBenefits and Risks of Adopting Cloud-Based Services in Your
Organization
ITSAP XXXXXXXXXXRansomware: How to Prevent and Recover
ITSM XXXXXXXXXXCyber Security Considerations for Consumers of Managed Services
CLOUD VS. ON-PREMISES RECOVERY
With a cloud-based recovery platform, you can connect easily, from anywhere, with a
variety of devices. You can back up your data frequently, and it can be less expensive
than purchasing and maintaining an on-premise platform because you pay for the space
you need as you need it. Using the cloud can also reduce or eliminate your need to have
a separate offsite recovery site
DISK MIRRORING
Disk mi
oring replicates data on two or more disk hard drives. Disk mi
oring automatically switches
your critical data to a standby server or network when your main system experiences unplanned
downtime. If you’re unable to restore your systems, you can use the mi
or copy. It is important the
mi
ored copy is backed up to a separate server or location that is unaffected by the outage.
There are several options to consider when implementing your recovery strategy, but you should choose a recovery strategy that meets your business needs and security requirements.
TEST YOUR PLAN
HOT, WARM, OR COLD SITE
Hot: Back-up site with the same servers and equipment as your primary site. Functions the same as
your primary site and is always kept running in case of downtime. Data synchronization occurs within
minutes to hours, reducing the risk of data loss.
Warm: Back-up site with network connectivity and some equipment installed. Set up required to get the
site to function at the full capacity of your primary site. Data synchronization occurs less frequently,
which can result in some data loss.
Cold: Back-up site with little to no equipment. Requires more time and resources to set up and restore
usiness operations. Data synchronization can be a difficult and lengthy process as servers need to be
migrated from your primary site, resulting in a higher risk of data loss.
STORAGE REPLICATION
Storage replication copies your data in real time