it disaster recovery planfluencycontent2-schoolwebsite.netdna-ssl.com/filecluster/...the purpose of...

IT Disaster Recovery Plan of 8

Learn more… Do more… Be more…

IT Disaster Recovery Plan October 2019

Carole Gibbs 10/1/19 Ratified by Governors



Introduction

The purpose of this document is to set in place strategies to ensure the secure backup and recovery hardware and/or data stored on the school networks. The data to backup includes school management data files and all network user documents. The strategies in place will be robust enough to ensure the recovery of data files and databases in any circumstances. Identified risks are:

Fire or flood

Electrical failure or surge

Lightning strike

Catastrophic hardware (including portable media) or software failure

Virus or malware attack

Accidental damage to or theft of hardware

Accidental file deletion Data can be destroyed by system malfunction or accidental or intentional means. Adequate backups will allow data to be readily recovered as necessary. The ongoing availability of important data is critical to the operation of the school. In order to minimise any potential loss or corruption of this data, individuals responsible for providing and operating administrative applications need to ensure that data is adequately backed up by establishing and following an appropriate system backup procedure.

Site Plan

Statement of Authority and Scope



This plan is intended to detail the accepted good practice in the backing up and restoring of data on the networked computer system.

The ICT Network Managers provide the framework, design and implementation of backup strategies employed by Priestlands School and they are responsible for the operation of these strategies, with the full support of the Senior Leadership Team and the Governing Body.

Backup Procedures

Backup Frequency There is a dedicated backup server located in Robert Hole. All backups are stored on site, except for email which exists only off site and has default backup provision for 14 days retention.

Critical network user and data servers are backed up daily with some non-critical technical servers backed up less frequently.

Servers The main servers are located in the Main Building Hall in a side room which is locked with air conditioning to keep the room cool. The room has a fire door.

Back up servers are held in the Robert Hole building in a server cupboard between H24/H25 which also has a fire door and air conditioning.

Virus Protection

The school purchase virus protection through Microsoft EES (Enrollment for Education Solutions) annual subscription. Updates to Definition files are scheduled several times daily.

Systems

Finance system: PS Financials is held on the server and only the School Business Manager, Finance Staff and the Headteacher have access rights according to their level of approval. PS Financials are able to remote access the Priestlands Employees workstation under the employees control. From there they can connect to and administer the database server. Contact for PS Financials 01733 857051 or email [email protected]

Payroll system: Pegasus Opera is held on the server and only the School Business Manager and HR/Payroll Officer have access rights to the full system. The school has a contract with Enhanced who are based in Poole. They can remote access the system through “letmein” remote access software. Contact for Enhanced 01202 308001. Parent Payment system: Tucasi School Cash Office (SCOpay) is a system which enables parents to make payments on line or alternatively in school. It is held in the cloud, therefore the risk is minimised and limited to cyber-attack. The school has no access to parents debit/credit card details as Worldpay provides the school with payment information but not card information which is not retained. Contact for Tucasi 02380 016564 Biometric Catering: Provided by CRB Cunninghams. There is no routine backup built into the system however historical purchases and money balances are synchronised daily into Tucasi with transactions held in the cloud. Contact for CRB Cunninghams 0333 0143064 Telephone System: Managed through Communications South who installed telephone hardware and incoming telephone lines. The school has an annual maintenance contract. Contact for Communications South on 02392 833933.

mailto:[email protected]



CCTV System: Managed through Premier Fire & Security. CCTV is held on a multiple DVR Controllers in the Site Office and is stored for a maximum of two weeks. Contact for Premier 01794 339999 SIMS: Managed through Capita. Information is locally hosted on school servers. Support is with Hampshire through an IT SLA Contact Hampshire CC IT Help Desk on 01962 847007 Servers: Medhurst are the installers of the core servers and backup solutions including warranty. The school has a support SLA for third party technical support. Contact for Medhurst 01489 56300 or email [email protected] Wireless Network: Supplied by switchshop – no support contract in place Contact for Switchshop 01438 831870 Groupcall: Operated and supported by Groupcall using data extracted from SIMS Contact for Groupcall 020 8506 6100; https://support.groupcall.com/; [email protected]

Risks/Actions to be taken

Issue Considerations Actions/Contacts

Cable damage either overhead or underground

Coach House is fibre optic cabled to Gurney Dixon therefore if network switch hardware failure occurs in Gurney Dixon, both buildings are affected

Gurney Dixon Network cabinet is linked to the Main Building Network Cabinet with fibre optic cable routed through the Robert Hole building. Both cables merge around the external wall of the Technology Block to the Main Building – In the event of damage affecting the cable, the connection to Technology/Robert Hole/Gurney Dixon and Coach House would be lost.

Contact Clear Electrical Services (David Williams) 07867972078 or 01489 807277 Zurich (if claim is required) 0800 028 0336 Policy KSC 242045-9173

Loss of electrical power

UPS are battery units that deliver 240 volts of electricity and are attached to the Servers, Controllers and Network Cabinets They are intended to:

provide constant protection from damaging changes in the electrical supply

provide sufficient ‘run-time’ to keep hardware running during a momentary loss of power in order to provide enough time to manually shut down

The batteries in the UPS units have a finite life cycle (2-3 years), and these should be routinely replaced.

There are 2 mains electrical power supplies on to the Priestlands Site. These are the responsibility of the SE Power Distribution. The school has various electrical distribution boards within the site

Contact Wings for local problem on 01962 847778 or out of hours 0870 242220 Contact SE Power Distribution on 0800 072 7282 or call 105


https://support.groupcall.com/





Loss of internet Email:

total loss of access to email Finance:

Tucasi Schools Cash Office will not be operational

Online SCOPay payments will not synchronise to the Kitchen

PSFinancials – Purchase Orders cannot be emailed

Payroll – Payslips cannot be emailed

Contact Hampshire IT Help Desk (HPSN2.1) Site Reference 1771 on 01962 847007

Fire Main Building and Robert Hole which house core server and backup server

Contact as required: (See numbers above) Hampshire IT Help desk 01962 847007

Zurich Insurance 0800 028 0336 Policy KSC 242045-9173

Wings Property Services on 01962 847778 or out of hours 0870 242220

Medhurst IT support on 01489 56300

Switchshop on 01438 831870

Communications South on 02392 833933

Flood Main Building – at risk due to blocked drains – potential flood Robert hole – low risk as on first floor

Zurich Insurance 0800 028 0336 Policy KSC 242045-9173



Lightning Damage to CCTV, wifi and network infrastucture Zurich Insurance 0800 028 0336 Policy KSC 242045-9173



Premier Fire Security for CCTV and fire panel damage on

01794 339 999




Cyber attack Viruses, trojans, worms and ransomware, can work their way through the network, destroying, deleting, or encrypting files and data. The source of these attacks could be from the Internet, internal machines becoming compromised or users acting maliciously.

If a server is attacked, it could be brought offline and would require rebuilding

If a Virtual Machine is attacked it can recovered from the latest backup on the Backup Server

If the Backup Server is attacked, the backup data may still be available,

if the backup data is attacked, it will be rendered useless.

Antivirus software is installed on some servers and virtual machines and all client workstations. All servers will be complete within the next 12 months Hampshire IT Help desk 01962 847007


Communication Registers

Take paper copies

Photocopying

Photocopiers are located in Nichols (2), Robert Hole (1), Science (1) and Main Building (3) for off line printing

Printing One admin machine in the front office will be

connected directly to a printer for off line printing. This is replicated in Robert Hole Maths Office

Phones Contact the Communications South and ask

them to redirect to an emergency mobile number.

Internet to access email

Many staff have smartphones and so are able to access their email using their mobile data contract which would not be affected by the school losing connection.

Backup plan for communicating with staff

Start of day / end of day staff briefings

Email still sent from mobile devices

Duty students

Paging system if phones are working

Backup plan for communicating with students Via tutors during registration Paging system if phones working

Front office to print off weekly IT Network Managers to ensure both machines are set up Communications South on 02392 833933



Glossary

Backup Server

The server on which the backups reside. Backup software in use is called VEEAM. Located in Robert Hole, top floor, Cupboard between H24 and H25. Air conditioned See also Failover, Replication

Controller A hardware device dedicated to controlling one thing. For instance the WiFI and Telephone systems each have a dedicated controller. CCTV is shared amongst several controllers, each responsible for recording a percentage of the Cameras.

Core Switch

The central switch, to which all other Edge switches are connected. It is responsible for ‘routing’ the entirety of the data flowing over the network.

Edge Switch A switch located around the site, serving a dedicated area, normally a building. It will be connected back to the Core switch, normally via fibre optic cable. There are likely to be multiple edge switches, connected together in the one cabinet to increase the capacity of that cabinet.

Host

A physical hardware server/machine, responsible for ‘hosting’ the Virtual Machines/Virtual Servers which perform the server functions. There are 3 Hosts in the Server Core, and 1 Host for the Backup Server

Failover Related to the Backup Server, a production VM can fail over to the Replication/Backup VM

Fibre Optic cable The cable used for connecting building together. All cable from outlying building is routed towards the Server Core.

Host A physical, core server/machine, that are the hardware on which the Virtual Machines (VMs) run. There are multiple Hosts connected in a Cluster. The cluster allows failure of one or more Hosts to be tolerated, with the surviving Hosts adopting the VMs that the failed Host was controlling.

HyperV

Microsoft HyperV is the Operating System used on the Core Servers/Hosts, for the management of the Virtual Servers

Network Cabinet A metal cabinet screwed to the wall, or freestanding, in which the network switches are located

Replication A type of Backup: “When you replicate a VM, Veeam Backup & Replication creates an exact copy of the VM in the native HyperV format on a spare host, and maintains this copy in sync with the original VM. Replication provides the best recovery time objective (RTO) values, as you actually have a copy of your VM in a ready-to-start state.” “If a production VM goes down, you can immediately fail over to a VM replica, giving users access to the services and applications they need with minimum disruption while you resolve the issue.”

SAN (Storage Area Network)

One device, that contains all the disc storage for the network. It is connected to the Hosts.

Server A machine that serves something. Could be a Physical or Virtual Machine.



Generally considered to be an important ‘machine’, used in the day to day running of the School

Server Core

The room in which the Core Servers, and other core hardware is located. Our Server Core is located off the Main Hall in Main Building. Ground Floor. Air Conditioned.

Switch A network device, located in a cabinet, into which every computers network cable in that area is routed. Multiple switches may be grouped to increase capacity. See Edge Switch and Core Switch

UPS - Uninterruptable Power Supply

These are batteries, which deliver 240 volts output, for a limited amount of time (roughly 5 to 30 minutes, depending on the specification of both the UPS, and the devices plugged in to them). Their intention is to ‘smooth out’ rapid spikes or dips in the mains electricity thereby protecting the delicate circuitry of the attached devices, and to provide 240 volt power for brief outages of the mains supply. In the event of a sustained loss of mains power they give you minutes of time to either manually shut down gracefully all important computers, or automated and pre-configured UPS monitoring software may perform this function on the attached devices.

VEEAM

The software used for Backups. Installed on the Backup Server.

Virtual Machines Virtual Servers (VMs)

A VM is the server that you actually use (eg File Server, Print Server, SIMS etc). Multiple Virtual Machines run on a physical machine called a Host. We use Microsoft HyperV technology.

it disaster recovery planfluencycontent2-schoolwebsite.netdna-ssl.com/filecluster/...the purpose of...

Documents