Secure Business Continuity: Strategies for Business...

Secure Business Continuity: Strategies for Business

Continuity Management and Disaster Recovery

This Symantec Yellow Book is intended to help organizations deploy a combination of Symantec products

to ensure business continuity management and disaster recovery best practices. This book gives business

and technology leaders viable strategies for recovering data after a disastrous event. It provides rigorous

methodology for driving business continuity management best practices to help with information technology

disaster recovery. In addition, the book provides details for IT professionals about how to automate recovery

procedures while simultaneously securing data and alternate sites from unauthorized use. Also discussed

are the techniques that many organizations consider the best automation and testing practices available for

business continuity management.

Symantec Yellow Books deliver skills and know-how to our partners and customers as well as to the technical

community in general. They show how Symantec solutions handle real-world business and technical problems,

provide product implementation and integration know-how, and enhance the ability of IT staff and consultants

to install and configure Symantec products efficiently.

About Symantec Yellow Books™

www.symantec.com

Overview of business continuity management

concepts, IT business process support and IT disaster

prevention and recovery

Best practices for automation and testing

Faster recovery to ensure appropriate RTO/RPO levels

Technical information for product deployment,

configuration sequences, and achieving synergies

Secure Business Continuity:

Strategies for Business

Continuity Management

and Disaster Recovery

A comprehensive approach to enhancing

business continuity planning and testing

Sy

ma

nte

c Y

ello

w B

oo

ks

™

Copyright © 2006 Symantec Corporation. All rights reserved. 05/06 10577173

Se

cu

re B

usin

ess C

on

tinu

ity: S

trate

gie

s fo

r Bu

sin

ess C

on

tinu

ity M

an

ag

em

en

t an

d D

isa

ste

r Re

co

ve

ry

SYB_SBC_FF.qxd 5/9/06 10:32 AM

Secure Business Continuity: Strategies for BusinessContinuity Management and Disaster Recovery

The software described in this book is furnished under a license agreement and may be used

only in accordance with the terms of the agreement.

Documentation version 1.2

Legal Notice

Copyright © 2006 Symantec Corporation.

All rights reserved.

Federal acquisitions: Commercial Software - Government Users Subject to Standard License

Terms and Conditions.

Symantec, the Symantec logo, Symantec Yellow Book, and all other Symantec or Veritas

trademarks, service marks, slogans, logos, etc. referred to or displayed in the document that

appear on the Symantec Trademark List are trademarks or registered trademarks of

Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be

trademarks of their respective owners.

Microsoft, Windows, Active Directory, Excel, JScript, Outlook, PowerPoint, SharePoint, and

Windows server are trademarks or registered trademarks of Microsoft Corporation.

Other brands and product names mentioned in this book may be trademarks or registered

trademarks of their respective companies and are hereby acknowledged.

The products described in this document are distributed under licenses restricting their

use, copying, distribution, and decompilation/reverse engineering. No part of this document

may be reproduced in any form by any means without prior written authorization of

Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,

REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,

ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO

BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL

OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE,

OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS

DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be "commercial computer software"

and "commercial computer software documentation" as defined in FAR Sections 12.212 and

DFARS Section 227.7202.

Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA

http://www.symantec.com

Acknowledgments

Symantec thanks the following people for their contribution to the Symantec Yellow Book™:

Principal Authors

Julie Murakmi

Rich Alford

Christina Baribault

Jeannette Starr

Par Botes

David Schwaderer

The principal authors and Symantec would like to thank the following contributors:

Linda Cerni

John Glen

Ravi Sundararajan

Jennie Grimes

Jose Iglesias

Dave Little

Rob Worman

Rob Wilde

Brian Bergevin-Smith

Darrin Slater

Ray Schafer

Diane Rafa

Howard Ojalvo

Mitchell Mikula

Todd Longwell

Josh Kruck

Doss Karan

Carol Grutkoski

Jeff Graham

Tom Clifford

Jason Chen

Mike Brookbank

Alan Bollinger

Nate Bangs

Sophia Abramovitz

Chapter 1 Business continuity basics

About this book .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Fundamentals of business continuity management ... . . . . . . . . . . . . . . . . . . . . . . . . . . 10

About business continuity planning .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Recovery Time Objectives and Recovery Point Objectives ... . . . . . . . . . . . . 12

Organizational roles and objectives ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Information technology disaster recovery .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Why business continuity management matters to IT .... . . . . . . . . . . . . . . . . . . . . . . . 17

Common IT DR planning mistakes ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Chapter 2 Business continuity management methodology

Developing a successful IT DR strategy .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Identifying the correct recovery objectives ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Assessing IT capabilities ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Developing the IT DR strategy .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Designing the IT DR architecture ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Implementing the technology solution .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Developing IT DR plans .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Training IT staff in disaster recovery .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Testing the IT DR strategy .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Analyzing unexpected IT outage events ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Implementing corrective changes and repeating the process ... . . . . . . . . 30

Symantec’s business continuity management role ... . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Chapter 3 Secure Business Continuity Solution Tiers

About IT disaster recovery and business continuity ... . . . . . . . . . . . . . . . . . . . . . . . . . 31

Establishing appropriate RTO and RPO values ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Tiered IT DR solutions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Basic Tier overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Silver Tier overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Gold Tier overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Bandwidth, distance, and RPO/RTO .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Contents

Chapter 4 Symantec Secure Business Continuity Basic Tier

Basic Tier overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

About the Symantec Gateway Security 5600 Series appliances

for the Basic Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

About Veritas NetBackup 6.0 for the Basic Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . 43

Basic Tier deployment ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

About deploying Gateway Security 5600 Series appliance for the

Basic Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

About deploying Veritas NetBackup for Windows for the Basic

Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Overall best practices for Basic Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Basic Tier example: Data recovery from primary to alternate site ... . . . . . . . 62

Chapter 5 Symantec Secure Business Continuity Silver Tier

Silver Tier overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

About Symantec Gateway Security 5600 Series appliances for

the Silver Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

About Symantec Critical System Protection for the Silver

Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

About Veritas Storage Foundation for Windows for the Silver

Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Silver Tier deployment ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

About deploying Symantec Gateway Security 5600 Series

appliances for the Silver Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

About deploying Symantec Critical System Protection for the

Silver Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

About deploying Veritas Storage Foundation for Windows and

Veritas NetBackup for the Silver Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Silver Tier example: data center disaster recovery preparation

sequence .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Provisioning the Silver Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Using the Silver Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Chapter 6 Symantec Secure Business Continuity Gold Tier

Gold Tier overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

About the Symantec Gateway Security 5600 Series appliances

for the Gold Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

About Veritas NetBackup Bare Metal Restore for the Gold Tier

... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

About Symantec Managed Security Services for the Gold

Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Contents6

Security data analysis infrastructure ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Typical network attack .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Gold Tier deployment ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

About deploying the Gateway Security 5600 Series appliance for

the Gold Tier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

About deploying Bare Metal Restore for the Gold Tier ... . . . . . . . . . . . . . . . 119

About using Bare Metal Restore for the Gold Tier ... . . . . . . . . . . . . . . . . . . . . . 123

About additional Bare Metal Restore features ... . . . . . . . . . . . . . . . . . . . . . . . . . . 126

Gold Tier example: Bare Metal Restore to alternate site ... . . . . . . . . . . . . . . . . . . . 128

Alternate site sequence .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Restoring the Shared Resource Trees (SRTs) ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

Creating a Dissimilar System Restore (DSR) configuration .... . . . . . . . . 130

Creating the boot floppy .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Customizing Bare Metal Restore restorations .... . . . . . . . . . . . . . . . . . . . . . . . . 134

Restoring a NetBackup client with Bare Metal Restore ... . . . . . . . . . . . . . 135

Chapter 7 Next steps in planning business continuity

Summary of business continuity planning .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Business continuity as an ongoing process ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Challenges in managing business continuity ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Final considerations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Appendix A Symantec Secure Business Continuity solutionproduct information

Symantec Managed Security Services ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Symantec Business Continuity Management Services ... . . . . . . . . . . . . . . . . . . . . . 146

Symantec Gateway Security 5600 Series appliance .... . . . . . . . . . . . . . . . . . . . . . . . . 147

Symantec Gateway Security 5600 Series product features ... . . . . . . . . . 148

Symantec Gateway Security 5600 Series specifications .... . . . . . . . . . . . . 150

Symantec Critical System Protection .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Symantec Critical System Protection product features ... . . . . . . . . . . . . . . 151

Symantec Critical System Protection system requirements ... . . . . . . . . 152

Veritas NetBackup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Veritas NetBackup product features ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Veritas NetBackup system requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Veritas Storage Foundation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

Veritas Storage Foundation product features ... . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Veritas Storage Foundation system requirements ... . . . . . . . . . . . . . . . . . . . . . 158

Veritas Bare Metal Restore ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Veritas Bare Metal Restore product features ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Veritas Bare Metal Restore system requirements ... . . . . . . . . . . . . . . . . . . . . . 160

7Contents

Index

Contents8

Business continuity basics

This chapter includes the following topics:

■ About this book

■ Fundamentals of business continuity management

■ About business continuity planning

■ Information technology disaster recovery

■ Why business continuity management matters to IT

■ Common IT DR planning mistakes

About this bookThis Symantec Yellow Book™ gives business and technology leaders strategies

for recovering from, remediating, and preventing data loss due to business

interruptions. These interruptions may or may not be disaster-based. This book

includes:

■ A rigorous methodology, based on business continuity management (BCM)

principles or design guidelines.

■ A strategy to automate recovery procedures while simultaneously securing

data and alternate sites from unauthorized use

■ A discussion of the best automation and test practices that Symantec has

developed over years of helping customers create and deploy business

continuity solutions.

This Symantec Secure Business Continuity Yellow Book also describes how

Symantec can be a valuable business partner in identifying, planning, and

implementing both IT disaster recovery and larger business continuity needs.

Symantec can play a role in fulfilling the larger need by offering a secure approach

1Chapter

to business continuity. A secure business continuity approach lets organizations

guard their data resources at the primary information processing sites while at

the same time copying the data to alternate processing sites and storage

repositories.

In addition, this book describes the Symantec Secure Business Continuity Solution

and the three recovery solution tiers it offers: Basic, Silver, and Gold. The options

are tiered, that is to say, the Gold Tier builds on the Silver Tier, which builds on

the Basic Tier. Your organization may find one or more of these solution tiers

useful because these recovery Tiers differ by the needs of the business to have

critical data available, the costs associated with having critical data available,

Recovery Time Objectives (RTO), and Recovery Point Objectives (RPO).

Your enterprise can use one or more of the Symantec solution tiers to develop

and refine business continuity strategies. All the tiers involve the most common

disaster recovery scenario: transferring the data processing that is performed at

a disabled primary site to a geographically independent, alternate disaster recovery

(DR) site.

While the totality of BCM is not limited to IT disaster recovery, the scope of this

book focuses only the subset of practices associated with IT disaster preparedness

and disaster recovery for application data.

Chapter by chapter, the book contains the following information for IT

professionals:

Provides a discussion for IT professionals, including CIOs and senior

managers, about the importance of and relationships involved in

Business Continuity management, IT business process support, IT

disaster recovery, and IT disaster recovery data recovery

Chapters 1 and 2

Provides IT data management supervisors with an overview of the

methodology for data recovery within IT disaster recovery

Chapters 3

through 7

Provides application recovery specialists prescriptive details on how

specific Symantec product sets meet business process recovery

requirements.

Chapters 4, 5,

and 6

Provides IT professionals with an overview of each of the Symantec

products in the Symantec Secure Business Continuity Solution.

Appendix A

Fundamentals of business continuity managementBusiness continuity management (BCM) is a corporate-wide management activity.

Its goal is to help companies protect their assets, earning capacity, customer trust,

Business continuity basicsFundamentals of business continuity management

10

and corporate reputation in the event of outages, disruptions, or other negative

events.

The Business Continuity Institute (BCI), in collaboration with the British Standards

Institute, is developing official certification standards for BCM practitioners.

The plan for the new standards is to establish official business continuity

management principles, processes, best practices, and terminology that

practitioners must observe to become BCM certified. BCI plans to provide

practitioners with a generic framework for incident anticipation, response and

evaluation techniques, and criteria descriptions.

Note: BCI has published a number of papers on business continuity management.

For more information on how to manage business continuity in your organization,

see Good Practice Guidelines (2005) - A Framework for Business Continuity

Management. This paper is available at no charge from BCI at: www.thebci.org.

BCI views business continuity management as an all-encompassing management

practice that can help you not only identify vulnerabilities that threaten your

organization, but can also provide a framework for building resilience and effective

response into the IT organization.

Because it is a comprehensive practice, business continuity management is also

interdisciplinary. Business continuity management includes the following

disciplines:

■ Disaster recovery

■ Facilities management

■ Security enforcement

■ Risk management

■ Supply chain management

■ Quality management

■ Health and safety management

■ Knowledge management

■ Emergency management

■ Crisis communications and public relations

Business continuity management can help organizations endure disruptions and

continue to meet business objectives. Therefore, an essential first step in

developing a business continuity plan is to understand the objectives of the

11Business continuity basicsFundamentals of business continuity management

business as a whole, and then to identify each business processes that is involved

in meeting those objectives.

About business continuity planningOne key to managing unforeseen events is having a well-documented business

continuity plan. This plan identifies the potential impact of unfavorable events,

formulates feasible continuity strategies, and develops the processes to put in

place to eliminate unacceptable risk.

The business continuity plan should address the following issues:

■ What are the primary objectives of the organization?

■ What is the schedule for achieving these objectives?

■ Who are the individual and group contributors, and what are their roles?

■ Which contributors can provide both internal and external support?

■ What are the deliverables?

■ How are the deliverables measured and delivered?

To help prepare answers to these questions, many organizations use the concepts

of Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Recovery Time Objectives and Recovery Point Objectives

Recovery Time Objective (RTO) is the duration between failure and functional

recovery. An RTO value specifies the maximum length of time an organization

can wait after a disruption for an alternate disaster recovery site to become

operational. For example, if an event takes an application out of service, and the

application has an RTO of one week, the organization can wait a week before the

application becomes available at another site.

Recovery Point Objective (RPO) is the amount of data loss that can be tolerated

by a business. The RPO specifies the maximum amount of time at the primary

site for which work can be lost. Lost work is work that cannot be recovered at the

alternate site after a data transfer occurs. For example, if an event takes an

application out of service, and the application has an RPO of two days, the

organization can withstand a loss of two days' processing before the application

becomes available again at another site.

Different functional organizations and business units in an enterprise require

different RTO and RPO measures to translate the business needs for availability

and security of data into IT investments. These investments will vary based on

business requirements.

Business continuity basicsAbout business continuity planning

12

Figure 1-1 depicts the relationship of RTO and RPO to an unplanned event and

the storage product technologies that help achieve the two objectives.

Figure 1-1 The relationship between RTO and RPO

Organizational roles and objectives

IT disaster recovery activities comprise a subset of IT responsibilities, but are a

critical part of total business continuity activities.

Figure 1-2 indicates that the skills and resources of IT organizations are put to

their most efficient use when they are clearly aligned with larger organizational

objectives. This is perhaps even more true when it comes to IT's role in disaster

prevention, remediation and recovery.

13Business continuity basicsAbout business continuity planning

Figure 1-2 Organizational roles involved in sustaining business processes

Many IT organization executives have learned that they can become more effective

by adopting the business vernacular and code of conduct employed at the executive

layer of their organization.

It is a best practice for IT to align with corporate and business unit goals. Failure

to do this is most obvious during a disaster recovery event where it is too late to

change. A business-aligned disaster recovery plan is one that is:

■ Co-sponsored or co-owned by the respective business unit and corresponding

IT organization

■ Defined in both business and IT recovery terms

■ Routinely tested to ensure accuracy and completeness in approach and

technology investments

In short, business and IT alignment is a critical element of most successful

companies. When it comes to business continuity, that alignment is all the more

critical.

For an IT organization, primary responsibilities or roles include those associated

with reliable, safe computing. Such roles include oversight for the following

network components and operations:

■ Servers

■ Applications

■ Data security

Business continuity basicsAbout business continuity planning

14

■ Data recovery

■ Database administration

■ Network management

Information technology disaster recoveryIT disaster recovery (IT DR) is concerned with keeping information systems

available and quickly recoverable in the event of a disaster. IT DR includes the

following tasks:

■ Preventing failures from impacting businesses processes

■ Creating alternate failover data centers

■ Creating failover network infrastructure

■ Establishing vendor support with outside parties to obtain rapid system access

during an outage

■ Providing alternate access and authentication means for users

■ Moving mission-critical data rapidly to an alternate site

■ Recovering data at the alternate site

■ Reconfiguring and restarting applications at the alternate site

■ Validating operational readiness following fail-over to alternate means

■ Recovering primary site and systems/applications

■ Restoring services at primary site

These tasks usually associated with IT disaster preparedness and recovery are

typically organized under programs such as risk management, disaster recovery,

facilities management, health and safety threat mitigation, emergency

management, and security maintenance. Given this range of disciplines, even the

relatively narrow scope of IT disaster recovery is often impressively broad.

To help unify these separate teams during disaster recovery, most IT organizations

focus on restoring IT application services using a Recovery Time Objective (RTO)

and Recovery Point Objective (RPO) methodology. Such a methodology is helpful

because man made disasters such as system penetrations, worms, and viruses can

transcend individual technologies and involve multiple security teams.

Figure 1-3 shows that a business process's RTO and RPO can involve several

interdependent and sequential activities.

15Business continuity basicsInformation technology disaster recovery

Figure 1-3 Interdependent RTO and RPO activities

Different business units and applications often have different RTO and RPO

requirements for a given business application. Because the IT department supports

such applications and already interacts with these business units, it can help

determine the RTO and RPO of the application. Although organizations may use

different methods for determining these values, some approaches are considered

best practices.

While the methods that IT organizations use to determine these values differ

from other organizations, there are some approaches that are widely regarded as

best practices. For example, the RTO should not be based solely on the time it

takes to recover applications and data. It should also include the time needed to

resume using the applications. This includes the time IT managers need to

reprogram networks, change client configurations, and perform other application

and infrastructure specific recovery tasks. If an application is complicated to

install, the RTO may involve a lot more time and effort than simple data recovery.

For environments that are sensitive to minimal data loss, a technology solution

for achieving a RPO of less than two hours is currently emerging in the industry.

Companies requiring RPOs of zero to two hours generally deploy replication

technologies. Replication technologies are often expensive and complex, and

should be used only when cost-justified.

This book focuses only on techniques and considerations for application data

recovery efforts with a RPO and RTO value of eight hours or more. It also focuses

Business continuity basicsInformation technology disaster recovery

16

only on the recovery of application data at an alternate site as opposed to

considering how to switch networks from the primary site to the alternate site

and restart applications. Future versions of this book will cover more aggressive

RTO and RPO needs and address the recovery of key applications as well.

Why business continuity management matters to ITTo remain viable in difficult circumstances, an organization must identify its

essential business processes and protect them. Because IT information system

downtime causes external inaccessibility and invisibility, it can seriously threaten

the entire organization. Prolonged downtime creates risk to clients, branding,

and image, and exposes the business to litigation and market share loss.

Increasingly, organizations are beginning to discover that business partners only

want to do business only with organizations that can persuasively demonstrate

that they have effectively provisioned themselves for IT disaster recovery

according to sound business continuity management (BCM) practices. Therefore,

BCM cannot focus on protecting only individual departments or functions.

Minimizing IT application downtime or recovering a piece of equipment is not an

efficient goal to have in business continuity management. Rather, the purpose of

BCM is to save the organization as a whole. Losing sight of that purpose can

seriously threaten any business continuity planning effort.

BCM is not a project. It is a continuous process that is embedded in an

organization’s culture. Many IT professionals may recall that corporate security

initially began as a series of independent projects involving badges, cameras, and

so on. Now, in most organizations, security programs involve the reporting of

entrance tailgating incidents, mysterious packages, and more. Business continuity

management is a constant, risk mitigating activity that involves ongoing planning,

prevention, detection, response, automation, and recovery practices. To be

successful, the smaller, departmental goals and the larger, organizational goals

must align.

One excellent way IT organizations can align IT DR goals with larger business

goals is to prioritize all the organization’s business processes, establish RTO and

RPO values for each, and present a small number of IT DR solutions that enable

executive managers to select the solution they desire. This enables management

to make an informed business decision that directly links the investment in the

IT DR solution to the overall value of the business process.

Common IT DR planning mistakesUnfortunately, planning efforts alone do not ensure an effective IT disaster

recovery (IT DR) plan. Planning efforts can be difficult to conduct, and improper

17Business continuity basicsWhy business continuity management matters to IT

planning procedures can render even the most thorough IT DR strategy defective,

so this book will provide some best practices.

Often, when an organization is asked about their Recovery Time Objective (RTO)

and Recovery Point Objective (RPO), they respond, "I can't afford any downtime

and I can't afford to lose any data."

Few organizations can afford the costs associated with no downtime or data loss.

To identify more realistic goals, recognize that its easier for managers to express

best-case desires than to think about the bare minimum requirements to sustain

a business process. It's safer, too, or at least it seems safer at first. However,

best-case desires almost never align with the companies financial goals and

objectives. Formulate your RTO and RPO questions so as to elicit responses that

keep managers of business processes aligned with the larger financial goals of

the company.

Instead of asking the head of an accounting business unit how long she can wait

after a disaster before accounting processes were resumed, you might hone the

RTO question to the following:

"How long can your department go without billing before company revenues as

a whole are impacted to the extent that critical financial obligations can't be met?"

You have recast a technology question as a business question and used terms that

the manager can understand. The manager is more likely to answer your question

with measurable values.

By asking questions that target specific requirements, you get managers to think

about the real cost of doing business. An excellent test for distinguishing between

a desire and a requirement is that a desire can be cost-reduced. Business leaders

usually recognize this, so it is important that your IT DR plan development

methodologies reflect this realization as well.

By following the BCM methodologies, considerations, and best practices outlined

in this book, Symantec can provide you with a Secure Business Continuity Solution

that is aligned to the goals of your organization.

Business continuity basicsCommon IT DR planning mistakes

18

Business continuity

management methodology


■ Developing a successful IT DR strategy

■ Symantec’s business continuity management role

Developing a successful IT DR strategyDeveloping a resilient IT disaster recovery (IT DR) strategy is a daunting

undertaking. Beyond just addressing changes in technology, a successful IT DR

strategy must be flexible enough to respond to changes in the business itself.

Based on its experience with numerous customer engagements and projects,

Symantec has developed a proven method for creating IT DR plans and

architectures.

The method consists of the following major tasks:

■ Identifying the correct recovery objectives

■ Assessing IT capabilities

■ Developing the IT DR strategy

■ Designing the IT DR architecture

■ Implementing the technology solution

■ Developing IT DR plans

■ Training IT staff in disaster recovery

■ Testing the IT DR strategy

■ Analyzing unexpected IT outage events

2Chapter

■ Implementing corrective changes and repeating the process

The IT DR plan is an interactive process. It evolves to meet the challenges of new

technologies, business process, and threats.

Some threats require that IT incorporate new compensations into their existing

disaster recovery plan, while others require that they modify or discard large

parts of the plan. The plan must be continually revisited to incorporate new

threats. Let’s examine each planning step in detail, highlighting best practices

along the way.

Identifying the correct recovery objectives

The first task in disaster recovery planning is to identify and solve the correct

problems so your IT DR plan is relevant and affordable. To identify the correct

problem, you must first identify all essential business processes. This survey

allows you to identify Recovery Time Objectives (RTOs) and Recovery Point

Objectives (RPOs). After you identify the correct recovery objectives, you can

recommend infrastructure investments and select technology appropriately based

on your findings.

To conduct a top-down survey, start at the divisional or subsidiary’s head office

and ask questions that will help you to identify organizational structure and

processes.

Table 2-1 lists several key planning questions and the parts of the IT DR plan that

they identify.

Table 2-1 IT DR planning questions

Part of planQuestion

Identifies existing business

processes

What business processes do you have?

Identifies the business process’

RPO

How much data can each business process afford to lose

before the organization suffers serious financial harm?

Identifies the business process’

RTO

How long can each business process wait to get IT back

before the organization suffers serious financial harm?

Your questions should address the needs of specific departments and also address

various contingencies. For example, the plan should not only address how get

financial IT functions up and running, but also how to get the staff back on the

site.

Table 2-2 illustrates what business processes questions you might ask to the

finance department.

Business continuity management methodologyDeveloping a successful IT DR strategy

20

Table 2-2 Questions for the finance department

Financial FunctionConsequence

Accounts payableHow long can you not pay any bills until threat of

corporate bankruptcy appears?

Accounts receivableHow long can you not deposit payments until threat of


Regulatory filingsHow long can you delay regulatory filings until threat

of corporate shutdown appears?

PayrollHow long can you delay paychecks until threat of


Typically, when you frame your questions using the correct business context, you

receive longer RTO values. For example, the head of the finance department will

most certainly give you a longer RTO value after he has considered the time it

would take just to get the necessary staff back in the building after a catastrophic

event. This is important because short RTO values are significantly more expensive

to address.

Common application RTO values that managers report include the following:

■ 0 hours

■ About 24 hours

■ About 72 hours

■ Between three to seven days

■ More than seven days

These typical RTO values reflect the type of technology involved, such as real-time

replication, asynchronous replication, and tape backup. These values usually

reflect what IT can already support. The tiers of RTO values are a guide for IT to

match technologies in the infrastructure to specific applications, and extend these

RPOs to the business processes that the applications support.

After you complete the survey, you will have a better understanding of your

organization's business processes and the hardware and software supporting

them. You can then determine how the consequences of catastrophic events will

specifically impact each of your business processes and the supporting technology.

A well understood impact in many businesses is significant corporate harm such

as bankruptcy or the halting public trading of the company. With airlines, the

consequence might be grounded planes. With telecommunications companies,

the consequence may be delays in billing or lost call records.

21Business continuity management methodologyDeveloping a successful IT DR strategy

As you survey the organization, be sure to set expectations for significant costs

and business disruptions when a disaster recovery plan is implemented during a

disaster. The organization should know before disaster strikes that the IT DR plan

optimizes very limited resources to sustain the organization.

The IT DR plan can potentially incur appreciable costs at activation. For example,

one such cost might be the purchase of electrical generators to keep problems in

the electrical grid from affecting business processes. Other aspects of the DR plan

may result in considerable personal inconvenience or discomfort, and may require

substantial overtime in an unfamiliar location far from the employees home.

The focus of the IT DR plan is on recovering and sustaining the business processes,

not restoring the business processes to exactly the way they were conducted before

the event occurred. The business processes must be able to perform a new business

transaction within their RTO. This may mean using crude, manual procedures to

keep costs down or maximize the available staff. Hence, some

previously-automated processes may temporarily be replaced with alternate

means, meant for short-term use. For example, there could be lack a of printers

or only electronic manuals and manual scheduling of previously automated tasks.

Manual processes can usually combine with technology. The solution does not

have to be completely technology-based. Organizations often discover that

combining technology and manual recovery processes can be the most economical

approach to solving the problem for the short term.

There can be a hierarchy of RTOs. For example, it is first necessary to determine

if there is a disaster in the midst of confusing circumstances and information,

whether the entire organization should relocate to an alternate site, and whether

the IT group should begin to activate or even procure hardware at the alternate

site.

These determinations introduce decision delays, after which, the available IT DR

team must recover the systems; load the alternate recovery systems with recovered

data; validate the systems, data, and applications; reconfigure the applications

for access on the recovery systems; and bring the network up for access by available

end users.

Delays in any layer of subordinate RTOs cumulatively adds to the overall RTO.

Even if IT is recovering the systems and applications according to the time lines

defined in the IT DR plan, the total RPO must incorporate the time taken to make

the decision to activate the DR plan. Thus, the RTO objective must account for all

steps and times involved in the overall DR plan.

Each business process has different subordinate RTOs. In order to identify these

RTOs, you must first identify the business process RTO.

Figure 2-1 shows the subordinate RTO tasks that must be completed within the

business process RTO.


22

Figure 2-1 Layers of subordinate RTO tasks

For example, consider an organization’s collective database applications. If one

business process requires database access in two hours, then IT must have the

database available in two hours. This may mean that other database applications

that share the same database are actually available earlier than their specific RTO

requires. Unrelated databases may have different RTOs. Therefore, having accurate

identifiable RTOs for each business process enables IT to prioritize its recovery

activities and optimize limited resources.

Setting priorities is impossible unless the top-down survey presents uniform,

consistent questions across applications and business processes. Unless a clearly

prioritized plan exists, the IT DR development will likely produce random DR

activities that will collectively prove ineffective in the event of genuine disaster.

Everything you recommend must be initially associated with a business process,

not tied to applications and technology.

Linking RTOs with business processes allows senior management to see the

organization from the business process/owner's vantage. A plan that aligns with

business objectives "speaks the language" of senior management and receives

their maximum attention. You will also be able to generate a correct problem

statement that addresses genuine organizational needs, speaks in terms of the

larger organizational view, and proposes a strategy that matches the actual

business needs. In contrast, an IT DR plan without the correct problem statement

wastes time and resources.


Assessing IT capabilities

After identifying the correct recovery objectives, realistically assess your IT

capabilities. IT should determine whether they can meet the identified business

needs the survey has identified. IT must understand its available skill sets and

understand whether or not it can meet business continuity expectations.

Realistic IT capability assessments usually identify gaps between BCM

requirements and existing IT capabilities. A number of common oversights

typically frustrate IT's efforts to meet identified RTO and RPO requirements.

A common error is neglecting to account for the time it takes to confirm that a

significant disruption has occurred, to decide that the business operations need

to relocate to an alternate site, and to deploy appropriate staff and assets. The

time required for these activities is subtracted from the RTO.

Table 2-3 lists realities that IT department often neglect to anticipate.

Table 2-3 Common IT DR oversights

CauseOversight

Usually, only 25% of the IT staff is present

following a disaster impacting a large geographic

area.

The absence of critical staff

The staff may not be trained in particular

technologies or activities.

Technology application failures

Undocumented or ad-hoc processes which relies

on specific staff instead of established plans.

Bad, blank, incorrect, or mislabeled

recovery media

The recovery IT staff is not operating in ideal

recovery facilities. Conversely, staff is often

fatigued and working in unfamiliar facilities, far

from home.

Confusion, mistakes, and collisions

occurring in the frantic activities

occurring during a site fail-over.

Any staff present during an actual IT DR effort needs to be resourceful enough

to accomplish the requisite tasks involved with meeting RTO goals.

When an IT staff understands the gap between business process recovery

requirements and its own capabilities, the staff can begin to develop a strategy

that bridges the gap.

Developing the IT DR strategy

You are now ready to have the organization’s leadership select which solution or

set of solutions it prefers based on their available budget and risk tolerance. This


24

solution (or set of solutions) will form the basis for your IT DR strategy. Starting

with the lowest-level organizational unit you interviewed, review their identified

business processes and associated RTOs and RPOs. Next, present your multiple

solutions, each with associated cost estimates and assumed risks identified. Show

how each solution addresses the department's needs. Continue the review with

the remaining organizational units, moving closer to the CEO’s office with each

step. Finally, present the requirements and solutions to the CEO with all

organizational leadership in attendance. You have just represented a solution set

that renders the IT DR decision a business decision.

By presenting options, costs, and risks to the decision makers you have

demonstrated that the IT group is aligned with business goals and objectives.

This straight forward approach aligns solution funding along the following

executive business priorities:

■ Presentation of business options to enable business decisions

■ Delivery of specific Service Level Agreements (SLAs) with associated

assumptions and identified risks

■ Presentation of recommendations with business tradeoffs

You can help refine the IT DR strategy by participating in the organization’s

business review activities that enable organization executives to reexamine their

business objectives. The periodic meetings identify organizational changes and

shifted capabilities. Moreover, they attempt to reuse investments and strategies

and leverage experience and training.

During business reviews, you can review the IT DR choices and verify that they

are still relevant by asking the following questions:

■ Are these still your business processes?

■ Has your vulnerability to downtime increased?

■ Are these the right RTOs and RPOs?

■ Are these the correct assumed risk tradeoffs?

■ Is this the correct cost model?

When you know the answers to these questions and an advantageous technology

appears on the market, you have an opportunity to adapt and evolve to better

serve the business.

Figure 2-2 illustrates that the solution becomes more advanced based on the RPO

and RTO requirements. Note that there is a direct relationship between cost model

and RPO/RTO requirements.


Figure 2-2 IT disaster recovery solutions and technology choices

Designing the IT DR architecture

When an organization has developed its IT DR strategy, it is time to design IT DR

architecture options. This means the IT organization determines how the selected

high-level solution should be implemented and which technology components

should be used.

Designing the IT DR architecture involves answering the following questions:

■ What facilities are required?

■ Where will the alternate site be located?

■ What vendors should be involved in provisioning?

■ What specific products and technology should we use?

■ What should be automated?

You should develop two to five architecture solutions to enable the organizational

executives to select the one they prefer. For each solution, you should estimate

associated costs and identify alternatives (for example, internal or outsourced)

via SLAs. Finally, each solution should have alternatives based on the reuse of

existing investment, SLA requirements, and the solution itself.

Table 2-4 shows examples of solution alternatives.

Table 2-4 Alternative solutions

AlternativeSolution

Multiple RPO's & RTO's, each one assigned

to a specific application or process

All business processes uses the same IT DR

RPO/RTO


26

Table 2-4 Alternative solutions (continued)

AlternativeSolution

Software approach where older hardware is

merged into the DR architecture gradually

Hardware centric solution, replace existing

hardware with new hardware and it's

associated capabilities

Automate recovery of most systemsAutomate recovery of key systems

Use both sites where one of the sites runs

secondary production tasks such as

reporting, archiving etc.

Use the Secondary site as a standby site

Implementing the technology solution

After all vital business process needing DR protection have been identified, a DR

solution plan is created and the technology is implemented. The implementing

the DR solution will include the following:

■ Hardware

■ Software

■ People

■ Processes

Implementing the technical solution needs to be a properly managed IT DR project.

The length of the implementation phase is dependent on the complexity of the

architecture.

For most IT departments, it is very tempting to implement all of the solution

products simultaneously. Often this is where exciting new technology is

implemented for the first time. However, it is best is to implement each

technological component of the solution in isolated phases.

For example, if we are working on implementing a medium sized IT DR solution,

then it is often feasible to execute the implementation in three phases. The first

phase implements the majority of the components on a subset of the systems that

needs to be protected. As the systems are validated, there is enough experience

to warrant expanding the implementation. More advanced functions on more

critical systems can be introduced in phase 2. This will allow the implementation

team to make corrections to the technology dependencies such as networking as

the implementation is done. The last phase should be focused on scaling out the

solution by implementing it across all the systems under protection.

Implementing the technology solution in a phased approached gives the technical

team an opportunity to refine the solution for the environment. This process can


expedited by using staff experienced in modern DR methodologies and

technologies.

Developing IT DR plans

After implementing the technology solution, there are detailed processes the

organization should perform when a disaster strikes. These processes include the

steps that identify disasters, escalate activities, communicate status, respond to

disasters, and notify end users that IT DR activities have begun.

The plans should be detailed, specific, and clearly documented. They should

include methodology descriptions such as the automated scripts to run, and the

sequence in which to run them. Plans should include the mechanisms that enable

IT DR spending limit increases for purchasing needed equipment when disaster

strikes.

It is generally wise to have the DR IT plans developed based on refinements and

observations from the implementation phase. This ensures that the IT DR plans

are in tune with the technical capabilities and any tradeoffs which may have been

decided during the implementation. This is a significant step in the planning as

this is the opportunity to document the entire IT DR implementation and the

scenario that it covers.

Training IT staff in disaster recovery

After developing the IT DR plan, staff must be trained to use the plan. Typically,

the plan architects are a small group who may need to implement the plan in the

event of a disaster. In some instances, some people in IT departments may have

to implement a plan they did not help to write. In other instances, IT DR staff not

be able to assist in DR activities due to the circumstances of the outage.

Finally, make everyone aware a plan exists and educate them about its contents.

They must know how to locate the plan when disasters occur. Then, emphasize

that staff must follow the plan without improving any of it because failure to

follow the plan exactly compromises any opportunities to refine the plan based

on experience.

Testing the IT DR strategy

When the IT DR staff is trained in disaster recovery, it is important to test the

plan realistically.

The first test should include a well-defined, bounded recovery scenario, followed

by periodic subsequent tests. Each subsequent test should include the previous

test scenario(s) as well as additional complexities comprising a new 25% additional


28

workload. With this approach, 75% of any test scenario should amount to

practicing past activities. The new workload should stretch the organization and

potentially invite a learning-through-failure experience that only realistic

experience gives.

The incremental testing approach enables the IT DR team to select a long term

goal and continually advance towards that goal through practice. Each test builds

on previous testing experience.

To help ensure that the plans remain effective, the repeated 75% of the exercise

should rehearse skills that people already possess. History teaches that RTOs and

RPOs rarely get longer with time. In fact, their values usually decrease. Therefore,

the fact that practicing a plan provides a quick response is helpful.

Another way to increase the validness of tests is to randomly select participating

IT staff members for the test. 25% of the participating staff could be lesser-skilled

staff members, which would yield a more realistic mix of experienced and

less-experienced staff on which to base the simulate DR event. The goal to design

tests that allow you to formulate a specific competency metric, and which enable

you to find growth-building potential.

Analyzing unexpected IT outage events

It is an unfortunate fact that accidents and mistakes occur during disaster recovery

efforts. In such cases, it is essential that the IT department conduct an analysis

when recovery completes. Otherwise, the IT staff can miss an excellent opportunity

to enhance its capabilities.

Events can initially be deceiving because seemingly small events can rapidly

become more serious and debilitating. For example, a small, seemingly safe

software update can disable an entire IT facility. Typically, the triggering event

that eventually forces relocating to an alternate site is either a man-made disaster

such as applying a bad patch or a natural disaster such as an earthquake.

When any such event occurs, be wary of improvisations that lead to a solution

but cannot be sustained. A well-executed plan is always better than individual

heroic efforts. Remember, the goal of IT DR is to resume business processes.

Resolving the impact of unexpected real events using the IT DR procedures

demonstrates IT’s commitment to that goal.

Therefore, an IT DR event recovery process should always begin the same way:

by reaching for the IT DR plan. Consistent action helps you avoid an unexpected

situation in which unplanned and incorrect action can accelerate the situation

into a crisis.


Implementing corrective changes and repeating the process

Any deviations in the DR plan that occur in DR simulations or unexpected failures

must not be resolved ad-hoc. Instead, each deviation must be analyzed, and the

appropriate corrective action must be written in the DR plan. When a DR event

occurs, there may not be staff at hand with specialized or critical skill. The plan

must be specific and detailed enough that it can be executed by junior staff or

even with temporary staff.

The best DR plans are repeatable and descriptive enough that they can be executed

by anyone skilled in information technology without specific knowledge about

the organization.

It is equally important to realize that business processes rarely are static and thus

the DR plan has to evolve and reflect the business processes as they evolve and

the technology selected to support the business processes. BCM and IT DR planning

is a continuous process that is constantly refined. It is a common mistake to

develop DR plans and only perform initial tests of the DR plan without any ongoing

refinement. This mistake is only seen when its too late, typically after a disaster

or audit and the DR plan doesn’t fully restore the business processes. The best

way to avoid this mistake is to continuously evolve and test your organization's

DR plans by repeating these steps and incorporating previous decisions and

insights.

Symantec’s business continuity management roleSymantec recognizes the challenges associated with business continuity

management. It works with customer organizations as an organizationally-neutral

partner within their cultural and process framework. This approach helps the

organization achieve their business goals through proper business decision

methodologies. It starts with business processes and risk management of the

processes.

Symantec has found that organizations are often less interested in solving an

individual backup problem than they are in developing resilient system solutions

within BCM processes. Customer engagements can range from single solution

proposals to helping customers develop complete design strategies for architecture

that involve storage systems architecture and utility computing considerations.

Finally, Symantec understands that such solutions demand the best product for

a task and is therefore a hardware vendor-neutral solutions provider.

Business continuity management methodologySymantec’s business continuity management role

30

Secure Business Continuity

Solution Tiers


■ About IT disaster recovery and business continuity

■ Establishing appropriate RTO and RPO values

■ Tiered IT DR solutions

■ Bandwidth, distance, and RPO/RTO

About IT disaster recovery and business continuityToday’s business environment is characterized by increasing uncertainty and

regulatory oversight. Many organizations either do not have a disaster recovery

plan or have one that they have not reviewed since preparing it for the IT industry’s

year 2000 (Y2K) vulnerability. A popular industry statistic suggests that nearly

half of the organizations experiencing a disaster cease operations within five

years because of adverse customer reaction and recovery costs. This unfortunate

situation is remedied by applying business continuity management (BCM)

principles.

Table 3-1 lists examples of natural and man-made disasters.

3Chapter

Table 3-1 Examples of natural and man-made disasters

Man-made disastersNatural disasters

■ Hacking, phishing, pharming

■ Application failure

■ Database corruption

■ Computer system disruptions

■ Denial of Service attacks

■ Malicious software

■ Viruses, worms, trojan horses

■ Strikes, social unrest, demonstrations

■ Sabotage, terrorism

■ Application upgrades and patches

■ Human error

■ Earthquakes

■ Fire

■ Flooding or water damage

■ Storms and hurricanes

■ Power grid malfunctions

■ Communication grid malfunction

BCM comprises a broad spectrum of planning activities and provisions that

organizational management performs to ensure organizational survival following

disasters.

IT disaster recovery (IT DR) activities are a subset of IT activities. They are the

emergency activities an IT department conducts in preparation for an impending

natural disaster, such as an approaching hurricane, or conducts shortly after an

unanticipated man-made disaster, such as a computer virus attack.

Figure 3-1 shows the relationship between IT DR data recovery and business

continuity.

Secure Business Continuity Solution TiersAbout IT disaster recovery and business continuity

32

Figure 3-1 IT DR data recovery scope

IT DR plans contain many considerations and provisions. The best plans reflect

complete alignment with the organization’s business priorities. The IT unit must

therefore develop IT DR plans through close coordination with organizational

management so that the selected IT DR plan is effective and matches

organizational risk tolerance with associated cost and burden.

Establishing appropriate RTO and RPO valuesAs a BCM practices subset, IT DR data recovery plans reflect that different business

processes have different critical components with differing Recovery Time

Objectives (RTOs) and Recovery Point Objectives (RPOs).

Figure 3-2 depicts a sample subset of an organization’s information processing

system and the numerous applications spanning a variety of interconnected

systems.

33Secure Business Continuity Solution TiersEstablishing appropriate RTO and RPO values

Figure 3-2 Example organizational information processing system

Multiple IT applications support organizational business processes. In this

example, two of these applications are an Apache Web server and an SQL database

server. Each application has an associated RTO and RPO.

Establishing the appropriate RTO and RPO for each application is critical. As the

value of an RTO decreases, the cost of the technology to meet the RTO increases.

Conversely, when an RTO has a value that is too large, the business continuity

exposure cost becomes excessive. The goal is to choose an RTO that matches

business process needs and balances organizational risk tolerance with appropriate

cost.

Figure 3-3 shows the relationship between RTO and RPO.

Secure Business Continuity Solution TiersEstablishing appropriate RTO and RPO values

34

Figure 3-3 Aligning investments with business risk

Similarly as the value of an RPO decreases, the technology and IT procedural costs

required to meet the objective are increasingly expensive. As the RPO value

decreases, the technical and IT procedural costs to meet the RPO increase. The

goal is to choose an RPO that matches business process needs and balances

organizational risk tolerance with appropriate cost.

Tiered IT DR solutionsTypically, an organization’s collective business process RTO and RPO values and

associated IT applications sort into a few ranges. This allows IT DR activities to

be grouped into procedures that support business practices within a particular

tier. Basic, Silver, and Gold solution tiers support all business processes.

Table 3-2 shows the tiers and their associated RTO and RPO values.

Table 3-2 Symantec solution tiers and their estimated RTO and RPO values

RPO ValueRTO ValueTier

24 Hours7 DaysBasic

8 Hours24 HoursSilver

8 Hours8 HoursGold

Tiers beyond the Gold Tier have very stringent RTO and RPO values that involve

expensive and complex solution considerations, such as high-performance system

35Secure Business Continuity Solution TiersTiered IT DR solutions

clustering. There are certain types of applications that in some industries must

have an RPO and RTO of zero. These applications are often custom made to achieve

the zero RPO and RTO characteristics. While Symantec Corporation delivers

solutions including products and services that enable customers to meet the

stringent requirements of these level solutions, this discussion focuses on

describing technologies and best practices for the Basic, Silver and Gold Tiers.

Note: The more aggressive RTO and RPO products and services will be

characterized in a future update to this Symantec Yellow Book.

Basic Tier overview

The Basic Tier addresses the needs of business processes having an estimated

7-day RTO and a an estimated 24-hour RPO. The selected example application for

the Basic Tier is a regular file server and the workload is presented for illustrative

purposes only. Many other applications and workloads also fall into this category.

The Basic Tier protects against man-made and natural disasters but requires a

manual restoration of systems and data at an alternate site.

Figure 3-4 shows the Symantec Secure Business Continuity Basic Tier configuration

with a typical file server.

Figure 3-4 Basic Tier configuration with typical file server

To meet the typical file server SLA commitment, the Basic Tier uses the following

Symantec products for the following associated purposes:

Secure Business Continuity Solution TiersTiered IT DR solutions

36

■ Anti-virus

■ Firewall

Symantec Gateway Security

5620 appliance

■ Tape backup

■ Data encryption

Veritas NetBackup

■ Tracks backup tapes at an off-site location

■ Preforms fast restores at an off-site location.

Veritas NetBackup Vault

Option

In this solution, NetBackup is the product of choice used to back up data onto tape

media that is stored in an alternate location and retrieved for subsequent IT DR

procedures. Data on cartridges is manually moved between sites. Encryption is

used when the cost of CPU processing is less than the potential liabilities associated

with losing the cartridges. Passwords are separately stored from the cartridges

and should be transported separately from the cartridges to a safe location.

Silver Tier overview

The Silver Tier configuration contains all components from the Basic Tier plus

the following products with the following associated purposes:

■ Virtual Private Network (VPN)Symantec Gateway Security

5640 appliance

■ Intrusion detection system (IDS)

■ Intrusion prevention system (IPS) services

Symantec Critical System

Protection

■ Disk Storage Units (DSUs) for high-performance data

backup

■ Disk based backup

Veritas NetBackup

■ DSU resource virtualization

■ Mirror data across sites

Veritas Storage Foundation

For the Silver Tier, the selected example application is an Apache Web server as

well as a SQL Server workload. The key objective is to show how to quickly recover

systems in a network with multiple workloads.

Figure 3-5 shows the Symantec Secure Business Continuity Silver Tier

configuration.

37Secure Business Continuity Solution TiersTiered IT DR solutions

Figure 3-5 Silver Tier configuration

Gold Tier overview

The Gold Tier adds the following products to the Silver Tier configuration, with

the following associated purposes:


■ Intrusion detection system (IDS) services


5640 appliance

■ Automate recovery of systems

■ Automate recovery of applications

Veritas NetBackup Bare

Metal Restore option

■ Analyze and monitor threats and security policies across

both sites by Symantec's Security Operations Center

Symantec Managed Security

Services

This tier introduces automation to reduce recovery time.

Figure 3-6 depicts the Symantec Secure Business Continuity Gold Tier

configuration.

Secure Business Continuity Solution TiersTiered IT DR solutions

38

Figure 3-6 Gold Tier configuration

The Gold Tier shows how automation can be applied to quickly recover systems

and applications at the alternate site. The technology in the Gold Tier can

automatically recover systems and applications from any of the workloads depicted

in the Basic and Silver Tiers.

For all example configurations, the associated Symantec Secure Business

Continuity solution delivers IT DR capabilities that enable organizations to achieve

appropriate levels of prevention, testing, automation, and recovery for their

individual needs.

Bandwidth, distance, and RPO/RTOThe technologies and solutions presented here apply to alternate site distances

up to 100 KM from the primary information processing site. Additional technology

provisions and tradeoffs become necessary for longer distances. These tradeoffs

often require specialized equipment and significant capital investments.

To properly design any solution based on RPO and RTO, an IT department also

needs to calculate two key pieces of data. Neither RPO nor RTO can be met if the

amount of data requiring transfer to the alternate site is greater than the

bandwidth available to transfer the data. When planning the architecture and the

39Secure Business Continuity Solution TiersBandwidth, distance, and RPO/RTO

implementation of the disaster recovery plan, the design must include application

data change rates. The amount of data changed must equate to the amount of

data transferred. The data change rate is also affected by how the Symantec

NetBackup application obtains the data.

For example, suppose the server holds a 1 GB file system with a 5% daily change

rate. It is reasonable to expect the data change rate is 50 MB. However, the solution

relies on the backup infrastructure to transfer data to the alternate site. If the

daily fileserver is a full data backup, then the daily data backup burden for daily

NetBackup transfers is 1 GB.

Symantec advocates using advanced backup methods to protect the systems. This

means using file level backup when appropriate and using more advanced clients

such as applications-specific backup agents whenever possible. This reduces the

effective data change rate in the backup infrastructure.

To accommodate current and anticipated data growth, you must size the network

capacity between the primary and alternate sites and calculate the amount of

storage in the disk-based data protection layer. In any environment, expect that

multiple RTO and RPO requirements exist. An individual data center within an

information processing infrastructure usually benefits from incorporating multiple

data protection levels within the same data center.

The business process stands to gain from the effort required to understand

potential growth and change. IT will have a well-defined method for modeling

and coping with information growth after analyzing current data at rest, data

change rates, and the bandwidth and storage required to manage and protect the

applications. It serves as a continuously repeating process that can support other

business functions such as forecasting and budget planning.

Secure Business Continuity Solution TiersBandwidth, distance, and RPO/RTO

40

Symantec Secure Business

Continuity Basic Tier


■ Basic Tier overview

■ Basic Tier deployment

■ Basic Tier example: Data recovery from primary to alternate site

Basic Tier overviewWith business continuity management (BCM), each business process has an

associated Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

After establishing the RTOs and RPOs, IT professionals often find they organize

into several categories. This small number of categories allows the IT Disaster

Recovery (DR) planning effort to match the categories to the appropriate Secure

Business Continuity Solution tiers: Basic, Silver, or Gold.

Enterprises with business processes that have an estimated 7-day RTO and an

estimated 24-hour RPO can benefit from the Symantec Secure Business Continuity

Basic Solution. The Basic Tier assumes recording all backups to tape media that

are safely stored at an alternate, remote location.

The Basic Tier uses the following products for the following associated purposes:

Antivirus and firewallSymantec Gateway Security 5600 Series

appliance

Enterprise tape backup and restorationVeritas NetBackup

4Chapter

Tape backup with data encryption

protection.

Veritas NetBackup Encryption option

Tracking backup tapes at an off-site locationVeritas NetBackup Vault option

Figure 4-1 depicts the Basic Tier configuration with Symantec Gateway Security

5600 Series appliance, Veritas NetBackup with the Encryption and Vault options

installed.

Figure 4-1 The Basic Tier configuration

About the Symantec Gateway Security 5600 Series appliances for theBasic Tier

The Symantec Gateway Security 5600 Series appliance, running Symantec Gateway

Security 5600 Series v 3.0 software, is a comprehensive network security device

that integrates firewall, VPN, antivirus, intrusion detection and prevention,

content filtering, and high availability/load balancing components into an

appliance that protects networks at the gateway to the Internet or subnets of

larger WANs and LANs.

Each SGS 5600 Series family member can provide multiple security protection

technologies in a single, rack-mountable, plug-and-protect appliance that acts as

an enterprise security gateway. For the Basic Tier, the security gateway provides

firewall and antivirus protection.

The particular Symantec Gateway Security appliance recommended by Symantec

depends on the size of the infrastructure it protects. A more powerful model can

Symantec Secure Business Continuity Basic TierBasic Tier overview

42

easily replace a less powerful model if the size of the installation requires it. Many

organizations appreciate that all models provide the same user interface.

Through the Symantec Gateway Security Gateway Management Interface (SGMI),

you can remotely and securely control, as well as monitor individual or clustered

security gateways and create configurable policies for users and user groups. In

addition to its simplified policy management, a Symantec Gateway Security 5600

Series appliance facilitates installation and configuration efforts through

pre-configured and hardened operating system software and an array of setup

wizards.

About Veritas NetBackup 6.0 for the Basic Tier

Veritas NetBackup Enterprise Server version 6.0 provides system administrators

with a customizable, flexible backup and recovery solution that operates in a

heterogeneous environment. It allows administrators to define and perform

scheduled, calendar-driven, unattended backups for networked client systems

using a single administration console and operational interface. NetBackup clients

can include LAN client desktop systems as well as data center systems that provide

network application processing and access to online databases such as Oracle,

DB2, Microsoft SQL Server, Sybase, Informix, Microsoft Exchange, Microsoft

Sharepoint Portal Server, Lotus Notes, and SAP.

NetBackup can enable system administrators to protect an entire organization’s

data. Because of the operational economies that a single global interface presents,

many organizations have benefitted from the simplified and efficient operational

model that NetBackup provides in both normal and disaster recovery operations.

NetBackup accommodates multiple servers working together under the

administrative control of one or more NetBackup master servers. The master

server(s) manage backups, archives, and restores. Media servers are directed by

the master server and provide additional storage by allowing NetBackup to use

the storage devices that they control. Media servers can also increase performance

by distributing the network load. A master server may also function as a media

server.

During a backup operation, a client sends data to a NetBackup Media server.

NetBackup uses agents to send data from the client to the media server and stores

information (metadata) about the data in its catalog (e.g. ctime, mtime, permissions

etc.). The NetBackup master server manages the catalog, backup operations,

backup archives, as well as restore operations. A NetBackup Master Server is the

operational point of control for any action initiated within the backup

infrastructure.

The online, hot catalog is new in NetBackup 6.0. It is policy-based, which means

that it has all of the scheduling flexibility of a regular backup policy. This catalog

43Symantec Secure Business Continuity Basic TierBasic Tier overview

backup type is designed for use in highly active NetBackup environments where

there is usually backup activity taking place and the catalog size is large. It is a

best practice to perform regular catalogue backups to speed up restoration

performance in the event of a disaster.

Symantec highly recommends you schedule daily catalog backups and store them

off the local Master Server on a network share or removable device. Additionally,

the disaster recovery file should be sent via customizable email notification to

the backup administrator after every catalog backup

See the NetBackup 6.0 System Administrator's Guide, Volume I, for more

information about catalog protection and maintenance and performance options.

Optional NetBackup features offer functionality to encrypt data before it is

transmitted to its backup medium. Many regulatory laws consider this an essential

data protection consideration for tapes that could get lost or stolen.

About the NetBackup Encryption option

Companies usually lock their buildings to protect their investments. Similarly,

they secure their networks to protect data, but often overlook the security of their

backup data. Backup and recovery information often represents a complete mirror

of existing corporate and customer data, making its security vitally important.

When companies move unencrypted backup information by tape or disk to an

offsite location, they can potentially expose private customer data, corporate

financial data, and intellectual property to significant risk. Encrypting your backup

and recovery data provides you with an important layer of protection.

The NetBackup Encryption option protects critical data from unauthorized access

and tampering while in transit as well as when it resides on backup media. The

process of applying and managing encryption keys is simplified through

integration with NetBackup. NetBackup provides organizations the ability to

select from multiple levels of encryption when configuring backup policies.

NetBackup Encryption is a separately priced option that provides file-level

encryption for backups and archives. NetBackup uses passphrases and strong

encryption, encoding data with 128-bit or 256-bit or greater ciphers (the higher

the number the stronger the encryption).

To configure and run encrypted backups, NetBackup Encryption software must

be available on the NetBackup clients. You can accomplish this either through a

push install from a NetBackup server or through direct local installation on the

client. If you plan to use push installs, you must first install the Encryption

software on the server.

Symantec Secure Business Continuity Basic TierBasic Tier overview

44

About the NetBackup Vault option

The NetBackup Vault option is an extension to NetBackup that automates

duplication of backup images for transfer to and from separate off-site storage

facilities. NetBackup Vault generates reports to track the location and contents

of all backup media. In addition to Disaster Recovery, the Vault functionality

allows you to manage your off-site backup media for regulatory archival purposes.

On Windows, NetBackup Vault is installed when NetBackup is installed; no separate

installation procedure is required. However, to use Vault, you must enter a separate

license key specifically for the Vault option if it was not included as an add-on

with the base license key.

The term vault refers both to a logical entity associated with a particular

NetBackup Media Manager robot and to an off-site storage location protecting a

tape set. In contrast, vaulting is the practice of sending backup images to a

protected, off-site storage location. If backup tapes are destroyed at a primary

data center location, vaulting therefore ensures that selected backup copies are

available at an off-site location. NetBackup Vault tracks the copies and requests

these tapes return from the off-site location after a specified period of time for

reuse.

Because of human errors and system component failures, backing up data is

essential to any data protection strategy. This is particularly true for disaster

recovery strategies. Regularly backing up data and being able to restore that data

within a specified time are critical aspects of any data recovery system. Many

organizations also benefit from storing backup images off-site because this protects

against damage to on-site media and disasters that can damage or destroy a

primary information processing facility.

Recovering data can be a stressful, difficult, and time consuming process.

Successful recovery often depends on how well your organization has prepared

for any recovery effort and how simple the process is.

NetBackup Vault simplifies image duplication, off-site storage, and off-site retrieval

for administrators. In a DR effort, this simplification can prove advantageous

because successful data recovery requires tracking backup data images. This

allows a business to know when the data was backed up, enabling the organization

to identify information that cannot be recovered. Data backup schedules should

be selected to allow an organization to achieve its business process RPO. For

example, if an organization can accept one day’s data loss, the backup schedule

should be at least daily so they can achieve an RPO of one day following any

disaster.

Your organization also may have an RTO. Determining a business process RTO

depends on the type of disaster and on the recovery methods. Organizational

45Symantec Secure Business Continuity Basic TierBasic Tier overview

business process may collectively have several RTOs that individually depend on

which services the organization must recover and when.

Basic Tier deploymentThe Basic Tier provides the antivirus and firewall capabilities of the Symantec

Gateway Security 5620 appliance. For backup and recovery activities, data

encryption and tape vaulting are provided by Veritas NetBackup, which uses tape

media that is safely stored at an alternate, remote facility. The Basic Tier example

system for data recovery is a file server.

About deploying Gateway Security 5600 Series appliance for the BasicTier

The Symantec Gateway Security Administrator’s Guide describes deployment

details spanning a spectrum of user scenarios that include the Symantec Secure

Business Continuity Basic Solution and provides full setup, configuration, and

deployment instructions.

For the Basic Tier, the following software and hardware configurations have been

tested:

■ A gateway with two interfaces, each on a different LAN segment.

■ The Security Gateway Management Interface (SGMI) that manages the security

gateway and connects to the public Internet through a router. In our setup it

is locally connected and accessible within our protected network.

■ A security gateway reserved for one-way traffic.

■ Connection requests that are initiated from the protected network and pass

to external services.

If inbound access is enabled, you cannot secure the protected network

completely. You should not place mail or Web servers on the protected network

in this type of configuration.

Gateway Security 5600 Series appliance sizing considerationsfor the Basic Tier

The Symantec Gateway Security 5600 Series appliances are available in the 5620,

5640 and 5660 models.

Table 4-1 shows some of the model feature differences.

Symantec Secure Business Continuity Basic TierBasic Tier deployment

46

Table 4-1 Features of the Symantec Gateway Security 5600 Series appliances

5660 (extra capacity

and throughput)

5640 (Silver and Gold)5620

(basic)

Model

3.0 Gbps1.4 Gbps600 MbpsStateful Inspection

Throughput

320,000250,000200,000Concurrent Connections

4GB2GB1GBMemory

2x160GB1x160GB

1x160GB (optional

addition)

1x80GBDisk

686Copper Ethernet Ports

400Small form factor

pluggable slots (copper

or fiber)

In the table, stateful inspection, also known as dynamic packet filtering, is a

network layer firewall process. Unlike static packet filtering, which examines a

packet based on the information in its header, stateful inspection tracks each

connection traversing all firewall interfaces to ensure they are valid. As an

example, a stateful firewall may examine not just the header information but also

the contents of the packet up through the application layer to determine more

about the packet than just information about its source and destination.

A stateful inspection firewall also monitors connection states and compiles the

information in a state table. Because of this, filtering decisions are based not only

on administrator-defined rules (as in static packet filtering) but also on context

established by prior packets that passed through the firewall. Finally, as an added

security measure against port scanning, stateful inspection firewalls close off

ports until connections are specifically requested.

Symantec Gateway Security 5600 network security bestpractices for the Basic Tier

Symantec encourages all users and administrators to adhere to the following basic

security practices:

■ Disable or remove unnecessary operating system services. By default, many

operating systems install auxiliary services that are not critical, such as FTP,

Telnet, or Web servers. These services are avenues of attack. If they are

47Symantec Secure Business Continuity Basic TierBasic Tier deployment

removed, blended threats have fewer exploitation points and you have fewer

services to maintain through patch updates.

■ Disable or block access to any network services where there is a known exploit

until they are properly patched.

■ Update your antivirus definitions automatically at the gateway, server, and

client.

■ Keep your patch levels up-to-date at all times, especially on computers that

host public services and are accessible through the security gateway, such as

HTTP, FTP, mail, and DNS services.

■ Enforce a password policy. Complex passwords make it difficult to crack

password files on compromised computers. This helps to prevent or limit

damage when a computer is compromised.

■ Configure your email server to block or remove email that contains file

attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe,

.pif and .scr files.

■ Isolate infected computers quickly to prevent further compromising your

organization. Perform a forensic analysis and restore the computers using

trusted media.

■ Train employees not to open attachments unless they are expecting them.

Also, do not execute software that is downloaded from the Internet unless it

has been scanned for viruses. Simply visiting a compromised Web site can

cause infection if certain browser vulnerabilities are not patched.

You can find additional information, in-depth white papers, and resources

regarding enterprise security solutions by visiting the Symantec Enterprise

Solutions Web site at:

http://enterprisesecurity.symantec.com

About deploying Veritas NetBackup for Windows for the Basic Tier

The Secure Business Continuity Basic Solution involves manually transporting

data between two sites via tape.

The associated steps are:

■ Backup data from fileservers (clients)

■ Encrypt the backup data using client encryption

■ Store the encrypted backup data on tape

■ Use vault to create a copy of the tape

■ Transport tape to alternate site archive facility


48

http://www.symantec.com/enterprise/index.jsp

■ Copy and transport catalog to alternate site, via a catalog backup

■ Restore tape data after servers are up and running at the disaster recovery

site

This section discusses the Basic Tier components necessary to perform these

tasks, how to deploy them, and what the component best practices are.

NetBackup installation considerations for the Basic Tier

Before installing NetBackup on client systems, ensure the client systems do not

have previously installed backup software that can negatively impact the

NetBackup installation or subsequent operations. Symantec recommends master

server systems have a total of 1 GB of storage space to accommodate the NetBackup

server software and NetBackup catalogs.

NetBackup catalogs contain backup information and grow in size with NetBackup

use. The required catalog disk space primarily depends on the number of files

backed up, backup frequency, and the amount of time backup data is retained.

The NetBackup installation guide identifies a minimum catalog space requirement

of 512 MB. However, the catalog volume will hold critical data and will grow sizably

based upon your backup frequency so it is recommended to allocate at least 2 GB

of catalog space.

About installing NetBackup server software for the Basic Tier

When initially installing NetBackup server, administrators have found it helpful

to install NetBackup software in the following sequence:

■ Master servers

■ NetBackup Enterprise Server only: Media servers, if any

■ NetBackup add-on products, if any

■ NetBackup Remote Administration Console, if any

■ NetBackup clients

Installing NetBackup requires walking through multiple wizards and

configurations.

Please refer to the Veritas NetBackup 6.0 Installation Guide for additional

installation information.

About data backup from fileservers for the Basic Tier

NetBackup provides a complete and flexible data protection solution for a variety

of platforms, including Microsoft Windows.


NetBackup administrators can set up periodic or calendar-based schedules to

perform automatic, unattended backups for fileservers across a network to tape.

By carefully scheduling backups, an administrator can achieve systematic and

complete backups over a period of time, optimizing network traffic during off-peak

hours. The backups can be full (backing up all client files) or incremental (backing

up only the files that have changed since the last backup).

For additional information on the general NetBackup data backup process, refer

to the Veritas NetBackup 6.0 System Administrator’s Guide, Volume I.

About using NetBackup encryption

NetBackup uses modern cryptographic standards to ensure the security of backed

up data. NetBackup must be prepared to perform encrypted backups before a

backup is invoked. To restore encrypted NetBackup files, a key file must be used.

Netbackup uses a passphrase you specify to create the key file as follows:

■ NetBackup uses a combination of secure hash algorithm (SHA1) and message

digest algorithm (MD5) to create up to a 256-bit key from the pass phrase.

■ NetBackup uses the Veritas private key and 128-bit AES algorithm to encrypt

the key created it creates after you run the bpkeyutil command.

■ The new key is stored in the key file on the client.

■ At run time, NetBackup uses the key and a random initialization vector to

encrypt the client data. The initialization vector is stored in the header of the

backup image.

Previous pass phrases remain available in the file for restores of backups encrypted

with those phrases.

Caution: It is important to remember all pass phrases, including old pass phrases.

Should a client’s key file get damaged or lost, you will need all pass phrases to

recreate the key file. Without the key file, you are unable to restore files that were

encrypted with the pass phrases. The key file must only be accessible to the

administrator of the client machine.

Figure 4-2 shows how NetBackup components protect clients. In the figure,

NetBackup Media Servers record client backup information to disk and tape

devices. Administrators can control activities through a single NetBackup Master

Server. IT organizations achieve a high-performance backup because NetBackup

clients send their backup data independently and in parallel with other Netbackup

clients directly to NetBackup media servers.


50

Figure 4-2 also illustrates how the NetBackup software performs data encryption

on backups. Client software transfers data across the network and stores it on

tape in the encrypted format. On restore, the encrypted data is read from media

and transferred across the network to the client before decryption.

Figure 4-2 Example Veritas NetBackup 6.0 for Windows Configuration

Preparing to use NetBackup encryption

To prepare for an encrypted NetBackup session, the following procedures must

be followed:

To install encryption software on clients

1 The NetBackup encryption software must be available on the NetBackup

clients. You can accomplish this either through a push install from the

NetBackup Server or through direct local installation on the client.

2 If you plan to do a push install, you must install the encryption software on

the server first by running the bpinst -ENCRYPTION command.

To create the NetBackup encryption key file

1 Locate the bpkeyutil command in the installation path of the master server’s

bin directory.

For a Windows server, the bin directory is install_path\NetBackup\bin

The bpkeyutil command sets up the cipher-based encryption keyfile and pass

phrase on each NetBackup encryption client

2 On the encryption client, run the following command:

Bpkeyutil -clients client_name

This command prompts for a new pass phrase to add to that client’s key file.


To set the encryption attribute on the NetBackup policy

◆ In the NetBackup Administration Console, on the Attributes tab of the policy,

set the Encryption attribute for the policy.

When the attribute is set, the NetBackup server requests NetBackup clients

to perform encrypted backups.

You can also use the Attributes tab to clear the Encryption attribute for a

policy.

If you want to encrypt the data you plan to backup, you must generate a keyfile.

Restoring the encryption key file

If a key file is unavailable, it is difficult or impossible to restore it from an

encrypted backup.

Use one of the following methods to ensure that the key file is available for

restores:

Most secure method to protect key file pass phrases. When

you add a pass phrase via the bpkeyutil command, write the

phrase down on paper, seal it in an envelope, and put the

envelope into a safe

Manual retention

Reinstall NetBackup and NetBackup encryption, then use

bpkeyutil to create a new key file with the pass phrases from

the safe

Refer to the chapter Redirected Restores of Encrypted Files in

the Veritas NetBackup 6.0 Encryption System Administrators

Guide for more information.

Encrypted backups

Figure 4-3 shows creating and storing the pass phrase in a secure location. In the

event a client key is damaged or lost the administrator will need to retrieve all of

the old pass phrases in order to recreate the key file to recover the client's data.

Figure 4-3 Securing the passphrases


52

About the NetBackup Vault process

The NetBackup vaulting process consists of the following steps, performed in the

order listed:

■ Choosing backup images

■ Duplicating backup images

■ Backing up the NetBackup catalog

■ Ejecting media

■ Generating reports

■ Handling expired media

See the Introduction to Vault chapter in the Veritas NetBackup Vault 6.0 System

Administrator’s Guide for additional information on the NetBackup vaulting

process.

Figure 4-4 provides a high-level overview of the NetBackup Vault process from

duplicating backups to be vaulted through loading expired tapes back into the

tape library for reuse.


Figure 4-4 Veritas NetBackup Vault Process overview

The NetBackup Vault Process table below describes the Vault process used by

existing NetBackup functions for all operations, such as duplication of images,

media control, reporting, and ejecting and injecting of tapes from off-site storage

facilities.


54

Table 4-2 NetBackup Vault Process

Procedure descriptionOperational Procedure

The first NetBackup Vault process step is choosing the

backup images that are candidates to be transferred off site.

This step, known as image selection, must be configured for

every Vault job. Vault uses this criteria within a Vault profile

(a set of rules for selecting images, duplicating images, and

ejecting media) to determine which backup images are

candidates to send off-site.

If you create multiple original images concurrently during

a backup job, Vault can send original images off site

(depending on the profile rules). If you duplicate images,

Vault use the primary backup images as the source image

for the duplication operation.

As a best practice, create profiles using a naming scheme

that helps organize your vault by data usage and your

profiles by time periods

About choosing backup

images

The second NetBackup Vault process step is duplicating

backup images that are candidates to be transferred off-site.

This step, known as “image duplication” writes backup

copies of backup images on media that you can eject and

transfer off site. NetBackup Vault uses the primary backup

images as the source image for the duplication operation.

About duplicating backup

images

The third NetBackup Vault process step is backing up the

NetBackup catalog. The NetBackup catalog consists of

databases of information about the NetBackup configuration

and any backups that have been performed. The information

and backups include records of the files and the media on

which the files are stored, including information about

media sent off-site. The catalog also contains information

about media and storage devices that are under the control

of Media Manager.

Backing up the catalog is optional. However, vaulting a

catalog backup with your data can help you recover from a

disaster more efficiently. Vault creates its own catalog

backup with up-to-date information; Vault does not

duplicate the NetBackup catalog.

Users should refer to the NetBackup System’s Administrator

Guide for more details on catalog backups.

About backing up the

NetBackup catalog


Table 4-2 NetBackup Vault Process (continued)

Procedure descriptionOperational Procedure

The fourth NetBackup Vault process step is ejecting the

media that you then transfer to secure storage at a separate

facility. NetBackup Vault reporting facilities track ejected

media and recalls the media from off-site storage for reuse

after the images expire. Media can be ejected automatically

by a scheduled Vault job or manually after the job has

completed. Media can be ejected for each individual job or

can consolidated into a single eject operation for multiple

vault jobs.

About ejecting media

The fifth NetBackup Vault process step generates reports.

Reports track the media managed by NetBackup Vault. You

and your off-site storage vendor can use the reports to

determine which media should be moved between your site

and the off-site storage location and time the moves

appropriately. Reports can also identify expired media and

list all media required for disaster recovery.

A NetBackup Vault job can generate reports or you can

generate them manually after the job is finished. Reports

can be generated for each job individually or can be

consolidated with a consolidated eject operation.

About generating reports

The sixth NetBackup Vault process step is handling the

expired media through reports for media coming on-site

that shows volumes that are being requested back from the

off-site vault. These reports are generated after media have

been ejected for the current Vault session.

Volumes are listed on this report because Vault determined

that they are in an off-site volume group and that all images

have expired. When Vault identifies these volumes, it change

the Return Date field for the media and add the media ID

and date requested to this report.

About handling expired

media

Before configuring NetBackup and Vault, you should review the information in

the “Best Practices” chapter of the Veritas NetBackup Vault 6.0 System

Administrator’s Guide to help you determine how to setup and configure Vault

based on your environment.

Before configuring NetBackup Vault you need to perform the following in

NetBackup:

■ Create off-site volume pools

■ Create a Vault Catalog backup schedule


56

About creating off-site volume pools

Volume pools identify logical sets of volumes by usage. They are used by Vault to

determine if a volume should be ejected. Volume pools for images to be transferred

off site are known as off-site volume pools. When you create the images that you

send off-site, write them to media in an off-site volume pool. During a vault job,

Vault searches a robot for images that match the selection criteria; if the media

the images reside on are in an off-site volume pool, Vault ejects that media.

Volume groups identify where volumes resides. They are used as a tracking

mechanism by Vault to determine where a volume is located. Volumes in a robotic

volume reside in a robot. During a Vault job, Vault searches the robotic volume

group for media that matches a profile’s criteria; if media are found, Vault ejects

that media and then moves it logically to an off-site volume group. (A logical move

means to change the volume attributes to show the new location) When a volume

in off-site storage expires and is injected back into the robot, Vault moves it back

into the robotic volume group.

Naming convention considerations for volume pools and groups

How you name pools and groups can help you (and others) organize and more

easily identify media if you have to recover data after a disaster.

Table 4-3 describes naming conventions for volume pools and groups.

Table 4-3 Naming conventions for volume pools and groups

ExampleNaming conventionProduct

Vaulted_Payroll, Vaulted_CustomerDB,

1_month_vault,

7_year_vault

identify the purpose or

data in the pools

Volume pools

Vault_Catalog_Backupsuse an easily

identifiable name

NetBackup Vault

catalogs

Offsite_SantaRosa_volume_groupuse names that indicate

the physical location of

the data

Off-site volume groups

Note:Avoid using the NetBackup volume pool for NetBackup Vault media. Because

the NetBackup volume pool is the default volume pool, if you use it for NetBackup

Vault operations, you will probably send more data off-site than you want to.


About creating the Vault Catalog Backup schedule

To perform a Vault catalog backup, Vault uses a special schedule of type Vault

Catalog Backup in an NBU-Catalog policy. Before you can configure the catalog

backup in Vault, you must create a Vault Catalog Backup schedule in an NBU

Catalog policy.

Following are some requirements and guidelines to review prior to creating the

Vault Catalog Backup schedule:

■ Perform the catalog backup step in NetBackup Vault. NetBackup Vault creates

a new catalog backup with up-to-date information; it does not duplicate an

existing NetBackup catalog backup. It is important to have a fresh backup of

the NetBackup catalog because it includes the latest information about

duplicated media and media location.

■ Use only one vault to perform a NetBackup Vault catalog backup.

■ Use a dedicated volume pool for NetBackup Vault catalog backups.

■ Use the robot attached to the master server, if you have one, for the NetBackup

Vault catalog backups. In most circumstances, that master server creates the

NetBackup catalog that remains on-site.

■ Retain the three most recent catalog backups in your off-site vault. In most

circumstances, you do not need to retain vaulted catalog backups for the same

length of time that you retain other vaulted backup media. Although you only

need one catalog backup in your off-site vault, for extra protection, maintaining

the three most recent catalog backups in your off-site vault is recommended

practice.

■ Specify an appropriate retention level so older catalog backups expire and are

recalled from off-site storage and only the three most recent catalog backups

remain in off-site storage. The NetBackup Vault “Recovery Report” lists only

the three most recent catalog backups in the off-site vault, regardless of how

many actually reside in the vault.

■ Perform a NetBackup Vault catalog backup before sending data off-site.

About creating the Vault Catalog Recovery Report

As part of creating a Vault Catalog backup, a Recovery Report is created and saved

to a location specified by the user.

Below are some best practices and guidelines for the Recovery Report:

■ Specify the location where the recovery file will be located using the Disaster

Recovery Tab. As a best practice, do not save the Recovery Report on the local

drive. This file is needed in case of a disaster has occurred to get the system

back.


58

■ Devise a unique naming convention that will be easy to identify for the media

you need to recover. The Recovery report for Vault shows all policies defined

on a NetBackup master server and all media that are required to restore the

backups between a given set of dates. The report displays the date range to

which the images on the media apply.

■ Securely store the Recovery Report every time you vault media. A disaster

that destroys your site can also destroy your Recovery Report. You will need

the Recovery Report to identify the media you need to recall from off-site

storage. Your vault vendor may allow you to vault your Recovery Report off-site.

If you have a recovery site, e-mail the Recovery Report to that site.

■ Generate the Recovery Report and send it to the vault at the alternate site

every time a catalog backup is completed. This will ensure that your Recovery

Report is always synched with the latest catalog backup.

For additional information on creating off-site volume pools and a vault catalog

backup schedule, refer to the “Introduction to Vault” chapter in the Veritas

NetBackup Vault 6.0 System Administrator’s Guide.

Vault configuration tasks

The Veritas NetBackup Vault 6.0 System Administrator’s Guide walks through

each and every wizard for configuring Vault and provides you with exceptional

information to help provide you with the best knowledge to make configuration

decisions.

As a best practice start with the “Master server, Media Server and Storage Units”

table in the chapter “Configuring Vault”. It provides you with the items you need

to collect and record to best configure vault.

In the Vault Management wizard, set the “Lookback days for Media going off-site

Reports" to match your RTO value. For the Symantec Secure Business Continuity

Basic Solution, we use seven days.

On the Vault Management Wizard Reports Tab, information gets propagated to

the “Report” tab of each Vault profile you create. It is important to make sure all

of the reports you want propagated are set in this wizard.

Table 4-4 shows the reports to use for media going off-site, for media coming

onsite and for report media.


Table 4-4 Best practices for NetBackup Vault reports

Report namesBest practices

■ Off-site Inventory

■ Distribution list for Vault

■ Detailed Distribution List for Vault

■ Summary Distribution List for Vault (useful in DR

situations)

■ Recovery Report for Vault

For media going offsite

■ Distribution list for Vault

■ Lost Media Report

For media coming onsite

Defer report until media is ejected (since some reports

don’t create a report until the media has been ejected,

this helps consolidate the amount of reports you need

to keep track of.

For report media

Another great source of information to refer to is “Recovering from Disasters” in

the Veritas NetBackup Vault 6.0 System Administrator’s Guide. This chapter

provides a general approach to the procedures to be performed in the event of a

disaster and addresses disaster recovery in the NetBackup Vault context.

About overlapping the NetBackup profile time window for theBasic Tier

NetBackup data administrators need to ensure that they correctly overlap the

profile time window. Correctly overlapping this window ensures that NetBackup

captures all backup images in a reliable, automated manner. When you are setting

up NetBackup, you should be sure to configure it to vault all of the data that you

want transferred off-site.

When you are setting up NetBackup, you should be sure to configure it to vault

all of the data that you want transferred off-site.

To ensure you vault all data, overlap the profile time window because a NetBackup

Vault profile uses a time range as one of the criteria for choosing the backup

images to vault. NetBackup Vault does not duplicate or eject a backup image that

already has a copy in the Off-site Volume Group. Therefore, NetBackup Vault does

not process images that have already been vaulted by a previous session. Perhaps

more importantly, backups that were not processed if a previous session failed

are processed when the profile runs again if the time window is long enough.

Configure the time window to be the sum of the following:

■ The longest expected downtime for a server or robot


60

■ Twice the length of the frequency at which the profile runs

For example, if you have a profile that duplicates images daily and your longest

expected downtime is three days, you should configure the time window to be at

least five days. If a robot fails and requires three days to repair, the next time the

profile runs it will select backup images that did not get vaulted during the

three-day downtime. Configuring the window to be longer, such as seven days,

provides even more resiliency. A longer time window forces NetBackup Vault to

search a larger image list for vault candidates.

Although that consumes more processing time, the extra processing time may

not be a problem because NetBackup Vault is a batch process that does not demand

immediate system response. As a best practice, it is suggested that you have a

robot dedicated to vaulting to lessen the impact of the processing time required.

Warning: When a vault session is delayed, some backup images may be missed if

the time window does not allow NetBackup Vault to select images from a wider

time range. For example, suppose your daily profile time window extends from 1

day ago to 0 days ago. If, on Tuesday, the robot has mechanical problems and the

NetBackup Vault profile fails, Monday night’s backups are not vaulted. On, say,

Wednesday, you fix the robot. When the next NetBackup Vault session begins on

Wednesday, it only selects backup images created during the previous 24 hours,

so Monday night’s backups are still not vaulted. If the profile’s time window had

spanned more than 1 day, the session would have picked up both Monday night’s

and Tuesday night’s backups.

Overall best practices for Basic Tier

Follow these overall best practices:

■ Have a well-documented disaster recovery and storage management plan in

place. This plan should include keeping catalog backup media IDs in multiple

physical locations. See theVeritasNetBackupVault 6.0 SystemAdministrator's

Guide for Windows .

■ Maintain an independent and separate test environment for software and

hardware upgrade testing and new device compatibility testing. This

environment should be used to test any changes planned for your production

system.

■ See the recommended best practices for your NetBackup optional software in

the guides for these products. For example, see the Veritas NetBackup Vault

6.0 System Administrator's Guide for Windows for NetBackup Vault best

practices.


■ Back up the Media Manager Configuration File (vm.conf). The

install_path\volmgr\vm.conf file contains configuration entries for media and

device management.

■ Create a separate media pool for catalog backups to ensure that catalog backup

images are not on the same tapes as user backups.

■ Avoid methods other than NTFS compression to compress the catalogs or

NetBackup may not be able to read them.

■ Do not manually compress the catalogs or NetBackup may be unable to restore

the catalogs using bprecover.

■ Always back up to a different disk than where the catalogs reside. If you back

up to the same disk and that disk fails, you will lose the catalog backups in

addition to the catalogs and recovery will be much more difficult. Also, ensure

that the disk has enough space for the catalogs or it will fill up and backups

will fail.

Basic Tier example: Data recovery from primary toalternate site

The Basic Tier provides IT DR capabilities for information processing system data

files that have no special considerations or dependencies on other files. Such files

would include spreadsheets, text files, and presentation files. Alternately, this

means the Basic Tier might not automatically provide many database files with

appropriate level of IT DR support.

Basic Tier assumptions for the primary site include the following:

■ A total disaster has occurred at the customer’s data center (that is, the original

master server and media servers are a melted pile of metal, glass, and plastic).

■ Replacement master server, media server(s), and client(s) already installed at

the DR location (OS is already installed, servers have device connectivity to

tape drive(s) and robot).

■ The DR master server and media server(s) have been configured with hostnames

that match the hostnames of the original hosts.

Basic Tier best practices for data recovery include the following:

■ Ensure that the most recently vaulted media (including the vault catalog backup

media, and the vault catalog backup DR file) is at the offsite location.

■ Ensure that the most recent set of vault reports (especially the vault Recovery

Report) is at the offsite location.

Symantec Secure Business Continuity Basic TierBasic Tier example: Data recovery from primary to alternate site

62

■ Retain a copy of the email generated by the vault Recovery Report. The email

and its attachment should be sent offsite alongside the printed vault recovery

reports.

To recover data for NetBackup, perform the following tasks:

■ Recover data from NetBackup servers

■ Recover data from NetBackup client

To recover data from NetBackup servers

1 Install NetBackup on the master and media server, including the appropriate

NetBackup patches.

Please refer to the VERITAS NetBackup 6.0 Installation Guide for more

information.

2 Configure the devices necessary to read the catalog backup media.

3 Identify and obtain (using the Vault Recovery Report) the media used for the

most recent catalog backup.

4 Obtain the email generated by the most recent catalog backup. This email

includes DR recovery instructions, and also includes an important attachment

that is called the DR Image File.

5 Make sure that the DR Image file is accessible on the master server.

6 Start the Catalog Recovery Wizard from the NetBackup Administration

Console, or start the wizard from the command line, using the

bprecover-wizard command.

7 Follow the Catalog Recovery Wizard instructions to recover the NetBackup

catalogs.

8 When the Catalog Recovery Wizard is complete, the master server and media

servers are now back in full operation.

9 Use the Catalog GUI to reset the primary copy setting so that the vaulted

media will be promoted to the primary copy for restore.

To recover data from NetBackup client

1 Install NetBackup client software on the client(s), including the appropriate

NetBackup patches.

Please refer to the Veritas NetBackup 6.0 Installation Guide for more

information.

2 Use the NetBackup Backup, Archive, and Restore interface to start restoring

the client data. This is where having descriptive policy and schedule names

is useful, to help identify the most critical data that should be restored first.

63Symantec Secure Business Continuity Basic TierBasic Tier example: Data recovery from primary to alternate site

For additional information on the general NetBackup DR process, refer to the

Veritas NetBackup 6.0 Troubleshooting Guide

(http://seer.support.veritas.com/docs/279295.htm).

Symantec Secure Business Continuity Basic TierBasic Tier example: Data recovery from primary to alternate site

64

http://seer.support.veritas.com/docs/279295.htm


Continuity Silver Tier


■ Silver Tier overview

■ Silver Tier deployment

■ Silver Tier example: data center disaster recovery preparation sequence

Silver Tier overviewWith business continuity management (BCM), each business process has an


After establishing RTOs and RPOs, organizations often find they fall into several

categories. This small number of categories allows the IT DR planning effort to

match the categories to appropriate Symantec Secure Business Continuity category

tiers: Basic, Silver, and Gold.

Symantec's Secure Business Continuity Silver Tier is designed for businesses with

an estimated 24 hour RTO and an estimated 8 hour RPO. The Silver Tier assumes

an organization has a primary information processing site as well as an alternate

site that is geographically removed from the primary site.

Figure 5-1 shows a secure, high-speed communication link between two sites that

have an Apache Web server and a Microsoft SQL Server 2005 server. Both the

primary Apache Web server and the Microsoft SQL server require disaster recovery

protection.

5Chapter

Figure 5-1 Silver Tier configuration

Table 5-1 describes each Symantec product in the Secure Business Continuity

Silver Tier and its associated service.

Table 5-1 Symantec Secure Business Continuity Silver Tier products and

associated services

Service providedSymantec product

Virtual Private Network (VPN) access

services

Symantec Gateway Security 5640 appliance

Intrusion detection system (IDS) and

Intrusion prevention system (IPS) services

Symantec Critical System Protection

Disk Storage Units (DSUs) for high

performance disk backup

Veritas NetBackup

Alternate site mirroring and DSU resource

virtualization

Veritas Storage Foundation

About Symantec Gateway Security 5600 Series appliances for theSilver Tier

The Symantec Gateway 5600 Series appliance is a single, rack-mountable,

plug-and-protect appliance. It runs Symantec Gateway Security Series 3.0 software,

and includes the following components:

Symantec Secure Business Continuity Silver TierSilver Tier overview

66

■ Firewall

■ Virtual Private Network (VPN) support

■ Antivirus

■ Intrusion detection and prevention systems

■ Content filtering

■ High availability and load balancing

The Symantec Gateway Security 5600 Series appliance can protect networks at

the gateway to the Internet or at the subnets of larger WANs and LANs.

Each Symantec Gateway Security 5600 series model provides multiple security

protection technologies in a single, rack-mountable, plug-and-protect appliance.

For the Basic Solution, the Symantec Security Gateway provides firewall and

antivirus protection. For the Silver Tier, the security gateway adds secure Virtual

Private Network (VPN) access.

The Symantec Gateway Security appliance you use depends on the size of the

infrastructure you are protecting. As your organization grows, you can easily

replace your current appliance with a more powerful one. Each model has the

same user interface, so the transition is seamless.

The Security Gateway Management Interface (SGMI) lets you do the following:

■ Remotely control and monitor individual or clustered security gateways

■ Create configurable policies for users and groups

In addition to its simplified policy management, a Symantec Gateway Security

5600 Series appliance has a pre-configured and hardened operating system and

an array of setup wizards that make it easy to install and configure.

The security gateway’s VPN technology lets you securely extend the boundaries

of your internal network. VPNs let remote users or a remote network gain access

to the protected resources of the network. Connections are encrypted to ensure

privacy and authenticated to ensure integrity.

About Symantec Critical System Protection for the Silver Tier

At the Silver Tier, Symantec Critical System Protection software lets IT

administrators do the following:

■ Protect business-critical systems across heterogenous environments

■ Protect systems against day-zero attacks that do not have published security

fixes

67Symantec Secure Business Continuity Silver TierSilver Tier overview

■ Enforce custom policies at different levels to provide a protection barrier

around each application

■ Use advanced monitoring and altering reports to analyze events across the

environment

■ Conduct computer forensic investigations

■ Ensure rapid responses to all types of intrusion attempts

IT administrators can configure device policy controls over USB drive accesses,

CD-ROM writing and non-VPN protected wireless connections. Moreover,

administrators can define privileges that prevent users from abusing access to

important data, directories, registries, or ports. This helps prevent sensitive

customer information leakage.

Critical System Protection provides its services through a management server, a

management console, and software agents.

Table 5-2 list the two major Critical System Protection components and their

functions.

Table 5-2 Symantec Critical System Protection Components

DescriptionFunctionComponent

■ Stores policies in a central location and

provides an integrated, scalable, flexible, agent

and policy management infrastructure. The

Management Server coordinates policy

distribution, and manages agent event logging

and reporting.

■ Uses a SQL Server 2000 Enterprise Edition or

Standard Edition SP4 database engine to

communicate between the Management Server

and the Agents.

■ Agents automatically register with the

Management server during installation.

■ Sends configuration changes to agents,

■ Real-time and bulk logging of agent events.

■ Provides secure communication to and from

agents and the Management Console.

Stores and

correlates agent

events and the

policy library

Management

Server


68

Table 5-2 Symantec Critical System Protection Components (continued)

DescriptionFunctionComponent

■ Allows administrators to create and deploy

policies, manage user roles, view alerts and

execute reports.

■ Configures agent properties to determine who

agents communicate with the Management

Server and which events the agent will send to

the Management Server.

■ Customize policy options to increase or

decrease restrictions enforced by a policy.

■ LiveUpdate ™ automatically downloads and

imports policy and report packs (See

Administrator Guide for details on

requirements for LiveUpdate downloads).

■ Imports and exports custom and 3rd party

policies.

Coordinates,

distributes and

manages policies

and agents

Management

console

■ All clients or server machines that require

Critical System Protection need the agent

software installed.

■ The agent enforces rules that are defined in a

policy by controlling and monitoring

application processes and user behavior.

■ Enforces policy rules.

■ Controls behavior by detecting and preventing

specific actions that an application process or

user might take.

■ Configures polling interval, real-time

notification, log consolidation, log rotation.

■ Load policies without reboot.

Enforces policy on

the endpoints

Agent software

A Critical System Protection agent must be installed on any machine requiring

protection. The Critical System Protection management server communicates

with the agents that are installed on the protected system. The agent enforces

the system’s configured policies and enables or denies users access based upon

the assigned Critical System Protection policy. Agents also report relevant events

to the Critical System Protection management console.

Figure 5-2 shows an overview of Symantec Critical System Protection.


Figure 5-2 Symantec Critical System Protection overview

Using configurable, out-of-the-box security policies, Symantec Critical System

Protection can continuously harden the operating system, prevent buffer

overflows, and protect file systems and operating system kernels. Critical System

Protection combines intrusion monitoring, auditing, alerting, and protection into

a single offering. Thus, it integrates both intrusion detection and intrusion

prevention into a single software product.

Table 5-3 describes the intrusion detection and intrusion prevention features that

Symantec Critical System Protection provides.


70

Table 5-3 Symantec Critical System Protection intrusion detection system

and intrusion prevention system features

DescriptionFeature type

■ Proactive security against zero-day attacks where

a day-zero exploit is defined as an assault that is

released on the same day that a vulnerability is

discovered

■ Protection against buffer overflow and

memory-based attacks

■ File and registry protection

■ Out-of-the-box operating system hardening

■ External device protection by means of

configurable policy controls over devices

■ Administrative privilege de-escalation to restrict

access for protection against malicious behavior

Intrusion prevention system

■ Policy-based auditing and monitoring

■ File and registry monitoring

■ Centralized log consolidation for easy search,

archival, and retrieval

■ Advanced event analysis and response capabilities

Intrusion detection system

■ A central management console that users access

to create and deploy policies, manage users and

roles, view alerts, and generate reports

■ A library of predefined application policies that are

for common server and user applications

■ Broad platform support

Additional intrusion related

features

About Veritas Storage Foundation for Windows for the Silver Tier

Storage Foundation for Windows brings advanced volume management technology

to Windows Server 2003 and Windows 2000 environments. By creating virtual

storage devices from physical disks and disk arrays Storage Foundation removes

many physical limitations that traditional servers experience with disk storage.

Specifically, virtual storage devices enable storage administrators to configure,

share, and manage storage for optimal results. Storage Foundation provides

easy-to-use, online storage management for enterprise computing within Storage

Area Network (SAN) environments. This helps reduce administrative overhead

and provides a scalable foundation to manage the unpredictable storage growth.

Storage Foundation enables online storage administration from a single

management console across multiple hosts and operating systems. The easy-to-use


interface simplifies disk administration tasks, such as adding or moving storage

resources or data. Storage Foundation configures and monitors leading hardware

RAID arrays, and manages SAN-based storage.

Organizations can use Storage Foundation to protect critical applications by

mirroring data across different disk devices and subsystems, including RAID

devices. Storage Foundation lets you perform basic administrative tasks while

the data is online and available, thereby reducing planned downtime.

Storage Foundation's advanced storage management tools include the following:

■ Online storage configuration

■ Online volume management

■ Flexible I/O performance

Storage Foundation enables dynamic disk movement via a drag-and-drop interface.

This facilitates the following:

■ Storage consolidation

■ DAS-to-SAN migration

■ Performance optimization

■ Array updates and retirement

These capabilities are critical for maintaining highly available, high-performance

storage on a variety of hardware devices.

Silver Tier deploymentModels in the Symantec Gateway Security 5600 appliance family are highly

configurable and feature rich. The Silver Tier supplements the Basic Tier antivirus

and firewall features by enabling the use of the gateway's built-in Virtual Private

Network (VPN) features. This provides secure communication between network

assets at the primary and secondary sites. Also in the Silver Tier, Symantec Critical

Protection software provides intrusion detection services (IDS) and intrusion

prevention services (IPS). Finally, with the Silver Tier, the example system

applications are an Apache Web server and a Microsoft SQL Server 2005 server.

About deploying Symantec Gateway Security 5600 Series appliancesfor the Silver Tier

The Symantec Gateway Security Administrator’s Guide describes deployment

details spanning a spectrum of user scenarios. The Symantec Gateway Security

Symantec Secure Business Continuity Silver TierSilver Tier deployment

72

Administrator’sGuide is therefore recommended reading for the Silver Tier design

and deployment.

The tested solutions this Yellow Book describes, assume the following

configuration:

■ The gateway requires two interfaces, each on a different LAN segment.

■ The Security Gateway Management Interface (SGMI), which manages the

security gateway, is normally connected to the public Internet through a router.

In our setup, it is locally connected and accessible within our protected network.

■ A security gateway in this configuration is typically reserved for one-way

traffic, especially if one of the interfaces has direct access to a public network.

■ Connection requests are usually initiated from the protected network and

destined for external services. If inbound access is enabled, it is not possible

to completely secure the protected network. Hence, you should not place mail

or Web servers on the protected network in this type of configuration.

The Symantec Gateway Security Installation and Administrators guides provide

full setup, configuration, and deployment instructions.

SymantecGatewaySecurity sizing considerations for theSilverTier

The Symantec Gateway Security 5600 Series V3.0 appliances are available in three

different models, the 5620, 5640 and 5660.

Table 5-4 lists model feature differences for the Symantec Gateway Security

appliances appropriate to the Silver Tier.

Table 5-4 Symantec Gateway Security appliance features

56605640Feature

3.0 Gbps1.4 GbpsStateful Throughput

320,000250,000Concurrent Connections

4GB2GBMemory

2x160GB1x160GB

1x160GB (optional addition)

Disk

68Copper Ethernet Ports

40Small form factor pluggable

slots (copper or fiber)

73Symantec Secure Business Continuity Silver TierSilver Tier deployment

Symantec Gateway Security VPN access for the Silver Tier

The Secure Business Continuity silver tier support involves electronically

transmitting data from the primary information processing site to the alternate

site using a high-performance, secure VPN connection. The security gateway’s

VPN technology enables organizations to securely extend the boundaries of their

internal network. VPNs are used to let either a single remote user or a remote

network gain access to the protected resources of your network. Connections are

encrypted to ensure privacy and authenticated to ensure integrity.

The Secure Business Continuity Silver Tier uses a “Gateway-to-Gateway” tunnel

to mirror and transport of data from the primary site to the alternate site. A

gateway-to-gateway configuration exists when two security gateways connect

across an internal network or the Internet using a VPN tunnel. Gateway-to-gateway

tunnels help secure your internal network by providing a secure bridge to an

external communication mechanism.

Figure 5-3 shows a Symantec Gateway Security appliance with VPN access.

Figure 5-3 Symantec Gateway Security with VPN access

This type of network configuration usually connects two subnets on the same

network or, as described here, two remote offices through the Internet. Once a

VPN tunnel exists, a security gateway protecting one site can establish a tunneled

connection to a security gateway protecting the geographically separate site.

Users and systems on one site can connect to and access the resources of the other

site as if they were physically located at the other site.


74

The Symantec Gateway Security 5640 appliance enables detailed control of VPN

tunnel security. This includes restricting network access to specific TCP/UDP

application ports. For information on port numbers that need to be “open” across

the network to allow for proper functioning of a specific application, refer to the

corresponding vendor documentation.

Information on port restriction, and other enhanced security features can be

found in the Symantec Gateway Security 5000 Series v3.0 Administration Guide.

Symantec Gateway Security network security best practicesfor the Silver Tier

Symantec encourages all users and administrators to adhere to the following

security practices:






■ If there is a known exploit for one or more network services, disable or block

access to those services until they are properly patched.

■ Automatically update antivirus definitions at the gateway, server, and client.

■ Always keep patch levels up-to-date, especially on computers that host public

services and are accessible through the security gateway, such as HTTP, FTP,

mail, and DNS services.

■ Enforce a password policy. Complex passwords make it difficult to crack






■ Isolate infected computers quickly so that your organization is not

compromised further. Perform a forensic analysis and restore the computers

using trusted media.








Solutions web site at:


About deploying Symantec Critical System Protection for the SilverTier

Prior to getting Critical System Protection operational following a disaster, you

must first ensure the initial Critical System Protection installation is performed

correctly and configured in a way that Critical System Protection can quickly and

efficiently apply protection policies. Once a disaster occurs, Critical System

Protection considerations need to be completely thought through before any

application restoration processes commence and before the alternate site is

powered on.

This means that identical Critical System Protection Server and Critical System

Protection Console installation procedures must occur on the Primary and

alternate Sites. Therefore, installation directories, SQL setups, (i.e. everything)

must be identical for both the Critical System Protection Management Server and

Management Console at the primary and alternate sites.

The Symantec Critical System Protection Installation Guide has more details on

basic installation requirements.

Installing Critical System Protection for the Silver Tier

To ensure that the Critical System Protection installation goes smoothly, use the

following guidelines:

■ Install Symantec Critical System Protection only with supported hardware

and operating systems. Attempting to use non-supported equipment and

operating systems may result in unexpected behavior.

■ Symantec Critical System Protection default policies operate with many

networks and applications. You can ensure the policies are consistent with

your application and network uses by installing the product on a test network

before deploying the product on a production network.

To ensure a successful installation, install the Symantec Critical System Protection

components in the following order:

■ The Management Server

■ The Management Console

■ The Agents


76


Table 5-5 lists Critical System Protection deployment considerations for primary

and alternate sites.

Table 5-5 Critical System Protection deployment considerations for primary

and alternate sites

Alternate SitePrimary Site

Critical System Protection Management

Server Name is identical across both Sites.

Critical System Protection Management

Server Name is identical across both Sites.

Critical System Protection Management,

Console and Agent installations must utilize

computer names, not IP addresses.

Critical System Protection Management,

Console and Agent installations must utilize

computer names, not IP addresses.

Critical System Protection install must exist

in same directories across both Primary and

alternate site.

E:\[%installpath%]

Critical System Protection install must exist

in same directories across both Primary and

alternate site.

E:\[%installpath%]

Agent Groups must be created at time of

Critical System Protection Console install.

Agent Group names must be identical across

both Primary and Alternate Site.

Agent Groups must be created at time of

Critical System Protection Console install.

Agent Group names must be identical across

both Primary and Alternate Site.

Desired Policies assigned to reside in the

agent groups created. (You may have like

policies or different policies across the sites).

You should lock down the alternate site with

more restrictive prevention policies, but it

is not required.)

Desired Policies assigned to reside in the

agent groups created. (You may have similar

policies or different policies across the sites).

When installing Agents onto the Alternate

Site, the Critical System Protection Agent

software installation must use the

Agent-Cert.SSL from the Primary Site.

Agent-Cert.SSL files on the Primary Site do

not require any special consideration. You

may need to copy the files to each local

machine before beginning the installation

to avoid any network communication issues.

Critical System Protection Agent software

installation must point the agents

configuration to the agent group created.

Critical System Protection Agent software

installation must point the agents

configuration to the agent group created.


Table 5-5 Critical System Protection deployment considerations for primary

and alternate sites (continued)

Alternate SitePrimary Site

If DTS is chosen to transfer Critical System

Protection SQL Logins, the Alternate Site

will need provisioning to allow for

transporting SQL logins. See

http://support.microsoft.com/kb/246133/

for details. This setup and transfer must be

done prior to any disaster and prior to

powering off the Alternate Site. NOTE: The

Critical System Protection development team

has tested the Stored Procedure processes

within their environment as described in the

Microsoft document. For the Symantec

Secure Business Continuity testing purposes,

we tested and confirmed restoring the

Master database in order to get the Critical

System Protection logins.

Prior to disaster, determine if you will be

using a Master database restore process to

get the Critical System Protection SQL login

accounts on the Alternate Site or using DTS

Package Transfer Logins Task in SQL Server

2000 to import the SQL logins to the

Alternate Site.

If you need to maintain the Alternate Site’s

Critical System Protection database for

auditing\detection purposes, you will need

to backup its SCSPDB, Master and MSDB

databases.

Backups of the SQL SCSPDB, Master and

MSDB databases must occur.

Backups of all Critical System Protection

.SSL and server.xml files should occur.

Backups of all Critical System Protection

.SSL and server.xml files should occur.

LiveUpdate must be configured to explicitly

check for Critical System Protection content.

LiveUpdate must be run immediately after

the Alternate Site goes live to retrieve

updates on Critical System Protection

policies and reports.

See “Updating a workspace policy” in the

Administrator’s Guide for more details.

LiveUpdate must be configured to explicitly

check for Critical System Protection content

and manual updates to workspace policies

must be applied.

See "About LiveUpdate" in the

Administrator’s Guide for more details.

Before you install any agents, you must create five agent groups. After you create

the agent groups,, you can install the agent software onto all assets that you want

to protect. You must point the agent group configuration to these groups to allow

for quick recovery after a disaster.

To create and configure Critical System Protection policies for the Silver Tier

prior to agent installation, you perform the following tasks:


78

■ Create policies for Critical System Protection

■ Configure policies for Critical System Protection

Figure 5-4 shows the Policy Settings screen for Critical System Protection where

options can be set for interactive programs and services.

Figure 5-4 Policy Settings screen for Symantec Critical System Protection

To create policies for Critical System Protection

1 In the Critical System Protection Management Console, on the Prevention

View tab, click Assets

2 To create three agent groups for the prevention policy, do the following:

■ Under the Asset Policies tree, right-click Policy >New, and then rename

the UntitledGroup to a descriptive agent group name.

Later, you must name the agent groups identically at the alternate site to

facilitate a rapid recovery and prevent naming collisions after a disaster.

For example, Sales_PrevAG

■ Under the Asset Configs tree, right-click Configuration >New, and then

rename the UntitledGroup to a descriptive agent group name.

For example, Sales_AssetConfAG


■ Under the Common Configs tree, right-click CommonConfiguration >

New, and then rename the UntitledGroup to a descriptive agent group

name.

For example, Sales_CommonConfig

3 In the Critical System Protection Management Console, on the Detection View

tab, click Assets.

4 To create two agent groups for the detection policy, do the following:

■ Under the Asset Policies tree, right-click Policy >New , and then rename

the UntitledGroup to a descriptive agent group name.

Later, you must name the agent groups identically at the alternate site to

facilitate a rapid recovery and prevent naming collisions after a disaster.

For example, Windows

■ Under the Asset Configs tree, right-click Configuration >New, and then

rename the UntitledGroup to a descriptive agent group name.

For example, Sales_AssetConfigDETAG

5 Under the Common Configs tree, verify that you see the common configuration

agent group that you created earlier in step 2. Sales_CommonConfig Agent

in the example.

If you do not see the agent group, press F5 to refresh the screen.

For the Silver Solution deployment, you must give NetBackup and Storage

Foundation for Windows certain privileges while deployed within the Critical

System Protection environment. You must modify your Critical System Protection

policies as follows:

To configure policies for Critical System Protection

1 To grant full access privileges to services for NetBackup and Storage

Foundation for Windows, do the following:

■ Under the Service Options tree, expand General Service Options >

Alternate Privilege Lists > Specify Serviceswith Full Privilege > List of

Serviceswith Full Privilege.

■ Type the path name to the directory to which you want to assign full

privileges.

2 To grant full access privileges to interactive programs for NetBackup and

Storage Foundation for Windows do the following:

■ Under the Interactive Program Options tree expand General Interactive

ProgramOptions >Alternate Privilege Lists > Specify Interactive

Programswith Full Privilege > List of Interactive Programswith Full

Privilege.


80

■ Type the path name to the directory to which you want to assign full

privileges.

3 Decide wether to give the application directory wildcard access (%install

path%\veritas\*.*), or type each individual directory path, as follows:

%install path%\Veritas\netbackup\ and %install path%\Veritas\Volume

Manager

%install path%\Veritas\Object Bus\

You must add each individual process required to run NetBackup and Storage

Foundation for Windows at this level.

Also, be aware that if you use wildcards, you potentially open another avenue

of attack.

4 To add the IP addresses for your infrastructure, do the following:

■ Under the Global Policy Options tree expand RemoteNetworkAccess

Options>EnablePreventInboundNetworkConnections>EnableAllow

InboundNetworkConnectionFromTheseAddresses>ListofAddresses

That CanMake InboundNetwork Connections To This System>Add.

■ Type the IP addresses to which you want to assign full privileges.

5 Allow full access privileges for additional applications that you are backing

up and restoring. In our example is Apache and Microsoft SQL Server 2005.

If you do not make these changes, when you to try restore from an NetBackup

client, you receive erroneous error messages indicating that the NetBackup license

key is missing or expired.

A Critical System Protection agent is client software installed on workstations,

laptops, server, and so on. Agent groups determine the entities an agent can

communicate with and what policies they enforce once they are installed.

Critical System Protection agent groups allow administrators to quickly update

agent policies and configuration settings. You must first create an agent group

on the console server that has the same name on the primary site as it does on

the alternate site before you install the Agent software on any machine that you

need to protect.

See the “Managing Assets” chapter in theSymantec Critical System Protection

Administrator’s Guide for information on creating agent groups.

You may wish to deploy different security prevention and detection policy levels

within the same-named agent groups across both sites. Or, you can have the same

level of security at both sites. Some organizations may wish to lock down the

alternate site to ensure their alternate system safeguards are in place when

required. It is recommended that the alternate site machines are physically


powered off, so it would not be required to maintain a higher level of prevention

and detection at the alternate site. It is advised to at least keep the same level of

protection at the alternate site as you are running at the primary site. Whichever

decision your organization decides to function under, it is critical that the agent

groups are identically named across the sites.

The Symantec Critical SystemProtection Detection Policy Reference Guide and the

Symantec Critical System Protection Prevention Policy Reference Guide can help

you determine which policies are best suited for your environment.

Critical System Protection agent group usage considerationsfor the Silver Tier

You must use agent groups during all Agent installs. As you install Agent software

across the NetBackup Master Server, NetBackup Media Server, Apache Server

and Microsoft SQL 2005 Servers requiring protection, an optional "agent group

Configuration" screen appears.

It is important to select the earlier-created agent groups. Bypassing this option

by choosing to set up groups at a later time requires additional manual intervention

to get Critical System Protection operational at an alternate site after a disaster.

See “Managing Assets” in the Critical System Protection Administration Guide

instructions on creating an agent group.

Figure 5-5 shows the dialog box for configuring an agent group in Symantec

Critical System Protection.


82

Figure 5-5 Symantec Critical System Protection agent group configuration

dialog box

Critical System Protection policies for the Silver Tier

Symantec supplies a library of defined protection policies for Windows™

2000/XP/2003, and Solaris™. Symantec also supplies a defined detection policy

library for Windows 2000/XP/2003, Solaris, AIX, and HP-UX.

Table 5-6 lists the two types of Critical System Protection policies.

Table 5-6 Symantec Critical System Protection policies

Policy attributesPolicy type

■ Contain a list of files and registry keys

that no program or user can access

■ Contain a list of UDP and TCP ports that

permit and deny traffic

■ Deny access to startup folders

■ Define the actions to take when

unacceptable behavior occurs

Prevention Policy - A collection of rules that

govern how processes or applications and

users access resources. A protected system’s

Agent enforces one prevention policy at a

time.


Table 5-6 Symantec Critical System Protection policies (continued)

Policy attributesPolicy type

■ Contain a list of files and registry keys

that when deleted, generate an event in

the Management Console.

■ Generate events when known, vulnerable

CGI scripts run on Microsoft Internet

Information Server (IIS), when USB

devices are inserted and removed from

computers, and when network shares are

created and deleted.

Detection Policy - A protected system’s

Agent can enforce one or more detection

policies simultaneously.

Critical System Protection prevention policies

Symantec Critical System Protection applies prevention policies to agents based

on the following rules:

■ An agent uses exactly one prevention policy. For example, if an agent has a

prevention policy applied directly to it, and the agent’s policy group has a

prevention policy applied to it, only one of the prevention policies is used. The

two prevention policies are not combined and then applied to the agent.

■ Policies that are incompatible with an agent are ignored. For example, consider

when a Windows agent and a Solaris agent are in the same policy group. The

policy group has a Solaris policy applied to it and the policy group’s parent

group has a Windows policy applied to it. The Solaris agent uses its group’s

policy since it is compatible. The Windows agent, however, skips its group’s

policy and uses the policy of its group’s parent, which is compatible.

■ An agent uses the closest policy as you move up the agent group tree. If an

agent has a prevention policy applied directly to it, then the agents uses that

policy, since the agent’s policy is closer in the group tree than the agent’s

group policy.

Critical System Protection detection policies

Symantec Critical System Protection applies detection policies to agents based

on the following rules:

■ An agent can reside in multiple detection policy groups. If an agent resides in

more than one policy group, it gets the combination of all detection policies

applied to all the groups in which it resides.

■ You can apply multiple policies to a policy group. If multiple policies are applied

to a group, the agents in that group get the combination of all detection policies

applied to the group.


84

■ Every agent must reside in at least one detection policy group.

■ An agent can have none, one, or many detection policies applied to it. If an

agent has no policies applied to it, the agent will not log any detection events.

■ Upon initial Symantec Critical System Protection agent installation, any

detection policies applied to the OS-specific policy groups are automatically

applied to an agent.

Because it is possible to apply multiple detection policies to an agent, you can

accidentally apply conflicting policies. It is important to note that if one policy

enables a rule, and another policy disables the same rule, then the rule will be

enabled on the agent.

For example, suppose a policy that is applied to a group explicitly enables the

record successful logon rule, and another policy that is applied to the same group

explicitly disables the same rule. If an agent is placed in both groups, then the

record successful logon rule is enabled for the agent.

Symantec recommends you use the New Policy Wizard to copy one of the library

policies to use as a base-line to customize a new policy to meet your environment

needs. You can create policy folders to help group and organize your existing

policy library. There is no limit to the number of policies folders you can create.

Once a policy has been applied to a computer, application or user, you can verify

its function from the Event Monitor.

See the Critical System Protection “Administration Guide” for policies details,

applying group configuration settings and policies to agents, and customizing

Windows prevention policies.

Note: The Symantec Critical System Protection Administration Guide chapters

titled “Understanding Policies” and “Managing Policies” address key policy

information that is important to understand in order to deploy Critical System

Protection correctly and efficiently.

Critical System Protection management server databases forthe Silver Tier

Critical System Protection works with a SQL database instance which holds

information about policy definitions and settings, agent configurations, security

levels, auditing, reporting, alert content and filtering as well as who is assigned

Critical System Protection roles such as administrators, managers, authors or

guests within the application.

The SQL database created for Critical System Protection use during the

management server installation (SCSPDB or the custom name you selected) needs

backing up within your organization’s RPO and RTO windows. You must also back


up the Master and MSDB system databases which store login and SQL Server

scheduling information.

These backups must be able to migrate to the alternate site using the mirroring

technology available with Storage Foundation for Windows. Other than backing

up the database and maintaining the best practices as defined by SQL Server,

there should be little interaction required from a SQL Administrator. Critical

System Protection includes predefined SQL queries to collect event, agent, security,

status and policy information reports. You can customize some SQL scripts to

add more user-defined reports. See the Administrator’s Guide “Managing queries

and reports” chapter for more details.

The Critical System Protection management server supports the following

databases:

■ MSDE evaluation database

■ Microsoft SQL Server 2000 Standard Edition with Service Pack 4

■ Microsoft SQL Server 2000 Enterprise Edition with Service Pack 4

The SQL Server installation for the Critical System Protection management server

will must meet the following requirements:

■ Only Microsoft SQL Server 2000 SP 4 is supported.

■ Microsoft SQL Server security must be “Mixed Mode”.

■ Named pipes and TCP/IP must be available to SQL.

■ A Microsoft SQL Server systems administrator (SA) password must be set.

■ Administrators must register the instance with Microsoft SQL Server Enterprise

Manager.

■ The instance you specify to the Critical System Protection management

installer must already exist in SQL.

■ Administrators must create a named SQL instance for Critical System

Protection support (not a default instance name).

■ The database name used with Critical System Protection must not already

exist in SQL.

■ The accounts Critical System Protection uses must not pre-exist in the SQL

server (sCritical System Protection_ops, sCritical System Protection_plugin,

SCSPDBa, sCritical System Protection_guest) since they will be created during

installation.


86

Note: The Critical System Protection database will be created wherever the SQL

Administrator directed SQL to drop the DATA files during the Microsoft SQL

Server installation. If users wish to have the Critical System Protection database

reside on a different disk, they may use SQL tools to move the database after

completing installation. Non-default database locations cannot be specified at

installation time.

Critical System Protection best practices for the Silver Tier

For the best Silver Tier support, Critical System Protection users can benefit from

the following suggestions:

■ When applying a Symantec prevention policy to an agent, you can select the

global Disable Prevention policy option to temporarily disable the prevention

function of the policy. The Disable Prevention policy option is useful if you

want to test a prevention policy before enforcing it. The Disable Prevention

policy option logs policy violations, but does not enforce them. This lets you

gather information about how a computer performs, without running the risk

of preventing critical aspects of your computer operation.

■ User roles enable you to control who has access to specific Agents or agent

groups. User roles include Administrators, Authors, Detection Manager, Guests,

Managers, and Prevention Manager. By default, the built-in Administrators

role has complete, unrestricted access to all available Symantec Critical System

Protection features and tasks. Symantec recommends you do not modify the

built-in Administrator roles. This access includes access to all agent groups.

You can group agents in any manner when creating agent groups such as by

demographic, operating system, departmental divisions, etc that might enforce

different prevention policies. There are no limits to the number of agent groups

you can create.

■ Make a backup copy of any policy before updating it. If a problem occurs with

the updated version, you can revert to the pre-update (backup) version. For

more information about backups, read "Managing policies," in the Symantec

Critical System Protection Administration Guide.

Critical SystemProtection firewall co-existence best practicesfor the Silver Tier

Symantec Critical System Protection is compatible with existing network firewalls.

Critical System Protection does not replace firewall functionality but instead

provides complementary security to the network. Configure the firewall to open

specific ports or to specify trusted services such as Console.exe, SISManager.exe,

and SISIPSService.exe. It is not necessary to uninstall or to remove the firewall.


Symantec provides more information about using firewalls with Symantec Critical

System Protection in the Symantec Critical System Protection Installation Guide.

For a list of supported policies for UNIX and Windows, see the Symantec Critical

SystemProtectionDetectionPolicyReferenceGuide andPreventionPolicyReference

Guide.

Critical System Protection restoration decisions for the SilverTier

Before a disaster strikes, you need to determine the order of steps to restore your

data. You should select one of three options before proceeding. The order that

works best for your organization depends on the risks you are willing to take and

the protection level you want. Table 5-7 describes the options you have to restore

data.

Table 5-7 Available options for restoring data

RisksBenefitsDescriptionOption

If any alternate site Critical

System Protection data is

required to be maintained for

auditing\reporting or

compliance requirements, you

will lose it when you overwrite

the alternate site’s existing

Critical System Protection

database.

All primary site Critical


maintained for auditing and

reporting purposes.

Your organization does not need to

maintain any historical data at the

alternate site and is not time-bound to

get the application data restored (or

the restore process of the Apache and

SQL 20005 data will not exceed the

RTO and RPO that you have chosen).

In this example, you can restore the

Critical System Protection database

before restoring any application data

and restore the primary site’s Critical

System Protection database over the

alternate site’s Critical System

Protection database.

Option 1


88

Table 5-7 Available options for restoring data (continued)

RisksBenefitsDescriptionOption

■ Cost of maintaining

multiple Critical System

Protection servers at the

alternate site are increased.

■ SQL licensing\instance

install considerations must

be taking into account due

to needing multiple Critical

System Protection

servers\instance installs at

the alternate site.

■ All primary site Critical


maintained for auditing

and reporting purposes.

■ All alternate site Critical


maintained for auditing

and reporting purposes.

■ There are no windows

when your site will be

unprotected by Critical

System Protection.

■ Mission-critical application

data is in place before the


restore process begins.

Your organization requires all

historical data at the alternate site and

is time-bound to get the application

data restored. In this example, you

should restore the Critical System

Protection database after restoring any

application data. The restore of the

primary site’s Critical System

Protection database should not

overwrite the alternate site’s Critical

System Protection database. Your

organization will need to have two


Management Servers at the alternate

site or make provisions for Multiple

SQL instances to house both Critical

System Protection databases.

Note: If you have locked down the

alternate site with the Strict policy,

you may need to switch to a

less-restrictive policy or ensure you

have given access rights to the

NetBackup and Storage Foundation for

Windows applications before any

restores occur.

Option 2

About deploying Veritas Storage Foundation for Windows and VeritasNetBackup for the Silver Tier

In the Secure Business Continuity Silver Tier configuration reference architecture,

both the primary and alternate sites use Windows 2003 Enterprise Server with

Service Pack 1 (SP1). All NetBackup servers have the latest updates installed.

Additionally, the NetBackup Master and Media servers at both sites use Symantec

Storage Foundation for Windows. This enables Storage Foundation to provide

software mirroring between the two sites via a Fibre SAN.

Example application servers exist at both the primary and alternate site. For the

Silver Tier, the example application servers are an Apache Web server and a

Microsoft SQL 2005 server.

Because both an Apache and SQL 2005 server exists at the alternate site, it is only

necessary to back up the Primary Apache and SQL server data for restoration on


the alternate site’s Apache and SQL server systems during disaster recovery

operations.

In general, it is useful for the Primary and Alternate NetBackup servers (both

Master and Media Servers) to be as identical as possible. This means both site’s

Master and Media Servers need to have the same system name, need to have

storage configured identically and need to have their Network Interface Cards

(NICs) located in the same slot. While some organizations have successfully used

varying fibre channel host bus adapters (HBAs) installed in different server PCI

slots and different switch ports, Symantec recommends keeping the configurations

as identical as possible and keeping the alternate Master and Media servers

powered off until needed. This minimizes the chance of Windows Networking

name conflicts.

In the example configuration, each site has its own SAN that is part of the fabric

that includes both sites. Zones should exist with identical LUNs “visible” to each

site’s Master and Media servers. The IT DR staff needs to understand which LUNs

physically reside at each site. This information is available from the switch and

will prove critical later when configuring the storage layout. From a NetBackup

and data restoration perspective, it is not required that application servers have

the same server name since, during restoration operations, it is possible to redirect

restore data to a location with a different name than the original source server.

The administrator needs to know which disks reside at what location. That

information will be used later when setting up storage and setting up backup and

restore jobs within NetBackup. It is critical that disks residing at the primary site

be used to create the volumes to be used in the Disk Storage Units in NetBackup.

It is equally important that disks residing at the alternate site be used to create

a mirror of the disks at the primary site. This is a key piece to this solution strategy

of backing up data and having that same data available at the alternate site as

quickly and securely as possible.

In the example configuration, we assume the organization uses the primary site

to operate the data center, including the backup and application servers. Each

site is secured from external threats by a Symantec 5640 Gateway appliance. A

VPN exists between the sites which allow secure and encrypted network

communication between designated Media Servers and the SAN Switches servers

behind the firewalls.

The alternate site includes a number of servers. Some of them are identical to the

primary site servers and are brought into service when a disaster or other event

causes the primary site to become unavailable. We assume such an event causes

every primary site server and storage device to become inaccessible as if they

were powered off.

When a disaster event occurs, servers at the alternate site are brought online and

entered into service. The specific steps and considerations necessary to accomplish


90

this are discussed later. In order for backup data to be available at the alternate

site requires taking the specific steps outlined in the following sections.

Because some of the systems at the alternate site need to have the same system

name as the primary site, installation of Storage Foundation for Windows and

NetBackup should be done when those systems are not in conflict with the primary

site’s systems. Once the installation of Storage Foundation for Windows and

NetBackup is complete at both sites, the alternate site servers can be powered off

and the servers at the primary site can be configured.

In addition, with the Silver and Gold level protection solutions, backups use Disk

Storage Units (DSU or disk-based backups), not tape devices which the Basic level

protection solution uses. Since these storage resources need to be available during

NetBackup configuration, they need to be configured before NetBackup is installed.

Finally, it is highly recommended that users have the Storage Foundation for

Windows documentation (available on the release CD, the Administrator’s Guide

installs with the product) and NetBackup documentation (available on the release

CD with a web page interface that gives access to all the documentation). These

documents are in PDF format and require an Adobe Acrobat Reader to ensure

documentation access.

About installing Veritas Storage Foundation for Windowsinstallation

As a minimum, Symantec recommends installing Storage Foundation for Windows

on all the systems that will be a NetBackup Master or Media server at both the

Primary and alternate sites.

It is important to note which disks (LUNs) reside at the primary site and which

disks (LUNs) reside at the alternate site. When Dynamic Disk Groups and Volumes

are created, they need to include disks residing on both Primary and alternate

sites. Moreover, volumes need to be created on disks that reside only in the primary

site and are mirrored to disk that reside only in the alternate site.

Working from the primary site Media Server, an administrator should create a

Dynamic Disk Group and add an identical number of disks from both Primary and

alternate site. Note that these actions create disk groups and volumes that are

local to the specific media server. If the data center has multiple media servers

and they have their own storage associated with them, these specific operations

need to be performed on those servers. This can be done from the Storage

Foundation for Windows GUI on one system by logging onto the other remote

servers as needed.

Ideally, the disks have the same physical size. Thus, there should be identical

storage amounts from both sites in the Dynamic Disk Group. After creating the


dynamic disk group, create a volume that is used as a DSU within NetBackup. This

volume will be created on a disk that is physically located at the primary site.

Now, working from the primary site Master Server, create a Dynamic Disk Group,

again including equal storage size disks from both primary and alternate sites.

Create two volumes in this disk group using disk(s) that physically reside at the

primary site. One of these volumes is for the NetBackup Master Server catalog

backup, the second is for the NetBackup Master Server Disaster Recovery File. As

a best practice, include the drive letter of these volumes in the volume name to

make identification easier during recovery operations.

In order for the catalog backup and the disaster recovery file to be useful at the

alternate site, the drive letters need to persist between the sites. Sometimes during

disk group deport and import, drive letters may be lost. Including them in the

volume name makes it easier to ensure the correct drive letter is re-assigned at

the alternate site. The amount of storage for these volumes usually does not have

to be as large as the volume that will hold the actual backup data and the volume

for the disaster recovery file can be relatively small. In testing the example

configuration, the catalog backup volume was 10GB and the Disaster Recovery

file volume was 10MB.

Similarly, create as many additional Dynamic Storage Groups and Volumes for

other DSUs as the data center needs. Do this from the primary site's Media

Server(s). Once the volumes exist on the disks located at the primary site, create

a mirror for each the volume using disks residing at the alternate site. Doing this

transfers an exact copy of primary site disk data to alternate site disks.

Once this storage exists, you can proceed with the NetBackup installation.

Instructions for Storage Foundation for Windows installation is found in the

“VERITAS Storage Foundation and High Availability Solutions 4.3 Installation

and Upgrade Guide” located on the Storage Foundation for Windows distribution

CD. We do not include High Availability discussions in this Yellow Book; this will

be covered in a subsequent book.

Specific instructions for creating Dynamic Disk Groups and Volumes and Mirroring

those volumes as well as a discussion surrounding what a Dynamic Disk Group

is and other topics can be found in the Veritas Storage Foundation 4.3

AdministratorsGuide located on the Storage Foundation for Windows distribution

CD.

About installing Veritas NetBackup for the Silver Tier

You will need to install NetBackup 6.0 on servers that perform Master and Media

Server functions; complete installation instructions can be found in the NetBackup

Installation Guide for Windows or UNIX. Install the NetBackup Client Software

on all systems that NetBackup protects and/or restores data to. Before installing


92

NetBackup, you should configure the DSU storage used with NetBackup using

Storage Foundation for Windows. Once the Storage Foundation for Windows and

NetBackup server installations are complete you will need to configure the systems.

The NetBackup Installation Guide discusses the most common configuration

tasks. For additional information, examine theNetBackupSystemAdministrator’s

Guide Volumes I and II.

About configuring Veritas NetBackup for the Silver Tier

During NetBackup configuration, follow these guidelines:

■ Configure the Storage Units using only disk volumes that are properly

configured by Storage Foundation for Windows. The volume should be created

on a disk that resides at the primary site and mirrored to a disk that resides

at the alternate site.

■ Make the Online Hot Catalog Backup files and the Disaster Recovery file

available on the alternate master server in the same location as the Primary

master server. If the location isn't the same, the backup will fail. Each volume

must have the same drive letter and be the same size on both servers. Success

is possible when the Online, Hot Catalog Backup files and disaster Recovery

file are located in separate volumes on the server.

■ The DSU for the Online Hot Catalog Backup files and the Disaster Recovery

file are created on the NetBackup Master Server. The backup data DSUs are

created from the media server(s). This is because the media servers are actually

performing the backups and data is stored on disk media attached to the media

servers. Catalog and Configuration data is particular to the Master Server and

is backed up and restored from the Master Server itself.

■ After NetBackup is installed and configured, and the NetBackup Client is

installed on all protected systems, you can define backup policies and make

application server data backups. The definition and discussion on how to create

and use policies can be found in the NetBackup System Administrator’s Guide

for Windows or UNIX.

■ When creating the schedules for backing up the Catalog and Configuration

data, Symantec recommends the backup occur immediately following the close

of the backup window for application and system backup. This ensures all

catalogs are included for the most recent backup session. This will help enable

you to access all the backup jobs on the alternate site in the event the primary

site becomes unavailable.


Silver Tier example: data center disaster recoverypreparation sequence

Consider the example configuration existing at a primary data center with an

alternate site backup facility. Each data center has one server for a NetBackup

Master Server, one server for a NetBackup Media Server, one Apache Web server,

and one Microsoft SQL 2005 server. Each site is secured using a Symantec 5640

Gateway appliance. A fibre switch connects to a disk array behind the gateway at

each data center. A fibre channel switch zones the storage on the disk array,

providing each Media Server with access to a number of disks physically located

at each site. Each Master Server at each site has access to a disk on each array as

well. The switches connect to each other by fibre and the switches operate together

as a fabric between the sites. The storage arrays are powered on and online at

both sites.

To prepare for a disaster, the requisite software for the described environment

has to be configured. This includes setting up Storage Foundation for Windows,

configuring storage, installing and configuring NetBackup and performing a

complete data backup of the Apache Web server and the Microsoft SQL server.

The following table lists the required software for the primary and alternate site

in this example disaster recovery scenario:

■ Server for Master Server, WS03, SP1 installed and server

named (NBU_MST)

■ Server for Media Server, WS03, SP1 installed and server

named (NBU_MSVR)

■ Server for Apache server WS03, SP1 installed and server

named (PRI_APACHE)

■ Server for Microsoft SQL 2005 Server, WS03, SP1 installed

and server named (PRI_SQL2005)

■ Server for Media Server, Solaris Unix 9.X and server named

(NBU_UNIX_MSVR)

■ Server for Critical System Protection Management Server

and server named (Critical System Protection_MGT_SVR)

■ Server for Critical System Protection Management Console

and server named (Critical System

Protection_MGT_CONSOLE)

Required primary site

software

Symantec Secure Business Continuity Silver TierSilver Tier example: data center disaster recovery preparation sequence

94

■ Server for Master Server, WS03, SP1 installed and server

named (NBU_MST)

■ Server for Media Server, WS03, SP1 installed and server

named (NBU_MSVR)

■ Server for Apache server WS03, SP1 installed and server

named (ALT_APACHE)

■ Server for Microsoft SQL 2005 Server, WS03, SP1 installed

and server named (ALT_SQL2005)

■ Server for Media Server, Solaris Unix 9.X and server named

(NBU_UNIX_MSVR)

■ Server for Critical System Protection Management Server

and server named (Critical System Protection_MGT_SVR)

■ Server for Critical System Protection Management Console

and server named (Critical System

Protection_MGT_CONSOLE)

Required alternate site

software

To prepare for a potential future failure at the primary site, the disaster recovery

plan should be implemented and tested.

Table 5-8 shows the major disaster recovery tasks a typical data center would

preform to prepare for a data center disaster.

Table 5-8 Disaster Recovery provisioning and testing activities

Related DR tasksMajor DR preparation

activity

■ Configure the Symantec Gateway Security 5640 for

antivirus, firewall and VPN options.

■ Install and configure Storage Foundation for Windows.

■ Install and configure NetBackup.

■ Install and configure Symantec Critical System Protection.

■ Install and configure primary site application servers

(Apache and Microsoft SQL Server 2005).

■ Ensure all systems are online and functioning.

■ Backup application data from Apache and Microsoft SQL

Server 2005 servers.

■ Perform an Online, Hot Catalog backup of the NBU Master

Server.

Provision the primary site

95Symantec Secure Business Continuity Silver TierSilver Tier example: data center disaster recovery preparation sequence

Table 5-8 Disaster Recovery provisioning and testing activities (continued)

Related DR tasksMajor DR preparation

activity

■ Configure the SGS 5640 for AV, Firewall and VPN options.

■ Install and configure SFW.

■ Install and configure NetBackup.

■ Install and configure Critical System Protection.

■ Install and configure alternate site application servers

(Apache and Microsoft SQL Server 2005).

■ Ensure all systems are online and functioning.

Provision the alternate site

■ Recover the NetBackup Catalog and Configuration from

the primary master server online, Hot Catalog backup.

■ Recover the data from the primary site application servers

to the alternate application servers.

■ Ensure the application servers are online and operational.

■ Use the application servers (adding data, changing data,

etc.)

■ Perform an online, Hot Catalog backup of the alternate

NetBackup master server.

■ Backup application data from alternate application

servers.

Test failover to the

alternate site

■ Prepare the primary site to come back online.

■ Perform the necessary steps to bring the current data

from the alternate site to the primary site.

■ Recover the NetBackupcatalog and application data to

the primary site.

■ Put the secondary site into a dormant state and bring the

primary site online {para}

Test failback to the primary

site

Provisioning the Silver Tier

Provisioning the Silver Tier involves the following tasks:

■ Primary site initial setup

■ Setting up the alternate site

■ Completing setup at the primary site

■ Backing up the Apache server data

■ Backing up Microsoft SQL Server 2005

■ Creating a NetBackup policy for Microsoft SQL backup


96

Primary site initial setup

The following covers installation of Storage Foundation for Windows and

NetBackup as well as configuring storage on the Primary Master and Media servers.

To prepare the primary site for the Silver Tier, Storage Foundation 4.3 for Windows

and Storage Foundation 4.3 MP1 have to be configured on the Primary Media

Server.

Table 5-9 describes the target configuration for the primary media server.

Table 5-10 describes the target configuration for the primary master server.

Table 5-9 Primary media server storage configuration

Volume (size) and MirrorDisks and Physical LocationDynamic Disk Group

Y:\DSU_ONE (60GB)(Primary) Disk 0, 60GBNBU_DG_01

Z:\DSU_TWO (60GB)(Primary) Disk 1, 60GB

Mirror Y:\DSU_ONE(Alternate) Disk 0, 60GB

Mirror Z:\DSU_TWO(Alternate) Disk 1, 60GB

Figure 5-6 shows how the NetBackup Disk Storage Unit (DSU) is mirrored between

the primary and alternate sites.

Figure 5-6 NetBackup DSU mirroring between sites


Table 5-10 Primary master server storage configuration

Volume Size and MirrorDisks and Physical

Location

Dynamic Disk Group

X:\X_NBU_CATALOG (10GB)(Primary) Disk 2, 60GBNBU_DG_02

W:\W_NBU_CONFIG (10MB)

Mirror X:\X_NBU_CATALOG(Alternate) Disk 2, 60GB

Mirror W:\W_NBU_CONFIG

Perform a clean Windows shutdown to power off the Master and Media Server.

Figure 5-7 shows how the NetBackup Recovery Volume and Catalog Volume are

mirrored between the primary and alternate sites.

Figure 5-7 NetBackup Recovery and Catalog Volume mirroring between sites

Alternately, for both created disk groups, if no server name conflict exists, deport

the disk groups by right-clicking on the disk group names and choosing the “Deport

Disk Group” option.

Setting up the alternate site

After you have provisioned the primary site, you can do the same to the alternate

site. The task of provisioning the alternate site involves the installation of Storage

Foundation for Windows. This includes Storage Foundation for Windows disk


98

group, disk, and volume operations as well as the installation of NetBackup on

the alternate master and media servers.

To provision the alternate site for the Silver Tier

1 Install storage Foundation 4.3 for Windows and Storage Foundation 4.3 MP1

for Windows.

2 If a server name conflict exists, power off the master and media server at the

primary site.

3 Start Storage Foundation for Windows on both the Master and the Media

servers.

4 Import the Master Server’s NBU_DG_02 disk group and the Media Server’s

NBU_DG_01 disk group.

The disk groups, disks, and volume objects in the GUI tree view indicate that

the disk group, disks, and volumes now exist at the primary site. However,

they are offline and a small blue icon indicates you need to take action to use

these resources.

5 Activate the disk groups. Right-click the disk group name, and then select

Import DiskGroup.

6 Import the disk group by selecting the ClearHost ID selection when you are

presented with the informational pop-up dialog screen. You will need to do

this for all disk groups. Once the disk groups are imported, the disks and

volumes should come online with no further action required. This ensures

the alternate site can now use these resources if needed.

7 Because you are working on the alternate site and any name conflicts that

may exist are not a concern at this point, you may install NetBackup on the

Master Server, Media Server and Clients on the alternate site.

8 Deport the disk groups that were imported previously.

9 Once NetBackup is installed at the alternate site, these servers can enter a

dormant state by shutting down.

Completing setup at the primary site

Now that the alternate site setup is completed, we can complete the setup on the

primary site by installing and configuring NetBackup. Once that step is completed

we can bring the primary site into service


Prepare primary site Storage Foundation and NetBackup as follows:

1 If the servers are powered off, power them back on.

2 On the Primary Master and Media Servers, start Storage Foundation for

Windows and import all the disk groups on each server associated with

NBU_DG_02 on the Master Server and NBU_DG_01 on the Media Server. Be

sure to always choose to Clear theHost ID during a Disk Group import

3 Install Veritas NetBackup on master server, media server and client.

4 During the initial NetBackup configuration, you have an opportunity to

configure the catalog backups and disaster recovery file location. You will

want to perform an Online, Hot Catalog Backup with the catalogs being

backed up to the “X:\X_NBU_CATALOG” volume and the Disaster Recovery

File placed on the “W:\W_NBU_CONFIG” volume. These volumes are mirrored.

So, they are available on the alternate site.

Creating a NetBackup policy for Microsoft SQL backup

You must create a backup Policy for your SQL 2005 server and the Master and

MSDB system databases must all be backed up as well.

To create and apply a NetBackup backup policy

1 Open up New Policy On the Attributes tab, verify the Policy Type selected is

MS-SQL-Server and point to the Disk Storage Unit (DSU) on the Media Server

(this policy should use one of the data DSU (Z:\ or Y:\) volumes.

2 To take advantage of client-side encryption, be sure to enable the Encryption

option as covered in the Basic solution in Chapter 5.

See the NetBackup Encryption SystemAdministrator's Guide for more details

on the encryption configuration.

3 On the Schedules tab, you must create the Schedule window in which the

backup will be allowed to run. Be aware this is not a schedule of when the

backup will launch, but rather the backup window that the backup process

is allowed to run.

4 On the Clients tab, point to the SQL 2005 Server machine that you need to

backup.

5 On the Backup Selection tab, point to the backup script you created in earlier

steps.

6 To manually execute the backup, right click on the policy you created and

select Manual Backup \ OK.


100

7 Create and run an Online, Hot Catalog Backup using the DSUs configured

above.

8 NetBackup can redirect restores to different machines and locations. If your

computer names and drive letters are not the same, you will be required to

create a "No.Restrictions" file to allow the alternate site the rights to browse

backup images that were created on the primary site. The no-restrictions file

must be on both the primary and alternate site's Master Server. See the

NetBackup Administrator's Guide Volume 1, Chapter "Managing Client

Restores" for more details.

Backing up the Apache server data

With the primary site in operation, we want to create a policy and put that policy

into operation to protect the data on the Apache server.

To back up Apache server data

◆ Backup Apache data. Create and run a policy to backup the Apache server

web page data. This policy should use one of the data DSU (Z:\ or Y:\) volumes.

SQL 2005 data backup:

NOTE: All the required setup in SFW and NBU that took place earlier in this

chapter must be in place for this scenario to work.

Backing up Microsoft SQL Server 2005

As an application running on the primary site, we'll need to create and put in

operation a policy to protect the SQL data on the SQL 2005 server. Specific steps

are needed to ensure success in protecting this data, those steps are discussed in

the following section.


To back up Microsoft SQL 2005 application server

1 Backup the Microsoft SQL Server data. From Programs \NBU\NBU Agents,

start the NBU MS SQL Client tool to launch the Database Extension GUI

application.

2 When the DB EXT GUI launches, you will be prompted to provide the login

parameters for the SQL connection. Point to the existing Microsoft SQL 2005

Server and Instance name where the data resides that you wish to back up.

You will be required to provide the SA password. After you click on Apply,

you must click on Apply a second time in order for NBU to initiate the

communication to the SQL box.

If the SQL version\Security\Host Type\installed information changes from

'Unknown' to the correct information, you can click on the Close button. If

the information within those fields stays at an 'unknown' status, you may

have a communication issue with the SQL machine and this will need to be

resolved before you can back up that database. To resolve, verify that the

SQL services are running or the Host name and Instance name are correct.

If you have to close out of the connection properties screen before providing

the required information, you will need to use Task Manager.

3 Next you must provide the NBU Client Properties.

In the "Current NetBackup Server" field, point to the name of your NBU Master

server.

Modify additional information if you wish. If you are walking through testing

of the backup process, you may consider setting the Client Trace Level to

debug any errors.

4 Create a backup script for the policy by performing the following:

■ From the DB Ext GUI, click on File \ Backup SQL Server objects.

■ Locate the SQL 2005 database you wish to backup and verify it is

highlighted.

■ Select the type of backup you wish to perform (Full, Transaction logs, etc).

■ Under "Backup Script" set the value to Save. Click on the Backup button,

then give the script a distinctive name and click on Save.

5 You will be notified the script was created and asked if you wish to view it.

Once you close out of the dialog box, click Cancel to close out of the "Backup

Microsoft SQL Server Object" and then close the DB Ext GUI.

6 You must execute two CLI scripts on the Client machine to enable the

Encryption option if backing up to Tape.

See theNetBackupEncryptionSystemAdministrator'sGuide for more details.


102

Using the Silver Tier

Once all of the preparation work is completed at the Primary and alternate sites,

we now assume the primary site has been active and been processing transactions.

To simulate a disaster scenario at the primary site, fail the Primary servers and

storage array by shutting them down and powering-off the disk array.

Activating the alternate site

The following describes the sequence of steps to be completed in order to resume

operations at the alternate site.

To activate the alternate site

1 Power on the servers.

2 You will need to execute the Critical System Protection option, under the

section titled “Preparation considerations for moving Critical System

Protection for the Silver Tier”, which was determined to work best for your

organization.

3 Using Storage Foundation, on the Alternate Master and Media servers, import

the disk groups to each server (NBU_DG_02 to the Master server and

NBU_DG_01 to the Media server). You must clear the Host ID when you import

the Disk Group. Ensure the drive letters for each imported volume are correct.

If they are incorrect, change them now so the volumes are accessible by the

servers. This can be done within Storage Foundation for Windows on both

the Master and Media Servers for volumes that are part of each server’s

dynamic disk group by right clicking on the volume.

4 If you need to add or change a drive letter on the imported volume, right click

on the volume you need to modify, you are presented with a list of items.

Highlight the File System item. You will see a second list of items. Choose

ChangeDriveLetterandPath.On that menu, highlight FileSystem. You will

now see another menu. Choose ChangeDrive Letter and Path…. From this

window, click Assign a drive letter and choose THE SAME drive letter that

was assigned to this volume initially on the primary servers. If the volume

was named correctly, the name will include the drive letter to remind you

which drive letter to select here.

5 On the alternate Master Server, start the NetBackup Administration Console.

6 On the alternate Master Server, choose the Recover theCatalog option from

the main page. This starts the Catalog Recovery Wizard.

NOTE: This wizard only effective if the NetBackup environment was running

the policy-based online, hot catalog backup. For more detail and recovery

options, refer to the NetBackup Troubleshooting Guide.


7 Specify the location of the Disaster Recovery File as: W:\W_NBU_CONFIG.

8 You then need to choose to Recover the entireNetBackupCatalog.

9 When finished you can close this wizard.

10 At this point, you can run a recovery job to restore the data to the alternate

Apache server using the NetBackup Backup, Archive and Restore GUI.

11 To select the correct jobs, start the NetBackup Backup,Archive andRestore

GUI, click on File and select SpecifyNetBackupMachines andPolicy Type.

Here you have four options to select.

12 First, Choose the Server to use for backups and restores. This should be the

NetBackup Master Server name. If it’s not there, select it or add it to the list

with Edit Server List.

13 Next, select Source client for restores (or virtual client for backups). Here,

you will choose the name of the primary site Apache server. If it’s not in the

list, click the Edit Client List button and add that name to the client list.

14 Next, selectDestinationclient forrestores. Choose the name of the alternate

site Apache server. If it’s not there, click on the Edit Client List, add it, and

then select it. Select a MS-Windows-NT type backup option because the

example is only backing up te the Apache server HTM files that require no

special considerations since they are text data. When backing up

application-specific data, you would select another appropriate policy type

to ensure a proper backup. Click OK to close this GUI and return to the

Backup, Archive andRestore GUI.

15 You should now perform the backup job listed under NetBackup History at

the top of the GUI. In the lower left of the GUI, you see the available selection

list. The lower right shows the contents of each selection. Expand the tree

until you see the data you backed up from the Apache server and select it.

Once selected, click on the Start Restore ofMarked Files icon on the far left

of the GUI.

16 You are presented with the RestoreMarked files window. Here, you specify

where to redirect the restore to on the alternate Apache server. You should

choose the second option Restore everything to a different location

(maintaining existing structure). This will be the same structure you just

selected when you chose the files to restore. Click Start Restore and you

should see the files restoring to the alternate Apache server.

17 On the alternate Apache server, verify these files are restored by checking

the location as specified on the alternate Master Server.


104

18 To simulate use, add some new web pages to the alternate Apache server

folder. These should be pages that do not yet exist on the primary server.

19 Using the same procedures as on the primary site, backup the alternate Apache

server.

Restoring Microsoft SQL Server data to the alternate site

Before a disaster occurs, your organization should test a restore of the SQL Server

2000 user databases to the alternate site.

To restore Microsoft SQL Server 2005 to the alternate site by using NetBackup

1 On the alternate site’s SQL 2005 machine, open the NetBackup Database

Extension GUI.

2 When prompted for the Backup History Options, verify the SQL machine

name is available and the Images will be selected from your new alternate

site Master Server.

3 If you see the Primary Server’s name, you may need to go into the File \ NBU

Client Properties to point to the Alternate Server's Master Server.

4 Note that the Symantec recommendation and successful deployment\recovery

occurred with identically named Primary and alternate site Master and Media

Servers, so you should not be required to change Backup History Options

names if you have followed the deployment suggestions.

5 Open the File \ Restore Microsoft SQL Server Objects and locate the database

backup you wish to restore.

6 Under the Restore Options, you can select the level of restore you wish to

recover to, but you are required to set the Recovery Option to "Recovery" in

order for the database to be operational after the restore.

7 If you need to restore the database to a different location other than the same

volume name and drive, you can utilize the WITH MOVE command to identify

a valid location for the file to be restored.

8 To set the target for the log file to a path that exists on the machine that you

are restoring to, you can generate the move template by selecting “Create

database move template” from the scripting drop-down box on the NB-MSSQL

restore dialog box.

9 On the alternate SQL 2005 server, verify the database is restored by checking

the drive where your .MDF and .LDF files were restored.

10 To simulate use, perform inserts or updates to the alternate SQL 2005 server

database. This should be information that does not yet exist on the primary

server.


11 Using the same procedures as on the primary site, backup the alternate SQL

2005 server.

12 When both the Apache and SQL 2005 data has been successfully restored to

the alternate site and some simulated use occurs, perform an “Online, Hot

Catalog Backup” using the same procedure as on the primary site.

Restore the Critical System Protection SQL database and Master Database to the

alternate site using NetBackup as follows:

Restore Critical System Protection SQL Server database to the alternate site

1 Stop the SQL Server services on the alternate site’s SQL 2000 machine.

2 SQL must be placed in a Single User Admin role from the command line.

Change your location directory to the SQL instance install location and execute

the sqlservr.exe –sInstanceName –c –m command to place SQL in the

required mode.

3 Open the NetBackup Database Extension GUI. When prompted for the Backup

History Options, verify the SQL Host name is available and the Images will

be selected from the same named Master Server. Critical System Protection

requires you to restore to the same named Critical System Protection machine,

so the SQL Host name must be the same as the Primary SQL Critical System

Protection Host name.

4 Open the File \ Restore Microsoft SQL Server Objects and locate the Master

database backup you wish to restore.

5 Start the Restore process.

6 After the restore is successful, the SCSPDB will appear in the Database tree

with a “Suspect” status, as expected. You should verify SQL Services have

started and the 3 Critical System Protection logins now exist in the

Security\Logins location.

7 Open the File \ Restore Microsoft SQL Server Objects and locate the SCSPDB

database backup you wish to restore.

8 Start the Restore process.

9 After a successful restore, you should verify you can log into Critical System

Protection, change between Critical System Protection Policies and the

expected reports exist.

10 Using the same procedures as on the primary site, backup the alternate SQL

2000 server.

11 Perform an “Online, Hot Catalog Backup” using the same procedure as on the

primary site.


106

Note: In this Secure Business Continuity example, we dropped the Critical System

Protection database and logins at the alternate site before restoring the primary

site’s database. If your organization requires the alternate site’s Critical System

Protection data to be preserved for auditing and compliance reasons, you may

consider restoring to a different Critical System Protection server on the alternate

site or into a new SQL Named Instance install.

Invoking a data center failback to the primary site

The following describes the sequence of steps to be completed in order to move

operations back to the primary site. This is a controlled failback assuming there

are people at both sites.

To invoke a data center failback to the primary site

1 To prepare to move the data center operations back to the primary site, power

on the primary site storage. This starts re-synchronizing the mirrors between

the sites and ensures that the backup data, the catalog backup, and the

configuration backup are synchronized between the alternate and primary

sites.

2 Ensure re-synchronization has started by examining the Storage Foundation

for Windows console. There you should see the re-synchronization occurring

on each of the volumes.

3 Once the re-synchronization completes, the servers at the alternate site can

go dormant again.

4 Power up and bring the servers online at the primary site.

5 You will need to execute the Critical System Protection option, under the

section titled “Preparation considerations for moving Critical System

Protection for the Silver Tier”, which was determined to work best for your

organization

6 On the primary Master Server and Media Server, import the disk groups as

before, ensuring the drive letters imported correctly and taking the

appropriate action if not.

7 On the primary Master Server, recover the catalogs as was done at the

alternate site.

8 On the primary Master Server, restore the data from the last backup of the

alternate Apache server.


9 When specifying the servers in the SpecifyNetBackupMachinesandPolicy

Type window, you would choose the Master Server for the first selection, the

alternate Apache server for the second selection, the primary Apache server

for the third selection and the MS-Windows-NT as the backup type.

10 To prepare the primary site for data center failback

11 Restore Marked Files as before on the alternate site.

12 The files should now be restored on the Primary Apache server as they were

added on the alternate Apache server.

13 On the primary site’s SQL 2005 machine, open the NetBackup Database

Extension GUI and complete the restore steps as was done at the alternate

site.

14 Once the restore steps are successfully completed, the database should be

restored on the Primary SQL 2005 server with the database inserts and updates

that were made on the alternate SQL 2005 server.

15 Operation can resume normally now at the primary site.


108


Continuity Gold Tier


■ Gold Tier overview

■ Gold Tier deployment

■ Gold Tier example: Bare Metal Restore to alternate site

Gold Tier overviewWith business continuity management (BCM), each business process has an


After establishing these RTOs and RPOs, IT professionals often find they organize

into several categories. This small number of categories allows the IT Disaster

Recover (DR) planning effort to match the categories to appropriate Symantec

Secure Business Continuity solution tiers: Basic, Silver, and Gold.

Symantec's Secure Business Continuity Gold Tier is designed for business with a

8-hour RTO and an 8-hour RPO. This solution assumes an organization has a

primary information processing site as well as an alternate site that is

geographically removed from the primary site.

Figure 6-1 shows a secure, high-speed communication link connects the two sites.

6Chapter

Figure 6-1 Gold Tier configuration

Table 6-1 describes each Symantec product in the Secure Business Continuity

Gold Tier and its associated service.

Table 6-1 Symantec products in the Secure Business Continuity Gold Tier

ServiceSymantec Product


■ Intrusion detection system (IDS) services

Symantec Gateway Security Series

5640 appliance

■ Automated system restorationVeritas NetBackup Bare Metal Restore

option

■ Monitoring and management of security

devices

Symantec Managed Security Services

Symantec Secure Business Continuity Gold TierGold Tier overview

110

About the Symantec Gateway Security 5600 Series appliances for theGold Tier

The Symantec Gateway 5600 Series appliance is a single, rack-mountable,

plug-and-protect appliance. It runs Symantec Gateway Security 5000 Series 3.0

software.

The Symantec Gateway 5600 Series appliance includes the following components:

■ Firewall

■ Virtual private network (VPN) support

■ Antivirus

■ Intrusion detection and prevention

■ Content filtering

■ High availability and load balancing

The Symantec Gateway Security 5600 Series appliance can protect networks at

the gateway to the Internet or at the subnets of larger WANs and LANs.

Each SGS 5600 series model provides multiple security protection technologies

in a single, rack-mountable, plug-and-protect appliance. For the Basic Tier, the

security gateway provides firewall and antivirus protection. For the Silver Tier,

the security gateway provides secure VPN. And for the Gold Tier, the security

gateway also provides intrusion prevention system (IPS) services and intrusion

detection system (IDS) services.

The Symantec Gateway Security appliance you use depends on the size of the

infrastructure you are protecting. As your organization grows, you can easily

replace your current appliance with a more powerful one. Each model has the

same user interface, so the transition is seamless.

The Security Gateway Management Interface (SGMI) lets you do the following:

■ Remotely control and monitor individual or clustered security gateways

■ Create configurable policies for users and groups

In addition to its simplified policy management, a Symantec Gateway Security

5600 Series appliance facilitates installation and configuration efforts through

pre-configured and hardened operating system software and an array of setup

wizards.

About Veritas NetBackup Bare Metal Restore for the Gold Tier

Veritas NetBackup Bare Metal Restore™ is a NetBackup v 6.0 option that improves

system recovery speed, flexibility, and simplicity. It does this through automation

111Symantec Secure Business Continuity Gold TierGold Tier overview

and NetBackup integration that enables common system restoration methodologies

across different operating systems and normal NetBackup backup procedures.

Bare Metal Restore allows NetBackup customers to recover machines completely

from normal NetBackup backups without separate, additional system backups or

reinstalls.

Bare Metal Restore also simplifies administration through common tools and a

consistent look and feel, regardless of the operating system being recovered.

Multiple procedures and user interfaces for recovery of different platforms

increases the complexity of recovery and increases the skills required for recovery

of multiple platforms.

Bare Metal Restore can assist administrators to restore heterogeneous hardware

systems at the "bare metal,", or un-initialized, system level. If a NetBackup Bare

Metal Restore client loses its boot disk or suffers other catastrophic failure, Bare

Metal Restore allows NetBackup to restore the original operating system,

applications, and data to any time point. The default action is to recover to the

latest backup, although administrators can also perform a point-in-time recovery

using an earlier backup.

Bare Metal Restore’s Dissimilar Disk Restore (DDR) capability allows

administrators to restore systems with different partition/volume layouts than

originally existed. This is important because the type, number, and size of disks

usually changes for target hardware. The Dissimilar System Restore (DSR)

capability allows Windows systems to be recovered to completely different

hardware. The target hardware for a Windows restore does not need to be known

ahead of time. After a protected system fails, a backup can be re-targeted to any

available hardware. Bare Metal Restore External Procedures also provide extended

flexibility by allowing user-supplied scripts or programs to run at different

recovery process points. This can help minimize human error during disaster

recovery efforts.

About Symantec Managed Security Services for the Gold Tier

In order to protect corporate information assets on a continual basis, information

security staff must constantly analyze security data from various security devices,

to identify and counteract security attacks in real-time.

Security staff can attempt to consolidate this data for viewing purposes, but

inevitably the efficient, real-time analysis capabilities of the consolidation software

lack the intelligence to provide meaningful information. Because network attacks

can happen anytime, the ability to analyze and respond to information provided

by security products in real time is often the difference between the success and

failure of network attacks.


112

Symantec’s Managed Security Services architecture is designed to overcome this

challenge by processing and analyzing massive amounts of data generated by

security devices throughout a customer's enterprise. IT also provides corporate

information security staff with the intelligence that they need to understand and

respond to security threats in real-time.

The foundation of Symantec’s service is the Caltarian technology platform, a

proprietary software and system architecture that Symantec has designed to

rapidly process, analyze, and reconstruct security events. The Caltarian technology

platform collects, normalizes, mines, correlates, analyzes, and presents security

information.

Security data analysis infrastructure

Symantec’s security data analysis infrastructure provides continuous real-time

analysis of security data that is produced by security devices deployed throughout

the networks of each of Symantec’s clients. The analysis architecture is based

upon the intelligent processing of the Caltarian technology platform.

The Caltarian technology platform custom query features enable Symantec security

analysts to rapidly investigate and understand potential malicious activity

occurring on each customer’s network and guide them through appropriate

responses.

Table 6-2 summarizes architectural processes.

Table 6-2 Symantec security data analysis architectural processes

DescriptionArchitectural process

Imports security data from client devices, normalizes

it into a standard format, and stores it in a dedicated

client database.

Importation and normalization

of security data

Continuously mines security data to isolate instances

or patterns of potentially malicious activity.

Data mining of normalized

security data

Link security sub-events that are generated during the

mining stage. This allows analysts to reconstruct

security events.

Continuous security event

correlation

Posts correlated security events to a graphical user

interface. Analysts access the interface to review and

investigate each event.

Presentation of security events

Based on pre-established escalation procedures, security

analysts review and respond to potential malicious

activity.

Security event analysis and

response


Importation and normalization of security data

To begin analyzing client security data, Symantec configures a client’s security

devices to transmit log data to Symantec’s Security Operations Centers (SOCs)

for real-time data analysis. In order to transmit data to the SOCs, Symantec

establishes an encrypted VPN connection from the security devices to a data

normalization engine at a termination point outside of the SOCs. These secure

VPN connections are the primary conduits for transmitting security data to the

Symantec SOCs.

When security data arrives at the termination point, a data normalization engine

automatically converts the data into a standard format. Normalized data is then

stored in an extensive, distributed SQL database. Each client retains at least one

dedicated database, which is used to store and analyze security data extracted

from their network.

Data mining of normalized security data

The security monitoring process continuously mines normalized security data to

identify instances and/or patterns of potentially malicious activity. A data mining

engine residing in each client database performs this function. The data mining

engines continuously execute numerous automated queries against the normalized

data attempting to identify potential malicious activity. Single instances and/or

unique patterns of potential malicious activity the data mining engine detects are

termed sub-events. Each sub-event is normalized and placed in a sub-events table

for further analysis.

In the case of security solutions such as firewalls and VPNs, the data mining

component is not available from the security product itself. Thus, the data mining

engine provides an extensive layer of intelligence on top of the security products.

For example, through the analysis of firewall evidence, the data mining feature

identifies the use of over 400 trojan and malicious software packages.

Table 6-3 describes some of the different query types that the data mining engine

performs.

Table 6-3 Data mining queries

DescriptionQuery type

Every intrusion detection alert is detected by the data.Intrusion detection

By analyzing source and destination ports evident in firewall

logs, the data mining engine identifies instances of suspicious

traffic associated with the use of weak services (for example,

telnet) and the presence of back doors.

Suspicious traffic


114

Table 6-3 Data mining queries (continued)

DescriptionQuery type

By analyzing sequences of connection information evident in

firewall logs, the data mining engine identifies a variety of

service and port scans.

Network and host scans

By detecting excessive connection attempts to remote services,

the data mining engine identifies attempts by attacks to guess

user names and passwords to gain access to client systems.

Brute force activity

The data mining engine identifies numerous instances and patterns of potential

malicious activity that would otherwise remain undiscovered. In the absence of

this capability, security staff members may attempt to identify many attacks by

performing manual reviews of gigabytes of firewall and IDS log/alert information.

In some cases, the use of processing scripts or log consolidation software eases

this task; however, even when organizations are equipped with these tools, most

fail to identify many types of security threats. Even when security staff can identify

potential threats by using these tools, most fail to identify these threats in

real-time. This significantly hampering their ability to initiate effective

countermeasures.

Typical network attack

Table 6-4 describes a typical network attack that Symantec analysts have

frequently seen. It explains how the attack appears to a Symantec security analyst

from the SOC as it unfolds, and describes the actions the analyst would recommend

to counter the attack.

This type of attack has been launched against many current Symantec Managed

Security Services clients. In the example, a small organization maintains a single

Internet connection that is protected by a firewall and an IDS. Equipped with

recommendations from Symantec analysts, customers are able to stop network

attacks before they succeed.

Table 6-4 Typical network attack sequence

Symantec responseIntruder action

The Caltarian technology platform detects

firewall logs that indicate that an intruder

has performed a ping sweep against the

customer. This information is presented to

a security analyst, who posts a warning event

to the Secure Internet Interface for review.

An intruder scans the public network looking

for active systems to attack. The scan detects

the firewall and the web server as active and

responsive systems.


Table 6-4 Typical network attack sequence (continued)

Symantec responseIntruder action

Through the analysis of firewall logs, the

Caltarian platform technology detects

several port scans on the customer network.

The port scans are correlated with the

previous ping sweep and presented to the

analyst as a new event. The analyst posts

another warning event to the Secure Internet

Interface, which notifies the customer that

the intruder is performing direct scans on

their systems.

The intruder scans both systems to get a

listing of available services in order to

identify vulnerabilities.

These actions by the intruder generate

several intrusion detection system (IDS)

alerts, which in turn are detected by the

Caltarian technology platform. The IDS

alerts are correlated with the previous port

scans and ping sweep and are presented to

the analyst for review. The analyst

immediately determines that the previous

actions taken by the intruder have

compromised the system.. The analyst

escalates this event to emergency status and

contacts the customer to offer guidance on

a response. The analyst advises the customer

to do the following:

■ Reconfigure the firewall to block the

source IP of the attack

■ Reconfigure the Web server to block

access to the internal network

■ Shut down the system until the Trojan is

eliminated

The intruder finds no vulnerabilities on the

firewall, but locates the HTTP service on the

Web server. The intruder successfully

exploits the IIS Unicode vulnerability and

executes a Trojan on the Web server, which

then establishes an outbound connection to

the intruder.

No Symantec response for this action. The

hacker ceases the attack and moves on to

another potential target.

The intruder attempts to connect to the

compromised Web server and scan the

customer’s internal network. Several

intrusion attempts to the system fail,

indicating that the server is unavailable.

Believing that his actions may have been

detected, the intruder ceases the attack and

switches to another potential target.


116

Gold Tier deploymentThe Gold Tier solution extends the use of the SGS 5600 appliance by adding its

intrusion prevention and intrusion detection features. System restoration activities

are automated and accelerated using the Veritas NetBackup Bare Metal Restore

option. Symantec Managed Security Services monitors and manages security

devices to help maintain security capabilities and security policy compliance.

About deploying the Gateway Security 5600 Series appliance for theGold Tier

The Symantec Gateway Security 5000 Series v 3.0 Administration Guide describes

deployment details spanning a spectrum of user scenarios that include the Gold

Tier usage. Symantec recommends the guide for any solution design and

deployment that involves Symantec Security Gateway 5600 Series appliances.

The tested solutions this Yellow Book describes assumes the following

configuration:

■ A gateway with two interfaces, each on a different LAN segment.

■ A Security Gateway Management Interface (SGMI) that manages the security

gateway and connects to the public Internet through a router.

In the lab-tested Symantec solution, the setup was locally connected and

accessible in the protected network.

■ A security gateway reserved for one-way traffic.

■ Connection requests are initiated from the protected network and passed to

external services.

If inbound access is enabled, it is not possible to completely secure the protected

network. Therefore, you should not place mail or Web servers on the protected

network in this type of configuration.

The SymantecGatewaySecurity InstallationGuide and SymantecGatewaySecurity

Administration Guide provide full setup, configuration, and deployment

instructions.

Gateway Security 5600 Series appliance sizing considerationsfor the Gold Tier

The Symantec Gateway Security 5600 Series appliances are available in 5620,

5640, and 5660 models.

Table 6-5 lists the feature differences for Gold Tier models.

117Symantec Secure Business Continuity Gold TierGold Tier deployment

Table 6-5 Gateway Security 5600 Series model features

Model 5660

(Extra capacity and

throughput)

Model 5640Feature

3.0 Gbps1.4 GbpsStateful throughput

320,000250,000Concurrent connections

4 GB2 GBMemory

2x160GB1x160 GB

1x160 GB (optional addition)

Disk

68Copper Ethernet ports

40Small form factor pluggable

slots (copper or fiber)

Gateway Security 5600 Series intrusion detection andprevention systems for the Gold Tier

Symantec Gateway Security 5600 Series v 3.0 provides an intrusion detection and

prevention component that protects internal network resources from attack by

pinpointing malicious activities, identifying intrusions, and responding to attacks.

Symantec’s intrusion detection and prevention component provides a common,

highly-coordinated approach to detect attacks at very high speeds within the

network environment. Using an array of detection methodologies to enhance

attack identification, the intrusion detection and prevention component monitors

network traffic and collects evidence of malicious activity with a combination of

traffic rate monitoring, protocol state tracking, and IP packet reassembly.

You must obtain and install a license to enable the SGS intrusion detection and

prevention feature on the SGS appliance. The intrusion detection and prevention

feature uses Symantec’s LiveUpdate technology to update content such as new

virus definitions.

Gateway Security 5600 Series network security best practicesfor the Gold Tier

Symantec encourages all users and administrators to adhere to the following

security practices:



Symantec Secure Business Continuity Gold TierGold Tier deployment

118




■ Disable or block access to any network services where there is a known exploit

until they are properly patched.

■ Update your antivirus definitions automatically at the gateway, server, and

client.

■ Keep patch levels up-to-date, especially on computers that host public services

and are accessible through the security gateway, such as HTTP, FTP, mail, and

DNS services.

■ Enforce a password policy. Complex passwords make it difficult to access






■ Isolate infected computers quickly so that your organization is not

compromised further. Perform a forensic analysis and restore the computers

using trusted media.







Solutions Web site at the following URL:


About deploying Bare Metal Restore for the Gold Tier

Hard disk image recovery presents the following challenges in implementation:

■ System recovery can require significant amounts of time and skilled attention.

■ Typical system recovery methods can be complex and error-prone.

■ Microsoft Windows system recovery to different hardware can be very difficult.

■ Recovery procedures and tools can vary from platform to platform.

■ System configurations and changes can be volatile and not tracked.



The cumulative effect of these challenges is that IT staff can find system recovery

attempts complex, beyond their capabilities, and often unsuccessful. Symantec

Bare Metal Restore components answer these challenges and provide an overview

to enabling Bare Metal Restore NetBackup client protection.

Bare Metal Restore components

Table 6-6 describes Bare Metal Restore components.

Table 6-6 Bare Metal Restore components

DescriptionComponent

Installed on the NetBackup Master Server, the Bare Metal Restore

Master Server contains the Bare Metal Restore database that stores

the Bare Metal Restore-protected NetBackup client configurations.

The Master Server creates the client-specific restore procedure

that automates the recovery of NetBackup clients. It also controls

the recovery environment, allocating and de-allocating recovery

resources during the restore process. In addition, the master server

provides centralized Bare Metal Restore administration through

the NetBackup Administration Console.

Master server

One or more Bare Metal Restore Boot Servers are installed in the

NetBackup environment on existing NetBackup clients or servers.

The Boot Server contains the Shared Resource Trees (SRTs), which

provide the client restoration recovery resources. The SRT provides

clients with the programs, libraries, and configuration data that

the recovery procedure requires, such as the operating system

commands and libraries, the NetBackup client package, and any

other software necessary to recover the machine (for example,

Veritas Volume Manager™).

Boot server

The Bare Metal Restore Client Agent is a standard part of the

NetBackup client. When directed to do so by the NetBackup policy,

this component collects the NetBackup client’s configuration.

The NetBackup client

Enabling Bare Metal Restore for NetBackup clients

To protect NetBackup clients with Bare Metal Restore, you must install and enable

the Bare Metal Restore option on the NetBackup Master. You need to do the

following:

■ Obtain and install a NetBackup license key for the Bare Metal Restore Option

■ Initialize the Bare Metal Restore database


120

The Bare Metal Restore database component installs by default with the NetBackup

Master, but the Bare Metal Restore database must be initialized. Running the Bare

Metal Restore Master Server Setup wizard from the Start Menu initializes the

database.

With Bare Metal Restore, protecting the clients requires no manual operations.

The following automated operations occur when a scheduled backup is initiated

from a policy where the Bare Metal Restore attribute is enabled:

■ A scheduled backup begins.

■ The NetBackup client collects configuration information and stores it locally

on the NetBackup client.

■ The NetBackup Client transfers the configuration to the Bare Metal Restore

database on the NetBackup Master Server.

■ The normal backup is performed.

Because the configuration that the Bare Metal Restore Client Agent gathers is

also stored on the client, it is backed up during the NetBackup backup that

immediately follows. In this way, Bare Metal Restore ensures that the client’s

configuration data is always synchronized with the corresponding NetBackup

backup when it is desirable to perform a point-in-time restore. The latest copy of

this configuration is kept current in the Bare Metal Restore database on the

NetBackup master. This configuration copy helps perform the default recovery

to the point of the latest backup. The Bare Metal Restore Client Agent operation

is logged in the details of the parent backup job and is visible in the activity

monitor. A failure by the Bare Metal Restore Client Agent to create the

configuration results in a non-fatal error code 1 in the backup job, allowing the

backup to continue with a warning.

To create a Bare Metal Restore policy

1 Select the Policies icon and right-click Newpolicy.

2 Enter a name for the policy.

3 On the Attributes tab, change the following attributes:

■ Specify policy type as MS-Windows-NT

■ Select the Storage Unit that is being used as the mirror to the other site

■ Enable the Collectdisaster recovery information forBareMetalRestore

option

4 On the Schedule tab, do the following:

■ Enter a name of the backup

■ Specify the Type to FULL


■ Create the backup schedule based on your backup policies

The schedule is the range of time that the backup can be run, not the actual

time the backup will run.

5 On the Client tab, click New and select the client that you want to protect

with Bare Metal Restore.

6 On the Backup Select tab, select New and click on the directive icons from

the drop-down list and specify All_Local_Drives.

7 Click OK to create the policy.


122

8 To manually start the Bare Metal Restore policy, right-click the Bare Metal

Restore policy name and select Manual backup.

9 Perform an initial server directed full backup.

When the backup completes, the client is protected. The policy can include

full, differential, cumulative, or synthetic backups. Bare Metal Restore allows

the system to recover to any point-in-time for which there exists one such

backup.

About using Bare Metal Restore for the Gold Tier

With Bare Metal Restore, administrators back up files to their primary NetBackup

servers. During scheduled backups, the NetBackup client also runs a Bare Metal


Restore Client Agent which automatically identifies and saves the machine

configuration.

This configuration information is essential to the Bare Metal Restore process

because it allows Bare Metal Restore to completely recover a machine using only

the NetBackup backup data. Because it is ordinary NetBackup data, no separate

system image is required.

Restoring a machine with Bare Metal Restore is easy and highly automated. The

entire process consists of running one command on the NetBackup Master server

and rebooting the client.

Preparing the primary site for Bare Metal Restore

Before NetBackup Bare Metal Restore-protected clients can be recovered, an

appropriate recovery environment must exist. Bare Metal Restore’s design allows

building this recovery environment after a failure, but it is commonly built and

tested before it is needed.

The Bare Metal Restore recovery environment consists of a single Bare Metal

Restore Boot Server at both the primary and alternate sites. Each Boot Server may

house several Shared Resource Trees (SRTs). You need one SRT for each operating

system level of the protected clients.

For example, a Windows 2003 Boot Server may have three SRTs: one for Windows

2003 SP1 clients, one for Windows 2000 SP4 clients, and one for Windows XP

clients. These are created using Windows wizards. This tool allows administrators

to create SRTs easily, copying them from other Boot Servers and updating them

as needed. The SRTs can also help create bootable CD-ROMs which help protect

the Boot Servers themselves or NetBackup clients.

Once the Boot Servers are installed and the SRTs created, the recovery

environment is ready for use when required. Until that time, the Boot Server

component is idle, and the Boot Server itself can be used for other purposes.

Creating the Shared Resource Tree on the primary site

Creating the Shared Resource Tree on the primary site enables you to use the

same SRT at the alternate site to recover the servers from the primary site after

a disaster has occurred.

To create an Shared Resource Tree, you need installation media or images for the

following:

■ Operating system

■ NetBackup client software


124

■ Other applications or packages, such as Veritas Volume Manager or Veritas

File System

■ Patches, maintenance levels, maintenance packs, service packs, file sets, or

drivers required by the operating system or other software installed in the

SRT

You must install any operating system patches required by the NetBackup client

software into the SRT. If they are not installed, NetBackup does not function

correctly in the temporary restore environment and the restore may fail.

For package or patch dependencies, see the NetBackup Product Dependencies

section of the NetBackup Release Notes.

To create the Shared Resource Tree on the primary site

1 From the StartMenu, select the BareMetal Restore Boot ServerWizard.

2 Click on the SharedRestore TreeAdministrationWizard option.

3 Select the task Create a new SharedResource Tree and enter the following

information:

■ Name of Shared Resource Tree

■ Description of the Shared Resource Tree

■ Path to Windows installation

■ Windows license key

■ Target location of where you want to store all of the Shared Resource Tree

Keep in mind that SRTs have to be stored on the boot server local drive and

not on a network share.

4 Click Next.

5 Under the SharedResource Tree drop-down box, select the new SRT that

was just created in Step 3.

6 Provide the path to the NetBackup 6.0 client install either from CD or from

the network share drive.

7 Click Next.

All NetBackup client installation files are copied to the SRT location. The

result is a new Shared Resource Tree.

To create a policy to back up a Shared Resource Tree

1 Open the NetBackup Administrators console.

2 Right click thePolicies icon and select Newpolicy.

3 Specify a name such as Primary_SRT


4 On the Attribute tab, change the policy type to specify MS-Windows-NT

Make sure you point to your policy storage unit that is being mirrored to the

other site. This assures that your SRT will be recovered on the alternate site)

5 On the Schedule tab, do the following:

■ Enter a name of the backup

■ Specify the Type to Incremental

■ Create your backup schedule based on your backup policies.

6 On the Client tab, point to the server where your SRTs are located.

7 On the Backup tab, select the location where your SRT files are located.

8 On the Backup selection, point to the location where your SRT files are

located.

About additional Bare Metal Restore features

Bare Metal Restore has additional advanced features that many administrators

find essential due to the flexible and efficient recovery capabilities they provide.

These include point-in-time recovery, Dissimilar Disk Restore (DDR), and Windows

Dissimilar System Restore (DSR).

Table 6-7 describes the additional features.

Table 6-7 Additional Bare Metal Restore features

DescriptionFeature

By default, a client recovers using the latest backup. To perform a

point-in-time recovery using an older backup, Bare Metal Restore can

retrieve a client configuration from NetBackup. A dialog box displays

on the NetBackup Admin Console allowing the administrator to choose

the point-in-time from a list of known backup points. Bare Metal

Restore then retrieves the Bare Metal Restore client configuration

associated with this backup point, and places this configuration under

the Bare Metal Restore client information in the administration

interface. The Prepare to Restore operation uses this retrieved

configuration and the matching backup during the recovery process.

Point-in-time

recovery


126

Table 6-7 Additional Bare Metal Restore features (continued)

DescriptionFeature

Replacement disks often differ from the disks on the original system.

Use dissimilar disk restore for any of the following reasons:

■ A physical disk was replaced with a different one.

■ The size of one or more disks has decreased and cannot contain

the same volume arrangement.

■ The location of one or more disks has changed.

■ The number of disks has decreased and the original volume

arrangement cannot be restored.

You can also use dissimilar disk restore to:

■ Restore only some of the disks or leave some of the volumes off

during the system restore.

■ Change the layout and volumes for the restored system to make

better use of the new disks.

■ Move a volume onto another disk.

■ Create, but not restore, a volume.

■ Change the volume type, such as from a mirrored to a RAID 5

volume.

■ Resize a volume to place it on a larger or smaller disk.

Dissimilar disk

restore

Recovering Windows systems to different hardware can be a difficult

task. However, Bare Metal Restore allows you to recover a system to

hardware that is very different form the source system.

The destination hardware can differ in any of the following ways:

■ Manufacturer and model

■ Number and type of processors, motherboard chipsets and

associated changes such as different Hardware Abstraction Layers

(HALs)

■ Number and brand of video adapters

■ Number and brand of Network Interface Cards (NICs)

■ Number and type of Fibre Channel Host Bus Adapters (HBAs)

■ Number and type of Mass Storage Devices (MSDs)

■ Number and size of disk drives

■ TCP/IP and Network Configuration

This Bare Metal Restore function can also help migrate systems

to new hardware, recover a virtual system to physical hardware,

or restore a system on physical hardware onto virtual hardware.

Windows

dissimilar system

restore


Table 6-7 Additional Bare Metal Restore features (continued)

DescriptionFeature

A unique NetBackup Bare Metal Restore feature known as the Client

Configuration, provides Bare Metal Restore with its Dissimilar Disk

Restore (DDR) and the Windows Dissimilar System Restore (DSR)

capabilities. Stored as an entity on the NetBackup Master Server in

the Bare Metal Restore database, the Bare Metal Restore client

configuration can be viewed as a system abstraction.

The client’s configuration generated and refreshed at backup time is

named current. The current configuration is locked for editing to

ensure that the original system can always be recovered. The current

configuration can be copied and copies can be extensively edited using

the Bare Metal Restore configuration editor in the NetBackup Admin

Console, or by way of a CLI on the Master Server. Administrators

access the Bare Metal Restore configuration editor through the

NetBackup Administration interface, allowing them to extensively

change Windows mass storage (MSD) and network (NIC) drivers, client

IP addresses, Network Routes, NetBackup Client configuration, and

disk volumes as required by disaster recovery requirements.

Since configurations are stored as independent Bare Metal Restore

database entities, the original client does not have to be available for

editing to occur. As mentioned earlier, client configurations are also

saved in the backup data for each system, and can be retrieved with

the configuration editor from NetBackup to perform a point-in-time

restore.

The concept of a client configuration is the key to understanding Bare

Metal Restore capabilities. For example, it allows administrators to

decide which hardware the client will recover to after the client suffers

a catastrophic failure. It means that all changes required to bring the

system onto new hardware can be done using a common interface

prior to the restore, allowing the restore to be as automated as

possible, requiring only minimal or no manual intervention. This

design effectively addresses the administrative pressures present

during system recovery and allows a single administrator to recover

numerous systems simultaneously.

Client

configuration

Gold Tier example: Bare Metal Restore to alternatesite

Once all of the Bare Metal Restore preparation work is completed at the Primary

site, we assume the primary site has been active and been processing transactions.

Symantec Secure Business Continuity Gold TierGold Tier example: Bare Metal Restore to alternate site

128

To simulate a disaster scenario at the primary site, fail the primary servers and

storage array by shutting them down and powering off the disk array.

Note: The fail over scenario assumes the Silver Tier configuration with Apache

Server is in place prior to the disaster.

Alternate site sequence

After the alternate site is up and running you need to go to the boot server and

run a command from the command line bmrsetupboot. This command updates

the IP address for the boot server for all of the new client IP addresses that have

also changed on the alternate site.

Restoring the Shared Resource Trees (SRTs)

The number of SRTs you have created on the primary site determines how to

restore them in the event a disaster occurs at the primary site. If you have created

less than five, create the SRTs on the alternate site’s boot server. If you have

created more than five, restore them from backup.

To restore the SRTs

1 From the Admin Console, open the NetBackup restore GUI.

2 From the drop-down list, set the boot server to restore.

3 Select the second option, restoring to a different location, and point to the

location you want to restore to.

4 Click OK and start the restore.

Note: After the restore completes successfully there is a message in the activity

monitor details that states the service needs to be restarted in order for the share

to take effect. The SRT’s directory that BMR created needs to be shared. If you

look at that directory and it is not shared, select that folder to be shared.

Warning: Make sure the SRTs are restored to the exact directory path as it was on

the primary site. The Bare Metal Restore master database retains that information

and, if the SRTs are in a different directory from the primary site, the BMR Prepare

to restore operation fails.

129Symantec Secure Business Continuity Gold TierGold Tier example: Bare Metal Restore to alternate site

Creating a Dissimilar System Restore (DSR) configuration

The Bare Metal Restore configuration editor is a standard feature of Veritas

NetBackup Bare Metal Restore. It allows the extensive changes to be made that

are necessary for recovery to machines that differ from the original system that

was backed up. It allows these changes to be made in the database ahead of time

so that recovery is as automated as possible. Since the alternate site uses a different

network infrastructure, the configuration editor provides the user the opportunity

to make the necessary changes prior to the restore.

To ensure that the restore completes successfully, make sure the network

infrastructure on the secondary site is running properly.

You must create a configuration to use for the restore of the protected client.

Create the DSR configuration by copying an existing configuration of the protected

client. The example uses the existing current configuration from the primary site.

To create an editable DSR

1 Under the BareMetalRestoreManagement menu, click BareMetalRestore

Clients.

2 To display a new configuration dialog box, right-click the current client

configuration.

3 In the New configuration dialog box, specify the configuration name.

4 Select current as the source configuration.

5 Click OK.

You can edit the new configuration to fit your environment. In this

configuration, we will only change the information specific to the example.

For more information about client configuration refer to the Veritas

NetBackup 6.0 Bare Metal Restore System Administrator’s Guide.

6 Right-click the new configuration name and select Change.

To complete the restore at the alternate site, you must make the following changes

to the configuration:

■ Host

■ Hotfixes

■ Network interfaces

■ Network routes

Table 6-8 lists the changes you need to make for the configuration.


130

Table 6-8 New configuration changes

Required changeDescriptionOption

The Netbackup client information

needs to be changed to reflect the

alternate site new IP addresses. At

this point, the NetBackup client

information is using primary

configuration IP addresses from the

primary site 10.x.x.x. It needs to be

changed to reflect the alternate site

new IP addresses 20.x.x.x

To change the IP addresses from

primary to secondary, complete the

following steps in the order they are

listed:

■ On the host icon, click on the

name of the server and select

change.

■ In the dialog box, change the IP

address and the gateway.

The name of the server and role

do not change.

Use the host dialog box to add,

remove, or change the attributes of

any host that has a role in the restore

process.

You can change attributes so you can

restore on a network with a different

configuration such as a disaster

recovery site.

Host

If a hot fix needs to be part of the

restore process, you can either

download it and add it into the

configuration file or you are

prompted during the restore process

and you must point to where the files

are located so they can be installed

during the restore process.

Bare Metal Restore keeps track of the

hotfixes installed on the system and

what is required to restore

successfully. If a hot fix needs to be

part of the restore process , "yes"

appears next to the hot fix name.

Hotfixes


Table 6-8 New configuration changes (continued)

Required changeDescriptionOption

To modify the MAC address of the

restore machine, complete the

following steps in the order they are

listed:

■ Copy the MAC address and double

click the item under New Network

information.

■ Click to change the information

for IP address and netmask and

make sure that information is up

to date.

■ Under new hardware MAC

address, insert the physical

address that you found when

running ipconfig /all

■ Click OK.

Use the Networked Interfaces dialog

box to add or remove interfaces or

change the network identity

associated with an interface.

Network

interface

If the network routes on the primary

and alternate server are the same, no

change is necessary.

If the network route is supposed to be

different on the alternate site, reflect

those changes here.

Add the appropriate information for

the new alternate site in the following

fields:

■ Network interface

■ IP address

■ Gateway

■ Netmask

Use the Network Routes dialog box

to add a network route to use during

the restore.

Network

routes

Windows Bare Metal Restore clients can boot from a CD or a single floppy disk

and access the SRT via the network. If a PXE server is available, the Bare Metal

Restore boot floppies can easily be network booted, if so desired. The boot floppy

can be created on the fly without the client system being available using a wizard

on any Windows Boot Server, including one that has been created after the client

has suffered an outage. During creation, this floppy image can be archived in the

Bare Metal Restore database for easy retrieval.


132

Creating the boot floppy

To complete the installation, you must download the NIC driver used during the

boot process.

You can download the driver from the following location:

ftp://microsoft.com/BusSys/Clients/MSCLIENT

To create the boot floppy

1 From the Start Menu, select the BareMetal Restore Boot ServerWizard

2 Click Boot Floppy CreationWizard.

3 To automate the restore, selectcustomized.

4 Click Next.

5 Specify the full path to the NDIS (.dos) driver for the NIC card on the client

6 Click Next.

7 You may specify the location of the SCSI Dos Driver, but it is not required.

8 Click Next.

9 Select the SRT that you are planning to use for restore.

10 From the client drop-down box, select the client you wish to restore.

11 Click the Client configurationOptional checkbox.

You have the option of archiving the completed floppy image on the server

for recreation.

12 Click Next. Make sure the following information is correct:

■ Client name

■ Configuration

13 You have the option of changing the following Network Interface elements

for the client:

■ Interface

■ IP address

■ Netmask

■ Default Gateway

■ Slot Number

■ DHCP


ftp://microsoft.com/BusSys/Clients/MSCLIENT

14 If you want to have a manual prompt before the boot floppy partitions and

formats the boot disk during the restore, check the box and click Next.

15 If you want a manual prompt to preserve the partition during the restore,

check the box and click Next.

16 If you require any customization, specify the following additional DOS

customization by checking the appropriate box:

■ Use Extended memory (emm386.exe)

You will be able to edit the configuration files before completing the

wizard.

■ Edit CONFIG.SYS

■ Edit protocol.ini

17 Click Next.

18 Verify the summary of information and click Next to complete the creation

of the floppy.

Customizing Bare Metal Restore restorations

There are specific Bare Metal Restore recovery points where administrators can

execute commands via a script or with a program. Such scripts and programs are

known as Bare Metal Restore External Procedures and they offer opportunities

to run user-supplied custom processes that meet special needs. A script or program

loads into the Bare Metal Restore database with a simple command. During the

Prepare to Restore operation, the administrator checks the RunExternal

Procedures check box. Bare Metal Restore then executes the procedure at the

appropriate point as part of the restoration process.

Installing the Microsoft security patch is an external procedure that is required

to complete the restore process at the alternate site. The patch is available at the

following location:

http://support.microsoft.com/?kbid=909444

To update Bare Metal Restore with the Microsoft security patch, perform the

following steps in the order in which they are listed:

■ Create a parameter text file as specified in the Microsoft Knowledge Base

article.

■ Update the Bare Metal Restore database with the parameter text file by running

the following command at the command line:

bmrepadm –add c:\clientname_postrestore


134

http://support.microsoft.com/?kbid=909444

■ Confirm the parameter text file has been added to the database by running

the following command:

bmrepadm – list

You are now ready to start the restore process.

Please refer to the Microsoft Knowledge Base for detailed instructions on creating

a parameter text file that will enable the installation of the security patch. This

patch is a prerequisite to completing the Bare Metal Restore process on the

alternate site.

Restoring a NetBackup client with Bare Metal Restore

An entire Bare Metal Restore restoration process can occur in minutes. Other

than the initial boot, no other intervention is required. Administrators' time is

spent restoring the client’s data from NetBackup, the required restoration time

is largely determined by network speed, NetBackup server performance, tape

access times and other environmental factors. With proper network design and

NetBackup server configuration, Bare Metal Restore can scale to completely restore

very large sites in one or two days. The recovery process is highly automated and

does not normally pause for input from the administrators. Because it is automated,

a single person can simultaneously recover multiple systems.

Bare Metal Restore has no bandwidth requirements beyond those for normal

backup. Bare Metal Restore relies on the normal NetBackup incremental backups,

as opposed to system backups that take a separate snapshot of the entire machine,

or at least its boot disk, on a regular basis. For the same reason, Bare Metal Restore

also imposes little or no additional storage requirements.

Most importantly, Bare Metal Restore eliminates the need to manage multiple

backup and restore methods. With Bare Metal Restore, there is no need to perform

redundant system backups or maintain client configuration definitions. As long

as the normal NetBackup backups are captured, any Bare Metal Restore client can

completely recover without additional effort, resulting in a substantial

administrator time savings.

To restore a NetBackup client with Bare Metal Restore

1 Using the NetBackup Administration Console, right click the BareMetal

Restore client configuration to be restored, and select the option Prepare

toRestore.

This option initiates the following actions:

■ The Bare Metal Restore Server component on the NetBackup Master server

retrieves the client’s configuration data from the Bare Metal Restore

Database. This is the data created by the Bare Metal Restore Client Agent


process during the client’s normal backups. This configuration information

can be edited by the administrator, if desired.

■ The Bare Metal Restore server analyzes the configuration information

and creates a customized recovery procedure specific to the client.

■ If a network SRT is selected for use during the Prepare toRestore

operation, the Bare Metal Restore server creates the appropriate boot

image on the Boot Server and makes it available for the network boot. It

also allocates the SRT, making it available to the client. If the administrator

chose to use a CD-Based SRT for the recovery, Bare Metal Restore will not

need to create a boot image or allocate the network SRT.

2 Boot the client. This will be from the network or the boot media, depending

on what was chosen in Step 1.

Performing a client book initiates the following actions:

■ The boot image transfers from the Bare Metal Restore Boot Server to the

client (network boot) or is obtained from the CD or floppy disk.

■ The client mounts the necessary SRT file systems from the Bare Metal

Restore Boot Server, or accesses them from the boot CD.

■ The client retrieves and executes the customized recovery procedure,

created in the first step, from the NetBackup Master.

■ The automated recovery procedure is now in complete control of the

process. The client configures its disks, volume groups, logical volumes

and file systems, re-encapsulating the root volumes (if required). The

NetBackup environment is established.

■ The client uses the standard NetBackup client to restore all its files from

the NetBackup server into the newly created file systems, including the

operating system, applications, configuration data and user files.

■ The client configures its boot record and reboot itself.

■ The client communicates its completed restoration state to the Bare Metal

Restore master component on the NetBackup master, and performs any

required post-boot cleanup. The Bare Metal Restore Master component

then de-allocates the Bare Metal Restore resources allocated to it for

recovery.


136

3 Select the following options during the Prepare toRestore operation:

■ Restore system disks/volume only

■ Run external procedures

■ Enable logging

■ Use quick formatting

4 Click OK.

You are ready to start the restore and reboot the client server with the floppy in

it. Because we selected the customized option when we created the floppy, the

Bare Metal Restore process is as automated as possible. During the restore process,

a BMR processing window prompts you to validate the disks you are about to

restore over.

If you selected an external procedure and for some reason it cannot run, complete

the following procedure:


To run an external procedure

1 On the restoring client, move the error message window out of the way so

you can navigate on the system.

Bare Metal Restore installs a temporary installation of windows during the

restore process which gives you the ability to run the external procedure on

the client itself.

2 In the Windir Registration directory, right-click the registration directory

and select Properties.

3 In Properties, click the Security tab.

4 In the Security tab, click Administrator.

You should see very few permissions are set for each user.

5 From the command line, go to the NetBackup Installation directory.

6 In the NetBackup install directory, locate the post-restore file. It has the .cmd

extension.

7 From the command line, run the .cmd file.

8 To make sure that the command ran successfully, go back to the Registration

directory, click on the Security tab and look at the permissions that are

assigned to the Administrators now. You should see more permissions are

populated. You should see that output that it processed the files.

9 Bring back the message window that popped up earlier and click Continue.

After the restore process is complete, the client machine has been fully

restored to the state at which it was last backed up. All of the client’s operating

system files are recovered to their original location, while a temporary

operating system is provided by the SRT. The temporary operating system

used during the recovery is running in a different location than the operating

system being recovered, and is therefore not overwritten in this process, and

does not interfere in the recovery of the original operating system.


138

Next steps in planning

business continuity


■ Summary of business continuity planning

■ Business continuity as an ongoing process

■ Challenges in managing business continuity

■ Final considerations

Summary of business continuity planningTo implement business continuity management, (BCM) the IT organization

performs the following tasks:

■ Develops a business continuity plan.

This plan should identify all business processes that require protection and

also identify their priority to the organization. For IT DR planning, these

processes translate into a fraction of the associated business process Recovery

Time Objective (RTO) and Recovery Point Objective (RPO) values.

■ Determines whether the IT organization can protect the business processes

within the allotted RTO and RPO requirements.

Based the results of this assessment, IT can then develop a set of solutions

that address these requirements. Each solution has a different cost and

unaddressed risks. Organization management will select a preferred approach.

■ Puts provisions in place.

These provisions include an IT DR plan, which provides appropriate protections

and aligns with management's orientation toward risk. The IT DR plan also

7Chapter

addresses disaster prevention, disaster recovery automation and testing, and

accelerated disaster recovery methodologies.

This book outlines methods for how to develop IT DR plans and describes how to

implement technologies to meet your RTO and RPO requirements. Symantec

recommends that the IT DR professional assess and plan for events that lead to

the execution of the DR plan. DR events may be caused by multiple events, but

the best DR plans ensure that few unforeseen events occur, regardless of whether

the is man-made or natural.

DR technologies and processes must align with business objectives to justify costs

and meet expectations. Symantec strongly recommends that you seek out

organizational and technological experiences and codify these as best practices

in the IT DR plan. Symantec offers technology, planning and implementation

services and assessments to help you establish a business continuity practice

within your IT organization and help you prepare and overcome the possibility

of all IT functions being unable to support the business.

Business continuity as an ongoing processAs threats, technologies, and business processes evolve, the Business Continuity

plan, and its IT DR component must also evolve. Consequently, IT DR activities

comprise a perpetual iterative process that matches organizational risk appetites

against identified threats and technologies.

Your organization probably has some security and disaster recovery provisions

and will likely benefit from reusing these technologies where possible. You should

try to automate the provisions whenever feasible and affordable

It is essential to fully document the IT DR plan, make it the reflexive course of

action, and ensure that all IT DR staff participants are aware of the plan and its

contents. Regularly exercising or otherwise simulating the plan is essential. When

exercise or actual disaster recovery outcomes vary from expectations, it is

important to understand the variance and incorporate findings with new

methodologies and technologies. In this way, IT DR plans can continuously

improve.

Just as important, IT organizations must remain current on new technology, and

continually educate themselves about new threats. Many organizations have

benefitted by partnering with selected technology and services vendors, seeking

information from peers in other organizations, and by participating in industry

conferences and technical meetings.

Data recovery is the foundation of any IT Disaster Recovery plan. However, data

recovery by itself is not sufficient to guarantee business process continuity or

Next steps in planning business continuityBusiness continuity as an ongoing process

140

even complete disaster recovery since that involves additional considerations

such as network failover.

Finally, because of the complexities involved, organizations developing their first

Business Continuity plan may benefit from involving experienced Business

Continuity planning experts.

Challenges in managing business continuityIt is important to recognize that a wide spectrum events exist which can

significantly threaten an organization’s business continuity. These events fall

into the categories of natural disasters and man-made disasters. When they occur,

the expected outcome can leave an organization to fend for itself using very

meager resources.

Regardless, some organizations feel they will not experience a disaster despite

clear historic evidence of the possibility to the contrary. Here it is worthwhile to

consider the findings from AFCOM®.

Originally founded as the Association For Computer Operations Management,

AFCOM (http://www.afcom.com) is considered by many data center managers as

a leading data center manager association. Recently, AFCOM’s Data Center

Institute conducted a survey of nearly 200 data center manager members regarding

data center disruptions. The survey defined a data center disruption as “any event

that caused any interruption whatsoever to operations and/or processing including,

but not limited to: loss of power or cooling, fire or water damage, natural disaster

such as earthquake or hurricane, bomb threat, terrorism, employee error or

sabotage, data loss, or security breach.”

The survey found the following:

■ 77.4% of the members' data centers had one business disruption in the past

five years

■ 42% of the disruptions were “serious”

■ 15.25% of the disruptions were “very serious”

Moreover, more than 16% indicated they had no risk management plan and that

only 4% had risk management plans for virus and security breaches.

IT organizations are potentially well-served by pro-actively focusing on disaster

prevention, disaster recovery automation and testing, as well as accelerated

disaster recovery methodologies.

141Next steps in planning business continuityChallenges in managing business continuity

Final considerationsAll organizations have business process vulnerabilities. To mitigate the risks

requires understanding the business comprehensively. This requires analyzing

an organization’s data usage, applications, systems, networks, information

processing centers, alternate recovery and work sites, as well as regional

considerations. When these factors are understood, the organization can begin

to match technical solutions to its business process needs.

As an organization develops its IT DR plans, it is important that the plans address

all current needs, as well as anticipate needs and the many changes that inevitably

arise. As an example, IT DR plans should address RTO and RPO requirements as

well as all existing regulatory considerations.

Comprehensive plans incorporate considerations for people, processes and

technologies. The period an organization develops its plans is an excellent time

to determine if it can automate normal and recovery operations. Usually, only a

small percentage of an organization’s IT staff normally appears during an actual

disaster recovery effort. Simplified normal operations can significantly simplify

IT DR activities.

Organizations should consider provisions for operating primary and alternate

sites remotely because these sites may be physically inaccessible for weeks

following some disasters. Such disasters might include those that cause

transportation system failures. Security provisions must include appropriate

remote access security provisions to both facilitate the resumption of business

as well as protect against emerging threats in the more chaotic mode of operation

immediately following a DR event.

A critical element in any IT DR plan is iterative testing. The first attempts at

creating a plan may be unsuccessful, but very instructive. Even simple whiteboard

discussions between organizational units can reveal inappropriate considerations

such as obsolete call notification lists. Some organizations have discovered that

they have no provision to house employees at alternate recovery sites. Moreover,

such exercises may reveal the need to include underlying support systems to the

IT DR plan, where basic functions such as telephones or transportation methods

to DR sites needs to be a integral part of IT’s DR planning.

In summary, the IT DR plan and its related technology performs:

Proper planning of objectives, strategy, and procedures will ensure

the effectiveness of the IT DR plan and BC program.

Planning

Constant review of technology needs will ensure that the IT DR plan

supports the updated infrastructure.

Designing

Next steps in planning business continuityFinal considerations

142

Prevent failure to occur in the first place, applicable to man-made

disasters.

Prevention

Recover business process when required.Recovery

Automate as much as possible to reduce RTO and ensure repeatable

processes.

Automation

Test and validate that your plan works with existing business processes

and IT technologies.

Testing

Maintenance and continuous improvement of applicability and

alignment to corporate objectives and strategies.

Improving

When your DR plan is follows these principles and is based on experience and

best practices, your business is well-equipped to manage a disastrous event. Always

look for market-leading technologies and evolving standards and take the

opportunity to partner with technology vendors to stay up-to-date with technology

trends and innovations.

143Next steps in planning business continuityFinal considerations

Next steps in planning business continuityFinal considerations

144


Continuity solution product

information

This appendix includes the following topics:

■ Symantec Managed Security Services

■ Symantec Business Continuity Management Services

■ Symantec Gateway Security 5600 Series appliance

■ Symantec Critical System Protection

■ Veritas NetBackup

■ Veritas Storage Foundation

■ Veritas Bare Metal Restore

Symantec Managed Security ServicesSymantec™ Managed Security Services prevents external attacks and allows for

internal testing and monitoring of an enterprise environment.

Symantec Managed Security Services delivers real-time threat analysis, helping

organizations establish compliance, minimize business impact, and reduce overall

security risk to an acceptable cost. The services offload the burden of real-time

network monitoring, advanced security analysis, and global intelligence correlation

to Symantec, while allowing businesses to maintain complete insight into critical

business information.

AAppendix

Symantec offers tiered levels of service, allowing businesses to tailor their security

return on investment and build a managed security program that fits their

individual level of security risk tolerance. All tiers identify emerging threats and

real-time attacks.

The following Symantec Managed Security Services are available:

■ Monitored and Managed Firewall services

■ Monitored and Managed Network-based intrusion detection services

■ Monitored and Managed Integrated Security Appliance services

■ Monitored Host-based intrusion detection services

■ Managed Internet Vulnerability Assessment services

■ Managed Security Policy Compliance services

■ Managed Virus Protection services

Where appropriate, business can choose from standard or premium Monitoring

services and standard, enhanced, or premium Managed services. In addition to

global support from multiple Symantec Operation Centers (SOCs), Symantec

Managed Security Services is supported by Symantec™ Security Response, the

world’s leading Internet security research and support organization. The Symantec

Security Response team leverages the data generated by the Symantec DeepSight

Services analysts, who provide notification of vulnerabilities and exploits as they

are identified.

By efficiently and adeptly inspecting and analyzing threats to the network,

Symantec Managed Security Services provides a level of vigilance that enhances

an organization’s security posture and smooths out the volatility in resource

demands and costs that are typically associated with managing information

security.

Symantec Business ContinuityManagement ServicesBusiness continuity is about keeping business moving forward despite disruptions.

As business continuity experts, Symantec Business Continuity Management

Services offers the breadth and depth of expertise needed to define, design, and

implement a business continuity strategy for your organization.

Having a business continuity plan in place can help you:

■ Reduce frequency and duration of downtime

■ Protect revenues and market share

Symantec Secure Business Continuity solution product informationSymantec Business Continuity Management Services

146

■ Reduce cost and legal exposure due to missed SLAs or regulatory compliance

requirements

■ Protect customer relationships and consumer confidence

Symantec Business Continuity Management consultants deliver the following

comprehensive suite of services that addresses your whole business continuity

program:

■ Recovery requirements definition and analysis

■ Recovery strategy and architecture development

■ Technology implementation and recovery plan development

■ Testing and validation

■ Maintenance and continuous improvement

Symantec Gateway Security 5600 Series applianceThe Symantec™ Gateway Security 5600 series appliance helps prevent external

attacks to an enterprise environment.

Figure A-1 shows where the Symantec Gateway Security 5600 Series appliance

fits in the Symantec Secure Business Continuity solution.

147Symantec Secure Business Continuity solution product informationSymantec Gateway Security 5600 Series appliance

Figure A-1 Symantec Gateway Security 5600 Series appliance in the Symantec

Secure Business Continuity solution

The Symantec Gateway Security 5600 series is a family of easy-to-manage,

multi-function security appliances. Each model is a self-contained system with

pre-loaded software components and does not have minimum system

requirements. Series members provides a single, easy-to-use management console

with centralized logging, alerting, and reporting, which enables administrators

to configure and manage individual local and remote appliances from a central

location via the Internet.

All products offer an optional Advanced Manager that enables customers to

manage up to thousands of appliances simultaneously and to generate consolidated

event reports across all components, enterprise-wide. These products provide

fully integrated, layered security at the network gateway, powered by Symantec’s

anti-virus and anti-spam technologies. With multiple, tightly integrated functions,

these security appliances provide an effective proactive solution for preventing

blended threats.

Symantec Gateway Security 5600 Series product features

The Symantec Gateway Security 5600 series include the following Security

functions:

Symantec Secure Business Continuity solution product informationSymantec Gateway Security 5600 Series appliance

148

■ Full-inspection firewall

■ Anti-virus protection

■ Intrusion prevention (with adware and spyware capabilities)

■ Content filtering with dynamic document review

■ Antispam protection

■ VPN (SSL and IPsec)

The 5600 Series is ideal for medium enterprises and large branch offices of large

enterprises. The series offers three hardware models that enable customers to

choose the appliance model best meeting their performance needs. Table A-1

describes how the Symantec Gateway Security 5600 series meets the security

challenges of medium and large branch offices.

Table A-1 Symantec Gateway Security 5600 Series product features

Symantec Gateway Security solutionSecurity challenge

Gateway Security combines seven essential network security

functions into a single, easy-to-manage firewall appliance.

That does the following:

■ Provides protection from a multitude of security threats,

including viruses, worms, intrusion attacks, and

malicious code.

■ Reduces the number of attacks that affect networks.

■ Stops viruses and intrusions at the gateway before they

enter the network and cause damage.

■ Provides increased protection against complex blended

threats, such as Code Red and Nimda, which infiltrate a

network from multiple entry points.

■ Improves security posture at the Internet gateway by

increasing the breadth of protection.

Comprehensive gateway

security through integrated

technologies

Symantec has optimized Symantec Gateway Security for

medium and large enterprise customer branch office use,

offering the following:

■ Focused, enterprise-class virus and firewall protection

without the need for dedicated servers and management.

■ Intrusion detection that warns you of suspicious activity

with minimal false alerts.

■ Content filtering rules that enforce the typical security

policies of small or medium-sized offices.

Security optimized for

branch offices

149Symantec Secure Business Continuity solution product informationSymantec Gateway Security 5600 Series appliance

Table A-1 Symantec Gateway Security 5600 Series product features

(continued)

Symantec Gateway Security solutionSecurity challenge

Symantec Gateway Security reduces the burden on IT staffs

by enabling them to do the following:

■ Configure and manage the seven security functions of

Symantec Gateway Security through a common console.

■ Generate consolidated reports across components for a

more complete view of their security environment.

Less administrative attention

The full inspection and heuristic technology of Symantec

Gateway Security stops many attacks that others cannot

without implementing “after-the-fact” patches. For example,

Symantec Gateway Security prevented attacks by the

WebDAV, Sendmail, and other worms without requiring

security updates.

Symantec licenses Symantec Gateway Security by the

number of nodes being protected. This is the number of

nodes on active segments or routed segments of the

appliance.

Advanced protection against

complex attacks

Symantec Gateway Security 5600 Series specifications

Table A-2 summarizes the specifications for the 5620, 5640 and the 5660 appliance

models. Customers choose the appliance model that fit their network throughput

demands.

Table A-2 Symantec Gateway Security 5600 Series specifications

Model 5660Model 5640Model 5620Capacity

3.2 Gbps1.4 Gbps660 MbpsStateful Throughput

950 Mbps675 Mbps405 MbpsStateful + IPS Throughput

905 Mbps735 Mbps435 MbpsFull Inspection Throughput

838 Mbps290 Mbps240 MbpsVPN Throughput

320,000250,000200,000Concurrent connections

Symantec Secure Business Continuity solution product informationSymantec Gateway Security 5600 Series appliance

150

Symantec Critical System ProtectionSymantec™ Critical System Protection provides protection inside the firewall

from external attacks to an enterprise environment.

Figure A-2 shows where Symantec Critical System Protection fits in the Symantec

Secure Business Continuity solution.

Figure A-2 Symantec Critical System Protection in the Symantec Secure

Business Continuity solution

Symantec Critical System Protection 5.0 is the second release of Symantec’s host

intrusion protection software, and is available on both client and server computers.

It protects against day-zero attacks, hardens systems, and maintains compliance

by enforcing behavior-based security policies on clients and servers.

Symantec Critical System Protection product features

Release 5.0 adds monitoring, notification, and auditing to ensure host integrity

and compliance across mixed platforms. Additional platforms are also supported.

Using configurable, out-of-the-box security policies, Symantec Critical System

Protection hardens the operating system, prevents buffer overflows, and protects

critical file system assets, including configuration files and the registry, without

151Symantec Secure Business Continuity solution product informationSymantec Critical System Protection

the use of signatures. Enterprises can enforce security policies at various levels

across operating system functions, applications and users.

Other features including the ability to de-escalate privileges for administrative

users, restrict the use of removable media devices such as USB drives, and control

interactive programs. A centralized management console enables administrators

to deploy, configure, and administer security policies across the enterprise.

Symantec Critical System Protection system requirements

Table A-3 shows the system requirements for Symantec Critical System Protection.

Table A-3 System Requirements for Symantec Critical System Protection

System requirementsSoftware tool

■ Microsoft Windows CP / Microsoft Windows

2000 Server / Microsoft Windows Server 2003

■ 50 MB disk space

■ 256 MB RAM

Management Console

■ Windows® 2000 Professional/Server/Advanced

Server

■ Windows XP / Windows Server 2003

■ 1 GB disk space

■ 256 MB of RAM

Microsoft Windows Agent

■ Sun SPARC platform

■ 1 GB disk space

■ 256 MB of RAM

Sun Solaris (Version 8 and 9) Agent

■ Power platform

■ 1 GB disk space

■ 256 MB of RAM

IBM AIX 5L (Version 5.2 and 5.3) Agent

■ PA-RISC platform

■ 1 GB disk space

■ 256 MB of RAM

HP-UX 11.I (version 11.11 and 11.23)

Agent

■ Microsoft Windows 2000 Server / Microsoft

Windows Server 2003

■ 40 GB of disk space

■ 1 GB of RAM

■ Microsoft SQL Server

Symantec Critical System 5.0

Management Server

Symantec Secure Business Continuity solution product informationSymantec Critical System Protection

152

Veritas NetBackupVeritas NetBackup Enterprise Server delivers high-performance data protection

that scales to protect the largest UNIX, Windows, Linux, and NetWare

environments. It offers a single management tool to consolidate all backup and

recovery operations, while providing cutting-edge management, alerting, reporting,

and troubleshooting technologies.

Veritas NetBackup Enterprise Server prevents system downtime and provides

automated recovery in an enterprise environment. Figure x-x shows where Veritas

NetBackup Enterprise Server fits in the Symantec Secure Business Continuity

solution.

Veritas NetBackup product features

With its advances in disk and snapshot-based protection, off-site media

management, and automated disaster recovery, NetBackup helps organizations

take advantage of both tape and disk storage. NetBackup offers data encryption

that transmits and stores data using the latest encryption technologies. To reduce

the impact on business critical systems, NetBackup provides online database and

application-aware backup and recovery solutions for all leading databases and

applications to deliver data availability for utility computing.

Figure A-3 shows where Veritas NetBackup fits in the Symantec Secure Business

Continuity solution.

153Symantec Secure Business Continuity solution product informationVeritas NetBackup

Figure A-3 Veritas NetBackup in the Symantec Secure Business Continuity

Solution

Veritas NetBackup system requirements

Table A-4 shows a partial listing of the comprehensive operating system support

for Veritas NetBackup.

Table A-4 Veritas NetBackup system requirements

Vendor/PlatformOS versionOperating system

IBM RS/6000, SP, pSeries5.1 (32/64 bit)AIX 5L

IBM RS/6000, SP, pSeries5.2 (32/64 bit)

IBM RS/6000, SP, pSeries5.3 (32/64 bit)

IBM eServer i55.3 (32/64 bit)

Intel IA325.3FreeBSD

Intel IA325.4

Symantec Secure Business Continuity solution product informationVeritas NetBackup

154

Table A-4 Veritas NetBackup system requirements (continued)


Intel IA326.0

HP 900011.0HPUX

HP 900011i v1 (11.11)

HP 900011i v2 (11.23)

HP Integrity (IA64)11i v2 (11.23 )

2.1 Intel x86Red Hat Enterprise

Linux ES/AS

Intel IA323.0 Intel x86

Intel IA324.0 Intel x86

AMD64 / EM64T3.0 for X64

Intel IA324.0 for X64

AMD64 / EM64T3.0 Intel Itanium

AMD64 / EM64T4.0 Intel Itanium

AMD64 / EM64T2.1 Intel x86

Intel Itanium IA643.0 Intel x86

Intel Itanium IA644.0 Intel x86

SUN SPARC

Fujitsu PRIMEPOWER

8Solaris

SUN SPARC

Fujitsu PRIMEPOWER

9

SUN SPARC

Fujitsu PRIMEPOWER

10

Intel IA32Server 2003, Server

2003 SP1, Standard, Enterprise,

Datacenter, and Web Editions

Windows Server 2003

155Symantec Secure Business Continuity solution product informationVeritas NetBackup

Table A-4 Veritas NetBackup system requirements (continued)


Supported with 32bit

NetBackup binaries. 32bit

Windows Server 2003 on

AMD64 and EM64T platforms

Server 2003, Server

2003 SP1 Standard, Enterprise,

Datacenter, and Web Editions

Intel IA32, 32bit XP on AMD64

and EM64T

XP SP2Windows XP

Intel IA64XP SP2

Intel IA322000 SP4Windows 2000

Veritas Storage FoundationVeritas Storage Foundation™ combines the industry-leading Veritas Volume

Manager™ and Veritas File System™ to provide a complete solution for online

storage management.

It provides automated storage failure recovery and downtime prevention for an

enterprise environment.

Figure A-4shows where Veritas Storage Foundation fits in the Symantec Secure

Business Continuity solution.

Symantec Secure Business Continuity solution product informationVeritas Storage Foundation

156

Figure A-4 Veritas Storage Foundation in the Symantec Secure Business

Continuity Solution

Veritas Storage Foundation product features

Using Veritas Storage Foundation, business can group physical disks into logical

volumes to improve disk utilization and eliminate storage-related downtime. In

addition Veritas Storage Foundation can move unimportant or out-of-date files

to less-expensive storage devices without changing the way users or applications

access those files. Storage Foundation moves the files automatically according to

the policy set up, without taking them offline. More importantly, the move is

completely transparent to users and applications that own the files.

Using the new provisioning templates in Storage Foundation, many manual storage

management tasks can now be automated. Administrators can quickly and easily

create new storage environments that are error free. These provisioning templates

can include information about the storage brand, location, layout and other

variables. Administrators can export templates to other servers to create

company-wide consistency.

Furthermore, Storage Foundation eliminates most planned downtime by limiting

the amount of time administrators need to take storage offline to perform regular

maintenance functions. Administrators can perform nearly all storage-related

157Symantec Secure Business Continuity solution product informationVeritas Storage Foundation

tasks online, such as RAID reconfiguration, defragmentation, file system resizing

and volume resizing,

Veritas Storage Foundation mirrors data for redundancy and automatically

migrates data from failing disks to healthy disks to cut downtime from unplanned

events. In addition, the High Availability version of Storage Foundation includes

Veritas Cluster Server to quickly move an application from a failed server to a

healthy server. These features can reduce or eliminate most unplanned downtime

Finally, with the dynamic multi-pathing feature of Storage Foundation,

administrators can spread I/O across all available paths to eliminate downtime

from I/O path, HBA or switch failures.

Veritas Storage Foundation system requirements

Table A-5 describes the operating systems supported for Veritas Storage

Foundation.

Table A-5 Veritas Storage Foundation system requirements

Support platformStorage Foundation

Version

■ Microsoft Windows NT

■ Windows 2000

■ Windows Server 2003

■ HP-UX 11i v2

■ Red Hat (RHEL 4)

■ SUSE (SLES 9)

Storage Foundation 4.3

■ Solaris 8, 9, 10

■ Solaris x64 is supported on Solaris 10 only

Storage Foundation 4.1

Veritas Bare Metal RestoreVeritas Bare Metal Restore™ software automates and streamlines the server

recovery process, freeing organizations from having to manually reinstall

operating systems or configure hardware.

Figure A-5 shows where Veritas Bare Metal Restore fits in the Symantec Secure

Business Continuity solution.

Symantec Secure Business Continuity solution product informationVeritas Bare Metal Restore

158

Figure A-5 Veritas Bare Metal Restore fits in the Symantec Secure Business

Continuity solution

Veritas Bare Metal Restore product features

Veritas Bare Metal Restore™ simplifies and automates the server recovery process.

Using simple commands, administrators can perform complete server restores

in a fraction of the time without extensive training or tedious administration. In

addition to providing fully automated system recovery, Bare Metal Restore offers

the following features:

Administrators can restore systems back to the

point of the last successful backup (full or

incremental) or to a backup prior to the most

recent backup.

Point-in-time restore

Administrators can execute multiple server

restores in parallel to accomplish mass-recovery

operations.

Rapid-fire recovery

159Symantec Secure Business Continuity solution product informationVeritas Bare Metal Restore

Administrators can ensure that system

configurations recover to their precise pre-failure

state because Bare Metal Restore automatically

records details about disk configuration and

TCP/IP settings, and updates the information at

schedule backup.

System configuration restoration

Administrators can insert custom scripts in the

restore process to help automate operations such

as recovering a database or an application.

Custom external procedures

Administrators can recover IBM, AIX, HP-UX, Sun

Solaris, Microsoft Windows NT, Windows 2000,

and Windows Server 2003 systems using one

common interface and the same basic procedure.

One solution for many platforms

Administrators can recover data to Windows

systems that have dissimilar hardware

configurations, including different network

interface adapters, mass storage devices, video

adapters, motherboards, and CPU quantities and

types. Bare Metal Restore can also support

migration to systems from a different hardware

vendor.

Restoration to dissimilar Windows

systems

In addition, Bare Metal Restore software integrates with Veritas NetBackup

software to synchronize operations and simplify administration. With the two

products working together, client systems are still backed up to NetBackup servers

as before, but an additional procedure is automatically executed before every

scheduled backup to record the current state of the system configuration, including

disk layouts and TCP/IP configuration.

If an administrator changes a client configuration, the changes are automatically

captured and recorded at the next scheduled backup without user intervention.

Veritas Bare Metal Restore system requirements

Table A-6 summarizes the system requirements for client and server platforms.


160

Table A-6 System Requirements for Veritas Bare Metal Restore

OS requirementPlatform

■ IBM AIX

■ HP-UX

■ Linux

■ Sun Solaris

Server

■ IBM AIX

■ HP-UX

■ Sun Solaris

■ Microsoft Windows NT

■ Windows 2000

■ Windows Server 2003

Client

161Symantec Secure Business Continuity solution product informationVeritas Bare Metal Restore


162

AAFCOM Data Center Institute 141

BBasic Tier. SeeSecure Business Continuity Basic Tier

BCI. See Business Continuity Institute

BCM. See business continuity management

business continuity

as an ongoing process 140

Business Continuity Institute (BCI) 10

business continuity management (BCM)

basics of 9

challenges 141

disaster costs 31

goals of 10

importance of 17

role of Symantec in 30

business continuity planning

objectives 12

summary 139

business processes

identifying for recovery 20

Ddisaster recovery

alternative solutions 26

assessing IT capabilities for 24

common planning mistakes 17

developing IT strategy 24

developing strategy for 19

information technology tasks 15

methodologies 15

organizational roles 13

planning for 28

planning questions 20

testing IT strategy 28

tiered solutions 35

Dissimilar System Restore (DSR)

creating a configuration 130

Eencryption

Microsoft SQL encrypted backup with

NetBackup 100

NetBackup encryption 51

VPN encryption 74

GGateway Security 5600 Series appliance

network security best practices for the Basic

Tier 47

sizing considerations for the Basic Tier 46

Gold Tier. See Secure Business Continuity Gold Tier

IIT DR. See disaster recovery

RRecovery Point Objective (RPO)

costs associated 10

defined 12

establishing values 33

identifying goals of 17

interdependencies 15

recovery tiers 10

Recovery Time Objective (RTO)

costs associated 10

defined 12

determining values for 21

establishing values 33

identifying goals of 17

interdependencies 15

tasks 22

RPO. See Recovery Point Objective (RPO)

RTO. See Recovery Time Objective (RTO)

SSecure Business Continuity Basic Tier

best practices 61

configuration 36, 42

Index

Secure Business Continuity Basic Tier (continued)

data recovery from primary to alternate site 62

deployment 46

overview 36, 41

Symantec Gateway Security 5600 Series

appliance 41

Symantec Gateway Security 5620 appliance 36

Veritas NetBackup 36, 41

Veritas NetBackup Encryption 41

Veritas NetBackup Vault option 36, 41

Secure Business Continuity Gold Tier

Bare Metal Restore to alternate site 128


deployment 117

overview 38, 109

Symantec Gateway Security 5640 appliance 38

Symantec Gateway Security Series 5640

appliance 110

Symantec Managed Security Services 38, 110

Veritas NetBackup Bare Metal Restore

option 38, 110

Secure Business Continuity Silver Tier


data center disaster recovery preparation

sequence 94

deployment of 72

overview 37, 65

provisioning 96

Symantec Critical System Protection 37, 66

Symantec Gateway Security 5640 appliance 37,

66

Veritas NetBackup 37, 66

Veritas Storage Foundation 37, 66

Secure Business Continuity Solution Tiers 31, 39

Shared Resource Tree (SRT)

creating on the primary site 124

restoring 129

Silver Tier. See Secure Business Continuity Silver

Tier

Symantec Critical System Protection

agent group usage considerations for the Silver

Tier 82

best practices for the Silver Tier 87

components 68

configuring policies for 80

creating policies for 79

deploying for the Silver Tier 76

detection policies for the Silver Tier 84

firewall co-existence 87

Symantec Critical System Protection (continued)

for the Silver Tier 67

installing for the Silver Tier 76

intrusion detection system features 70

intrusion prevention system features 70

management server databases for the Silver

Tier 85

overview 69

policies for the Silver Tier 83

prevention policies for the Silver Tier 84

restoration decisions for the Silver Tier 88


best practices for the Silver Tier 75

VPN access for the Silver Tier 74

Symantec Gateway Security 5600 Series appliance

Basic Tier 42

deploying for the Gold Tier 117

deploying for the Silver Tier 72

Gold Tier implementation 111

intrusion detection system services (IDS) 117

network security best practices for the Gold

Tier 118

Security Gateway Management Interface

(SGMI) 67

Silver Tier component 66

sizing considerations for the Gold Tier 117

sizing considerations for the Silver Tier 73

Symantec Managed Security Services

Caltarian technology platform 113

for the Gold Tier 112

VVeritas Bare Metal Restore

additional features 126

components 120

creating a new policy 121

customizing restoration of 134

deploying for the Gold Tier 119

enabling for NetBackup clients 120

preparing the primary site for 124

restoring a NetBackup client with 135

running an external procedure 138

Veritas NetBackup

Basic Tier 43

configuring for the Silver Tier 93

creating policy for Microsoft SQL backup 100

encryption 50

encryption option for the Basic Tier 44

installation considerations for the Basic Tier 49

Index164

Veritas NetBackup (continued)


NetBackup Vault process 53

profile time window for the Basic Tier 60

recovering data from client 63

recovering data from servers 63

Storage Foundation for Windows for the Silver

Tier 89

Vault configuration tasks 59

Vault option for the Basic Tier 45

Veritas NetBackup Bare Metal Restore

Dissimilar Disk Restore (DDR) 112

Dissimilar System Restore (DSR) 112

External Procedures 112

for the Gold Tier 111

Veritas Storage Foundation for Windows

for the Silver Tier 71


NetBackup for the Silver Tier 89

165Index

Secure Business Continuity: Strategies for Business

Continuity Management and Disaster Recovery

This Symantec Yellow Book is intended to help organizations deploy a combination of Symantec products

to ensure business continuity management and disaster recovery best practices. This book gives business

and technology leaders viable strategies for recovering data after a disastrous event. It provides rigorous

methodology for driving business continuity management best practices to help with information technology

disaster recovery. In addition, the book provides details for IT professionals about how to automate recovery

procedures while simultaneously securing data and alternate sites from unauthorized use. Also discussed

are the techniques that many organizations consider the best automation and testing practices available for

business continuity management.

Symantec Yellow Books deliver skills and know-how to our partners and customers as well as to the technical

community in general. They show how Symantec solutions handle real-world business and technical problems,

provide product implementation and integration know-how, and enhance the ability of IT staff and consultants

to install and configure Symantec products efficiently.

About Symantec Yellow Books™

www.symantec.com

Overview of business continuity management

concepts, IT business process support and IT disaster

prevention and recovery

Best practices for automation and testing

Faster recovery to ensure appropriate RTO/RPO levels

Technical information for product deployment,

configuration sequences, and achieving synergies

Secure Business Continuity:

Strategies for Business

Continuity Management

and Disaster Recovery

A comprehensive approach to enhancing

business continuity planning and testing

Sy

ma

nte

c Y

ello

w B

oo

ks

™

Copyright © 2006 Symantec Corporation. All rights reserved. 05/06 10577173

Se

cu

re B

usin

ess C

on

tinu

ity: S

trate

gie

s fo

r Bu

sin

ess C

on

tinu

ity M

an

ag

em

en

t an

d D

isa

ste

r Re

co

ve

rySYB_SBC_FF.qxd 5/9/06 10:32 AM Page 1

Secure Business Continuity: Strategies for Business...

Documents

Transcript of Secure Business Continuity: Strategies for Business...