Bxp and Business Continuity

From All n One's bxp software Wixi

Jump to: navigation, search

1 Concepts

1.1 Business Continuity

Wikipedia defines Business Continuity as:


Business continuity encompasses a loosely defined set of planning, preparatory and related activities which are intended to ensure that an organization's critical business functions will either continue to operate despite serious incidents or disasters that might otherwise have interrupted them, or will be recovered to an operational state within a reasonably short period. As such, business continuity includes three key elements:

  1. Resilience: critical business functions and the supporting infrastructure are designed and engineered in such a way that they are materially unaffected by most disruptions, for example through the use of redundancy and spare capacity;
  2. Recovery: arrangements are made to recover or restore critical and less critical business functions that fail for some reason.
  3. Contingency: the organization establishes a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not have been, foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice.


http://en.wikipedia.org/wiki/Business_continuity


1.2 High Availability

bxp is built in a High Availability manner. http://en.wikipedia.org/wiki/High_Availability


There are three principles of high availability engineering. They are

  1. Elimination of single points of failure. This means adding redundancy to the system so that failure of a component does not mean failure of the entire system.
  2. Reliable crossover. In multithreaded systems, the crossover point itself tends to become a single point of failure. High availability engineering must provide for reliable crossover.
  3. Detection of failures as they occur. If the two principles above are observed, then a user may never see a failure. But the maintenance activity must.


2 Delivery

2.1 Resilience

In order to deliver against these goals All n One has employed a number of elements:


Our High Availability infrastructure removes single points of failures in any single piece of equipment. The_bxp_Infrastructure


Our capacity planning ensures that our services are capable of handling significant load bxp_Infrastructure_Capacity


bxp is operated in a quality way. All n One define quality as "an objective, measured approach to delivering a subjective need". For this reason All n One adopt and are adopting a number of international standards to improve the resilience of the solution.

  • XHTML 1.0 (100% as of October 2008)
  • CSS 2.0 (100% as of October 2008)
  • W3C Level A Accessibility (100% as of June 2009)
  • OWASP Guidlines (100% as of September 2009)
  • ISO 27001 (80% as of August 2014)
  • COBIT (70% as of August 2014)
  • ENISA (90% as of August 2014)


bxp is developed using a structured project Agile Development methodology. Bex also uses ADDIE and prototyping development methodologies depending on what is best for client project development. All_n_One_Project_Development_Approach


bxp is tested internally in a structured manner. For more information on our security and testing please review bxp_Security_and_Testing


All n One is very aware of its requirements under Data Protection as a data processor. We advise our clients to be aware of their data controller and processor requirements. We have published guidelines and advisory material on the area Data_Protection_and_Data_Retention


2.2 Recovery

2.2.1 Backups

All n One operate backup plans on a number of levels of the solution:

  1. Client backups Bxp_Backups
  2. Solution backups
  3. Infrastructure backups
  4. Administration and Support backups


Each backup operation has a separate set of procedures associated with them which is available if required through your Business Development manager. The only backup of operational influence to a bxp software client are the Client Backups. All other operations are All n One managed procedures.

2.2.2 Operational Service Level Agreements

The details of operational SLAs are particular to a client and their operational needs. The specifics of your SLA is detailed within you contract. A copy of which is available through your Business Development manager.

2.2.3 Equipment Replacement

If a piece of equipment in the office is not longer usable, it is replaced by one of the spare pieces of equipment located in either the warehouse or in the asset cabinet. If a replacement is not available in either of those locations a replacement piece of equipment is purchased with managements permissions.

2.2.4 Sungard Server Swap Policy

In the event that your server's critical hardware fails, to the extent that it is not able to function as a web-server, we will endeavour to fix the fault or provide an alternative server, within 22 minutes of the cause of the fault being identified.

2.3 Contingency

2.3.1 System Management and the Hamsters

bxp operates a real-time monitoring and classification engine that is based on Microsoft Internet Information Server (IIS) error messages. The system also generates a number of non-critical error messages related to security and help request functionality built into bxp. Details are available from Meet_the_Hamsters


2.3.2 System Support and Development

bxp is an evolving solution. For this reason there are numerous support and development mechanisms implemented throughout bxp. More information on system support is available from Understanding_bxp_Support

2.3.3 Sungard

The entire bxp infrastructure is currently implemented by Sungard Availability Services (AS) in ParkWest in Dublin. http://www.sungardas.ie/Pages/default.aspx


Further details of the site and its general infrastructure is available here. Bxp_software_in_Sungard


Q. What if ParkWest facility is subject to Nuclear, Biological, Chemical attack or a natural disaster, such as a solar flare?

A. The bxp service is hosted in the single site only. In the event that a bxp client requires co-location services this can be facilitated through the contract, but will have significant price impact on provision of the service. Sungard AS have a second site in Clonsaugh for this purpose.

2.3.4 Sungard Live Server Recovery

On request from All n One, the target server is booted by Sungard AS from an R1soft Live CD. The Sungard AS engineer is prompted for information to enable the recovery software to connect to the R1Soft server. Once connected, the engineer chooses a server image to recover and a point in time to recover to. The necessary data (disk blocks) are then copied from the Disk Safe on the R1Soft server and written to the disk(s) on the target server. Once this restoration process is complete, the target server can be rebooted without the Live CD and normal service is resumed (subject to any caveats e.g. software licensing tied to the original server's UUID, MAC address changes, etc.)

2.3.5 ENISA

Wikipedia describes ENISA as: http://en.wikipedia.org/wiki/ENISA


European Network and Information Security Agency (ENISA), is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005.


The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.


ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future EU legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.


As part of ENISA's work they have developed

http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-information-assurance-framework


bxp is delivered against this assurance framework with secure details available to clients through your Business Development manager.