Difference between revisions of "Bxp software in AWS Cloud Services"
From All n One's bxp software Wixi
| Line 2: | Line 2: | ||
==Overview== | ==Overview== | ||
| − | + | At bxp we are constantly looking to the future and, in particular, the future needs of our clients. | |
| − | At bxp we are constantly looking to the future and, in particular, the future needs of our clients. | ||
A steady growth in our client base has led to a commensurate increase in the number of individual users and the amount of data being handled. In addition, clients require ever more complex solutions that often become deeply embedded business processes. This has, in turn, produced a demand for the best possible data and system security along with greater flexibility and facility for expansion. | A steady growth in our client base has led to a commensurate increase in the number of individual users and the amount of data being handled. In addition, clients require ever more complex solutions that often become deeply embedded business processes. This has, in turn, produced a demand for the best possible data and system security along with greater flexibility and facility for expansion. | ||
| Line 12: | Line 11: | ||
| − | + | ||
| + | |||
==Solution== | ==Solution== | ||
| − | |||
We reviewed a range of possibilities and decided that Amazon Web Services (AWS) would most suit the current and future demands of our clients. | We reviewed a range of possibilities and decided that Amazon Web Services (AWS) would most suit the current and future demands of our clients. | ||
| − | We have therefore moved from our previous high-availability SunGard AS Infrastructure to an AWS environment with even stronger services and off-site business continuity facility. | + | We have therefore moved from our previous high-availability SunGard AS Infrastructure to an AWS environment with even stronger services and off-site business continuity facility. |
The move involved migration of client data from the previous Sungard location to the new AWS environment and was jointly supervised by bxp, AWS and Sungard AS who will continue to provide bxp with best-in-class management in support of the new service. (https://www.sungardas.com/en-IE/company/technology-partners/amazon-web-services/) | The move involved migration of client data from the previous Sungard location to the new AWS environment and was jointly supervised by bxp, AWS and Sungard AS who will continue to provide bxp with best-in-class management in support of the new service. (https://www.sungardas.com/en-IE/company/technology-partners/amazon-web-services/) | ||
| − | + | ||
==Offering== | ==Offering== | ||
| − | |||
===Overview=== | ===Overview=== | ||
Sungard Provide | Sungard Provide | ||
| − | • Configuration, implementation and configuration changes | + | • Configuration, implementation and configuration changes |
| − | • Patch management & installation and availability monitoring | + | • Patch management & installation and availability monitoring |
| − | • Incident management and problem resolution of Elastic Cloud Compute (EC2) instances and Elastic Block Storage (EBS) volumes hosted in AWS | + | • Incident management and problem resolution of Elastic Cloud Compute (EC2) instances and Elastic Block Storage (EBS) volumes hosted in AWS |
| − | • Virtual Private Cloud (VPC) and Security Group (Firewall) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore firewall rules, incident management and problem resolution | + | • Virtual Private Cloud (VPC) and Security Group (Firewall) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore firewall rules, incident management and problem resolution |
| − | • Elastic Load Balancer (ELB) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore load balancing rules, incident management and problem resolution | + | • Elastic Load Balancer (ELB) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore load balancing rules, incident management and problem resolution |
| − | • Public interface creation, configuration and management for Internet access to the customer’s VPC | + | • Public interface creation, configuration and management for Internet access to the customer’s VPC |
| − | • Creation of an internal VLAN and sub-allocated VLANs in accordance with the customer’s VPC | + | • Creation of an internal VLAN and sub-allocated VLANs in accordance with the customer’s VPC |
| − | • Backup policy creation, configuration, implementation, configuration changes, availability monitoring, incident management and problem resolution in accordance with the EC2 instances managed by Sungard AS | + | • Backup policy creation, configuration, implementation, configuration changes, availability monitoring, incident management and problem resolution in accordance with the EC2 instances managed by Sungard AS |
| − | Managed Cloud – Cloud OS Managed Solutions: Features | + | Managed Cloud – Cloud OS Managed Solutions: Features |
Sungard provide | Sungard provide | ||
| − | • Initial operating system build and operating system level backup configuration | + | • Initial operating system build and operating system level backup configuration |
| − | • Operating system configuration changes upon Customer request | + | • Operating system configuration changes upon Customer request |
| − | • Management of system administration security access | + | • Management of system administration security access |
| + | |||
| + | • Installation of antivirus software identified in the Sungard AS Antivirus Policy | ||
| − | |||
| − | |||
==Data== | ==Data== | ||
| − | |||
We carefully reviewed the data migration process to assess the most secure and efficient way to move client data and, as a result, broke the process down into seven steps. | We carefully reviewed the data migration process to assess the most secure and efficient way to move client data and, as a result, broke the process down into seven steps. | ||
| − | 1. Pre-migration planning | + | 1. Pre-migration planning |
| − | o Evaluate the data being moved for stability | + | o Evaluate the data being moved for stability |
| − | o Analyse if and how the client’s data is currently growing | + | o Analyse if and how the client’s data is currently growing |
| − | o Analyse level of customisation | + | o Analyse level of customisation |
| − | 2. Project initiation | + | 2. Project initiation |
| − | o Identify and brief key stakeholders | + | o Identify and brief key stakeholders |
| − | o Ensure all clients are aware of the Data Migration Plan | + | o Ensure all clients are aware of the Data Migration Plan |
| − | 3. Landscape analysis | + | 3. Landscape analysis |
| − | o Establish robust data quality rules and management process | + | o Establish robust data quality rules and management process |
| − | o Brief the client on the goals of the project, if required. | + | o Brief the client on the goals of the project, if required. |
| − | o Brief the client on shutting down legacy systems, if required | + | o Brief the client on shutting down legacy systems, if required |
| − | 4. Solution design | + | 4. Solution design |
| − | o Determine what data to move | + | o Determine what data to move |
| − | o Determine the quality of that data, pre and post move | + | o Determine the quality of that data, pre and post move |
| − | 5. Build & test | + | 5. Build & test |
| − | o Code the migration logic | + | o Code the migration logic |
| − | o Test the migration with a mirror of the production environment | + | o Test the migration with a mirror of the production environment |
| − | 6. Execute & validate | + | 6. Execute & validate |
| − | o Demonstrate that the migration has complied with requirements | + | o Demonstrate that the migration has complied with requirements |
| − | o Demonstrate that the data moved is viable for business use | + | o Demonstrate that the data moved is viable for business use |
| − | 7. Decommission & monitor | + | 7. Decommission & monitor |
| − | o Shut down and dispose of old systems | + | o Shut down and dispose of old systems |
| − | o Confirm project completion to clients. | + | o Confirm project completion to clients. |
===The data move process=== | ===The data move process=== | ||
| − | |||
We used an SFTP method to encrypt the data in transit with the exchange algorithm configured to run using Elliptic-curve Diffie–Hellman key agreements with a minimum security of AES-256. (https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) | We used an SFTP method to encrypt the data in transit with the exchange algorithm configured to run using Elliptic-curve Diffie–Hellman key agreements with a minimum security of AES-256. (https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) | ||
| − | The exchange was conducted between two Windows based servers using the highest levels of encryption available after being password protected on the live server before the SFTP transfer using AES-256. | + | The exchange was conducted between two Windows based servers using the highest levels of encryption available after being password protected on the live server before the SFTP transfer using AES-256. |
After the first password was added the data was transferred through the SFTP server in the SunGard environment, to the AWS environment. During transfer the data was further protected through the ECDH265 encapsulation provided by the SFTP. (https://www.bitvise.com/secure-file-transfer-server-sftp-ftps-ssh-scp) | After the first password was added the data was transferred through the SFTP server in the SunGard environment, to the AWS environment. During transfer the data was further protected through the ECDH265 encapsulation provided by the SFTP. (https://www.bitvise.com/secure-file-transfer-server-sftp-ftps-ssh-scp) | ||
| − | + | ||
As the data left the Sungard environment it had an additional layer of encryption added by the SunGard Cisco Firewall that was not be unencrypted until it reached the AWS firewall. (https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html) | As the data left the Sungard environment it had an additional layer of encryption added by the SunGard Cisco Firewall that was not be unencrypted until it reached the AWS firewall. (https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html) | ||
| − | + | ||
| + | |||
==Managed Responsibilities== | ==Managed Responsibilities== | ||
| − | |||
Summary of Offering | Summary of Offering | ||
| − | • HA Web Servers | + | • HA Web Servers |
| − | • Mail Servers | + | • Mail Servers |
| − | • HA DB Servers | + | • HA DB Servers |
| − | • Single Test Server | + | • Single Test Server |
| − | • Single Hmail Server | + | • Single Hmail Server |
| − | • Single SFTP Server | + | • Single SFTP Server |
===All n One Responsibilities=== | ===All n One Responsibilities=== | ||
| − | • Install, setup and management of MySQL DB | + | • Install, setup and management of MySQL DB |
| − | • Installation, configuration and management of all applications above the OS | + | • Installation, configuration and management of all applications above the OS |
| − | • Configuration and management of MySQL replication and ongoing DB management | + | • Configuration and management of MySQL replication and ongoing DB management |
| − | • Setup and management of IIS on Web Servers | + | • Setup and management of IIS on Web Servers |
| − | • Setup and management of SFTP server apps | + | • Setup and management of SFTP server apps |
| − | • Setup and management of Test server apps | + | • Setup and management of Test server apps |
| − | • File-level backup | + | • File-level backup |
| − | • Migration of data from the legacy environment to AWS | + | • Migration of data from the legacy environment to AWS |
===Sungard Responsibilities=== | ===Sungard Responsibilities=== | ||
| − | • Install, configuration and management of instances up to the Operating System | + | • Install, configuration and management of instances up to the Operating System |
| − | • Configuration and management of load balancers, security groups (firewalls) and VPN's | + | • Configuration and management of load balancers, security groups (firewalls) and VPN's |
| − | • Security patch management of all managed instance | + | • Security patch management of all managed instance |
| − | • Anti-Virus management of all managed instances | + | • Anti-Virus management of all managed instances |
| − | • Monitoring of all managed instances | + | • Monitoring of all managed instances |
| + | |||
| + | • Snapshot backup of all instance (1 per night, overwritten each night) | ||
| − | |||
| − | |||
==Email Solution== | ==Email Solution== | ||
bxp software is able to harness the power of email and allows clients to leverage the medium to improve business processes and speed up operations. Whilst individual tools like Microsoft Outlook are ideal for processing an email account, bxp is focused on mass email sending and the move to AWS has also generated improvements for clients who use the system to process mass emails including: | bxp software is able to harness the power of email and allows clients to leverage the medium to improve business processes and speed up operations. Whilst individual tools like Microsoft Outlook are ideal for processing an email account, bxp is focused on mass email sending and the move to AWS has also generated improvements for clients who use the system to process mass emails including: | ||
| − | • Faster mail download | + | • Faster mail download |
| − | • Faster email connection to bxp | + | • Faster email connection to bxp |
| − | • Better mail output (reputation) | + | • Better mail output (reputation) |
===Improved Email Reputation=== | ===Improved Email Reputation=== | ||
| Line 167: | Line 163: | ||
===Improved Email Usage Statistics=== | ===Improved Email Usage Statistics=== | ||
| − | Using the improved log reviewing system on AWS allows us to identify which emails, if any, bounced, or triggered complaints. This, in turn, means that we are better placed to trouble shoot any issues and can therefore provide a stronger overall email service for our clients. | + | Using the improved log reviewing system on AWS allows us to identify which emails, if any, bounced, or triggered complaints. This, in turn, means that we are better placed to trouble shoot any issues and can therefore provide a stronger overall email service for our clients. |
| − | + | ||
==Back-up and Recovery== | ==Back-up and Recovery== | ||
| − | |||
Glossary | Glossary | ||
| − | • RTO - Recovery Time Objective | + | • RTO - Recovery Time Objective |
| − | • RPO - Recovery Point Objective | + | • RPO - Recovery Point Objective |
| − | • ATOT - At Time of Test | + | • ATOT - At Time of Test |
| − | • ATOD - At Time of Disaster | + | • ATOD - At Time of Disaster |
| − | • Failover - Necessary activity and components used to resume operation | + | • Failover - Necessary activity and components used to resume operation |
| − | • Failback - Necessary activity and components used to move back to production | + | • Failback - Necessary activity and components used to move back to production |
| − | • Occupied Data - Storage required for replicated data, including storage for retention | + | • Occupied Data - Storage required for replicated data, including storage for retention |
| − | • Protected Instance - Virtual machine or server being protected for ATOT or ATOD | + | • Protected Instance - Virtual machine or server being protected for ATOT or ATOD |
===Cloud Recovery=== | ===Cloud Recovery=== | ||
| − | |||
Cloud recovery includes | Cloud recovery includes | ||
| − | • Agent-based block replication solution for AWS, Azure or on-premise virtual server running within VMware/ Hyper V hypervisors or Physical server into AWS | + | • Agent-based block replication solution for AWS, Azure or on-premise virtual server running within VMware/ Hyper V hypervisors or Physical server into AWS |
| − | • Administration by Sungard AS of the replication onto AWS Infrastructure | + | • Administration by Sungard AS of the replication onto AWS Infrastructure |
| − | • Support of the installation and configuration of replication software | + | • Support of the installation and configuration of replication software |
| − | • Creation of replication VPC and associated compute and storage | + | • Creation of replication VPC and associated compute and storage |
| − | • Recovery blueprint | + | • Recovery blueprint |
| − | • Administration by Sungard AS of failover activities ATOT, or ATOD | + | • Administration by Sungard AS of failover activities ATOT, or ATOD |
| − | • Multiple RPO points over 30 day rolling periods | + | • Multiple RPO points over 30 day rolling periods |
| − | • An RTO from 15 minutes up to 4 hours for up to 250 servers | + | • An RTO from 15 minutes up to 4 hours for up to 250 servers |
| + | |||
| + | |||
Sungard will also provide the following for the amount of Occupied Data (AWS EBS Replication data and AWS EBS Snapshot data) | Sungard will also provide the following for the amount of Occupied Data (AWS EBS Replication data and AWS EBS Snapshot data) | ||
| − | • Monitoring and management of the automated replication system for Occupied Data and Protected Instance(s) residing on AWS services and resources | + | • Monitoring and management of the automated replication system for Occupied Data and Protected Instance(s) residing on AWS services and resources |
| − | • Notification of failure to replicate Occupied Data and Protected Instance(s) to the TS | + | • Notification of failure to replicate Occupied Data and Protected Instance(s) to the TS |
| − | • Hosting a copy of the Protected Instance(s) and Occupied Data on AWS Elastic Block Store or similar AWS storage services, to be provisioned ATOT or ATOD on AWS Elastic Cloud Compute, or similar AWS instances | + | • Hosting a copy of the Protected Instance(s) and Occupied Data on AWS Elastic Block Store or similar AWS storage services, to be provisioned ATOT or ATOD on AWS Elastic Cloud Compute, or similar AWS instances |
| − | • Perform Failover activity to validate use of its data and applications following a recovery | + | • Perform Failover activity to validate use of its data and applications following a recovery |
| − | • Clear down and deletion of any provisioned AWS Infrastructure at ATOT or ATOD following a Recovery Test or Disaster | + | • Clear down and deletion of any provisioned AWS Infrastructure at ATOT or ATOD following a Recovery Test or Disaster |
| − | • Perform Failback activity production environment following a Disaster declaration | + | • Perform Failback activity production environment following a Disaster declaration |
| − | Sungard will provide multiple RPO snapshot points in minutes, hours and days on a rolling 30-day basis. The initial snapshot will copy all occupied storage blocks on the replicated volumes. Subsequent snapshots will only copy blocks changed since the previous snapshot. | + | Sungard will provide multiple RPO snapshot points in minutes, hours and days on a rolling 30-day basis. The initial snapshot will copy all occupied storage blocks on the replicated volumes. Subsequent snapshots will only copy blocks changed since the previous snapshot. |
===Cloud Recovery Service Level=== | ===Cloud Recovery Service Level=== | ||
| − | Sungard will recover the most recent copy of Customer Protected Physical or Virtual Servers (OS only) within the time frame below following the start of an Activation or Recovery Test. | + | Sungard will recover the most recent copy of Customer Protected Physical or Virtual Servers (OS only) within the time frame below following the start of an Activation or Recovery Test. |
Quantity of Protected Servers On-Demand RTO (in hours) | Quantity of Protected Servers On-Demand RTO (in hours) | ||
| − | • ≤ 250 (4) | + | • ≤ 250 (4) |
| + | |||
| + | • >251 < 500 TBC based on UAT benchmarking achieved | ||
| − | |||
| Line 235: | Line 232: | ||
==Business continuity== | ==Business continuity== | ||
| − | |||
We will be moving data from the SunGard AS Dublin data facility to AWS EU-West-1(Ireland) facility which means that the main production data of bxp and its clients will remain in Ireland. | We will be moving data from the SunGard AS Dublin data facility to AWS EU-West-1(Ireland) facility which means that the main production data of bxp and its clients will remain in Ireland. | ||
| − | As part of the move, however, we have a business continuity provision to ensure service bxp is seamlessly maintained in the extremely unlikely event of AWS Ireland having an issue. | + | As part of the move, however, we have a business continuity provision to ensure service bxp is seamlessly maintained in the extremely unlikely event of AWS Ireland having an issue. |
| − | Our chosen location for this is AWS EU-West-3 in France. This brings the key advantages of keeping data under the provisions of the GDPR combined with a tried and tested recovery process. There are no restrictions on the transfer of personal data to EEA countries as the GDPR applies throughout the EEA. | + | Our chosen location for this is AWS EU-West-3 in France. This brings the key advantages of keeping data under the provisions of the GDPR combined with a tried and tested recovery process. There are no restrictions on the transfer of personal data to EEA countries as the GDPR applies throughout the EEA.. |
Latest revision as of 16:19, 15 February 2021
bxp software upgrade to AWS Cloud Services
Contents
1 Overview
At bxp we are constantly looking to the future and, in particular, the future needs of our clients. A steady growth in our client base has led to a commensurate increase in the number of individual users and the amount of data being handled. In addition, clients require ever more complex solutions that often become deeply embedded business processes. This has, in turn, produced a demand for the best possible data and system security along with greater flexibility and facility for expansion.
In early 2019, therefore, we initiated the project that has led to the implementation of a solution that will meet and exceed these needs for the foreseeable future.
This has been a significant investment on our part and we are now confident of providing the best possible solutions to our clients for many years to come.
2 Solution
We reviewed a range of possibilities and decided that Amazon Web Services (AWS) would most suit the current and future demands of our clients.
We have therefore moved from our previous high-availability SunGard AS Infrastructure to an AWS environment with even stronger services and off-site business continuity facility.
The move involved migration of client data from the previous Sungard location to the new AWS environment and was jointly supervised by bxp, AWS and Sungard AS who will continue to provide bxp with best-in-class management in support of the new service. (https://www.sungardas.com/en-IE/company/technology-partners/amazon-web-services/)
3 Offering
3.1 Overview
Sungard Provide
• Configuration, implementation and configuration changes
• Patch management & installation and availability monitoring
• Incident management and problem resolution of Elastic Cloud Compute (EC2) instances and Elastic Block Storage (EBS) volumes hosted in AWS
• Virtual Private Cloud (VPC) and Security Group (Firewall) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore firewall rules, incident management and problem resolution
• Elastic Load Balancer (ELB) creation, configuration, implementation, configuration changes, availability monitoring, creation of backup and restore load balancing rules, incident management and problem resolution
• Public interface creation, configuration and management for Internet access to the customer’s VPC
• Creation of an internal VLAN and sub-allocated VLANs in accordance with the customer’s VPC
• Backup policy creation, configuration, implementation, configuration changes, availability monitoring, incident management and problem resolution in accordance with the EC2 instances managed by Sungard AS
Managed Cloud – Cloud OS Managed Solutions: Features
Sungard provide • Initial operating system build and operating system level backup configuration
• Operating system configuration changes upon Customer request
• Management of system administration security access
• Installation of antivirus software identified in the Sungard AS Antivirus Policy
4 Data
We carefully reviewed the data migration process to assess the most secure and efficient way to move client data and, as a result, broke the process down into seven steps.
1. Pre-migration planning o Evaluate the data being moved for stability o Analyse if and how the client’s data is currently growing o Analyse level of customisation
2. Project initiation o Identify and brief key stakeholders o Ensure all clients are aware of the Data Migration Plan
3. Landscape analysis o Establish robust data quality rules and management process o Brief the client on the goals of the project, if required. o Brief the client on shutting down legacy systems, if required
4. Solution design o Determine what data to move o Determine the quality of that data, pre and post move
5. Build & test o Code the migration logic o Test the migration with a mirror of the production environment
6. Execute & validate o Demonstrate that the migration has complied with requirements o Demonstrate that the data moved is viable for business use
7. Decommission & monitor o Shut down and dispose of old systems o Confirm project completion to clients.
4.1 The data move process
We used an SFTP method to encrypt the data in transit with the exchange algorithm configured to run using Elliptic-curve Diffie–Hellman key agreements with a minimum security of AES-256. (https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman)
The exchange was conducted between two Windows based servers using the highest levels of encryption available after being password protected on the live server before the SFTP transfer using AES-256.
After the first password was added the data was transferred through the SFTP server in the SunGard environment, to the AWS environment. During transfer the data was further protected through the ECDH265 encapsulation provided by the SFTP. (https://www.bitvise.com/secure-file-transfer-server-sftp-ftps-ssh-scp)
As the data left the Sungard environment it had an additional layer of encryption added by the SunGard Cisco Firewall that was not be unencrypted until it reached the AWS firewall. (https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html)
5 Managed Responsibilities
Summary of Offering • HA Web Servers
• Mail Servers
• HA DB Servers
• Single Test Server
• Single Hmail Server
• Single SFTP Server
5.1 All n One Responsibilities
• Install, setup and management of MySQL DB
• Installation, configuration and management of all applications above the OS
• Configuration and management of MySQL replication and ongoing DB management
• Setup and management of IIS on Web Servers
• Setup and management of SFTP server apps
• Setup and management of Test server apps
• File-level backup
• Migration of data from the legacy environment to AWS
5.2 Sungard Responsibilities
• Install, configuration and management of instances up to the Operating System
• Configuration and management of load balancers, security groups (firewalls) and VPN's
• Security patch management of all managed instance
• Anti-Virus management of all managed instances
• Monitoring of all managed instances
• Snapshot backup of all instance (1 per night, overwritten each night)
6 Email Solution
bxp software is able to harness the power of email and allows clients to leverage the medium to improve business processes and speed up operations. Whilst individual tools like Microsoft Outlook are ideal for processing an email account, bxp is focused on mass email sending and the move to AWS has also generated improvements for clients who use the system to process mass emails including:
• Faster mail download
• Faster email connection to bxp
• Better mail output (reputation)
6.1 Improved Email Reputation
Email deliverability is a feedback loop that indicates whether or not you’re sending the right content to the right contacts at the right time. bxp email engagements such as clicks and opens contribute constructively to our email sending reputation. Higher rates of positive engagements improve penetration levels and reduce the chances of denial by a spam filter.
We have also improved the strength of our DMARC records and email deliverability.
6.2 Improved Email Usage Statistics
Using the improved log reviewing system on AWS allows us to identify which emails, if any, bounced, or triggered complaints. This, in turn, means that we are better placed to trouble shoot any issues and can therefore provide a stronger overall email service for our clients.
7 Back-up and Recovery
Glossary • RTO - Recovery Time Objective
• RPO - Recovery Point Objective
• ATOT - At Time of Test
• ATOD - At Time of Disaster
• Failover - Necessary activity and components used to resume operation
• Failback - Necessary activity and components used to move back to production
• Occupied Data - Storage required for replicated data, including storage for retention
• Protected Instance - Virtual machine or server being protected for ATOT or ATOD
7.1 Cloud Recovery
Cloud recovery includes • Agent-based block replication solution for AWS, Azure or on-premise virtual server running within VMware/ Hyper V hypervisors or Physical server into AWS
• Administration by Sungard AS of the replication onto AWS Infrastructure
• Support of the installation and configuration of replication software
• Creation of replication VPC and associated compute and storage
• Recovery blueprint
• Administration by Sungard AS of failover activities ATOT, or ATOD
• Multiple RPO points over 30 day rolling periods
• An RTO from 15 minutes up to 4 hours for up to 250 servers
Sungard will also provide the following for the amount of Occupied Data (AWS EBS Replication data and AWS EBS Snapshot data)
• Monitoring and management of the automated replication system for Occupied Data and Protected Instance(s) residing on AWS services and resources
• Notification of failure to replicate Occupied Data and Protected Instance(s) to the TS
• Hosting a copy of the Protected Instance(s) and Occupied Data on AWS Elastic Block Store or similar AWS storage services, to be provisioned ATOT or ATOD on AWS Elastic Cloud Compute, or similar AWS instances
• Perform Failover activity to validate use of its data and applications following a recovery
• Clear down and deletion of any provisioned AWS Infrastructure at ATOT or ATOD following a Recovery Test or Disaster
• Perform Failback activity production environment following a Disaster declaration
Sungard will provide multiple RPO snapshot points in minutes, hours and days on a rolling 30-day basis. The initial snapshot will copy all occupied storage blocks on the replicated volumes. Subsequent snapshots will only copy blocks changed since the previous snapshot.
7.2 Cloud Recovery Service Level
Sungard will recover the most recent copy of Customer Protected Physical or Virtual Servers (OS only) within the time frame below following the start of an Activation or Recovery Test.
Quantity of Protected Servers On-Demand RTO (in hours) • ≤ 250 (4)
• >251 < 500 TBC based on UAT benchmarking achieved
8 Business continuity
We will be moving data from the SunGard AS Dublin data facility to AWS EU-West-1(Ireland) facility which means that the main production data of bxp and its clients will remain in Ireland.
As part of the move, however, we have a business continuity provision to ensure service bxp is seamlessly maintained in the extremely unlikely event of AWS Ireland having an issue.
Our chosen location for this is AWS EU-West-3 in France. This brings the key advantages of keeping data under the provisions of the GDPR combined with a tried and tested recovery process. There are no restrictions on the transfer of personal data to EEA countries as the GDPR applies throughout the EEA..
