HIGH AVAILABILITY DISASTER RECOVERY SOLUTION

Transcription

1 Manvi Sharma CFS-SA-Bladelogic HIGH AVAILABILITY High availability is a system design approach and associated service implementation that ensures a prearranged level of operational performance will be met during a contractual measurement period. In information technology, high availability refers to a system or component that is continuously operational for a desirably long length of time. Availability can be measured relative to "100% operational" or "never failing." A widely-held but difficult-to-achieve standard of availability for a system or product is known as "five 9s" ( percent) availability. High Availability (HA) solutions can be categorized into local high availability solutions that provide high availability in single data centre deployment and disaster recovery solutions which are usually geographically distributed disaster recovery solutions. Since a computer system or a network consists of many parts in which all parts usually need to be present in order for the whole to be operational, much planning for high availability centres around backup and failover processing and data storage and access. For storage, a redundant array of independent disks (RAID) is one approach. A more recent approach is the storage area network (SAN). Some availability experts emphasize that, for any system to be highly available, the parts of a system should be well-designed and thoroughly tested before they are used. For example, a new application program that has not been thoroughly tested is likely to become a frequent point-of-breakdown in a production system. DISASTER RECOVERY SOLUTION Disaster Recovery is a subset of business continuity which ensures protection of critical data, applications, and complete systems in case of a disaster. Disaster recovery (DR) is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions.

2 Challenges Ensuring critical data, applications, and complete systems are protected in the case of a disaster Providing disaster recovery for production applications in virtual server environments Reducing the complexity of managing heterogeneous server and storage platforms Reducing the costs of building and managing disaster recovery infrastructure IT disaster recovery control measures can be classified into the following three types: 1. Preventive measures - Controls aimed at preventing an event from occurring. 2. Detective measures - Controls aimed at detecting or discovering unwanted events. 3. Corrective measures - Controls aimed at correcting or restoring the system after a disaster or an event. Good disaster recovery plan measures dictate that these three types of controls be documented and tested regularly. CONTINUITY OF BUSINESS It assures quick recovery from disasters while improving availability of key business systems. It is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk. Business continuity is not something implemented at the time of a disaster, Business Continuity refers to those activities performed daily to maintain service, consistency, and recoverability. Therefore, a business continuity plan is a roadmap for continuing operations under adverse conditions (i.e. interruption from natural or man-made hazards). BCP is an ongoing state or methodology governing how business is conducted. In the US, governmental entities refer to the process as continuity of operations planning (COOP).

3 FIREWALL: A firewall is a software or hardware appliance that is used as a line of defense between your computer and the external threats from the internet. In a computer network, a firewall solution is usually implemented at the gateway computer to block the threats like intruders, hackers, viruses and unauthorized access. Firewall Features 1. Monitoring inbound and outbound traffic. 2. User s authentication. 3. Ports blocking 4. Bandwidth management 5. Logging 6. Antivirus 7. Spam Filtering 8. URL Screening Software Firewall It is a software which is installed on your computer used for protecting it from hackers, unauthorized access, virus, Trojans, etc on thye basis of some predefined list. [Software firewalls are predefined list of good programs that are installed. When a request from a program is not in the firewall's white (good) list, it asks whether it should allow the program to communicate with the internet and you usually answer yes (unless you do not know the program that started the request).] Hardware Firewall A Hardware firewall is a physical device with physical elements like RAM, flash, processor, Ethernet ports,etc. It is used for one or more systems by connecting it to a network, and it takes care of the whole network computers. Hardware firewall supports VPN(Virtual Private Network) which is most secure way of accessing your local network from remote site. People who are allowed in VPN tunnel only they can access your ftp server etc.

4 [A hardware firewall acts as a gateway to all the computers inside the LAN. Configuring & making changes applies to the gateway only.for example say the policy is to block all inbound connections to port 21,simply blocking port 21 at the firewall gateway will block all inbound traffic that is directed to the ftp port 21 inside the LAN. ] Hardware firewall supports VPN which is most secure way of accessing your local network from remote site. People who are allowed in VPN tunnel only they can access your ftp server etc. Proxy Server a computer that acts as an intermediary between a client machine and a server, caching information to save access time. Application server : Server on which various applications like security, management, etc are installed. Network Shell : A cross-platform shell with scripting capability that gives seamless access to remote servers from central management workstations. Job Server: A job is a set of instructions for performing a task on one or more servers, while a Job server enables a system to perform a large amount of jobs at the same time. Configuration Server: It provides connectivity between different servers and enable them to function together. Key store file: It consists of key store password assigned while installing the application server, it is used to sync one or more application servers together by enabling them to share a same Data Base. This is done by copying the key store file from the primary application server to the same location of the target application server or servers. Data Base Server: It is a server on which data base is installed and it provides data base services to the servers or clients connected to it. NTP server : It is a Network Time Protocol used for clock synchronization between various Computer systems. Configuring Application Servers on different hosts 1. Install and configure an Application Server on one host machine and link it to a database, and note the key store password. 2.Install additional Application Servers on other physical machines, providing the same key store password used by the first Application Server, and pointing to the same database and file server. 3.Copy the bladelogic.keystore file from the directory from the first Application Server host to same location on the new Application Server.

5 [ The file location is <installationdirectory>/nsh/br/deployments/_template/bladelogic.keystore.] 4.Ensure that the time on all Application Server hosts are synchronized. BMC recommends that you configure the Network Time Protocol (NTP) service to point to the same NTP server. 5.If you have more than one Application Server running on each host in a multiple host environment, ensure that you synchronize the keystore files and the corresponding password for all deployments. 6. Start the Application Servers. Linux provisioning: 1.Install IIS : Goto Server manager and select roles, check IIS services 2.Start IIS 3.Install PXE (for BL) : PXE-8_2-111 installation Download PXE-82-SP1-Win Enable Directory Browsing in IIS 5. Configure DHCP and add bl-server and its port in DHCP Scope. 6. Copy RHEL O/s tree in pxestore folder: Create a folder RHES5 in Pxestore and copy all the data of RHEL5 in it. 7. Copy gentoo32 folder in tftproot/x86/pxelinux folder 8. Configure Provisioning Configuration : Goto Bladelogic Console, goto configuration and select Configure provisioning 9. Create instance in property dictionary. 10. Create system package : Input the 5 corressponding entries, which are location,username, password,full_path, virtual directory. 11.Add Device : add the MAC address of the bare metal 12. Create provisioning job 13. Execute provisioning job 14.Boot bare metal from pxe.

6 WINDOWS PROVISIONING: 1. Prerequisites : 1. OS tree must be present 2. IIS services must be installed 3. Provisioning files must be present 4. Enable dictionary browsing 5. WAIK must be installed 2. Install PXE : double click the PXE setup file and install PXE server. 3. Create a folder in pxestore : extract contents of OS Tree in that folder using Power ISO software 4. Provisioning Image Creation : Go to Bladelogic Console > Configuration > provisioning image creation, create a boot image 5. Provisioning Configuration 6. Database Instance Creation : Go to Bladelogic Console > Configuration > Property Dictionary View > built in property classes > data store > PXE datastore >select instance tab and create Instance. 7. Create System Package : Make sure TFTP and PXE services are started 8. Add Device : add the MAC address of the bare metal. 9. Create Provisioning Job 10. Execute Provisioning Job 11. Boot the bare metal.