Docstoc

System Admin Resume Template

Document Sample
System Admin Resume Template Powered By Docstoc
					         Continuity of Operations
                          (COOP)
                   GCSS-AF
                                 October 2008

                                              Kris Singer
                           kristopher.a.singer@lmco.com




Integrity - Service - Excellence
           COOP Overview

   Introduction
   Robustness
   Requirements
   Schedule
   Do’s and Don’ts
   Questions




              Integrity - Service - Excellence   2
             What is COOP?

   Continuity of Operations
   Ensure capability exists to continue essential functions
    across a wide range of potential emergencies
   The objectives of a COOP plan include:
        Ensuring continuous performance of essential
         functions/operations during an emergency
        Protecting essential facilities, equipment, and data
        Reducing or mitigating disruptions to operations
        Achieving a timely and orderly recovery from an emergency
         and resumption of service to customers




                 Integrity - Service - Excellence                    3
Why COOP?




 Integrity - Service - Excellence   4
            GCSS-AF Robustness

   High Availability / Disaster Recovery
   Redundant Infrastructure
   Redundant Services
   Data Guard
   Backup and Recovery
   Akamai Services




               Integrity - Service - Excellence   5
               High Availability /
               Disaster Recovery
Application developers are responsible for designing/developing to
take advantage of the GCSS-AF architecture and infrastructure.

High Availability (HA):                                            .MIL   .COM
Local Redundant Hardware/Software              DISA DMZs
                                               (BlueCoats)
solutions for the purpose of eliminating                                         AKAMAI
                                                                               Edge Servers
Single Points of Failures. A Highly
Available architecture is the foundation
of the GCSS-AF IF

Disaster Recovery (DR):
Detailed strategy including plans and
procedures for reacting to catastrophic     GCSS-AF
                                           Framework
events or unforeseen situations.
Strategy includes methods for                                                  Routers
                                                        GCSS-AF
regaining access to data, hardware,                    Framework
and software necessary to resume
critical ops                                                              Servers


                    Integrity - Service - Excellence                                          6
                Redundant Infrastructure

Capability:
• Provide GCSS-AF applications and
  services redundancy of network,
                                                                      .MIL   .COM
  power, and RAID at the server level
                                                  DISA DMZs
Data:                                             (BlueCoats)
                                                                                    AKAMAI
• Dual connections to network allows for                                          Edge Servers

  upgrade of switches w/o impact to server
• Redundant power allows for loss of power
  bus w/o impact to server
• RAID allows for loss of disk w/o loss of data
ROI:
• Eliminates downtime by providing           GCSS-AF
                                            Framework
  maintenance and upgrade capabilities
  through redundancy                                                              Routers
• Protects data and eliminates downtime                    GCSS-AF
                                                          Framework
  needed for restoration through backups
                                                                             Servers


                     Integrity - Service - Excellence                                            7
             Redundant Services

Capability:
• Provide GCSS-AF applications HA
  through active/active and
  active/passive service solutions
Data:
• Application Services                 MGM
                                     WebSEAL
• Collaboration                       Servers                               Dayton
                                                                           WebSEAL
• Data Services                                                             Servers
• Discovery / MDE
• Messaging / Mediation
• Portal
• Security                                        GCSS-AF
                                                 Framework
                                                                GCSS-AF
                                                               Framework
                                                   (MGM)          (DAY)
ROI
• Eliminates downtime by providing maintenance and upgrade capabilities
  through redundancy
• Better application support – service level management, application
  performance management, CM, change automation
                 Integrity - Service - Excellence                                 8
             Oracle Data Guard


Capability:
• Provides COOP capability for
  Oracle applications through
  database replication
                                        Primary                                        Physical Standby
                                       Database                                           Database

                                                                          Redo Apply
Data:
• Configured and monitored
                                                  Redo Shipment
  through Oracle Enterprise                                        Standby
                                                                  Redo Logs
Manager

ROI:
• Eliminates downtime and data protections by providing
  synchronous and asynchronous data replication
• Built-in capability of Oracle – no additional licenses required


                   Integrity - Service - Excellence                                                       9
              Backup and Recovery

Capability:
• Provide GCSS-AF applications and
  services protection against data
  loss through tape backup and
  recovery
Data:
• Nightly incremental backup
• Weekly full backup
• Offsite tape storage
• Annual recovery test
ROI:
• Meets DoD Instruction 8500.2 COBR
• Assures appropriate physical and
  technical protection of backup and
  restoration hardware and software

                 Integrity - Service - Excellence   10
          Public Web
          Failover Success Story

Capability:
• USAFA experienced an outage which caused their originating content server to
  go down for a period of days

Data:
• USAFA system admin contacted Akamai to
  determine the best course of action
• Users were already redirected to USAFA’s
  static failover site -- transparent to end
  users and with no interaction by the system
  admin
• Site content was available while the origin
  outage was being addressed
ROI:
• Without Public Site integration and its failover feature, USAFA content would
  have been able unavailable to users during this outage

                  Integrity - Service - Excellence                                11
           GCSS-AF COOP

   COOP IOC Sep 09
      Direct support of DEAMS COOP requirements
   Location
      DISA Ogden DECC at Hill AFB
         Optimal DISA site per VeriSign COOP analysis
   COOP to Primary Ops at DISA DECC Montgomery
      Support GCSS-AF, ERPs and application COOP (as req’d)
      Can serve as primary for services
      Some level of load balancing and active-active operations
       being considered in design




               Integrity - Service - Excellence                    12
                                                                                                                                                                                                                                       13




                                                                                                                                                                                     ns ity
                                                                                                                                                                                 tio ur
                                                                                    Risk Score (0=low risk)                                                                    ra e c
                                                                                                                                                                             pe l s
                                                                                                                                                                           O a ol
                                                                                                                                                                         y si c tr s er ns
                                                         0.45




                                                                                                                                                                      nc hy on tem ow ti o
                                                                                    0.35
                                                                      0.4




                                                                                                                  0.25




                                                                                                                                                                   ge p e c ys l P c a
                                                                                                                                  0.15
                                                                                                  0.3




                                                                                                                                                                                                                               Integrity - Service - Excellence
                                                                                                                                               0.05
                                                                                                                            0.2




                                                                                                                                                              ti n s – fi r g s ca ni
                                                                                                                                         0.1




                                                                                                                                                            on ie – in ri u
                                                                                                                                                          C ci li t ies ion l ect m m
                                                                                                                                                      0




                                                                                                                                                                    t t
                                                                                                                                                           Fa li i
                                                                                                                                                                                    o
                                                                                                                                                               ci nd - E l ec rt                   t
                                                                                                                                                                                                en s
                                                                                                                                                            Fa co ies - te pp o                m ter
                                                                                                                                                                r t
                                                                                                                                                             Ai li              u            ge n
                                                                                                                                                                   ci ies S on n a Ce
             All Site Risk Score Comparison




                                                                                                                                                              Fa ci li t are tati Ma ns                   y
                                                                                                                                                                 Fa dw en e ti o                     i lit
                                                                                                                                                                     ar         nc ra             ab
                                                                                                                                                                   H um a e i ty ail
                                                                                                                                                                       oc m p r v
                                                                                                                                                                     D rfor rk O cu A                                 y
                                                                                                                                                                                   se N                              m
                                                                                                                                                                      Pe two s W A s                               no
                                                                                                                                                                          e m                m                  co
                                                                                                                                                                        N e T e y
                                                                                                                                                                            st E y st nc ty                   lE
                                                                                                                                                                         Sy RN S da c i i ty c a                          ks
                                                                                                                                                                            IP p n pa c o                           ks i s
                                                                                                                                                                           N c ku e du Ca a pa m L ats is t R
                                                                                                                                                                                                                 R
                                                                                                                                                                            Ba N R one r C fro hre ta l men s ks
                                                                                                                                                                                            te k s T en n Ri
                                                                                                                                                                             LA bc k en i s ri ty m iro er
                                                                                                                                                                              Ba ta C i al R cu iron Env ow
                                                                                                                                                                                 a c           e v              P
                                                                                                                                                                                D n l S En ral l
                                                                                                                                                                                    na a                tu ic a
                                                                                                                                                                                 Fi ti on ade Na ctr
                                                                                                                                                                                      a                    e
                                                                                                                                                                                   N - m r & El
                                                                                                                                                                                        an e al
                                                                                                                                                                                     M ath rc i k
                                                                                                                                                                                          e e is
                                                                                                                                                                                       W m lR
                                                                                                                                                                                           om a
Why Ogden?




                                                                                                                                                                                         C ern
                                                                                                                                                                                             t
                                                                                                                                                                                          Ex




                                                                                                                                                                      Gu ndo a vly USFBB
                                                                                                                                                                      Ra N elk er AAF
                                                                                                                                                                        n te lp h al I A
                                                                                                                                                                              An AFCP
                                                                                                                                                                                 ne B


                                                                                                                                                                              K n ill
                                                                                                                                                                                     x



                                                                                                                                                                              Ti H
                                                                                              Randolph AFB
                                                                                                             Gunter Annex




                                                                                                                                                                            r
                                                         Tinker AFB
                                                                      Kelly USA
                                                                                  Naval ICP
                                              Hill AFB
Notional GCSS-AF
COOP Architecture
                                                                                              WAN
                                                  Montgomery                                                               Third Site
                                                 (Primary Site)
                                                                                         Security Layer



                                                                                  LDAP (DB2 and ACL) Replication
                                                                                                                   WebSeal, LDAP,
                                                          WebSeal, LDAP,
                                                                                                                     Sec_Master
                                                            Sec_Master


                                                                                         Application Layer




                                                      Web, App,                                                                 Web, App,
                                                     Portal Servers                                                            Portal Servers
                                                      D                                                                                      e
                                                    Co ata                                                                                 as n
                             HTM




                                                      nn ba                                                                              ab tio
                                                                                                                                       at nec




                                                                                                                                                                    iles
                                                        e c se
                                                           tio                            Database Layer                              D n
                         L Do




                                                                                                                                                              rtal F
                                                               n                                                                       Co
                  cs , P




                                                                                                                                                                   d Po
                                   Other Files




                                                                                                                                                     es
                        DF , a




                                                                                                                                                                                   n
                                                                                                                                                         il




                                                                                                                                                                            DF , a
                                                                                                                                                  Other F
            nd P




                                                                                       Database Archive Files




                                                                                                                                                                      c s, P
                                                                                          (via DataGuard)
                ortal




                                                                                                                                                                              L Do
                                                               Database Servers                                    Database Servers
          Files




                                                                                                                                                                                  HTM
                                                                                          Data Replication
                 Storage Area                                                            (via RecoverPoint)                                Storage Area
                Network (SAN)                                                                                                             Network (SAN)
Network Attached                                                                                                                                                    Network Attached
    Storage                                                                                                                                                             Storage
     (NAS)                                                                                                                                                               (NAS)


                                   Integrity - Service - Excellence                                                                                                                     14
           COOP Capability

   Mirrored copy of all critical infrastructure
      Same functionality, but reduced capacity (i.e. Not same
       number of WebSEALs)
      Does not initially COOP Mission Capabilities
      Does not include Business Analytics, Data Warehouse,
       SIPRNET and some non-essential capabilities
      DEAMS and ECSS must separately standup and support
       COOP
   DEAMS COOP Requirements (MAC II+)
      Must be available for users within 6 hours of failure
      Data at COOP site maximum of 2 hours behind primary site
      GCSS-AF Security and Messaging Core Services Available
   DEAMS will standup complementary, DEAMS-specific system at
    GCSS-AF COOP site

              Integrity - Service - Excellence                    15
          Tasks/Schedule

 Requirements / Architecture Design (September - December 2008)
    Develop and deliver hardware requirements, architecture
     documentation, and technical implementation plan
    Conduct site survey(s), site prep, stakeholder meeting (fall 2008)
    Coordinate to facilitate the implementation task
 Implementation (December 2008 - June 2009)
    Install and configure GCSS-AF Integration Framework and
     associated COOP capabilities at Hill Air Force Base in Ogden, UT
    Create operations procedures, configuration, and documentation for
     performing multiple-site operations and sustainment of GCSS-AF
     Pre-Production and Production environments
    Support integration testing of DEAMS Increment 2 in spring 2009
    Conduct second stakeholder meeting (spring 2009)
 Operational Test (July 2009 - Nov 2009)
    Validate initial installation and configuration of the COOP site
     through operational test and evaluation
    Support government testing of COOP and GCSS-AF FOC testing
     requirements in summer 2009


              Integrity - Service - Excellence                            16
             GCSS-AF COOP
             Service Cost Sharing

GCSS-AF will be responsible for:
•  Implementation costs for server and software infrastructure at primary and
   alternate site
•  Implementation costs for GCSS-AF Core Services at alternate site
•  Yearly support costs for GCSS-AF Core Services at primary and alternate site
•  Yearly support costs for GCSS-AF O&S Team at primary and alternate site

Applications will be responsible for:
•   Implementation costs for additional server and storage capacity at the remote site
•   Implementation costs for network bandwidth and for additional Software licenses
•   Yearly support costs based on the server and storage capacity at the remote site
       •   Applications hosted on shared server resources will only be responsible
           for a percentage of the server capacity
•   Yearly support costs for network bandwidth and Software licenses
•   Yearly cost associated with DBA support at the remote site (if applicable)
•   Yearly cost for incremental increase to O&S support

                  Integrity - Service - Excellence                                       17
          Do you need COOP?

 MAC II requirements
 Next Step to get COOP on GCSS
 Do:
    Discover all possible failover scenarios/responses
    Document your requirements
    Develop a business case and obtain funding
    Work with Outreach
    Move data feeds to ESB
 Don’t:
    Route through a central server
    FTP to IP addresses
    Use hardcoded IPs / absolute URLs




              Integrity - Service - Excellence            18
           COOP POC’s


   GCSS-AF SPO COOP Lead:
      Ted Haberlein
      754 ELSG/GC
      Office: 781.377.1451 (DSN 478)
      theodor.haberlein@hanscom.af.mil


   GCSS-AF COOP Task Lead:
      John Hemminger
      Lockheed Martin
      Office: 334.270.2293
      john.hemminger@lmco.com




               Integrity - Service - Excellence   19
                          QUESTIONS




Integrity - Service - Excellence      20
       BACKUP




Integrity - Service - Excellence   21
             COOP Guidance

   The authorization for the development of Continuity of Operations Plans is
    embodied in the following documentation:
      Office of Management and Budget Circular A-130, Appendix III, Security of
        Federal Automated Information Resources, February 1996
      Computer Security of 1987, Public Law 100-235, January 1988
      Presidential Decision Directive 63, Critical Infrastructure Protection, May
        1998
      Presidential Decision Directive 67, Enduring Constitutional Government and
        Continuity of Government Operations, October 1998
      Executive Order 12656, Assignment of Emergency Preparedness
        Responsibilities, November 1988
      Federal Information Processing Standards (FIPS) Publication 87, Guidelines
        for ADP Contingency Planning, March 1981

   GCSS-AF Continuity IA Controls Guide - Describes DoDI 8500.2 IA Controls for
    Continuity and how GCSS-AF meets those requirements
   GCSS-AF Continuity of Operations Levels of Service - Describes Levels of
    Service offered by GCSS-AF and provides yearly cost information




                 Integrity - Service - Excellence                                    22
                   DoD Instruction 8500.2
                Mission Assurance Categories




8/17/2011   Integrity - Service - Excellence   23
                Overview


      PER DOD INSTRUCTION 8500.2:
      1. All DoD information systems shall be reviewed against the
         mission assurance category (MAC) defined within 8500.2.
      2. Each DoD information system shall be assigned a
         confidentiality level (CL) based on the classification or
         sensitivity of the information processed.
      3. The assigned MAC and CL shall be used to determine the
         applicable IA Controls.
      4. These controls shall constitute the baseline requirements
         for IA certification and accreditation or reaccredidation.
      5. 12 of these IA controls are applicable to continuity.


8/17/2011           Integrity - Service - Excellence                  24
                          Mission Assurance Category
                          (MAC)
  Mission Assurance Category. Applicable to DoD information systems, the mission assurance category reflects the
            importance of information relative to the achievement of DoD goals and objectives, particularly the war fighters'
            combat mission. Mission assurance categories are primarily used to determine the requirements for availability and
            integrity. The Department of Defense has three defined mission assurance categories:


  Mission Assurance Category I (MAC I). Systems handling information that is determined to be vital to the
            operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and
            timeliness. The consequences of loss of integrity or availability of a MAC I system are unacceptable and could
            include the immediate and sustained loss of mission effectiveness. Mission Assurance Category I systems require
            the most stringent protection measures.


  Mission Assurance Category II (MAC II). Systems handling information that is important to the support of
            deployed and contingency forces. The consequences of loss of integrity are unacceptable. Loss of availability is
            difficult to deal with and can only be tolerated for a short time. The consequences could include delay or degradation
            in providing important support services or commodities that may seriously impact mission effectiveness or
            operational readiness. Mission Assurance Category II systems require additional safeguards beyond best practices
            to ensure assurance.


  Mission Assurance Category III (MAC III). Systems handling information that is necessary for the conduct of day-
            to-day business, but does not materially affect support to deployed or contingency forces in the short-term. The
            consequences of loss of integrity or availability can be tolerated or overcome without significant impacts on mission
            effectiveness or operational readiness. The consequences could include the delay or degradation of services or
            commodities enabling routine activities. Mission Assurance Category III systems require protective measures,
            techniques, or procedures generally commensurate with commercial best practices.

8/17/2011                       Integrity - Service - Excellence                                                                     25
                    Continuity IA Controls (cont)

   ALTERNATE SITE DESIGNATION (COAS)
   MAC I & II: An alternate site is identified that permits the restoration of all mission or business essential
   functions.
   MAC III: An alternate site is identified that permits the partial restoration of mission or business
   essential functions.


   PROTECTION OF BACKUP AND RESTORATION ASSETS (COBR)
   MAC I-III: Procedures are in place assure the appropriate physical and technical protection of the
   backup and restoration hardware, firmware, and software, such as router tables, compilers, and other
   security-related system software.


   DATA BACKUP PROCEDURES (CODB)
   MAC I: Data backup is accomplished by maintaining a redundant secondary system, not collocated,
   that can be activated without loss of data or disruption to the operation.
   MAC II: Data backup is performed daily, and recovery media are stored off-site at a location that
   affords protection of the data in accordance with its mission assurance category and confidentiality
   level.
   MAC III: Data backup is performed at least weekly


8/17/2011                 Integrity - Service - Excellence                                                         26
                    Continuity IA Controls (cont)

   DISASTER AND RECOVERY PLANNING (CODP)
   MAC I: A disaster plan exists that provides for the smooth transfer of all mission or business essential
   functions to an alternate site for the duration of an event with little or no loss of operational continuity.
   (Disaster recovery procedures include business recovery plans, system contingency plans, facility
   disaster recovery plans, and plan acceptance.)
   MAC II: A disaster plan exists that provides for the resumption of mission or business essential
   functions within 24 hours activation. (Disaster recovery procedures include business recovery plans,
   system contingency plans, facility disaster recovery plans, and plan acceptance.)
   MAC III: A disaster plan exists that provides for the partial resumption of mission or business essential
   functions within 5 days of activation. (Disaster recovery procedures include business recovery plans,
   system contingency plans, facility disaster recovery plans, and plan acceptance.)


   ENCLAVE BOUNDARY DEFENSE (COEB)
   MAC I: Enclave boundary defense at the alternate site must be configured identically to that of the
   primary site.
   MAC II & III: Enclave boundary defense at the alternate site must be configured equivalent to the
   primary site.




8/17/2011                 Integrity - Service - Excellence                                                         27
                   Continuity IA Controls (cont)

   SCHEDULED EXERCISES AND DRILLS (COED)
   MAC I: The continuity of operations or disaster recovery plans or significant portions are exercised
   semi-annually.
   MAC II & III: The continuity of operations or disaster recovery plans are exercised annually.


   IDENTIFICATION OF ESSENTIAL FUNCTIONS (COEF)
   MAC I & II: Mission and business essential functions are identified for priority restoration planning
   along with all assets supporting mission or business essential functions (e.g., computer-based services,
   data and applications, communications, physical infrastructure).
   MAC III: Mission and business essential functions are identified for priority restoration planning.


   MAINTENANCE SUPPORT (COMS)
   MAC I & II: Maintenance support for key IT assets is available to respond 24 x 7 immediately upon
   failure.
   MAC III: Maintenance support for key IT assets is available to respond within 24 hours of failure.




8/17/2011                Integrity - Service - Excellence                                                     28
                   Continuity IA Controls (cont)

   POWER SUPPLY (COPS)
   MAC I: Electrical systems are configured to allow continuous or uninterrupted power to key IT assets
   and all users accessing the key IT assets to perform mission or business-essential functions. This may
   include an uninterrupted power supply coupled with emergency generators or other alternate power
   source.
   MAC II: Electrical systems are configured to allow continuous or uninterrupted power to key IT assets.
   This may include an uninterrupted power supple coupled with emergency generators.
   MACIII: Electrical power is restored to key IT assets by manually activated power generators upon loss
   of electrical power from the primary source.


   SPARES AND PARTS (COSP)
   MAC I: Maintenance spares and spare parts for key IT assets are available 24x7 immediately upon
   failure.
   MAC II & III: Maintenance spares and spare parts for key IT assets can be obtained within 24 hours of
   failure.




8/17/2011               Integrity - Service - Excellence                                                    29
                   Continuity IA Controls (cont)

   BACKUP COPIES OF CRITICAL SOFTWARE (COSW)
   MAC I-III: Back-up copies of the operating system and other critical software are stored in a fire rated
   container or otherwise not collocated with the operational software.


   TRUSTED RECOVERY (COTR)
   MAC I-III: Recovery procedures and technical system features exist to ensure that recovery is done in
   a security and verifiable manner. Circumstances that can inhibit a trusted recovery are documented
   and appropriate mitigating procedures have been put in place.




8/17/2011                Integrity - Service - Excellence                                                     30

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:47
posted:8/17/2011
language:English
pages:30
Description: System Admin Resume Template document sample