Restoration Order: The Key to Effective and Efficient Disaster Recovery

Restoration Order: The Key to Effective and Efficient Disaster Recovery

If you're studying for the CompTIA Security+ certification exam, you're likely familiar with the importance of having a disaster recovery plan in place to ensure business continuity in the face of an uncontrolled outage.

However, it's not just enough to have a plan; you also need to ensure that the plan is executed in the right order to avoid further problems.

This is where the concept of Restoration Order comes into play. Restoration order refers to the carefully designed sequence in which a complex facility such as a data center or campus network is reconstituted after an outage.

While the end goal is to bring everything back online as quickly as possible, it's important to do so in a controlled way to avoid creating additional problems.

Here’s a real world example of a successful restoration of networking, data, and IT systems, after a ransomware attack.

In 2018, the city of Atlanta was hit by a ransomware attack that crippled many of its computer systems, including those used for processing court documents, paying bills, and accessing police records. The attack occurred on March 22, and by the following day, city officials had determined that they were dealing with a variant of the SamSam ransomware.

In response to the attack, the city took a number of steps to restore its IT systems and data. These included:

  • Isolating infected systems to prevent the malware from spreading further.
  • Working with cybersecurity experts to analyze the ransomware and develop a plan for removing it.
  • Rebuilding infected systems from scratch rather than trying to restore them from backups, to ensure that the malware was completely removed.
  • Creating a command center to coordinate the response effort and ensure that all departments were working together effectively.
  • Communicating regularly with the public and city employees to keep them informed about the status of the restoration effort.

The restoration process was complex and time-consuming, but ultimately successful. By mid-April, the city had restored most of its critical systems, and by June, it had made significant progress in restoring all affected systems.

This example highlights the importance of having a well-designed restoration plan in place, as well as the need for effective communication and collaboration between different departments and stakeholders during a crisis.

So, what does restoration order look like in practice? In general, it follows a sequence similar to the one outlined below:

1. Enable and test power delivery systems: The first step is to ensure that power is restored and that all power-related systems such as grid power, power distribution units (PDUs), UPS, and secondary generators are functioning properly.

2. Enable and test switch infrastructure and routing appliances: Next, you'll want to ensure that network connectivity is restored by enabling and testing your switch infrastructure and routing appliances.

3. Enable and test network security appliances: Once connectivity is restored, it's important to verify that your network security appliances such as firewalls, IDS, and proxies are functioning as expected.

4. Enable and test critical network servers: With connectivity and security in place, you can then move on to enabling and testing critical network servers such as DHCP, DNS, NTP, and directory services.

5. Enable and test back-end and middleware: After your critical servers are online, you can move on to enabling and testing back-end and middleware systems such as databases and business logic. It's important to verify data integrity at this stage.

6. Enable and test front-end applications: Finally, you can enable and test your front-end applications to ensure that everything is functioning properly.

7. Enable client workstations and devices: Once everything else is online, you can enable client workstations and devices, as well as client browser access.

By following this sequence, you can ensure that dependencies between different appliances and servers are met and that systems are brought back online in a controlled and orderly fashion, minimizing the risk of causing additional problems.


Practice Exam Questions

1: Why is it important to follow a carefully designed order of restoration when bringing a complex IT system back online?

a) To ensure that all systems are brought back online at the same time
b) To minimize the risk of causing additional power problems
c) To maximize the speed of the restoration process
d) To ensure that dependencies between different appliances and servers are met and to minimize service disruption

 

2: Why is it important to verify data integrity during the restoration process?

a) To ensure that the data is encrypted
b) To ensure that the data is backed up
c) To ensure that the data is not corrupted or lost during the restoration process
d) To ensure that the data is compliant with industry regulations


Answers

1: Why is it important to follow a carefully designed order of restoration when bringing a complex IT system back online?

d) To ensure that dependencies between different appliances and servers are met and to minimize service disruption

2: Why is it important to verify data integrity during the restoration process?

c) To ensure that the data is not corrupted or lost during the restoration process