CUNY Graduate Center Information Technology. IT Provisioning for Business Continuity & Disaster Recovery Effective Date: April 6, 2018

Similar documents
CUNY Graduate Center Information Technology. IT Provisioning for Business Continuity & Disaster Recovery Effective Date: May 26, 2017

CUNY Graduate Center Information Technology IT Provisioning for Business Continuity & Disaster Recovery Effective Date: November 14, 2018

Technology Disaster Recovery Plan updated 06/16/16

SECURITY PRACTICES OVERVIEW

UF CEMP Support Group Annex: IT Group

Memorandum APPENDIX 2. April 3, Audit Committee

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

BUSINESS CONTINUITY PLAN Document Number: 100-P-01 v1.4

Attachment A - SDCCD Current Hardware and Software Environment

BUSINESS CONTINUITY. Topics covered in this checklist include: General Planning

Windows Server Security Best Practices

3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007

PROGRESS REPORT of TECHNOLOGY PLAN 2016 INITIATIVES AS OF FEBRUARY 28, 2013

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Dude Solutions Business Continuity Overview

University Information Systems. Administrative Computing Services. Contingency Plan. Overview

1 Data Center Requirements

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

INFORMATION SECURITY- DISASTER RECOVERY

IT CONTINUITY, BACKUP AND RECOVERY POLICY

Information. Technology. Annual Report

SERVICE DESCRIPTION MANAGED BACKUP & RECOVERY

Business Continuity Plan Executive Overview

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 13 Business Continuity

NETWORK DESIGN: MEDICAL FACILITY J.P. MARSHALL THOMAS ASHEY ROHAN GOTHWAL JENNIFER COLMAN SAMUEL CHERRY

7.16 INFORMATION TECHNOLOGY SECURITY

Projectplace: A Secure Project Collaboration Solution

Atmosphere Fax Network Architecture Whitepaper

Aljex Software, Inc. Business Continuity & Disaster Recovery Plan. Last Updated: 1/30/2017.

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Data Storage, Recovery and Backup Checklists for Public Health Laboratories

INFORMATION TECHNOLOGY Annual Report

CUNY Graduate Center Information Technology. IT Policies & Procedures Last Updated: May 12, 2017

Section A - Standards that Apply to All RFPs

v February 2016

Continuity of Business

Welcome to Gumnut Cloud

Version v November 2015

Business Continuity and Disaster Recovery. Ed Crowley Ch 12

University Network Policies

DRAFT 2012 UC Davis Cyber-Safety Survey

Vendor must indicate at what level its proposed solution will meet the College s requirements as delineated in the referenced sections of the RFP:

High Availability and Disaster Recovery Solutions for Perforce

BME CLEARING s Business Continuity Policy

Data Center Operations Guide

EXHIBIT A. - HIPAA Security Assessment Template -

Double-Take Software

West AT&T TXT Power Service Guide

University of Hawaii Hosted Website Service

Addendum #1 VOIP RFP Questions & Answers 12/13/17

DATA BACKUP AND RECOVERY POLICY

Solution Pack. Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites

Concord Fax Network Architecture. White Paper

IT Service Upgrades Announcement

Version v November 2015

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Lincoln University OIT Monthly Activity Summary. June Action Items

IPMA State of Washington. Disaster Recovery in. State and Local. Governments

MUNICIPALITY OF NORRISTOWN. Responses to Proposal Questions

HYBRID CLOUD BACKUP & DISASTER RECOVERY

enalyzer enalyzer security

CANVAS DISASTER RECOVERY PLAN AND PROCEDURES

Audit4 Installation Requirements

Overview of Cisco Unified Communications Applications and Services

What's in this guide... 4 Documents related to NetBackup in highly available environments... 5

68 - Point Checklist Revised May 2017

Network Performance, Security and Reliability Assessment

Tuskegee Backup and Offsite Policy and Procedures

ABOUT US SECURITY. A Legacy of Providing Solutions. Protecting Your Data

Application Lifecycle Management on Softwareas-a-Service

Qualification Specification for the Knowledge Modules that form part of the BCS Level 3 Infrastructure Technician Apprenticeship

Xceedium Xio Framework: Securing Remote Out-of-band Access

CCBC is equipped with 3 computer rooms, one at each main campus location:

Protect enterprise data, achieve long-term data retention

WHITE PAPER BCDR: 4 CRITICAL QUESTIONS FOR YOUR COMMUNICATIONS PROVIDER

INFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst II

ITD SERVER MANAGEMENT PROCEDURE

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

Table of Contents Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems...

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

REQUEST FOR PROPOSAL Backup and Disaster Recovery Solutions Response to Vendor Questions September 23, 2016

Cisco Unified Survivable Remote Site Telephony and Cisco Unified Enhanced Survivable Remote Site Telephony Version 11.0

Core Services for ediscovery Perfection

Managed Service Proposal

DELIVERING PERFORMANCE, SCALABILITY, AND AVAILABILITY ON THE SERVICENOW NONSTOP CLOUD

SERVICE SCHEDULE MANAGED DATABASE

TIBCO Nimbus Service

The CUNY Graduate Center Information Technology. Software Platform Service Standards Last Updated: June 30, 2017

E-Security policy. Ormiston Academies Trust. James Miller OAT DPO. Approved by Exec, July Release date July Next release date July 2019

A Ready Business rises above infrastructure limitations. Vodacom Power to you

Request for Proposal Technology Services, Maintenance and Support

INTRODUCING VERITAS BACKUP EXEC SUITE

Information Security Controls Policy

Ensure that all windows servers are patched and virus checked to the correct levels and that changes are made in line with ISO standards

Symantec Backup Exec 10d for Windows Servers AGENTS & OPTIONS MEDIA SERVER OPTIONS KEY BENEFITS AGENT AND OPTION GROUPS DATASHEET

Piton Investment Management. Business Continuity Plan

Messaging Infrastructure Design

Microsoft Certified System Engineer

Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017)

VMware Mirage Getting Started Guide

Transcription:

CUNY Graduate Center Information Technology IT for & Effective Date: April 6, 2018 Introduction Organization Information Technology (IT) is the division of the Graduate Center responsible for voice, video and data systems and services. The mission of this unit is to promote, facilitate and support the effective use of technology in instruction and learning, in research, and in processing and accessing institutional information. Organizationally, IT is comprised of three divisions: Administrative Services, Client Services and Systems Services. Facilities The Graduate Center s primary site at 365 Fifth Avenue ( ) includes data centers located on the second floor directly connected to the CUNY ring. The secondary site, at the GC Advanced Science Research Center ( ), includes a data center below ground as well as end-user workspaces and is connected to the CUNY ring via City College using infrastructure currently overseen by CUNY central office CIS. The tertiary site, the GC Apartment Building ( GC/Apt ), which includes a designated IT room on the first floor as well as (limited) end-user workspace on the first floor, is connected to the CUNY ring via Hunter College and is also served by a separate redundant internet connection via Verizon FIOS service. Scope of This document outlines the provisioning currently in place by Information Technology to safeguard ongoing functionality for select IT systems and services specifically identified herein. The scope and suitability of such provisioning is reviewed on a regular basis as systems and services are decommissioned, added and changed. Definitions We distinguish between the phrases business continuity and disaster recovery by viewing a business continuity plan as essentially a proactive approach to safeguarding ongoing daily operations while a disaster recovery plan must attempt to react to the scope and nature of a calamity. That is, our business continuity provisioning guarantees that we have systems in place that are backed up and fail over, ensuring that key services stay up and running, that business processes remain operational, in the course of minor disruptions which are reasonably anticipated. recovery, in which an unlikely but catastrophic incident has rendered the data center lost in part or in total for an extended period of time, may call for wholesale reconstitution of facilities, resources and services depending on the nature and specifics of the disaster. Context For the purposes of this document, at IT services are considered to be centered at, with business continuity provisioning intended to safeguard that perspective and disaster scenarios envisioned deleteriously impacting that location. Related Policies & Procedures IT Backup and Restore Policies IT Incident Management Plan 1

Essential IT Services and BC/DR This section outlines the provisioning currently in place by Information Technology to safeguard ongoing functionality for select essential IT systems and services. Two types of provisioning are identified, business continuity and disaster recovery, for the essential IT services identified below. GC Data Center: The data center at consists of two adjacent dedicated rooms. Access to the data center is via restricted card-entry system, security cameras monitor the entrances and public safety routinely patrols the adjacent hallways. The rooms are on the second floor, above ground level, and are set apart from the general traffic patterns used by the community of individuals occupying the building on a daily basis. The rooms are supported by individual redundant cooling systems, with continuous monitoring and alerting in place for Facilities and Engineering. The rooms are supported by individual power systems provisioned with UPS backup, with continuous monitoring and alerting in place for Facilities and Engineering. The rooms are supported by individual sprinkler systems. The rooms are supporting by temperature, humidity and water alerting, monitored by IT staff and Facilities and Engineering. used as emergency relocation centers for restoration of targeted GC IT services. GC IT Network Infrastructure: The network infrastructure at consists of core switches and related componentry in the data center, connected via fiber risers to multiple IDFs on each floor housing edge switches serving end-user devices. A wireless network infrastructure rides on top of this framework. The network infrastructure at is currently under the purview of CUNY central office CIS. The network infrastructure at GC/Apt apart from resident services includes edge switches in the data center provisioned to support a collection of desktop computers that could be installed in the first-floor lounge. In the data center, core switches, distribution switches, firewalls, server-region switches and switches connecting the internal network to the CUNY ring are all deployed in pairs, with failover provisioning, providing high redundancy. From the data center, the IDF on each floor is supported by redundant fiber connections, however these are encased in the same pathway. The stack of edge switches in each IDF on each floor are configured for failover, however there are single horizontal paths from the edge switch to the individual enduser wall ports. There typically are multiple data ports in any given room. 2

GC IT Network Infrastructure: The network infrastructure at consists of core switches and related componentry in the data center, connected via fiber risers to multiple IDFs on each floor housing edge switches serving end-user devices. A wireless network infrastructure rides on top of this framework. The network infrastructure at is currently under the purview of CUNY central office CIS. The network infrastructure at GC/Apt apart from resident services includes edge switches in the data center provisioned to support a collection of desktop computers that could be installed in the first-floor lounge. The CUNY ring provides two paths, in opposite directions, for redundancy. There is a single path from the data center to the external connection to the actual ring. There is no secondary internet connection in place at. This equipment is currently the purview of CUNY central office CIS. used as emergency relocation centers for restoration of targeted GC IT services. GC domain (faculty & staff) email: Email for GC staff and faculty uses the gc.cuny.edu domain, and is implemented in a Microsoft Exchange environment, hosted locally at. Email in the legacy asrc.cuny.edu domain is hosted on the CUNY central office CIS email platform. gc.cuny.edu domain (faculty & staff) email The Exchange platform is maintained in a dedicated cluster environment housed in the data center, made up of multiple fault-tolerant servers, provisioned for fail-over redundancy. ProofPoint and other supplementary systems apply additional security processing to incoming/outgoing email for the purpose of safeguarding operations; these systems are likewise configured as a cluster of multiple faulttolerant servers, provisioned for fail-over redundancy. Backups are executed daily, stored onsite; weekly backups are also performed and stored at off-site location(s). asrc.cuny.edu domain email This is currently the purview of CUNY central office CIS Email accounts for ASRC-based employees are now provisioned in the GC email domain; asrc.cuny.edu domain email accounts are legacy. gc.cuny.edu domain email 3

GC domain (faculty & staff) email: Email for GC staff and faculty uses the gc.cuny.edu domain, and is implemented in a Microsoft Exchange environment, hosted locally at. Email in the legacy asrc.cuny.edu domain is hosted on the CUNY central office CIS email platform. Subject to the nature of the disaster, backup tapes are available to restore the Exchange environment at GC/Apt. In order to do so, equipment required to read from back-up tapes will need to be acquired, as well as the equipment onto which the files and system are to be restored. Other operational steps will include making revisions to current DNS tables. Users will use Outlook Web Access from any internet-connected location to access gc.cuny.edu domain email. In a disaster scenario, existing supplementary systems such as ProofPoint will be Future planning: recovery provisioning currently supported by GC/Apt asrc.cuny.edu domain email This is currently the purview of CUNY central office CIS Externally hosted and managed IT services: Services such as email, file storage and collaboration services for GC students (using the gradcenter.cuny.edu domain), CUNYfirst HR and finance services, Blackboard and NetCommunity are externally hosted. GC student email, file storage and collaboration services (using the gradcenter.cuny.edu domain) are implemented in a Microsoft Office 365 environment, hosted externally by Microsoft and controlled by CUNY central office CIS. This is a Microsoft-hosted and supported environment, accessible to users from any internet-connected location. CUNYfirst and Blackboard are hosted systems overseen and managed by central office CIS. NetCommunity is a system contracted for by the GC Development office and hosted externally by the vendor. Subject to the nature of the disaster, these externally-hosted and supported environments are expected to remain operational and accessible to users from any internet-connected location. CUNYfirst and Blackboard are the purview of CUNY central. GC database services: Electronic databases underpinning file systems and applications are hosted locally at the GC. Database services for individuals at are currently provisioned on equipment overseen by CUNY central office CIS. The MS SQL database environment is maintained in a dedicated cluster environment housed in the data center, made up of multiple faulttolerant servers, provisioned for fail-over redundancy. 4

GC database services: Electronic databases underpinning file systems and applications are hosted locally at the GC. Database services for individuals at are currently provisioned on equipment overseen by CUNY central office CIS. The MySQL database environment is maintained in a dedicated cluster environment housed in the data center, made up of multiple faulttolerant servers, provisioned for fail-over redundancy. Backups of the data and the servers are executed daily, stored onsite and - for Windows environments - replicated offsite to GC/Apt; weekly backups of the data and the servers are also performed and stored at off-site location(s). This equipment is currently the purview of CUNY central office CIS Subject to the nature of the disaster, backup tapes can be used to restore the database environment at GC/Apt. In order to do so, equipment required to read from back-up tapes will need to be acquired as well as the equipment onto which the files and system are to be restored to house the database environment. Future planning: recovery provisioning currently supported by GC/Apt GC file services: Electronic file services for GC faculty and staff, commonly known as U-, S- and R- drives, are hosted locally at. File services for individuals at are currently provisioned on equipment overseen by CUNY central office CIS. (File services for GC students are discussed above.) The front-end system for file access is maintained in a dedicated cluster environment housed in the data center, made up of multiple faulttolerant virtual servers, provisioned for fail-over redundancy. The back-end system for file storage is a SAN system housed in the data center. 5

GC file services: Electronic file services for GC faculty and staff, commonly known as U-, S- and R- drives, are hosted locally at. File services for individuals at are currently provisioned on equipment overseen by CUNY central office CIS. (File services for GC students are discussed above.) Backups of both the front-end system and the back-end data are executed daily, stored onsite and also replicated offsite to GC/Apt; weekly backups of the data and the servers are also performed and stored at off-site location(s). This equipment is currently the purview of CUNY central office CIS Subject to the nature of the disaster, the data replica retained at GC/Apt can be used to restore the file services at GC/Apt. Future planning: recovery provisioning currently supported by GC/Apt Incoming/outgoing internet connectivity: The IT infrastructure ( CUNY ring ) traversed by incoming and outgoing traffic between the internet and the IT infrastructure internal to, GC/Apt and is controlled by CUNY central office CIS. is connected to the CUNY ring. is connected to the CUNY ring via City College using infrastructure currently overseen by CUNY central office CIS. GC/Apt is connected to the CUNY ring via Hunter College and is also served by a separate redundant internet connection via Verizon FIOS service. The CUNY ring is the purview of CUNY central office CIS. The CUNY ring is the purview of CUNY central office CIS. A separate redundant path to the internet is in place via Verizon FIOS service at the GC/Apt (only). 6

GC-hosted Windows-based websites & web-based services: Resources such as the primary GC website (gc.cuny.edu), Password Reset, Track-IT, and the web front-ends are hosted locally at. The asrc.cuny.edu website is hosted by CUNY central office CIS. The front-end systems are maintained in a dedicated cluster environment housed in the data center, made up of multiple fault-tolerant virtual servers, provisioned for fail-over redundancy. The database back-end is MS SQL, discussed elsewhere in this document. Backups of the front-end system are executed daily, stored onsite and also replicated offsite to GC/Apt; weekly backups of the data and the servers are also performed and stored at off-site location(s). asrc.cuny.edu website This is currently the purview of CUNY central office CIS. gc.cuny.edu website Subject to the nature of the disaster, the data replication retained at GC/Apt will be used to restore the GC website system at GC/Apt. (Noted: The dependency on the database restoration.) Other operational steps will include making revisions to current DNS tables. Future planning: recovery provisioning currently supported by GC/Apt asrc.cuny.edu website This is currently the purview of CUNY central office CIS. In the future, content residing on the CIS platform will be migrated to the GC s primary infrastructure. 7

GC-hosted Windows-based IT services: Resources such as WSUS, SCCM, EPO, software license server, print server and Active Directory are hosted locally at. These systems are maintained in a dedicated cluster environment housed in the data center, made up of multiple fault-tolerant virtual servers, provisioned for fail-over redundancy. Backups of the front-end system are executed daily, stored onsite and also replicated offsite to GC/Apt; weekly backups of the data and the servers are also performed and stored at off-site location(s). Subject to the nature of the disaster, the data replication retained at GC/Apt will be used to restore select systems at GC/Apt; not every system noted in this section would be considered essential. Future planning: recovery provisioning currently supported by GC/Apt GC-hosted Linux-based websites & web-based services: Resources such as GC Web Services, the CUNY Academic Commons, and the GC Library website, as well as the NML, DSC, MLD, CUNY BA, RILM, Brook Center and RedMine websites are hosted locally at. The GC Linux environment is purely virtual and consists of three layers: the MySQL database back-end, discussed elsewhere in this document, the file system and the front-end web services layer. The MySQL database back-end is discussed elsewhere in this document. The environment is maintained in a dedicated cluster environment housed in the data center, made up of multiple fault-tolerant virtual servers, provisioned for fail-over redundancy. Backups are executed daily, stored onsite; weekly backups are also performed and stored at off-site location(s). 8

GC-hosted Linux-based websites & web-based services: Resources such as GC Web Services, the CUNY Academic Commons, and the GC Library website, as well as the NML, DSC, MLD, CUNY BA, RILM, Brook Center and RedMine websites are hosted locally at. Subject to the nature of the disaster, backup replicas will be used to restore the Linux system environment at GC/Apt. Other operational steps will include making revisions to current DNS tables. (Noted: The dependency on the database restoration.) Future planning: recovery provisioning currently supported by GC/Apt Desktop Computers: A collection of Apple ios Mac and Windows PC desktop computers are available at to support faculty, staff and students. These resources are maintained and supported on an ongoing basis. A collection of Apple ios Macs and Windows PCs are available at to support faculty and staff; these are currently under the purview of CUNY central office CIS. For desktop computers currently deployed, systems are kept current and protected by way of central management, via SCCM for Windows PCs and Casper for Apple Macs. SCCM is noted elsewhere in this document. Casper resides on a physical server, with a redundant hardware platform. WSUS, noted elsewhere this document, is used to keep PC computers current with Windows updates and patches as well as Microsoft application software updates. Casper is used to keep Macs current with Apple ios updates and patches. Ongoing preparedness: Critical updates issued by Microsoft are automatically pushed to all Windows desktop computers via WSUS. Critical updates issued by Apple are automatically pushed to all Mac desktop computers via Casper. McAfee EPO, noted elsewhere in this document, is used to keep the end-point security updated on both Windows PCs and Apple Macs. This includes anti- 9

Desktop Computers: A collection of Apple ios Mac and Windows PC desktop computers are available at to support faculty, staff and students. These resources are maintained and supported on an ongoing basis. A collection of Apple ios Macs and Windows PCs are available at to support faculty and staff; these are currently under the purview of CUNY central office CIS. virus, full-drive encryption for portable storage and data loss prevention for designated sensitive data (for the latter, Windows only). The same utility is used to provision full-drive encryption on GC laptops. Ongoing preparedness: McAfee updates are automatically pushed to desktop computers on a routine basis. Ongoing preparedness: A small collection of PCs and Macs are retained in stock ( spares ), as a redundant fail-safe precaution should a desktop computer currently deployed fail beyond immediate repair. Standard images for PCs and Macs are maintained in SCCM for Windows and in Casper for Macs. Ongoing preparedness: These images are backed up routinely. Desktop computers have been configured and installed by CUNY central office CIS and are currently maintained via that connection. Future planning: Desktop computers at will be integrated into the fleet of desktop computers at. Subject to the nature of the disaster, facilities at and GC/Apt will be Existing desktop computers at are suitable for such work. The lounge at GC/Apt is provisioned to support a collection of desktop computers. Future planning: recovery provisioning currently supported by GC/Apt GC telephone service: Telephony service for is provided via a voice-over-ip system hosted locally at, using circuits to Verizon and AT&T. Telephony service for GC/Apt is provided via Verizon. Telephony service for uses infrastructure currently controlled by CUNY central office CIS. The telephony system is comprised of a collection of components; all components are provisioned for redundancy. Additional end-user hand-sets are also stored on-site. Voicemail services enabling a caller to leave a message are maintained in a dedicated cluster environment housed in the data center, made up of multiple fault-tolerant servers, provisioned for fail-over redundancy. Voicemail services enabling the recipient to retrieve stored messages are not similarly provisioned. 10

GC telephone service: Telephony service for is provided via a voice-over-ip system hosted locally at, using circuits to Verizon and AT&T. Telephony service for GC/Apt is provided via Verizon. Telephony service for uses infrastructure currently controlled by CUNY central office CIS. Backups are executed daily, stored onsite. backups were successful. Redundant routes exist to the PSTN, however these traverse the same pathway between and the street connection. This is currently the purview of CUNY central office CIS. A small number of telephones at are provisioned independently of the IP network using traditional analog service. Telephone services at GC/Apt and are independent of and therefore, subject to the nature of the disaster, may remain operational. In a disaster scenario, certain existing supplementary systems such as voicemail may be This is currently the purview of CUNY central office CIS. 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback