Omega Inc. Bia

earth zee Research is a apace growth enquiry and consulting firm. They perk up a single chief(prenominal) constituent turn up in Reston, VA and three sm in all complication authoritys stiffened in San Diego, CA, bargainm, OR, and Kansas metropolis, MO. omega is non occurrently involved in e-commerce or air enterprise-tobusiness relationships. Two hebdomads ago, Omega experience a meaningful loss of proprietary info (estimated take to be $550,000. 00) that was stored electronically in an vaticinator entropybase in their main exp binglent staff in Reston. The selective instruction was unrecoverable and backups were non beingness routinely controled, so no retort was possible.Although he has no hard evidence, Omegas CTO believes that the loss resulted from deliberate extirpation of single files by a organization of ruless administrator from the Kansas metropolis perspective that had been let go some(prenominal) weeks prior to the loss. Needless to say , the CTO has been t engageed to get things to a lower place control. You mother been hired as a consultant to let out a plenary innovation for improving the clubs recovery posture in enjoin to pr effect future outage of Omegas critical musical arrangements and ne twainrk resources. Your guidance and observations go out rateually be wontd to develop a long-term procedural and form _or_ system of government solution for Omega Research.The CTO has stepped up to the dental plate and made the commitment to do whatsoever it emergences to address these issues. Base quarter Network sub social organisation * Omega leverages AT&T Managed Internet work for each of its view locations. * Omega ingests and manages the border routers for each of their ability internet sites. * Offices in Reston, San Diego, and Kansas metropolis receive large T-1 helping. * Offices in capital of Oregon receive 256k F-T1 spell service. Systems Business processes leadd by genus Aix mil ieu 1. Financial 2. Reporting 3. Data storage w arhouse local argona networkV fireor Services verbalise Ph superstar Contacts IBM Tape LibraryTSM waiter 522 southbound RdPoughkeepsie, NY 12601 214 451-7747 Steve Barretta SunGard Recovery run for server surroundings 401 N Broad St. Philadelphia, PA 877 456-3966215 351-1300 * dress Meltin (Test Coord. ) * Jack Fabrianni (Acct. Rep) * Lincoln Balducci (Resource Coord. ) BASELINE computing machine architecture topical anaesthetic stadium Architecture (Reston Office) AIX Environment * Perimeter entertainion provided by screening router. Configured for dynamic softw atomic number 18 program filtering using reflexive admittance engage Lists (ACLs). Remote price of admission is provided to employees while at home or on extend through PPTP VPN, and, dial-up reticular activating system offered by a Microsoft Windows NT 4. 0 master of ceremonies . * All servers in the Reston smudge defecate been centrally fit(p) to a entr opy middle(a). * The Reston entropy shopping mall overhear a bun in the ovens a 5-keypunch combination lock that is penuryed to h gray-headed access to the room. That combination is divided with all IT personnel and is infrequently rotated. * The data middle(a) is controlled for humidity through HVAC purification. * The data core group is controlled for temperature with isolated HVAC run. The data center is non on a increase floor to control static electricity. * The data center does not abide a site-wide UPS. Each server and network equipment supports their own mini-UPS. * Internal Omega E- chain get out is support by a Microsoft Exchange 2000 mail server running on a Microsoft Windows 2000 Server. Omega has installed an SMTP mail door panache to support Internet mail exchange. * Omega is the registered possessor of omeg arsearch. com and maintains a DNS Server at the Reston beforeness for name resolution supporting Omega drug users and to allow Internet acc ess to in public accessible information ( clear and e-mail). Web hosting services are provided on a Microsoft Windows 2000 Server running Internet Information Services (IIS). * X. euchre directory services are uncommitted through Active Directory although their execution of instrument is relatively immature they are operating in a mixed environment. * Server and lymph gland o/s environments absorb not been routinely patched. * Reston office printers are all network connected. * The IT Department is responsible for solicitude of the networks and networked resources at the Reston installation. They manage more than clxx workstations and 6 servers performing the functions previously described. guest machines consist of Microsoft Windows 95, 98, NT Workstation 4. 0, 2000, and XP. Mac operating systems allow OS/8 and OS-X, Panther. * Productivity applications have not been protrudeardized. Some user communities eff Corel OfficeSuite while others appreciate Microsoft Of fice . at that place are various editions of these packages installed on invitee machines. BASELINE ARCHITECTURE topical anesthetic Area Architecture (San Diego Office) * The San Diego is essentially a mirror of the network architecture provided at the Reston facility. * Differences o San Diego does not host a web server. San Diego does not support VPN or RAS connections. o on that point are a few(prenominal)er employees working out of the west border office. The topical anesthetic IT staff consists of one train who manages all networks and networked resources inwardly the San Diego office. o at that place are less than 50 invitee machines in San Diego with similar somas as the main office. o All servers have been falld in a detached office in San Diego. * There is not a controlled access restriction equivalent in the main center. * The office is not controlled for temperature, humidity, or static. * There are no pointless power supplies.BASELINE ARCHITECTURE Local Area Architecture (Salem Office) * Salem is a small site with only 30 workstations configured in much the analogous way as the rest of the company. * Sale supports a single combined dual-lane file and print server hosted on a Microsoft Windows NT 4. 0 Server. * Mail services are obtained through the San Diego office, using mailboxes bewilder up on the San Diego Exchange Server. * There are no publicly acquirable networked resources at the Salem office. * Remote access to Salems infrastructure is provided to active and home employees using VPN client to gateway connectivity. Salem has an IT staff of one devise that manages all networks and networked resources at this site. * All servers have been located in a spare office in San Diego. * There is not a controlled access restriction like in the main center. * The office is not controlled for temperature, humidity, or static. * There are no redundant power supplies. BASELINE ARCHITECTUREARCH Local Area Architecture (Kansas City Office) * Kansas City is very similar in surface to the Salem office with the exception that Kansas City runs a Microsoft Exchange 2000 server for mail services. Kansas City has a local system administrator for support. * All servers have been located in a spare office in Kansas City. * There is not a controlled access restriction like in the main center. * The office is not controlled for temperature, humidity, or static. * There are no redundant power supplies. Figure 1 principal(prenominal) Application Equipment List CONSIDERATIONS Networking and Systems Administration 1. Access to any site LAN mechanically guarantees access to the entire WAN. This means that user accounts authenticated in the Salem office have immediate access to resources in San Diego, Kansas City, and Renton. . User accounts and access restrictions are on an individual basis managed by each offices system engineer. There is not a common user form _or_ system of government rules c at a clockrning how passwords are created an enforced, cycled, aged, lockout, user account retention, and so on, are created and maintained per office. 3. There is no established backup and disaster recovery policy at any site. Backups are decentralized. off-site rotation only happens at the Reston office. Salem currently performs DASD to DASD backups without Tape copies being made. 4.The local system administrators at the satellite offices dissipate all direction from the central office and are not authorized to aim boundary router changes. They do not have authority to change anything without central IT approval. They have no site specific cipher they have full accountability for their LANs. 5. All machines run antivirus software although local IT staff infrequently maintains their definition files and relies on user intervention to perform file updates. No machine has spyware protection. 6. There is no dedicated program for training employees on avoiding threats like, say, Phishing. . Firewall logs, host packet analysis, application logs, event and error logs are generally cut across the board. Business Requirements 1. The organization is growing rapidly in spite of novel events. 2. Their strength is in developing business within the local market and providing on-the-spot(prenominal) consulting services. The research end of the business is the well-spring from which they die their competitive edge, besides Omega is realizing that consolidating the research custody adds synergy to their efforts, and reduces unnecessary overhead. 3. They plan to continue down that road.As a result, local sites exit expand their consulting workforce and research pull up stakes continue to be consolidated at the Reston and San Diego facilities. As this prune continues to develop, access to the research data stored at the east and west coast facilities break downs critical. Additionally, they sack upnot drop a similar loss of proprietary information as was recently experienced. and they know it could have been much worse. cognize Environmental Risks 1. The San Diego office is located in a 20- class seism zone. Once all 20 years, it estimated that a 6. -Richter racing shell earthquake or greater testament necessitate the facility, likely causing misuse to the facility/ data processor equipment management assumes losings to computer assets could be estimated at 20%. As a countermeasure, the company has purchased redress with $18,000. 00/year annual premiums that increase 5% every year. 2. The Reston office is located in a 500-year flood zone. Once every 500 years, it is estimated that a flood impart withdraw the facility likely causing damage to the facility/computer equipment management assumes losses to computer assets could be estimated at 40%.The company has opted to not purchase insurance. yearly premiums would run approximately $25,000. 3. The Kansas City office suffers a signifi deposet crevice event once every five years. When the tornado hits , severe electrical disruption affects the equipment and the office suffers 10% losses on computer assets. The company pays $14,000 in annual insurance premiums. Appendix A. Balance Sheet Reston sacred scripture Value Actual Value 81,290 45,690 27,390 13,330 17,250 9,450 4,309 0 Networking Equipment Server EquipmentWorkstation Equipment Peripherals TOTAL 167,700 31,009Kansas City Networking Equipment 12,700 11,900 Server Equipment 4,009,250 3,400,000 Workstation Equipment 18,200 13,400 Peripherals 4,433 0 TOTAL 4,044,583 3,425,300 Salem Networking Equipment 4,300 0 Server Equipment 3,600 0 Workstation Equipment 7,200 500 Peripherals 4,433 0 TOTAL 19,533 500 San Diego Networking Equipment 81,290 17,250 Server Equipment 45,690 9,450 Workstation Equipment 27,390 4,309 Peripherals 13,330 0 TOTAL 167,700 31,009 Appendix B.The Business touch on Interviews Bill Hermann We are a service-based company and our ability to take in and take for cash is critical . Without solid cash point or expenses increase exponentially in the very short period of sequence. In addition our cash position which I monitor through the rake system allows us to manage our treasury and short-term funding. I would estimate within two solar days we would have to borrow gold which could increase our be and overhead. Tiffany Sabers The I. T. organization is in a period of transition when it comes recoverability. execution of instrument of consume was very expensive, cadence-consuming, and drawn out. We have built-in a level of surplusage to sustain production should any number of things fail within a data center it ego. However we are not in as good a shape as we should be to protect your organization to the entire data center become unavailable for any significant period of time. Several factors come into turn when considering the recovery of a central system such as SAP. The accessibility of the engineering weve chosen at our recovery vender has been a challenge to say the least.SunGard involve to acquire and fund the appropriate IBM servers that we use to run the SAP application. Secondly on that point is for a terabytes of production data that ask to be recovered from tape once a disaster is declared. The recovery act using the current tape program library engine room on the floor is estimated to take 3 to 4 days disallow any problems. For tape to be a viable option going forward we request to upgrade to prouder hotfoot higher density devices and media to meet the involve of the business which is another capital expense.I hypothesize we all knew and accepted the risk of having to retool with the implementation of SAP. Now that time has come and this exercise is crucial to determine the proper recovery strategy and technology to meet the business needs. John Sampolous I retain with Bill that our finance structure is key. Since we dont make anything physical our business modeling relies on our cash position. I w ill say though without having finance information available we may begin adoption on the second day of an outage. The way the SAP system works without current data we will be a day behind at the time of business start the second day.Were sure as shooting capable of maintaining business function but will begin to dawdle $3-$500,000 per day in interest alone. The bottom line is treasury function that is maintained via a finance module within SAP is critical from our standpoint. Linda Okonieski from a purely functioning standpoint we are currently idle in the water if we cant get to our schedules and guardianship information for the persons in the field. We generate a quarter one thousand million dollars in gross a daily basis to our service organization. So if there is a hard fail of the SAP system we stand to have issues in two operating(a) areas.The first and nearly obvious is that if we cannot beak our clients in a timely style or cash flow will diminish significantly a t the end of the first week. The second concern is his longer-term and tie in to legal and constringeual ramifications if we could not maintain business as usual as apace as possible. In our business customer confidence and brand value are priceless and need to be protected. So if we are unable to quickly recover we could very well lose future business that could affect our viability of the company.Nate dark-brown Linda hit the nail on the head, we need to ensure that we have the right slew in the field generating income through billable hours and we need to continue to collect for their work. So I would say the schedule and billing within the SAP system ranks very high for me. And to add to Windows last point customer confidence is how weve been able to maintain a preferred vendor status with most of these companies where we do business, so more turn back in the armor could cost us a significant amount of business. light-haired Ales Without access to the SAP system we can t sell services we cant deliver.Most of our customers rely on us to be able to find and supply the appropriate consultant/resources as quickly as possible. Since we are one of some(prenominal) preferred service providers we will begin to miss out on new contracts and renewals to our competition. Our reliance on up to date information affects 30 to 40% of our short-term contracts and their ability to compete or longer-term assignments for our higher value personnel. Since we converted from our old system last year we had become completely reliant on the SAP application.Tyler Amdahl We have built-in on site redundancy for the SAP system, but we are still negotiating a new contract with SunGard services for a recovery configuration at the hotsite. Given the amount of data that is involved with the SAP system we are looking at 12 to 16 hours minimum recovery. Rachid Chad The SAP system is intentional/architected for failover capability. Unfortunately the production system implementa tion is currently around $14 million dollars. There is no economy of scale for full redundancy or real time failover.There are several options worthy considering if anyone the recovery time objectives that we all agree to. I can say that they will not be cheap so we will need to understand the costs were relating to an outage from the business perspective to enable us to construct the proper recovery strategy. Reyes Emme If you were to ask the employees they would rank getting their paychecks on time as a number one priority. However the fact is that by self insuring our payroll funding for a week to 10 day period we could provide estimated payroll and then rectify many issues once were back up and running.We in HR as well as have or long-term concerns should an outage extends for more than a few days and began to affect our brand value. The moderateness to be quite honest is that we pull out the best consultants partly based on their perception of our technical abilities as an organization. Fionna OConnor The canvas and compliance areas are not change in the short term should an outage occur. However, measure is everything. Should the outage occur during the close of SOX testing on the ramp above financial report to the board we could have issues with the regulators will. Jackson Davis We have an all-in situation with the SAP system.We are completely reliant on the system availability for day-to-day operation. The risk we have with the lengthy outage is that we will begin to incur penalties for our accounts account payable since we have been able to migrate to a just-in-time stipend practice. I am also concerned that we may not have the proper documentation to manually make for should the system be unavailable. I think however this exercise turns out several of our departments need to go back and designed some contingency plans should the data center be unavailable to us. The penalties for late payment would be 10% of $100,000 per day.