Emergency Preparedness Creating a Disaster Recovery Plan for your - - PowerPoint PPT Presentation

emergency preparedness
SMART_READER_LITE
LIVE PREVIEW

Emergency Preparedness Creating a Disaster Recovery Plan for your - - PowerPoint PPT Presentation

Aug 29, 2023 390 likes •829 views

Emergency Preparedness Creating a Disaster Recovery Plan for your Drupal Site Ronan Dowling Gorton Studios/NodeSquirrel.com DrupalCorn 2014 Who am I? Lead developer at Gorton Studios Maintainer of Backup and Migrate

slide-1
SLIDE 1

Emergency Preparedness

Creating a Disaster Recovery Plan for your Drupal Site

Ronan Dowling – Gorton Studios/NodeSquirrel.com DrupalCorn 2014

slide-2
SLIDE 2

Who am I?

  • Lead developer at Gorton Studios
  • Maintainer of Backup and Migrate
  • Founder/Creator of NodeSquirrel
  • ronan@gortonstudios.com
  • @ronan4000
slide-3
SLIDE 3

Who are you?

  • Drupal site owners and builders
  • Drupal shops
  • Small to medium sites
slide-4
SLIDE 4

Who are you not?

  • Sysops/Devops

– You already know this stuff

  • Enterprise or large sites

– These tools may not scale up

slide-5
SLIDE 5

What is a DRP?

“A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.” 3 Basic Features:

  • 1. preventive measures
  • 2. detective measures
  • 3. corrective measures

– http://en.wikipedia.org/wiki/Disaster_recovery_plan

slide-6
SLIDE 6

Typical advice

  • Write down every possible scenario
  • Write down the solution to every problem
  • Practice!
slide-7
SLIDE 7

Less intimidating approach

  • Identify all the things that can fail
  • Figure out how to replace them
  • Practice!
slide-8
SLIDE 8

The parts

  • Domain Registrar
  • Authoritative Name Servers (DNS)
  • Host Network

– (load balancers, front end cache)

  • Web Server(s)
  • Drupal and Modules
  • Database(s)
  • Uploaded Files
slide-9
SLIDE 9

Risks to your site

  • User Errors
  • Bad Services
  • Hackers

– Intrusion – DDOS

  • Success

– The Reddit Hug/Slashdot Effect

  • Natural Disasters
slide-10
SLIDE 10

What do you need to do?

  • 1. Preventive measures
  • 2. Detective measures
  • 3. Corrective measures
slide-11
SLIDE 11

Preventative Measures

“Controls aimed at preventing an event from

  • ccurring.”

– http://en.wikipedia.org/wiki/Disaster_recovery

  • Use Drupal security best practices
  • Use good vendors

– Host, registrars etc.

  • Build in redundancy
  • Train your users
slide-12
SLIDE 12

Preventative Tools

slide-13
SLIDE 13

CloudFlare

  • http://cloudflare.com
  • CDN/DNS/Front-end Cache
  • Protects from hackers
  • Prevent DDOS (intentional or

unintentional)

  • Free or $20+/mo
  • See also: Incapsula –

– http://www.incapsula.com/

slide-14
SLIDE 14

Hosted DNS

  • Amazon Route 53
  • dnsbycomodo.com
  • dyn.com

– “Outsourcing DNS is part of a sound disaster prevention strategy.”

http://en.wikipedia.org/wiki/List_of_managed_DNS_providers

  • Some protection from DDOS
  • Better uptime (than cheap registrars)
  • Actual redundancy
slide-15
SLIDE 15

Detective Measures

“Controls aimed at detecting or discovering unwanted events.”

– http://en.wikipedia.org/wiki/Disaster_recovery

  • Don’t wait until your users tell you your site

is down.

slide-16
SLIDE 16

Detective Tools

slide-17
SLIDE 17

Pingdom

  • http://pingdom.com
  • Uptime monitor
  • Visits your website periodically
  • Emails you if the site is down
  • Free for 1 site or $14+/mo for more
  • See Also:
  • UptimeRobot
  • Mon.itor.us
slide-18
SLIDE 18

Application Monitoring

  • New Relic/Naigos/Appneta
  • Checks the health of the server

– Resource usage etc.

  • Detect problems before they’re critical
  • Installed on your server
  • Talk to your host
slide-19
SLIDE 19

Wormly

  • http://wormly.com
  • Application monitoring for the rest of us
  • Install a PHP script on your server
  • Reports and tracks usage (memory, cpu,

etc.)

  • $19+/mo
slide-20
SLIDE 20

Drupal Monitor

  • http://drupalmonitor.com
  • Drupal-specific app monitoring
  • Install a module
  • Reports various site stats
  • Track multiple sites
  • Free (freemium coming)
slide-21
SLIDE 21

Corrective Measures

“Controls aimed at correcting or restoring the system after a disaster or an event.”

– http://en.wikipedia.org/wiki/Disaster_recovery

  • The meat of the DRP
slide-22
SLIDE 22

Corrective Tools

slide-23
SLIDE 23

Backup!

Redundancy for data

slide-24
SLIDE 24

4 Components of Drupal

  • Server Configuration
  • Code
  • Database
  • Uploaded Files
slide-25
SLIDE 25

Server Configuration

  • Changes almost never
  • Not too hard to recover without backup
  • Difficult to back up
  • Ask your host
  • Keep a record of custom configuration
slide-26
SLIDE 26

Drupal Code

  • Changes rarely
  • Sometimes possible to recover without

backup

  • Most of it is on drupal.org/github etc.
  • Should be in a VCS

– git, svn

  • Automate Deployment (dploy.io)
slide-27
SLIDE 27

Database

  • Changes frequently
  • Impossible to recover without backup
  • Easy to backup
  • A few MB to a few GB
  • Tools:

– Backup and Migrate – phpMyAdmin – MySQLDump

slide-28
SLIDE 28

Uploaded Files

  • Change infrequently
  • Difficult-ish to recover without backup
  • Relatively difficult to back up
  • Hundreds of MB+
  • Restoring is slow
  • Tools:

– Backup and Migrate (3) – Rsync – Custom scripts

slide-29
SLIDE 29

Levels of Backup

Server level vs Application level

slide-30
SLIDE 30

Server-level backup

  • Provided by hosts
  • Backs up config/db/code/files
  • Slow to recover
  • Dependant on host/sysop
  • Best for total system failure
slide-31
SLIDE 31

Application-level Backup

  • Backup Drupal DB and Files
  • Controlled by site owner/admin
  • Recover in seconds
  • No support tickets needed
  • Best for user error and partial failure
slide-32
SLIDE 32

Content-level Backup

  • Per-node versioning
  • Recover specific nodes/entities
  • Built in to Drupal core
  • Best for: localized user error
  • Not good for: Things that aren’t entities.

Deletes.

slide-33
SLIDE 33

Offsite vs Onsite Backup

slide-34
SLIDE 34

Onsite Backup

  • Quickest Backup
  • Quickest Recovery
  • Not good for system failure
slide-35
SLIDE 35

Offsite Backup

  • Slower to backup
  • More effort to set up
  • Available when your server is down
  • Offsite backup options

– NodeSquirrel – Amazon S3 – FTP to another host – Email (DON’T DO THIS)

  • Offsite backup from your host is NOT offsite
slide-36
SLIDE 36

Restore

slide-37
SLIDE 37

Restoring your site

  • Depends on your backup solutions
  • Depends on how ‘down’ your site is
  • Practice
  • Time your practice
slide-38
SLIDE 38

Accessing Services

Know how to log-in in an emergency

slide-39
SLIDE 39

Keep all logins together

  • Web host, Registrar, DNS, CDN, etc.
  • Store online and offline
slide-40
SLIDE 40

Store tech support contacts

  • Web host, Registrar, DNS, CDN, etc.
  • Don’t rely on the company’s ticketing system
  • Also store email, phone, twitter
slide-41
SLIDE 41

Email password reset

  • Have all account password reset to same

email

– Don’t use a real user’s email – Don’t use your website’s domain/server – Forward to anybody who might need to recover – Consider 2-factor auth

  • Test resetting passwords
slide-42
SLIDE 42

Your written plan

  • A list of 3rd party services with:

– Login credentials – Account email – Support contacts

  • A list of internal people responsible for

recovery

  • The location, type and frequency of every

backup

slide-43
SLIDE 43

Questions?

ronan@gortonstudios.com @ronan4000