Enveloptech’s intent is to provide a Citrix disaster recovery farm, including file
services, software application services, Exchange email and OnBase,
as requested by our current and upcoming Citrix users. As individual customer needs vary, each of their current software and file systems in use
will be studied, detailed and documented for quick installation and testing on
disaster recovery hardware. A yearly
inventory and rebuilding of the recovery Citrix image will also be done in
preparation for a yearly required test, conducted during the regular Harland
Financial Ultra Data disaster recovery test.
To
accommodate the needs of the subscribing Credit Unions, a set of four servers
(Citrix X 2, File/SQL/OnBase X 1, and Active
Directory/Exchange X 1) will be located at the Ultra Data DRC in Texas. This farm will provide high performance
access to the backup Ultra Data UNIX host for the users who are running
FSP/ALPS. The Citrix servers can also
run Microsoft Office and other necessary programs known to function in a
Terminal Server environment. Multiple tape drives, backward compatible with
current systems, will also be on hand.
The only caveat to post-disaster, full recovery to a newly built Citrix
farm will be the implementation of an updated tape drive that can read the
tapes of the newest tape backup drive in the Disaster Recovery Farm.
A set of
three servers with identical chassis hardware as the four at the DRC will be
located at Enveloptech to accommodate building, imaging, testing and backing up
the farm from here while it will actually function there. A detailed installation routine will be used
to install all the necessary services on less hardware for testing but run them
on ample hardware for production.
Hardware-wise,
all servers will be powerful, fast and fully redundant with dual processors,
extra memory, mirrored hard drives, tape drives, redundant power supplies, and UPSes. 24x7x4HR
support contracts will be purchased and BIOS level access to the servers will
be provided to Enveloptech technicians via dialup or VPN.
Software-wise,
licenses from the downed servers will be used where possible. Additional licenses as required to build and
baseline test the server farm will need to be purchased. This will include 4 X Windows 2003 Server
licenses (backward licensable), 1 X SQL 2000 license, 1 X Exchange 2000
License, 3 X Windows 2003 Device CALs, 3 X Windows
2003 Terminal Device CALs, 3 X SQL 2000 CALs, 3 X Exchange 2000 CALs, 1 X
Citrix XPa FR3 20 user Starter Kit, 3 X Microsoft
Office XP Professional licenses, 10 X Profile Maker licenses and 2 X TriCerat Desktop 2001.
Building the Test Farm
The process
for building the disaster sever farm will be as follows:
First,
Enveloptech will install a Windows 2000 Server with Terminal Services Licensing
and Active Directory on a mirrored set of 18 Gig hard drives on Hardware
A. Active Directory Restore must be run
to put the users and groups back on the Domain Controller. Profile Maker will further be added to this
server to automatically assign printers and map drives for the Citrix users
when they log in, depending upon which groups they are defined in. If desired, this server can also be a
replacement Exchange server by adding Exchange Server to it.
Second, we
will install a Windows 2000 File Server on a mirrored set of 18 Gig hard drives
in Hardware B and set the same directory structure that is currently on the
clients file server on a separate mirror of 146 Gig hard drives. This server will join the domain of Hardware
A, and have SQL 2000 installed on it to handle the Citrix management
duties. If Onbase
is desired, a second mirrored set of 146 Gig hard drives can be installed in
the two remaining slots. All user files
and OnBase images from the Credit Union we are
supporting will be restored to this system via Tape Restore.
Third, we
will install a Windows 2000 Terminal Server on a mirrored set of 36 Gig hard
drives on Hardware C and then add Citrix to it.
All applicable software for the Credit Union will be installed on the
Citrix server and be verified to work.
Desktop 2001 will be installed to restrict user access to designated
areas of the desktop.
Fourth, two
blank 36 Gig hard drives will be hot swapped into the Citrix server, one at a
time, and allowed to rebuild the array.
This second set will have SysPrep run on it
and the server rebooted to have a different identity assigned to it. Now, both servers should individually be
booted with their respective drive sets and joined to the Active Directory
domain.
Fifth,
Profile Maker should be fully configured to build the profiles of those who log
into the domain.
In the
creation of this farm, the network addresses they use will need to be something
other than that of which is currently in use at the regular Credit Union,
including something other than their current Unix Host network if they have it
in its own subnet. This is very
important for proper routing of packets to and from the DRC Citrix Farm
network.
Testing, Storing and Shipping the Farm
Planning
and preparation for a disaster is very important to this process. Installation and testing of all desired
programs as well as practicing a disaster recovery will be done. A connection from the client’s network to our
network (router-to-router PPP dialup or box-to-box VPN) should be made so the
programs can be tested and verified functional by the end users. Every normal process, including printing from
FSP and Windows based programs, should be tested by connecting back to the
existing UNIX host computer
Once the
farm is verified to be correctly built, images of the 18 Gig drives on Hardware
A, the 18 Gig drive on Hardware B and the 36 Gig drives on both instances of
Hardware C will be made and stored on the File Server’s 146
Gig hard drive. A boot floppy
that includes network drivers for each specific server and points to its
specific restore image will be made for automated building of each server in
the farm over the network.
If the farm
will be transferred to the hardware at the DRC in Carrolton, TX,
each mirrored set will be properly labeled and shipped to the DRC in separate
stiff foam lined cases. The DRC will
insert these drives into the respective servers. When the servers are booted, they should come
up in a fully functional domain and be available to offer terminal connections.
If this
does not work properly, restoring the servers can be accomplished with the boot
floppies and the 146 Gig hard drive that were shipped
with the images. The file server will
restore its OS to the 18 Gig drive from its own 146 Gig drive. After it is up and running, the other servers
will restore their OSs
from the functioning File Server. If the
network restore does not work for any reason, a restore from the DVD can be
accomplished by slightly altering the boot floppy and putting the designated
DVD in the individual server’s DVD drive.
For safe keeping, a DVD image should also be burned of the Citrix servers in
the farm. The other servers will change
too much for any benefit to come from storing an image. The copies of the DVDs that Enveloptech makes
will be stored in an off-site library.
The next Citrix test will be originally based on the previous year’s DVD
image with updates and changes being installed as needed. Each subsequent Citrix installation, when it
is tested to be totally functional, will be re-burned to a new DVD and stored
in the library for the next year.
Customer
cooperation and involvement in evaluation, testing and implementation is
extremely critical to a successful Disaster Recovery Farm. Full disclosure of all business critical
programs in use must be given.
Installation media, licenses, installation codes, phone numbers, help
desk agreement numbers and support logins may need to be given to Enveloptech
to achieve functionality of the farm.
Tape backups, CDs, floppy disks, etc. may be required to properly build
and image a farm. Any time updates are done, Enveloptech
needs to be notified and supplied with the necessary versions, service packs,
patches, etc. to keep our inventoried images up to date. Updating once a year is the bare minimum that
is acceptable for keeping an accurate and quickly deployable image of any
critical system.
Connecting to the Farm
Connecting
to the Citrix farm can be accomplished in many different ways. Most Credit Unions have an ISDN line (BRI or
PRI) at their host site with additional ISDN lines at designated branches. Some also utilized POTS lines or Switched
56. Any one of these methods can be used
to connect to Enveloptech’s system for preliminary
Citrix Farm testing. A VPN may also be
possible (especially if Enveloptech purchases a PIX-506E firewall). In any case, the Citrix farm will need connectivity
back to the UNIX host at the host site for FSP/ALPs
to be properly tested.
The farm at
the DRC is almost exactly the same when it comes to connectivity. All of the above methods are supported, as
well as Frame Relay and PtP if desired. In cases of a lower bandwidth connection
type, we highly recommend that a separate ISDN connection be used for UNIX
traffic to return, unimpeded by Citrix.
A Packetshaper at the DRC should also be
implemented to dedicate bandwidth to mission critical applications.
FAQs
1. What type of tape drives
will be used to assure compatibility?
Enveloptech will have on
hand an external 20/40 DAT drive, a 40/80 DLT tape drive, and a 110/220 SDLT
tape drive. These drives read backward
to legacy tape drive technology.
2. How will my information
be put back on the server if my tape drive is older than the tape drives used
on the disaster recovery server?
In the event of a real
disaster, your older tape drive will more than likely be totally unusable. A newer, more up-to-date tape drive will be
purchased and installed in the replacement hardware when you are ready to go
back online.
3. How is my email going to
be delivered to Texas
when the IP address will not be the same?
Disaster DNS planning needs
to take place to determine how redundant and recoverable the records are. We suggest hosting your DNS on an easily
accessible Web location. The use of
primary and secondary SMTP servers is also highly recommended. When your primary Internet connection or SMTP
server goes down, the secondary server can hold the mail until you can either
recover the lost server or divert the mail to a new final destination (the DRC
hosted recovery server).
4. Will Onbase be
useable in a disaster situation?
The use of Onbase depends upon the level of preparation that goes into
the recovery system. Scanning and
storing check images can be done with many different types of equipment, or can
even be sub-contracted out to third party organizations. Having a backup scanning system will be a
requirement for total disaster recovery.
Burning those images to a DVD or CD and shipping them to the DRC for
proper posting will be necessary to alleviate the choking of low bandwidth
lines.
5. How will we print to our local printers?
Printing will be done the
same as in a normal Citrix environment.
For those who have previously sub netted their networks to put their
UNIX host, Citrix servers, users and print servers into different networks,
only the added inconvenience of latency will be added. The UNIX host will print to the HP Print
servers and Access Servers and Windows programs will prints via the ICA channel or ThinPrint to local printers or network printers that they
have locally mapped.
6. How can our licenses be moved to the recovery
farm?
Microsoft and Citrix have
methods of directly reporting to them when licenses need to be moved from one
piece of hardware to another due to equipment failure. This will be part of the disaster recovery
process, but not necessarily part of the Citrix DRC test as we will be
purchasing separate spare licenses to offer a limited test environment.
7. Is there a way to leverage the existence of
the Internet as well as use an ISDN BRI or PRI to have more bandwidth to the
DRC with reduced costs?
Yes. Through the existence of the proper hardware
with correct configurations, properly assigned gateways and static routes on
the UNIX host can make it possible for all UNIX traffic to go through the ISDN
line and Citrix traffic to go over a 3DES VPN on the Internet. Care must be taken to not hamper Internet
customers getting to the Ultra Access server, however.