S 6.88 Creation of a business continuity plan for the web server

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

The partial or complete failure of a web server has severe consequences in many cases. For example, the web server may be an essential part of internal procedures or of an e-commerce or e-government system.

A failure of the web server then also causes the overall system to fail. If the web server contains a public website, the failure or a malfunction will also become known to the public quickly.

When drawing up the business continuity plan, it is therefore necessary to draw up a concept detailing how the effects of a failure can be minimised and which actions need to be taken in case of a failure.

The following aspects must be taken into account in this regard:

• The contingency planning for the web server must be integrated into the existing business continuity plan (see module S 1.3 Business continuity management). It must first and foremost be clarified whether or not corresponding business continuity plans exist for all other systems and network connections necessary for operating the web server.

• Data may also be lost due to the failure of a system. For this reason, a data backup policy must be drawn up for the web server and should be integrated into the existing data backup policy (see also module S 1.4 Data backup policy). This policy should not only take into consideration the web server itself, but also the overall system the web server is used in. This may also include databases, application servers, or proxy installations for load balancing.
• If there are special requirements regarding the web server's availability, required components should be designed redundantly. For example, the web server itself may be designed redundantly in some applications by using a joint, external storage system.
• In order to operate the web server in the Internet, a working Internet connection is required. Certain configurations additionally require a properly working DNS server. A failure of these components must therefore also be taken into consideration.
• If SSL is used on the web server, the private key of the SSL certificate must also be accessible when recovering the system. Since this key should be protected by a password, it must be stored securely so that it is available for recovery (see also S 2.22 Escrow of passwords).
• The system configuration must be documented. Important tasks must be described in such a way that the overall system can be restored in the event of an emergency even without prior knowledge of this system configuration.
• A recovery plan must be drawn up guaranteeing that the system can be booted in a controlled manner.

Review questions:

• Is there a business continuity concept minimising the consequences of a failure and specifying the actions in the event of a failure?
• Has the contingency planning for the web server been integrated into the existing business continuity plan?
• Is there a data backup policy for the web server and the overall system the web server is used in that is integrated into the existing data backup policy?
• In the event of high availability requirements: Are the components of the web server designed redundantly?
• Is the failure of the Internet connection planned for?
• DNS server required: Is the failure of the DNS server taken planned for?
• When using SSL: Is the private key of the SSL certificate accessible during system recovery?
• When using SSL: Is the private key of the SSL certificate protected by a password and is this password stored securely?
• Are important tasks described in such a way that the overall system can be restored in the event of an emergency even without prior knowledge the this system configuration?
• Is the system configuration documented?
• Is there a recovery plan guaranteeing that the system can be booted in a controlled manner?