Jump to content

PasswordState Response plan


Guest SecurityNoob

Recommended Posts

Guest SecurityNoob

Hello PasswordState Community.

I was just wondering what steps other users undertake when your PasswordState happens to be down.

What response plan do you have and what measurements have you taken?

 

Regards

Link to comment
Share on other sites

15 hours ago, Guest SecurityNoob said:

What response plan do you have and what measurements have you taken?

 

It hasn't happened for us yet; but our current implementation was tested to have zero dependencies on anything else (besides the obvious like networking); additionally everything we need to restore Passwordstate has been documented, plus we have a restore kit securely stored offsite which contains copies of the documentation and Passwordstate passwords.

 

We test restores monthly.

Our recovery plan for Passwordstate is about 10 pages long.

 

We're about to move to an Active/Active design, backed by a 4 node AAG across DCs which will host Passwordstate which will just improve our uptime. I just need to finalize the design with the other teams, but unfortunately its not my priority right now.

 

15 hours ago, Guest SecurityNoob said:

I was just wondering what steps other users undertake when your PasswordState happens to be down.

Ultimately for us it would depend on why it was down. Generally speaking if we can't get it back up within 15 minutes we will be initiating a restore operation as its easier and faster for us. We don't predict Passwordstate being down for more than 30 minutes even if we had to restore. Which is critical, because it holds data for our backup software which we'd need to initiate restores in the event of a total failure of the DC.

Link to comment
Share on other sites

Good morning,

 

We have a similar approach to Sarge.


Regular backups are key. If the server were to go down we could have a fully functional replacement up in a very short amount of time.

 

In a catastrophic failure (to the infrastructure) we have full copies of the database in an offsite location along with the "emergency password" if needed.

Both of these should be separated....

 

Luckily, we haven't had to actually go through the process but it is in place if needed.

 

Kyle

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...