Order Management Plus Disaster Recovery

This plan describes disaster recovery mechanisms that Salesforce employs in production environments in order to deal with various types of disasters that may occur.

Definition of Disaster Recovery

Disaster recovery (DR) involves a set of policies, tools and procedures that enable the recovery or continuation of Order Management Plus following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting Order Management Plus, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events.

Disasters can be classified into two broad categories:

• The first category is natural disasters such as floods, hurricanes, tornadoes or earthquakes.

• The second category is man-made disasters, such as hazardous material spills, infrastructure failure, bio-terrorism, and disastrous IT bugs or failed change implementations.

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

Recovery time objective (RTO) is the time it takes after a disruption to restore Order Management to its normal operating level. For example, if a disaster occurs at 12:00 PM and the RTO is eight hours, the DR process should restore the business process to the acceptable service level by 8:00 PM.

Recovery point objective is the acceptable amount of data loss measured in time. For example, if a disaster occurs at 12:00 PM and the RPO is one hour, the system should recover all data that was in the system before 11:00 AM Data loss will span only one hour, between 11:00 AM and 12:00 PM.

Data Backup and Restore Procedures

Vlocity uses Amazon S3 services to perform all backups for Order Management Plus. Backup and restore procedures are periodically tested in Vlocity Test environments to ensure that they are reliable. The frequency of backups and number of backups retained is determined by the Vlocity Operations team based on the Recovery Point Objective that has been agreed upon. All data that is backed up is fully encrypted in the same way in which the source data is encrypted.

Order Management Plus Availability Architecture

Order Management Plus uses many of the best-in-class services provided by Amazon Web Services to achieve high availability. Elastic Load Balancers are used to detect problems with an availability zone and distribute traffic to another zone if necessary. Order Management Plus production environments employ three availability zones as shown in the following diagram.

Availability Architecture

If the active availability zone goes down, the Elastic Load Balancer begin to distribute traffic to one of the other availability zones. Order Management remains fully operational, with the possibility of reduced throughput, as long as one availability zone remains available.

Order Management Plus relies on a master database and a hot standby database. All data written into the master database is automatically synchronized to the standby database so that if the master fails, a transition to the standby instance occurs more seamlessly.

Per compliance requirements, Vlocity does not employ multiple AWS Regions in our availability architecture because this means that copies of the data would be taken outside the designated customer region. For European customers, this would violate GDPR regulations.

.