Appearance
Technische Wiederherstellung – Übersicht und Infrastruktur
Dieses Dokument bietet eine Übersicht der technischen IT-Infrastruktur der CERTANIA Holding GmbH und dient als Einstiegsdokument für alle technischen Wiederherstellungsrunbooks (07_01–07_07).
Infrastrukturübersicht
Die IT-Infrastruktur der CERTANIA Holding GmbH ist Cloud-first ausgerichtet. Es existiert keine eigene On-Premises-Serverinfrastruktur. Alle kritischen Dienste werden über Cloud-Plattformen betrieben.
Primäre Plattformen
| Plattform | Anbieter | Funktion | Tier |
|---|---|---|---|
| Microsoft 365 | Microsoft | E-Mail, Collaboration, Dokumentenmanagement, Identität (Entra ID) | Tier 1 |
| Hornet Security | Hornetsecurity GmbH | E-Mail-Schutz, E-Mail-Archivierung, Immutable Backup | Tier 1 |
| LucaNet | LucaNet AG | Finanzkonsolidierung, Financial Performance Management | Tier 2 |
| M&A-Datenräume | Diverse | Virtuelle Datenräume für M&A-Transaktionen | Tier 2 |
DNS und E-Mail-Infrastruktur
| Komponente | Details |
|---|---|
| DNS-Registrar | United Domains |
| DNS-Provider | Cloudflare / Bunny.net |
| Primäre Domain | certania.com |
| MX-Record | Siehe DNS-Zone |
| SPF-Record | Siehe DNS-Zone |
| DKIM-Konfiguration | Über Hornet Security und M365 Siehe DNS-Zone |
| DMARC-Policy | Siehe DNS-Zone |
Endgeräte
| Typ | Anzahl (ca.) | Betriebssystem | Verwaltung |
|---|---|---|---|
| Windows-Clients | 30 | Windows 11 / macOS 26 | Intune |
| Mobile Geräte | 30 | iOS / Android | Intune MDM |
⚠️ PLATZHALTER – Vollständiger Systemkatalog: Siehe Anhang A1 – Systemkatalog. Muss durch Alexander Schedler (ITL) bis [30.04.2026] vervollständigt werden.
Wiederherstellungsprioritäten
Die Wiederherstellung erfolgt in der folgenden Prioritätenreihenfolge, basierend auf der Business Impact Analyse (Dokument 03):
| Priorität | System/Dienst | Runbook | RTO |
|---|---|---|---|
| 1 | DNS / MX / DKIM | 07_06 | 1h |
| 2 | Microsoft 365 (E-Mail & Identität) | 07_01 | 2h |
| 3 | Hornet Security (Backup-Zugriff) | 07_05 | 4h |
| 4 | SharePoint / Teams / OneDrive | 07_01 | 4h |
| 5 | LucaNet | 07_02 | 8h |
| 6 | M&A-Datenräume | 07_03 | 24h |
| 7 | Endgeräte | 07_04 | 24h |
Runbook-Verzeichnis
Alle technischen Wiederherstellungsrunbooks sind in diesem Ordner abgelegt:
- 07_01 – Runbook: E-Mail / M365 / Hornet
- 07_02 – Runbook: LucaNet
- 07_03 – Runbook: Datenräume & Fileserver
- 07_04 – Runbook: Endpoint Recovery
- 07_05 – Runbook: Backup-Wiederherstellung
- 07_06 – Runbook: DNS / MX / DKIM Failover
- 07_07 – Runbook: Ransomware / Clean Room
Zugangsdaten und Credentials
⚠️ WICHTIGER HINWEIS: Zugangsdaten, Admin-Passwörter und API-Keys dürfen nicht in diesem Dokument gespeichert werden. Sie sind ausschließlich in einem gesicherten Passwort-Manager ( Vaultwarden vault.certania.group ) oder einem physisch gesicherten Notfallumschlag zu hinterlegen.
Die folgenden Zugangsdaten müssen im Notfall verfügbar sein:
- Microsoft 365 Global Admin Account (Break-Glass-Account)
- Hornet Security Admin-Zugangsdaten (M365 Break-Glass-Account)
- DNS-Registrar-Zugangsdaten
- LucaNet Admin-Zugangsdaten
- Cyber-Versicherung Coalition – Schadennummer-Hotline
DNS Zone (MX, SPF, DKIM, DMARC)
;;
;; Domain: certania.com.
;; Exported: 2026-02-24 14:52:27
;;
;; This file is intended for use for informational and archival
;; purposes ONLY and MUST be edited before use on a production
;; DNS server. In particular, you must:
;; -- update the SOA record with the correct authoritative name server
;; -- update the SOA record with the contact e-mail address information
;; -- update the NS record(s) with the authoritative name servers for this domain.
;;
;; For further information, please consult the BIND documentation
;; located on the following website:
;;
;; http://www.isc.org/
;;
;; And RFC 1035:
;;
;; http://www.ietf.org/rfc/rfc1035.txt
;;
;; Please note that we do NOT offer technical support for any use
;; of this zone data, the BIND name server, or any other third-party
;; DNS software.
;;
;; Use at your own risk.
;; SOA Record
certania.com 3600 IN SOA malavika.ns.cloudflare.com. dns.cloudflare.com. 2052361134 10000 2400 604800 3600
;; NS Records
certania.com. 86400 IN NS malavika.ns.cloudflare.com.
certania.com. 86400 IN NS margo.ns.cloudflare.com.
;; A Records
ia.certania.com. 1 IN A 51.15.124.208 ; cf_tags=cf-proxied:false
;; CNAME Records
autodiscover.certania.com. 1 IN CNAME autodiscover.outlook.com. ; cf_tags=cf-proxied:false
autodiscover.ia.certania.com. 3600 IN CNAME autodiscover.outlook.com. ; cf_tags=cf-proxied:false
autodiscover.partners.certania.com. 3600 IN CNAME autodiscover.outlook.com. ; cf_tags=cf-proxied:false
brevo1._domainkey.certania.com. 3600 IN CNAME b1.certania-com.dkim.brevo.com. ; cf_tags=cf-proxied:false
brevo2._domainkey.certania.com. 3600 IN CNAME b2.certania-com.dkim.brevo.com. ; cf_tags=cf-proxied:false
certania.com. 1 IN CNAME main-bvxea6i-ro5ylhetinyxc.eu.platformsh.site. ; cf_tags=cf-proxied:false
_dmarc.certania.com. 3600 IN CNAME certania.com.dmarc.hornetdmarc.com. ; DMARC cf_tags=cf-proxied:false
enterpriseenrollment.certania.com. 1 IN CNAME enterpriseenrollment-s.manage.microsoft.com. ; cf_tags=cf-proxied:false
enterpriseenrollment.ia.certania.com. 3600 IN CNAME enterpriseenrollment-s.manage.microsoft.com. ; cf_tags=cf-proxied:false
enterpriseregistration.certania.com. 1 IN CNAME enterpriseregistration.windows.net. ; cf_tags=cf-proxied:false
enterpriseregistration.ia.certania.com. 3600 IN CNAME enterpriseregistration.windows.net. ; cf_tags=cf-proxied:false
hse1._domainkey.certania.com. 1 IN CNAME hse1._domainkey.hornetsecurity.com. ; cf_tags=cf-proxied:false
hse2._domainkey.certania.com. 1 IN CNAME hse2._domainkey.hornetsecurity.com. ; cf_tags=cf-proxied:false
lyncdiscover.ia.certania.com. 3600 IN CNAME webdir.online.lync.com. ; cf_tags=cf-proxied:false
mta.ms.certania.com. 1 IN CNAME mailersend.net. ; cf_tags=cf-proxied:true
one.certania.com. 1 IN CNAME certania.sharepoint.com. ; cf_tags=cf-proxied:true
selector1._domainkey.ia.certania.com. 3600 IN CNAME selector1-ia-certania-com._domainkey.gwpeu.p-v1.dkim.mail.microsoft. ; cf_tags=cf-proxied:false
selector2._domainkey.ia.certania.com. 3600 IN CNAME selector2-ia-certania-com._domainkey.gwpeu.p-v1.dkim.mail.microsoft. ; cf_tags=cf-proxied:false
sip.ia.certania.com. 3600 IN CNAME sipdir.online.lync.com. ; cf_tags=cf-proxied:false
trust-center.certania.com. 1 IN CNAME 3a69a5bb27875189.vercel-dns-016.com. ; cf_tags=cf-proxied:false
trust.certania.com. 1 IN CNAME 3a69a5bb27875189.vercel-dns-016.com. ; cf_tags=cf-proxied:false
www.certania.com. 1 IN CNAME main-bvxea6i-ro5ylhetinyxc.eu.platformsh.site. ; cf_tags=cf-proxied:false
;; MX Records
certania.com. 3600 IN MX 10 mx01.hornetsecurity.com.
certania.com. 3600 IN MX 20 mx02.hornetsecurity.com.
certania.com. 3600 IN MX 30 mx03.hornetsecurity.com.
certania.com. 3600 IN MX 40 mx04.hornetsecurity.com.
ia.certania.com. 3600 IN MX 0 ia-certania-com.mail.protection.outlook.com.
partners.certania.com. 3600 IN MX 0 partners-certania-com.mail.protection.outlook.com.
send.certania.com. 1 IN MX 10 feedback-smtp.us-east-1.amazonses.com. ; Resend
send.resend.certania.com. 1 IN MX 10 feedback-smtp.us-east-1.amazonses.com.
;; SRV Records
_sipfederationtls._tcp.ia.certania.com. 3600 IN SRV 100 1 5061 sipfed.online.lync.com.
_sip._tls.ia.certania.com. 3600 IN SRV 100 1 443 sipdir.online.lync.com.
;; TXT Records
certania.com. 1 IN TXT "compai-domain-verification=org_6980b22f35939cab1f33f691"
certania.com. 1 IN TXT "perplexity-ai-domain-verification-gfqexx=YAsLx0KoeZC8IA6TPCocejymm"
certania.com. 3600 IN TXT "brevo-code:fafcb14eb013a73461a7eaf839ce09ce"
certania.com. 1 IN TXT "nocodb-verification-26b8fa15466f6ba369243705d096651d"
certania.com. 1 IN TXT "v=spf1 redirect=certania.com.spf.hornetdmarc.com"
certania.com. 1 IN TXT "mistral-domain-verification=578d95e0ede2c90e2e7a7cffddc8f8c14056ac81"
certania.com. 1 IN TXT "airtable-verification=7f0953ab5c279f7894fc7fba1294fa75"
certania.com. 1 IN TXT "have-i-been-pwned-verification=dweb_i7knh4ph5kji8ogdpa3vtv74"
certania.com. 1 IN TXT "MS=ms53327001"
certania.com. 3600 IN TXT "google-site-verification=JQ4EP2NPU3tqfAiqAHAM9j9r06PFoZYD6WMTlOGPDfs"
certania.com. 1 IN TXT "openai-domain-verification=dv-a0DMbOUfhQ2kwrrxCbGhwsjl"
certania.com. 1 IN TXT "atlassian-domain-verification=Yi5X4TM5tY5am15pv/yH1C2ZSPmG/oYhOkbM4Kuj4aOTNLvOaNxhLmwLRP4SZTJb"
ia.certania.com. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com ~all"
ia.certania.com. 3600 IN TXT "MS=ms81564519"
ms.certania.com. 1 IN TXT "v=spf1 include:_spf.mailersend.net ~all"
partners.certania.com. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
resend._domainkey.certania.com. 1 IN TXT "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC14pmPbq2ZKVVgKnpUgbDrWNFrPjuHUtTi3wE0mTrb5T8ziose8u8WfakmuoG+1efAqOG9bma9lUn01vvzw+UdF85DnRfLuaxxGLBTHbhDO6sZKG5cPnnUX5JiIfRSENsBZEQaOK71PY1y7OgLb6iaFMMWDAno4fThOOcdMHbLNQIDAQAB" ; Resend
resend._domainkey.resend.certania.com. 1 IN TXT "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCz83HzNCqZN+KLBn0sL2fLH8yb6ebSFQlzsxYMyUoyA3tpZa9as1YhuZP5mkJGj1LUs55VyRDOjv4GeAGvU0dGf3yaSIDXa/7ND3W1kPkvvvPffZ7s6mQaFy0b7jSkmVVHUfJDFrawnvWBqHZEiSIpW1/PY01tvlr+b2swuLiKHQIDAQAB"
send.certania.com. 1 IN TXT "v=spf1 include:amazonses.com ~all" ; Resend
send.resend.certania.com. 1 IN TXT "v=spf1 include:amazonses.com ~all"Änderungshistorie
| Version | Datum | Autor | Änderung |
|---|---|---|---|
| 0.1 | 2026-02-24 | Alexander Schedler | Initiale Erstellung |
Dokumentensteuerung
| Feld | Wert |
|---|---|
| Dokumentenname | 07_00_Uebersicht-und-Infrastruktur.md |
| Version | 0.1 |
| Status | Entwurf |
| Erstellt von | Alexander Schedler |
| Freigegeben von | – |
| Datum | 2026-02-24 |
| Nächste Überprüfung | 2027-02-24 |