What makes a good backup solution?
Part 3 of 4
Three more topics
If you have not read part one and part two you may want to start there.
In this section we will look at three more topics. First we will look at what kind of disaster we want to protect ourselves from. Then we will look at protecting the backups themselves and finally we will look at backup media.
What do we hope to protect ourselves from?
There are a few different risks that backup can protect us from. What risk you wish to mitigate will influence many of the choices you make in designing your backup strategy.
Recovery from accidentally deleted files: As I have mentioned before the most common form of recovery is recovering accidentally deleted or corrupted data files. The ideal solution for recovering from accidental deletions should probably be online with an offline solution backing that up. Online backups have the advantage of being quick to recover and depending on the solution may even allow the end user to recover their own files. If you plan to use an online backup you will also want an offline backup for resilience as we have discussed earlier but equally important an offline backups will allow you to hold a repository of older backups going further back allowing recovery of missing files that are not noticed for a period of time.
Recovery from maliciously deleted files: To be able to recover from maliciously deleted, corrupted or modified files you will need an offline backup solution. As has been mentioned previously, if an attacker can get to your production files the risk that they can get to your online backups is too great to rely solely on online backups.
Recovery from a disaster: A disaster can be anything from the failure of a drive or a server to the complete destruction of your data center. To be protected from this type of disaster you will need an offsite backup solution. The backup can be online, offline or a hybrid of both. The important item here is that the backup is not going to be in the same location as the disaster. The definition of the same location depends on the risk you want to mitigate. If you are only concerned with the possibility of a server failing a different location may be backing up to another system in the same room. If you are concerned about fire a few buildings away may be sufficient. If you are concerned about natural disaster you need to start considering geographic dispersion. Recovery from disaster really comes down to which disasters do I need to be able to recover from? In all likelihood you need to be able to recover from any disaster that might befall your datacenter.
Protecting offsite backups:
Once the backups are made they need to be protected from their own disasters.
The simplest form of sending backup offsite is to have a trusted employee to take the backups home with them. This meets the minimum requirements but really creates as many problems as it fixes.
The employee may loose the tapes.
The employee’s home/car may be robed and the tapes might be stolen.
You may have a disaster and not be able to get in contact with the employee who holds the tapes to get them back and start a recovery.
If you are using hard drives for backups it is trivial for the employee to make copies of the backed up data in the privacy of their own home. It’s slightly less trivial with tape media since most employees won’t have a tape drive at home but it is possible.
Many companies take tapes or other backup media offside and store it in a bank vault or similar secured location. This is relatively convenient and cheap while providing a fairly high level of security. There are a few downsides to this solution that must be considered. Assuming you keep the most recent full backup in the vault you can only start a recovery when the bank is open. For this to be a convenient solution you may not have a great deal of geographic distribution between the business and the bank.
There are a number of companies that specialize in secure off site storage of data backups. These companies can be contracted to pickup and drop off backups on a regular basis and in an emergency out of normal business hours access can usually be made available. The real downside to this solution is trust and cost. You are trusting a third party to protect your data so investigate the company, their history and what type of liability they are willing to accept. Since these services are taking a fair amount of liability and manpower costs you should expect to pay a fair price for their services.
Encryption: Much of the risk mentioned above can be mitigated by encrypting your backups. Many backup solutions will allow you to encrypt your data as it is written to backup media. On thing to keep in mind is that encrypted data does not compress so you will use more backup media but that’s a small price to pay for protecting your data.
There are a number of different backup media that can be used. Let’s look at the common ones.
Tape: Tape is the old standby.
To Good: It’s relatively inexpensive. It has a fairly high capacity per gigabyte of storage. Compared to spinning disks tapes are much less prone to shock damage. Tapes are easy to transport.
The Bad: Tapes are relatively slow. Tapes wear out faster than disk.
Removable Disk Cartridges: Removable Disk Cartridges are ruggedized removable hard disks. They can be useful in small organizations or for single server backups but they do not scale well for larger backup sets. I think of these in terms of being a replacement for DAT backup tapes only much faster.
USB Disks: I know a number of people who use USB disks for backups. They are relatively inexpensive. USB is not exceptionally fast for sustained transfer so they are a little slow. The biggest issue is that USB disks can only scale so far before they become to large to easily take offsite and they are not as rugged as tape. USB disks can be a really good online backup solution if the slow transfer rate is now an issue. I have used USB in a few circumstances and the price per GB can’t be beat.
D2D: Disk to Disk (D2D) backups are all the rage right now. This mostly has to do with backup windows getting shorted while the amount of data to back up continues to grow. D2D does a good job of mitigating this issue and is the only effective way to do online backups. D2D should not be the only form of backup for reasons that I have already explained. Since D2D is usually fast it is possible to have continual backups meaning we are moving from point in time backups to any point in time recovery or at least much more granular recovery.
D2D2T: Disk to Disk to Tape (D2D2T) takes D2D and then spins the data to tape while it is finishing the backup to disk. Think of the backup disk as a cache for the tape if that helps. This is a best of both world solution. This is very cool but it’s still mostly hanging out at the top end of the market so it is not cheap. D2D2T can be done on the cheap by backing up to disk and then backing those backups to tape. That’s not quite as seamless but it’s also cheaper.