Horse Sense 100 was pretty popular, thank goodness.  Backup and restore is something everyone using computers needs to think about.  A couple of people were even brave enough to comment on the article and their experiences might help you.  Some editing was done to make the writing more readable and to make us look smarter than we were when we originally wrote this stuff.



In this issue of Horse Sense:
-Questions and Answers
-Backups:  Who, What, When, Where, Why, and How (and What to do if you have more questions!)

[Paula]  Excellent article.  This issue has plagued me for years.  I especially like your observation that it's not the backup that's important, it's the RESTORE!  I had been faithfully backing up off-site to an Intuit server for years when, guess what?  My computer crashed.  No problem, I thought -- I will restore to my new replacement computer.  But of course the restore did not work and their customer support was useless.  All I got were a lot of "I don't know" s and "we're sorry".  Their backup service cost me a lot of money for nothing.  I am now backing up to a local external device, so I am vulnerable to loss by fire, but I figure that the probability of that is lower than loss by computer failure.

How is the little doggie?  I want to see him.

 

NEVER trust a backup you haven't tried to restore.  Backups should be test restored fairly regularly.  Yeah, NOW you know.

Beyond redundancy, which is having another disk or system take over for the failed one, you need backup.  There are FOUR kinds.  Traditional file by file and/or application based backup will allow you to get a file or e mail box back quickly.  Image based backup is targeted at the entire system and will allow you to recover quickly with all your settings intact from a system crash.  [The new version of Backup Exec allows you to do a file by file backup and turn it into an image backup if you back up the entire system and some critical system information.]  Archival backups allow you to get to stuff you really do not care about any more on a day to day basis, but might need in the future for customer service, legal, or other purposes.  Paper is a good archival media since it lasts so long.  Optical disks are as well, but more and more people are using hard disks for things like e mail archiving.  E mail is an especially good thing to archive because old e mail is not very useful on a day to day basis, but you may need it to refer to if someone brings a project back to life, you need to refer to something you said, or you have a legal issue.  Off site backup (usually file by file or image) is usually merely replicating what you have backed up locally out to a service provider or another system you own somewhere so that if you lose all of your local info, you still have that one.  It is kind of expensive to do this because of the slow WAN link or (not recommended because you might forget it) physically moving the data off site, so it usually only has the latest and greatest information.

Fluppy the Puppy has been fairly good lately, though yesterday he swiped many of the stuffed animals out of my son's room and hid them for himself.  The stuffed animals were returned unharmed and no ransom was paid.



[Arch]  There is lots written about backing up to the cloud but something I don't see much written about is backup protection FROM the cloud.  More and more people are starting to put all their stuff in the cloud. What happens when the company housing their data goes bye-bye (bankruptcy, corporate buyout, rates change and the customer does not want to pay…)?  I have not seen many places that have anything locally to rebuild the data if their cloud data goes away.

If you have your business in the cloud, then your remote backup should probably be to your OWN equipment or there won't be a recovery point to meet a recovery point objective.  If something goes wrong out there, to have any hope of fulfilling a recovery time objective you have to have something to restore it to!  [Cloud vendors will not tend to tell you something like this.]

I can drive to a site I support and have them back up in two hours, but is it overkill?

 

Look at the RESTORE end of things and you will be able to answer your own question.  Can they stand to lose more or less (Recovery Point Objective)?  How long will it take you to do the restore and get them back up and operational from where they want to be (Recovery Time Objective)?  Looks like you have on site backup and remote replication covered at least somewhat, but I am not sure how much.  Recovery may take longer or be ineffectual if you have to restore too much to get what you want or do not have all the pieces you need to restore and need to recreate things by hand, like system settings, desktop views, etc.

As part of their plan, they need to think of human backup.  What happens if you are not available?  How do they deal with that?

Business continuity is being able to survive and run in a degraded fashion as best you can.  People think disaster recovery, but they get it wrong.  A disaster is normally thought of as an act of God like a fire.  Instead, how about a power glitch?  A bad flu bug?  A truck hitting the pole outside the office?  A family emergency?  A big snow?  A hospitalization?  Backup is not just for computers.  Continuity of operations often needs creative thinking and planning BEFORE the event to make restoration of a more normal, but perhaps degraded state, more effective.  For that, you need to look at the how the business functions as a whole and factor in the people and other resources as well.  Note that telecommuting and being able to access necessary information away from your primary work site can help if the primary site is compromised.

[Arch] Good point.... but at some point, you gotta look at someone and say "you're screwed!"

 

Well, yes, you cannot plan for or fix EVERYTHING and you are definitely in a bad state if you need to think of disaster recovery/business continuity anyway.  It is like insurance.  No one wants it to collect, but you have a plan in place if it happens to try to minimize the damage.  Continuity Of OPerations (COOP) plans assume something can and will go wrong.  You do not have to use your plans unless you are already screwed in some way.  They are all about recovery and limiting the potential damage.  The hard truth is that some scenarios will cause you great pain or even the death of your business.

 

[Arch] There are millions of companies out there that have nothing.  No backups, antivirus is non existent or expired, Windows Update has not run in years, etc. About a month ago, I got on the board of another charity.  As we were doing the board orientation we hit their computer room where they train people.  She mumbled something about struggling to get a grant to get the IT work straightened out.  I told them I would do it in lieu of my board contribution.

There had been no Windows updates in two years, most workstations could not talk to the domain controller, antivirus updates were not happening, they had not had a successful backup since last March, on and on.  I spent last Saturday sitting on my couch cleaning up the system.

 

The statistics show that what you have seen is the norm rather than the exception.  Computers are critical tools.  How happy would you be chopping down trees with a dull ax?  Even in tough economic times, you need to invest in your tools and infrastructure.  You not only have to replace your hardware and software, but you have to make sure the people know how to use it via training.  They also need to have professional support and maintenance available to them.  Most of all, there needs to be recognition and continuing emphasis by management that your computing edge be kept sharp.  I am sure with your example above that lots of things were not working right and had they lost data, it would have been gone forever.  Sooner or later, luck does run out....




Backups:  Who, What, When, Where, Why, and How (and What to do if you have more questions!)

Good data protection is not just about backup and restore.  It is about being smart about who, what, when, where, why, and how you manage your information.  Most of these questions do not have anything to do with hardware or software, but how people in the organization deal with information.

Who is responsible for backups and restores?  Who is going to manage it over the long term?  How can you assure that it will be done and that person is recognized for doing their job well?  Who will be able to do the restore if they are not available?  Can you handle the tasks effectively or do you need to engage someone else to provide resources or services?  Who is responsible for the continuity of operation planning and implementation (hint, if it does not involve upper management, your answer is wrong)?  Backup and restore options are only part of business continuity thinking.

Where does valuable information reside?  Do you need to back up workstations, laptops, cell phones, and other devices as well as servers?  Where are you going to put that information so that those who need it can get to it?  Should you have the information on site, off site with a third party, in the cloud, in a car trunk or home, or at another office?  How safe is the place where you are going to put it?  How easy is it to get to and to get the information back?  How are you going to deal with virtual machines and information and services that are not on site?

What is data and what is just information?  Is there duplicate information you can ignore or deduplicate?  One good way to save yourself a ton of money and make your systems run better is to "de-crapify" them.  Remove all the service packs, backup information, useless logs, and other detritus you do not need.  I have discussed how to do this in previous articles.  If you do this periodically you save time and money on each data protection task you perform from then on and you increase system performance, reliability, and security.  I often say work I do not have to do is easy.  By the way, redundancy is not backup.  Redundant information is a faithful working copy.  If the old data has been overwritten or becomes corrupted, redundancy will not save you.  Backup will.

Why are you backing something up?  Think about restore and the value of the information.  The most critical information needs to be better protected.  Try not to back up anything that really will not be useful on a restore.  Save gobs of money by not collecting, backing up, or restoring information your organization does not really need.  If you want to figure out if something is really need it, assign it a data collection and maintenance cost in dollars and ask if someone will be willing to pay for it.

When can you do the backup?  How long can the backup and restore take (recovery point objective and recovery time objective apply)?  How long do you need to keep the information around?  Are there different types of information you should protect on different schedules?  If information is less critical or changes less often, maybe you do not need to back it up on the same schedule.  When should data or backups be archived or simply deleted?  Keeping lots of copies of information around increases your security risk and your costs while it might not be worth anything in terms of a restore.

Once you answer all these questions, how you should do your backups and restores should become more obvious.  Of course, you will also have to figure out how to pay for it.  And paying for it is not just putting money into the task, but committing people, time, training, support, professional services, continuing management oversight and support, security oversight, policy development, and other resources as well.  You will also want to regularly review and test your setup.  Money is often the least of your worries.  You can often save a ton of money in the long run by being smart about how you perform a task and how you plan for the future.  Be careful.  The less automatic and more onerous you make the backup and restore task, the less likely it is to happen and that means the chances of a good result decrease dramatically.

We are here to answer your business continuity, backup, restore, archiving and other computing questions.  And, if you would like to e mail us a question that we think might help others, YOU may end up in our newsletter!

©2012 Tony Stirk, Iron Horse tstirk@ih-online.com