Horse Sense #101
Backup Comments And Questions
Horse Sense 100 was pretty popular,
thank goodness. Backup and restore is something everyone using computers
needs to think about. A couple of people were even brave enough to comment
on the article and their experiences might help you. Some editing was done
to make the writing more readable and to make us look smarter than we were
when we originally wrote this stuff.
In this issue of Horse
-Questions and Answers
-Backups: Who, What, When, Where, Why,
and How (and What to do if you have more questions!)
[Paula] Excellent article. This issue has plagued
me for years. I especially like your observation that it's not the backup
that's important, it's the RESTORE! I had been faithfully backing up
off-site to an Intuit server for years when, guess what? My computer
crashed. No problem, I thought -- I will restore to my new replacement
computer. But of course the restore did not work and their customer support
was useless. All I got were a lot of "I don't know" s and "we're sorry".
Their backup service cost me a lot of money for nothing. I am now backing
up to a local external device, so I am vulnerable to loss by fire, but I
figure that the probability of that is lower than loss by computer failure.
How is the little doggie? I want to see him.
NEVER trust a backup you haven't tried to restore.
Backups should be test restored fairly regularly. Yeah, NOW you know.
Beyond redundancy, which is having another disk or system take over for the
failed one, you need backup. There are FOUR kinds. Traditional file by
file and/or application based backup will allow you to get a file or e mail
box back quickly. Image based backup is targeted at the entire system and
will allow you to recover quickly with all your settings intact from a
system crash. [The new version of Backup Exec allows you to do a file by
file backup and turn it into an image backup if you back up the entire
system and some critical system information.] Archival backups allow you to
get to stuff you really do not care about any more on a day to day basis,
but might need in the future for customer service, legal, or other
purposes. Paper is a good archival media since it lasts so long. Optical
disks are as well, but more and more people are using hard disks for things
like e mail archiving. E mail is an especially good thing to archive
because old e mail is not very useful on a day to day basis, but you may
need it to refer to if someone brings a project back to life, you need to
refer to something you said, or you have a legal issue. Off site backup
(usually file by file or image) is usually merely replicating what you have
backed up locally out to a service provider or another system you own
somewhere so that if you lose all of your local info, you still have that
one. It is kind of expensive to do this because of the slow WAN link or
(not recommended because you might forget it) physically moving the data off
site, so it usually only has the latest and greatest information.
Fluppy the Puppy has been fairly good lately, though yesterday he swiped
many of the stuffed animals out of my son's room and hid them for himself.
The stuffed animals were returned unharmed and no ransom was paid.
[Arch] There is lots written about backing up to the cloud but something
I don't see much written about is backup protection FROM the cloud. More
and more people are starting to put all their stuff in the cloud. What
happens when the company housing their data goes bye-bye (bankruptcy,
corporate buyout, rates change and the customer does not want to pay…)? I
have not seen many places that have anything locally to rebuild the data if
their cloud data goes away.
If you have your business in the cloud, then your remote backup should
probably be to your OWN equipment or there won't be a recovery point to meet
a recovery point objective. If something goes wrong out there, to have any
hope of fulfilling a recovery time objective you have to have something to
restore it to! [Cloud vendors will not tend to tell you
something like this.]
I can drive to a site I support and have them back
up in two hours, but is it overkill?
Look at the RESTORE end of things and you will be
able to answer your own question. Can they stand to lose more or less
(Recovery Point Objective)? How long will it take you to do the restore and
get them back up and operational from where they want to be (Recovery Time
Objective)? Looks like you have on site backup and remote replication
covered at least somewhat, but I am not sure how much. Recovery may take
longer or be ineffectual if you have to restore too much to get what you
want or do not have all the pieces you need to restore and need to recreate
things by hand, like system settings, desktop views, etc.
As part of their plan, they need to think of human backup. What happens if
you are not available? How do they deal with that?
Business continuity is being able to survive and run in a degraded fashion
as best you can. People think disaster recovery, but they get it wrong. A
disaster is normally thought of as an act of God like a fire. Instead, how
about a power glitch? A bad flu bug? A truck hitting the pole outside the
office? A family emergency? A big snow? A hospitalization? Backup is not
just for computers. Continuity of operations often needs creative thinking
and planning BEFORE the event to make restoration of a more normal, but
perhaps degraded state, more effective. For that, you need to look at the
how the business functions as a whole and factor in the people and other
resources as well. Note that telecommuting and being able to access
necessary information away from your primary work site can help if the
primary site is compromised.
[Arch] Good point.... but at some point, you gotta
look at someone and say "you're screwed!"
Well, yes, you cannot plan for or fix EVERYTHING
and you are definitely in a bad state if you need to think of disaster
recovery/business continuity anyway. It is like insurance. No one wants it
to collect, but you have a plan in place if it happens to try to minimize
the damage. Continuity Of OPerations (COOP) plans assume something can and
will go wrong. You do not have to use your plans unless you are already
screwed in some way. They are all about recovery and limiting the potential
damage. The hard truth is that some scenarios will cause you great pain or
even the death of your business.
[Arch] There are millions of
companies out there that have nothing. No backups, antivirus is non
existent or expired, Windows Update has not run in years, etc. About a month
ago, I got on the board of another charity. As we were doing the board
orientation we hit their computer room where they train people. She mumbled
something about struggling to get a grant to get the IT work straightened
out. I told them I would do it in lieu of my board contribution.
There had been no Windows updates in two years, most workstations could not
talk to the domain controller, antivirus updates were not happening, they
had not had a successful backup since last March, on and on. I spent last
Saturday sitting on my couch cleaning up the system.
The statistics show that what you have seen is the
norm rather than the exception. Computers are critical tools. How happy
would you be chopping down trees with a dull ax? Even in tough economic
times, you need to invest in your tools and infrastructure. You not only
have to replace your hardware and software, but you have to make sure the
people know how to use it via training. They also need to have professional
support and maintenance available to them. Most of all, there needs to be
recognition and continuing emphasis by management that your computing edge
be kept sharp. I am sure with your example above that lots of things were
not working right and had they lost data, it would have been gone forever.
Sooner or later, luck does run out....
Backups: Who, What, When, Where, Why, and How (and
What to do if you have more questions!)
Good data protection is not just about backup and restore. It is about
being smart about who, what, when, where, why, and how you manage your
information. Most of these questions do not have anything to do with
hardware or software, but how people in the organization deal with
Who is responsible for backups and restores? Who is going to manage it over
the long term? How can you assure that it will be done and that person is
recognized for doing their job well? Who will be able to do the restore if
they are not available? Can you handle the tasks effectively or do you need
to engage someone else to provide resources or services? Who is responsible
for the continuity of operation planning and implementation (hint, if it
does not involve upper management, your answer is wrong)? Backup and
restore options are only part of business continuity thinking.
Where does valuable information reside? Do you need to back up
workstations, laptops, cell phones, and other devices as well as servers?
Where are you going to put that information so that those who need it can
get to it? Should you have the information on site, off site with a third
party, in the cloud, in a car trunk or home, or at another office? How safe
is the place where you are going to put it? How easy is it to get to and to
get the information back? How are you going to deal with virtual machines
and information and services that are not on site?
What is data and what is just information? Is there duplicate information
you can ignore or deduplicate? One good way to save yourself a ton of money
and make your systems run better is to "de-crapify" them. Remove all the
service packs, backup information, useless logs, and other detritus you do
not need. I have discussed how to do this in previous articles. If you do
this periodically you save time and money on each data protection task you
perform from then on and you increase system performance, reliability, and
security. I often say work I do not have to do is easy. By the way,
redundancy is not backup. Redundant information is a faithful working
copy. If the old data has been overwritten or becomes corrupted, redundancy
will not save you. Backup will.
Why are you backing something up? Think about restore and the value of the
information. The most critical information needs to be better protected.
Try not to back up anything that really will not be useful on a restore.
Save gobs of money by not collecting, backing up, or restoring information
your organization does not really need. If you want to figure out if
something is really need it, assign it a data collection and maintenance
cost in dollars and ask if someone will be willing to pay for it.
When can you do the backup? How long can the backup and restore take
(recovery point objective and recovery time objective apply)? How long do
you need to keep the information around? Are there different types of
information you should protect on different schedules? If information is
less critical or changes less often, maybe you do not need to back it up on
the same schedule. When should data or backups be archived or simply
deleted? Keeping lots of copies of information around increases your
security risk and your costs while it might not be worth anything in terms
of a restore.
Once you answer all these questions, how you should do your backups and
restores should become more obvious. Of course, you will also have to
figure out how to pay for it. And paying for it is not just putting money
into the task, but committing people, time, training, support, professional
services, continuing management oversight and support, security oversight,
policy development, and other resources as well. You will also want to
regularly review and test your setup. Money is often the least of your
worries. You can often save a ton of money in the long run by being smart
about how you perform a task and how you plan for the future. Be careful.
The less automatic and more onerous you make the backup and restore task,
the less likely it is to happen and that means the chances of a good result
We are here to answer your business continuity,
backup, restore, archiving and other computing questions. And, if you would
like to e mail us a question that we think might help others, YOU may end up
in our newsletter!
Stirk, Iron Horse firstname.lastname@example.org