Section 30.3. Objective 3: Backup Operations

30.3. Objective 3: Backup Operations

This Objective is restricted to creating an off-site backup plan. Offsite backups could be considered backup backups. They can be used if the main backup burns or breaks in some way, but the main use of off-site backup is to perform disaster recovery (e.g., to get a backup site running if the primary production site collapses in an earthquake, floods, or becomes inoperational or unavailable in some other way).

The important question as a senior administrator is: what will I do if my production machine room burns down? If the answer is satisfactory to yourself and your management, you're fine. It's likely that your company would be out of business if it lacked computers for too long. If your current plans cannot cope with a disaster, it may well be the senior system administrator's job to point this out to management and help plan for disaster recovery. To prepare for the worst, one of the first and easiest things to do is create an off-site backup scheme. This at least enables you to install software and databases when you get hardware to install it on.

You should consider three classifications of threats for disaster and recovery planning :

Natural

Hurricane, tornado, flood, and fire

Human

Operator error, sabotage, implant of malicious code, and terrorist attacks

Environmental

Equipment failure, software error, telecommunications network outage, and electric power failure

After studying and defining the initial potential threats, you need to mantain an analysis risk review cycle, because the environment is dynamic, as are the risks.

You should consider the following criteria when selecting an off-site storage plan:

Geographic area

Distance from the organization and the probability of the storage site being affected by the same disaster as the organization

Accessibility

Length of time necessary to retrieve the data from storage and the storage facility's operating hours

Security

Security capabilities of the storage facility and employee confidentiality, which must meet the data's sensitivity and security requirements

Environment

Structural and environmental conditions of the storage facility (i.e., temperature, humidity, fire prevention, and power management controls)

Cost

Cost of shipping, operational fees, and disaster response/recovery services

All these list items can directly affect your backup method.

There are many ways to do off-site backups: everything from guards or couriers collecting tapes and storing them in a huge hole in a mountain to the more dot-com way of doing it: "Just rsync the whole thing over the Internet and we will put it on tapes for you."

Because it's likely that your data is sensitive in some manner and you're not going to give it away to strangers, it is probably a good idea to practice some "due diligence" on the storage company. This can be anything from asking some simple questions to see whether they're security-conscious to detailed questionnaires and site visits or even a periodic security evaluation done by a professional auditor. If your company is large enough to have an audit department, they might have input on what to look for, though data security audits are very different from auditing ledgers and accounts.

An off-site backup plan should often support a company disaster recovery plan. This should be defined by the business side of the company. It may also provide the business case you need to justify the cost involved.

To create an off-site backup plan, you need to answer all the same questions as with normal backups, the most important of which is: exactly what are you protecting yourselves against and what do you need to get back when restoring?

Once that has been determined, it's merely a question of setting up any additional backup schedules of full, incremental, cumulative, or whatever backups reflect the stated needs.