Backup and Storage Methods and Practices

The backup of both software and data varies among organizations, and both the methods and technology used in backing up data and software will affect recovery time. The organization's critical data should be stored both onsite, for quick recovery in nondisaster situations, and off-site, in case of a disaster. The Storage Networking Industry Association defines a backup as follows:

A collection of data stored on (usually removable) nonvolatile storage media for purposes of recovery in case the original copy of data is lost or becomes inaccessible. Also called a backup copy. To be useful for recovery, a backup must be made by copying the source data image when it is in a consistent state... or contains elements and information enabling a consistent state to be recovered.

Organizations continue to rely on the availability of computer services and corporate data. The IT department is responsible for ensuring that systems and data are available, and that the organization is capable of recovering from disasters, to enable continuity of operations. There are a variety of threats to systems and data, ranging from the accidental deletion of corporate data to a disaster that affects the physical facilities and the systems contained within that facility. The evolution of the corporate computing environment has led to tighter integration of systems and applications. In this environment, the database, file, web, communications, and messaging servers are components of a larger system. A failure of any component affects the system as a whole. Most organizations have implemented a centralized backup scheme that incorporates enterprise backup software, tape libraries, and specific storage requirements. To ensure minimum downtime, it is important to understand the different types of backups and their effect on recovery time.

Backup Definitions

Three backup methods are used:

• Full backup In a full backup, all the files (in some cases, applications) are backed up by copying them to a tape or other storage medium. This type of backup is the easiest backup to perform but requires the most time and space on the backup media.

• Differential backup A differential backup is a procedure that backs up only the files that have been changed or added since the last full backup. This type of backup reduces the time and media required.

• Incremental backup An incremental backup is a procedure that backs up only the files that have been added or changed since the last backup (whether full or differential).

The method of backup depends on factors that include the cost of media, the speed of restoration, and the time allocated for backups. For instance, the organization might choose to perform a single full weekly backup combined with daily incremental backups. This method decreases the time and media required for the daily backups but increases restoration time. This type of restoration requires more steps and, therefore, more time because the administrator will have to restore the full backup first and then apply the incremental backups sequentially until all the data is restored.

A variety of vendors provide centralized enterprise backup software, and their products generally work off the same basic premisethat is, to back up systems over the network to a server that has some sort of storage device attached. Generally, a central server controls the enterprise backup environment. The backup software incorporates backup schedules, indexes, backup groups, and communication with the client software. In addition, the central server logs its activities to include communication, backup start and end times and dates, and any errors incurred during the backup. To effect communication with clients, a backup agent (client software) is installed on all systems that will be backed up through the central server. The client software listens for connections from the central server and assists in the transfer of data from the client to the central server.

Tape backup media is a magnetic medium and, as such, is susceptible to damage from both the environment in which it is stored (temperature, humidity, and so on) and physical damage to the tape through excessive use. For this reason, administrators use backup schemes that allow tapes to be regularly rotated and eventually retired from backup service. One popular scheme is the grandfather, father, and son scheme (GFS), in which the central server writes to a single tape or tape set per backup. When using the GFS scheme, the backup sets are daily (son), weekly (father), and monthly (grandfather). Daily backups come first. The four backup tapes are usually labeled (MonThur) and used on their corresponding day. The tape rotation is based on how long the organization wants to maintain file history. If a file history for one week is required, tapes are overwritten each week; if history is required for three weeks, each tape is overwritten every three weeks (requiring 12 tapes). The five (some months have five weeks) father tapes are used for full weekly backups (Friday tapes). If one month of history is being kept, tapes are overwritten monthly. The three grandfather tapes are used as full monthly backups and are typically overwritten quarterly or yearly.

Based on its retention/rotation, the tape is then retained for a period of time; when the tape has reached its expiration date, it can be put back into the rotation and used again. One of the disadvantages of this scheme is that sometimes the full capacity of the media is not used. As an example, if the administrator is using an 80GB tape that backs up 25GB of data, the tape will be rotated out, and when it expires, it will be rewritten from the beginning (with 25GB), leaving the remaining 55GB unused. All tapes within the backup scheme will be saved based on the retention period assigned to them. Creating a retention schedule ensures that an organization maintains historical records for an appropriate period of time, in compliance with business requirements and any regulations pertaining to business operations. This retention schedule also ensures that unnecessary records are disposed of in a controlled manner. A retention schedule should include all the types of records, period of retention, description of the records, disposition (destroy, transfer, and so on), and retention requirement.

Tape Storage

Two types of tape storage are used:

• Onsite storage One copy of the backup tapes should be stored onsite to effect quick recovery of critical files. Another copy should be moved to an off-site location as redundant storage. Tapes should be stored in environmentally controlled facilities that incorporate physical access controls that are commensurate with the requirements of the data being stored. Onsite tapes should be stored in a secure fireproof vault, and all access to tapes should be logged.

• Off-site storage The organization could contract with a reputable records storage company for off-site tape storage, or could maintain the facility themselves. The physical and environmental controls for the off-site facility should be equal to those of the organization. The contract should stipulate who from the organization will have the authority to provide and pick up tapes, as well as the time frame in which tapes can be delivered in the event of a disaster.

In addition to tape backup options, organizations can employ storage area networks (SAN) or electronic vaulting options. A SAN is a special-purpose network in which different types of data storage are associated with servers and users. A SAN can either interconnect attached storage on servers into a storage array or connect the servers and users to a storage device that contains disk arrays. The SAN can be implemented locally or can use disk arrays at a redundant facility. The enterprise backup software either can back up the entire array to a separate storage medium or, in the case of an off-site SAN, can instruct the SAN itself to create a snapshot of the local volumes and then move the snapshot to the off-site SAN.

Storage Area Networks and Electronic Vaulting

If the organization cannot implement an off-site SAN, it might opt for an electronic vaulting option. With this option, the organization contracts with a vaulting provider that provides disk arrays for the backup and storage of the organization's applications and data. Generally, the organization installs an agent on all the servers and workstations that require a backup and identifies the files to be included in the backup. The agent then performs full and incremental backups, and moves that data via a broadband connection to the electronic vault. Organizations that have a significant amount of data or high levels of change might incur issues in moving large amounts of data across a broadband connection.

As with all IT procedures, proper security should be implemented to enforce segregation of duties and ensure the integrity of the backup media and data. The backup administration should be responsible for backup scheduling and adding machines and drives to the backup schedule. A tape operator should be responsible for adding and removing tapes from the various devices and tape libraries in a data center, but should not be allowed access to change client definitions or backup schedules. A systems operator should be responsible for checking backup status and ensuring that the central server's OS is up-to-date and operating correctly.

The objective of having backups is to ensure recovery in the event of a failure or disaster. The organization should perform regular disaster-recovery testing to ensure that data can be restored within the time frame required in the BCP. The organization should utilize off-site storage facilities to maintain redundancy of current and critical information within backup files. The off-site data backup and storage should be geographically separate, to mitigate the risk of a widespread physical disaster such as a hurricane or earthquake.