Understanding Backup Issues

There are many elements to a backup plan, and these elements need to be considered in terms of the business needs and statutory requirements prior to installation, configuration, and implementation. Disaster recovery planning is a complex undertaking requiring analysis of risk and cost, and the resultant strategy may require more than one type of backup and more than one schedule.

So why do a backup? It may be as insurance against deleted, corrupted, or overwritten data or emails. It may be to provide an audit trail or historic record for legal or taxation purposes. It may also, in the bigger picture, be to provide for the ability to restore the computing system in the event of a catastrophic failure.

File Recovery

SBS 2003 includes the Volume Shadow Copy Service (VSS), which can be scheduled to the requirements of the business and provides not only the capability to recover deleted files and folders but also previous versions of files directly from the desktop. Similarly Exchange Deleted Item Retention (EDIR) provides the capability for the user to recover deleted emails (within the set retention period) directly from Outlook.

VSS and EDIR are far faster and simpler than recovering from backup, where the relevant media has to be located, the restore process initialized, and the relevant file(s) located and then copied back to the system. Scrolling through a large tape can be time consuming, and the process is labor intensive. However, although VSS and EDIR are available, you still need to back up files and data stores as insurance against physical disk loss, damage, or corruption due to application error, viral or malware activity, or even user error.

Archiving

It is often necessary to keep permanent or long-term copies of data for legal, taxation, historic, or auditing purposes. Not only are speed and convenience issues here but also the choice of media. CDs and DVDs are proving not to be good choices for long-term archival storage, and a good deal of data and heritage stored digitally has already been lost.

In addition to the media, consideration must be given to the backup devices and programs. Will the device, drivers, and software be available when the business needs to recover the archived data? It is pointless to have a vault full of backups if there is no way to replay them.

System Recovery

Computers are an enormous boon to small businesses that need to do "more with less." SBS in particular, which hosts many software servers, services, and data on the one piece of hardware, has an immediate appeal. However, SBS does not support clustering or trusts, and can be a single point of failure for all those services and data. There is no failover.

While the server is down, users can be left unproductive. This is an expensive proposition for small and medium-sized businesses where the cost is not spread widely and cannot be absorbed as in large corporates. Without email, Internet, and access to accounting and line-of-business applications, communication with clients and suppliers is often severely disrupted. Should the outage continue for some considerable time, the harm done may be irreparable and may even be a terminal event for the business.

You must consider the needs and type of business and what is an acceptable time period for recovery of the system. The type of disaster and whether the recovery is to be to the same hardware, clone hardware, or different hardware all have a bearing. Restoring an image to the same hardware may go smoothly, but the restored image may be unbootable if restored to new hardware that is significantly different from the original.

Imaging a system before and after applying service packs or making major system changes, however, can be a good practice in providing a restore point for that hardware should critical issues occur due to the changes.

Doing a full system restore of SBS from backup prior to SBS 2003 was nearly impossible even with a System State backup. In SBS 2000 issues with the Short File Name Long File Name storage and restore meant that the only truly viable option was to rebuild the server from scratch and then restore selective data from backup. The Microsoft developers have worked hard, and with SBS 2003 the full System State backup created by the SBS Backup Wizard allows for a successful full system restore on top of Windows Server.

Hardware and Media

Choice of hardware and media need to be considered in the backup strategy because both the size of the backup and the time taken for the backup/restore can be considerable if the medium is slow. The convenience of the media may also be a factor in the overall success of the backup plan. Although it will be faster to back up to and restore from an external USB HDD, it is also more likely that a backup operator will leave the drive sitting on the server when in a rush than the 2-inch backup tape the operator can pop into her pocket.

Copying files to a floppy disk is a form of backup. In fact many applications, including accounting and line of business applications use copy to floppy as part of their internal backup routine and will prompt the user to do such a backup before closing the application. As long as the data can be successfully retrieved from the floppy disk and utilized, then the aim was met. The relatively limited data storage capacity and unreliability of floppy disks make them of limited use in modern computing. Floppy disks are quickly being replaced by thumb/flash drives, which are a step up in capacity, reliability, speed, and convenience. CDs and DVDs provide inexpensive, convenient storage within the limitations of their storage capacity, but they lack reusability.

Removable or external USB or firewire hard disk drives provide still greater storage capacity, but aside from the laptop drives and enclosures, are magnitudes more cumbersome than tapes and not very tolerant of handling and shock. Concerning price, hard disks are attractive to many small businesses, and this contrasts strongly with tape drives, which, costing thousands of dollars, are something that many small businesses cannot afford. The tapes themselves, however, are small and convenient with good reusability and can be loaded into auto changers when backup volumes are significant or growing.

Online storage at a remote location is another alternative, although bandwidth, reliability of the connection, and possibly the cost, if the ISP charges by the byte, are all issues. Again, depending on the needs of the business, a combination of backups may be the answersystem images burned regularly to DVD combined with online incremental backups, or external HDD backups combined with tape archived data, for example. Backup is not a "one size fits all" endeavor. The solution must be customized to the environment and need.

As the size of the backup and the commensurate time taken to do the backups increases, it is becoming increasingly popular to back up to hard disk first and then to stream to tape or other media at a time more suited to the slower transfer rate. The SBS backup created by the Backup Wizard by using Volume Shadow Copy Services is to an extent using this technique already; however, it all happens on the SBS server, and it would be better if the process was offloaded to a separate backup server.

The Backup Plan

As with all things mission critical and disaster related, there should be built-in redundancy. Even tape autoloaders need to be loaded. Backup media needs to be swapped out and (preferably) taken offsite. Backup logs need to be checked and the right people informed and action taken if a backup (or the system itself) fails.

The backup and restore process requires a detailed and considered plan that should be well documented. The people relevant to the plan should be trained in its implementation, and the plan should be tested, practiced, and revised regularly. Additionally, a current copy of the plan should be stored together with the offsite backup.

In creating the plan, consideration needs to be given to a host of aspects such as:

• What should happen if the backup operator has taken the backups home and goes on vacation to the Bahamas the night before the server crashes?

• Does the shy new girl know what to do if she cannot get the tape out of the tape drive, or does she just not tell anyone?

• What should happen if the backup operator leaves the backups lying on the top of the server because they are too bulky or inconvenient to take offsite for some reason or other?

• Are the backups being regularly tested by doing an actual restore and then verifying the integrity of the files by accessing and manipulating the data?

• Is the backup operator, administrator, or IT person capable of restoring the data? Have they been trained, and are they capable of doing the restore in a timely manner?

• Can the IT person restore the backup (including System State) to new server hardware (new metal)? Has the IT person tested and practiced this and is she therefore critically aware of the issues relating to differing hardware, chipsets, drivers, and so on, the processes involved, and actions required to overcome them?

• Will the recovery be a timely process?

• As the business grows and changes, are the measures still adequate and is the plan still relevant?

• Have the parties involved considered everything relevant to their particular business and statutory needs?

Site and Security

Care and consideration must be given to both the location where the backups are kept and the security surrounding them. As mentioned previously, the backups may be after all the entire intellectual property of the business.

At first glance, a fireproof safe seems like a reasonable place to store backups, but although temperatures inside the safe may not be high enough for papers to spontaneously combust, they may be high enough to utterly destroy the backup media. No one would consider it reasonable for the backup tapes to be left on the dashboard of a car in the searing heat of the parking lot in summer, but it's been done, and by the business owner.

Take this scenario into consideration: A shipping agent's offices burned down. Half the damage was caused by the fire, the other half by the water and the fire fighters. The damage extended to the backup tapes, which were kept onsite. The end result was that the business lost both its paper and electronic records. From memory alone, the business owners had no idea what the full extent of their customer base was nor how to contact their customers. They had no idea where in the world their customer's goods werewhich boat, plane, train, dock, warehouse, or bond store they were inor when they were to be moved or how. Within days, the principals were winding up the business, and within a week fighting off both business and personal lawsuits from customers whose own businesses were in jeopardy due to their reliance on "Just In Time" supply. The business insurance was not sufficient to cover the claims of negligence nor did it provide for new careers and reputations for the principals.

An offsite backup would have preserved the shipping agent's business. To a limited extent, the company could have been up and running in 2448 hours, but how far offsite is safe? A mile away may be safe if the office burns down, or a lightning strike fries the server, but if the location is susceptible to broad range disasters such as floods, hurricanes, or earthquakes, it may be advisable to have additional backups still farther afield. A remote backup copy would also cover the business if the duration of an event such as a flood or blizzard blocks the client from access to both his own site and that of the offsite backup for an unacceptable period of time.

Not only the site but also the security of the offsite backup is important. Not only should access to the media be protected, but the data bits themselves should be encrypted and the data locked. A USB hard disk backup the boss took home may be isolated from any disaster at the office, but is it safe from little Johnny and his friends when they need somewhere to store their newly found cache of Internet video games? Or, what about the burglar who just happens to be IT savvy and finds all those customer and bank account details on the backup he pocketed? Sadly, far too many business owners come to really consider backup far too late.

Backup Types

Aside from creating a full disk image or just copying a few files, several standard backup types can be run, as discussed in the following sections.

Full Backup

Full backups are the most comprehensive and are self-contained backups. However, the size of the data to be backed up and the time it takes to run a full backup to slow media may make it inappropriate as a regularly scheduled backup. Full backups may be restricted to a weekly or monthly schedule.

Most small businesses that fall within the SBS client base should have no problem doing a full nightly backup as created by the SBS Backup Wizard. If data size does become an issue (for example, multimedia or CAD files), archiving older files or excluding the files from the full backup and running a second data-only incremental or differential backup become options.

The trade-offs of a full backup are that although it provides the fastest restore, the storage space requirement is the highest, and backup and verify time is the longest.

With a full backup, only the previous full backup needs to be stored offsite.

It is also worth noting that each full backup contains an entire copy of the data. If the backup media were to be illegally accessed or stolen, the hacker or thief would then have access to an entire copy of your data.

The SBS 2003 Backup Wizard only creates a full, System State backup, but it does allow for the exclusion of some files and folders. SBS works around the problem of backing up open files by taking a snapshot copy of the drive contents using VSS. A copy of the open file is made by VSS, and the backup process accesses the VSS copy of the file instead of trying to access the open file directly.

Differential Backup

There is a significant distinction between differential backups and incremental backups although they are often confused. Differential backups back up all the files that have changed since the last full backup, whereas incremental backups back up all the files modified since the last full backup or incremental backup.

The trade-off is that although smaller and subsequently faster than a full backup, a differential backup is slower to restore.

Two backup files are required: the latest full backup and the latest differential backup. The last full backup and the last differential backup are the two backups that you need to store offsite.

Incremental Backup

Incremental backups provide a much faster method of backing up data than either full or incremental backups. An incremental backup backs up only those files that have changed since the most recent full, incremental, or differential backup.

The advantage of lower backup times comes at the price of an increased restore time and the need to safely store more media offsite. When restoring from incremental backup, you need the most recent full backup as well as every incremental backup you've made since the last full backup.

For example, if you did a full backup on Friday and incrementals on Monday, Tuesday, Wednesday, and Thursday, and the server crashes on the next Friday, you would need all five backup files: The Friday full backup and the Monday, Tuesday, Wednesday, and Thursday incrementals.

By comparison, if you had done differential backups on Monday, Tuesday, Wednesday, and Thursday, to restore on the Friday only the previous Friday's full backup plus Thursday's differential backup are required.

Note

Windows NTBackup uses the following backup type definitions:

• Normal backup (full)A normal backup copies all the files you select and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you only need the most recent copy of the backup file or tape to restore all the files. You usually perform a normal backup the first time you create a backup set.

• Copy backupA copy backup copies all the files you select but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.

• Daily backupDaily backup copies all the files you select that have been modified on the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared). This backup type is generally not used as part of a recovery program because to do a full system restore, you would have to have a normal backup and then a daily backup from each and every day since the normal backup.

Disk Image

Hard disk and partition imaging software takes a snapshot of your hard disk(s) so that you can restore your system at a later time to the exact state the system was in when you imaged the disks or partitions. The image is a sector-by-sector, byte-by-byte copy of the state of the hard disk.

Image utilities often do not allow fine control of what you back up. You can specify the partitions or hard disks to back up, but you usually will not be able to specify which folders to exclude or include. They may also require that the system be offline, although increasingly less so with the newer software.

Although imaging provides a restore form clone capability, the time taken to image the system can be substantial, and verification can be difficult if not impossible without doing a full restore. The full restore, however, can be extremely fast and successful if restoring to the same or substantially similar hardware.

Backup Schedule

In creating the backup plan, it is important to consider the backup schedule in light of the backup type, the time required for the backup to run and verify, the server load, other scheduled events, and the media rotation.

It's assumed, possibly optimistically, that due consideration is being given to the running time required for the backup and verify process as well as other things happening on the server.

Although most operators try to schedule backups during out-of-office hours so as not to impede user performance and minimize open files, it's not uncommon to find the backup/verify process conflicting with such things as virus scans, remote site synchronization (file transfers), the scheduled Exchange Management, or automated software updates (service packs and patches). Site documentation should include an event schedule for the server, and part of regular backup verification should include a check on the running time of the backup/verify process and any potential scheduling conflicts.

Media Rotation

The media rotation depends on the type of backup, the type of media, the number of media units, and so on. Thought should be given to the fact that data corruption may not be noticed for some time, if the data is not accessed frequently, and it may be necessary to roll back a day, week, month, or even a year.

Table 18.1 shows a typical rotation plan.