Most of us have seen it before: A client calls, in a panic, because a company report, a critical database, or a critical email is lost. It could be because a computer died, it could be something was stolen, it could be because something was maliciously wiped. Hoping the answer is “yes”, you ask the question: “Do you have backups of that?”
The question serves several purposes. First of all, it gives you a rough estimate of exactly how complicated or expensive the recovery procedures are going to get. Secondly - if the answer is yes - it acts as a pacifier, reminding the client that they may be inconvenienced, but all is not lost. Even if you know they have backups because you already had this talk, calmly reminding them that they have backups helps calm them down, because now they know the odds of things turning out better than their fears have dramatically improved.
Of course, the best time to deal with backups is before you need them, and smaller businesses (5-20 people) have some unique issues that many larger companies with a full-time IT guy on staff wouldn’t typically see. Even with larger companies, it may be hard to convince people to free up money to back up data after they just spent so much money on computer equipment in the first place.
How critical is your data?
What are you willing to lose? Exactly what you back up, and how, will be determined almost entirely by what information you are willing to sacrifice. This determines how long you need to store data and how frequently you back up. If you have to recover information, can you lose a day? Two days? A week? How often do you update your offsite backups? If a computer dies, how much time is allowed to get the user up on a new machine?
These are questions that, in smaller companies, usually need to be answered by the owners. Even if they are not computer-savvy, they need to understand the different ways their data can be protected.
Workstations are one of the most common points of failure. Loss of the hard drive or failure of the file system can result in the loss of data not stored on a server. Failure of the computer means time taken to transfer the user, his data, and his programs to another physical machine.
There are three basic ways to protect individual workstations. The first is to avoid having data that exists solely on one workstation. While much more difficult with laptops than desktops because many laptops leave the network, you should encourage users to store as many working files/etc. as possible on network shares hosted by backed up servers. Combined with email accounts hosted on exchange servers or IMAP services like Google apps, this policy allows a user to log into a different computer and begin to get minimally productive with email and network-saved files until everything is restored “just so.”
Of course, while IMAP based email does allow you to recover gracefully if you drop your laptop, it doesn’t prevent you from permanently deleting email (though a properly configured exchange server allows you to recover recently deleted files). Networked storage also doesn’t protect files that are strictly local to the workstation. Protecting this information requires either regularly backing up to another local - usually external - drive, or running a networkable backup client that can back up the computer - or at least the user profiles - to a central backup server.
The last case is one common in graphic design situations: a workstation with many semi-unique apps highly customized to the user. This can be addressed by regularly cloning the drive to another bootable drive, so that recovering from a failure simply requires a reboot from the backup disk or restoring from the clone. Cloning software is also useful when preparing to install a larger HD into a user’s machine.
Servers are a great way to share information and provide for a central means of archiving needed data, but even here we can have file systems fail and files can be inadvertently or maliciously deleted.
A word about RAID. A question I often get asked is “But we’ve got RAID, doesn’t that give me backups?” No, it does not. RAID allows a server (or workstation) to continue working even if one of the disks fails. It provides some “backup” from outright drive failure, but does absolutely nothing if the file system gets confused, the drive controller or CPU dies, the computer gets stolen, or someone out for revenge starts deleting files.
Here, your concerns should be backing up stored data files (simple with most software like retrospect/backupexec, etc.), providing for “bare metal” restores to the same or similar machine in the event of hardware failure, and performing offsite backups.
Let’s face it. Someone may break into the facility at any time and steal those expensive servers, and smaller businesses generally don’t have separate locked rooms for them. Or a fire may break out. Or a hurricane may come. Whether you use an internet-based backup service like Mozy/Carbonite, or you regularly swap tapes or drives with a copy kept offsite, you need to consider what data actually has to be preserved to allow a business to rebuild itself from such disasters. Cost also needs to be factored in. It takes time or bandwidth to move data offsite, and offsite storage also costs money. These constraints mean that a business must decide which data is important enough to be backed up offsite and how current the offsite backups have to be. Most companies I deal with swap and take a full copy of the local backup offsite on a weekly basis. Some backup just the critical data files offsite via the internet, daily or several times a day. Others combine the two.
On both servers and workstations, there’s the classic “Oops, I didn’t mean to hit save” where a file gets overwritten, and critical data gets lost. Fortunately, most backup methods these days support some form of snapshot, incremental or differential backup features that allow you to revert to any previous version of the same file. The exact method chosen is dependent on the amount of backup storage available and how far back you want to keep copies.
Of course, it doesn’t matter how thorough and complete your backup system is if the data never actually gets backed up. In my experience, even as simple a process as daily tape changes tend not to get done if there isn’t a dedicated IT-savvy person available. There are two solutions to this: simplicity and responsibility.
Make the backup as utterly transparent as possible. Every time the user must take a step to ensure the backups continue, it’s a potential point of failure where users will eventually put off the action or forget to do it. While tapes still have a purpose and usage, our small business clients typically use hard drives that can be swapped out once per week with one offsite to minimize the amount of time and thought needed to maintain backups.
Also, we push the responsibility for swapping out backup devices as far up the ownership chain as possible. Face it - the owner will be a lot more concerned about the loss of business data than some secretary on the first floor. The more invested the person is in the success and continuity of the company, the more likely he will be to make sure backup tapes or drives are swapped out.
As we’ve seen, there are many factors that determine what specific products and strategies you use to maintain data integrity and continuity of operation. There are also many products, from many companies, that can be used for this purpose. They range from those oriented towards larger companies such as Backupexec, to those oriented towards individual needs such as Dropbox or the personal versions of Mozy. Which combination you use depends on how much downtime you can afford to have, and how much data you need to protect.