Sunday, October 24, 2010

Guide to Best Practices: Backups

We are going to (re)write the book on Best Practices. The mythical guide that every IT guy cites, but fails to produce when asked. We are going to take this very late opportunity to address this failure. Maybe not in physical form, but certainly in virtual. And we're going to start with backups.

Do you backup your data? If you do, do you know if it works? Have you ever tested it?

Backups are the single most important component of any business. Running without backups is like driving without a seatbelt - you may get away with it for a week, a month, a year, but one day it will catch up to you. And it will be too late to do anything about it.

If you like living on the edge, I suggest you search for "no seatbelts" on YouTube and enjoy. For everyone else, I want you to pay attention.

If someone ever asks you "what's you backup strategy", your answer better not take 20 minutes to explain. A successful backup strategy should take 2.5 minutes to describe. There should only be one strategy. Maybe two:

If it will take you longer than a lunch break to recover your data from a fender bender in the server room, you should ensure that everything you've touched is copied somewhere locally. That's the first strategy - Local Backups.

If your business will be severely crippled or non-existent after a 5-car pile up, you should have Local Backups AND Offsite Backups (described below). That's the second and last strategy. Anybody that tells you differently has probably never been in a severe data-loss accident. Trust us, it hurts.

Local Backups are the act of reserving a resource (a server with lots of disks) specifically for the purposes of storing copies of your data, archived by date. There are tons of software out there that do the copying part for you. You will have to source the hardware yourself though. Don't fall for those proprietary hardware solutions that promise the moon. A server with redundant, large and reasonably fast disks (aka: SATA) will get you very far.

When selecting the software, you should make sure it has the following abilities (above and beyond copying data):
  • Encrypting your backups
  • Shipping them somewhere offsite
Compression doesn't matter in the age of 2TB drives. Kryder's Law seems to be right on track. If you need more space, go buy some. It will be cheaper than all the time you'll spend dealing with compressed archives.

Encryption on the other hand is vital. You spend all your time ensuring that your live data is safe and secure from prying eyes (passwords, firewalls, etc...), when all it take is for someone to break in and walk away with your copies (be it online or off). Since backups are the one thing you never think about until you come to contemplate what just hit you, they are prime targets for hackers to pick at. You better make sure they are worthless if they succeed by encrypting them. Strong encryption is recommended. Something like GPG/PGP is the way to go.

Offsite Backups (also called remote backups) are also key to a successful strategy. Wouldn't you sleep better at night knowing there's a copy of yourself stored somewhere safe in case of emergency? Maybe human cloning is a topic best left for another entry, but you get the idea. Shipping your data offsite used to be cost prohibitive. With services like Amazon S3 or similar cloud storage solutions, you have just run out of excuses.

What good are your backups if they don't work? It's quite tedious to test them on an ongoing basis, so they best way is to integrate their use into your routine. Any time you need a copy of the data for testing or QA purposes (you do test things right?), don't take a snapshot from the live system, restore from backups. This way, you'll constantly be making use of them and will know the moment they stop working.

Save yourself, metaphorically speaking of course. A complex strategy is something better left for your business plan. Seatbelts haven't changed in over 50 years for good reason - they're simple and they work. The same concept should apply to your strategy. And never start driving without buckling in.

No comments:

Post a Comment