What is Your Backup Policy? 124
higuita asks: "A few days ago, I was asked to check our backups policy, how they are being applied and to try to make it safer and more useful. Being new to the company, I started to check what is being done right now and found several problems. Since I don't have much experience with enterprise backups, what are the most used backup policies, software and global ideas about this issue? We have less than 1000 workstations (Windows and Macs), about 20 Oracle and Exchange servers (split between Windows, Solaris, and Linux), and it all needs to be backed up. Right now, we use the HP data protector with several tapes, where most things have a weekly full backup and daily incremental backups, and that most full backups are archived permanently in a safe we have for this purpose. We also have off-site storage for backups, as well. What practices and policies do Slashdot users implement for backups they perform at their office (home backups practices I am not interested in)?"
"I've investigated Veritas NetBackup and other solutions, and I'm also curious if Amanda could be better or at approximate the features offered by HP Data Protector. What backup software have you used that you found enjoyable with the least bit of hassle?
I've thought about using Dirvish to backup the user's homes to a cheap server with several HDs, and only backup to tapes once every 15 days or even once a month. They will lose their Windows permissions, but I don't think that matters much, since this is just for safekeeping the users' work. I thought about making full backups of the servers every 15 days with daily incremental backups. This way I will free up tape drives' time and gain more flexibility with the backup schedule.
I would love it if users worked off of file servers, but right now this just isn't possible. It's a planned addition that we still don't have the time to make."
Use an enterprise commercial solution (Score:5, Informative)
AND FOR GOD'S SAKE, REGULARLY VERIFY THAT YOU CAN READ THE TAPES BACK... More sites have been screwed by backup tapes that weren't readable than any other failure mode. Verifying every tape is best. Second best is every weekly. Random samples, but covering every single drive's tape output at least once a month, are poor third place.
The two obvious software suggestions are Veritas/Symantec NetBackup and Legato Networker.
Weekly fulls and daily incrementals are good. Your offsite schedule should be checked to ensure that you have a relatively recent restore point both onsite (in case of data loss) and offsite (in case of building loss).
In terms of offsites, having a prepared plan for where and how to restore (Disaster Recovery and Business Continuity) is also important. But those all start with "Go get the tapes...".
Re:Use an enterprise commercial solution (Score:1, Informative)
Also, sorry, but reinstalling the OS, and then restoring files from tape is NOT acceptable D
Re:Use an enterprise commercial solution (Score:3, Insightful)
I've seen attempts to build large enterprise backup environments with "simple open" software. They melt down somewhat short of the size that the original questioner is asking about, typically.
I've built environments with NBU and used Legato, at large sites (much larger than the original questioner). They just work. Configuring them initially can be non-trivial if you have no prior experience with them, but once set up right they just work.
Throwing a bunch of open source te
Open Source can be enterprise grade (Score:1)
AMANDA and others have been deployed in large institutions for years too.
I've certainly seen a lot of "home-rolled" scripts with tar & what not abused this way. I haven't seen an AMANDA installation that failed to scale. Have you seen problems with "not-so-simple" open source softw
Re:Open Source can be enterprise grade (Score:4, Insightful)
Tape backup... NBU wins. Legato's a close second. Sorry, charlie. Open source as a category does not suck. The open source backup stuff doesn't suck, for small to medium sized sites. It's not enterprise class, though, and most of the trick to succeeding in IT is knowing when the tools you use aren't applicable anymore and how to figure out what are.
NBU can't RAIT, but it can stream across multiple tapes, and can write duplicate tapes if you want redundancy. And you can extract the files off tape with tar if you have to.
Amanda certainly doesn't suck, but it's not NBU.
Re:Open Source can be enterprise grade (Score:2)
I agree entirely with this statement.
In what way have you found that Amanda does not scale? How have you found the proprietary software to be better?
Re:Open Source can be enterprise grade (Score:2)
Re:Use an enterprise commercial solution (Score:3, Interesting)
It's really pretty darned incredible. One command, and your TSM environment is rebuilt. We use the DR capabilities multiple times per year. Works great.
Honestly... Tivoli Storage Manager (Score:3, Informative)
Re:Honestly... Tivoli Storage Manager (Score:2, Informative)
1. Be aware that TSM is quite expensive!
2. If you go with TSM get decent training for it. I have worked with several systems which have been setup incorrectly because the person(s) setting up the TSM system had not had sufficient training in order to configure things properly.
3. (Related to 2), make sure you know how to recover your TSM system in the event of a full DR, (not difficult if you know what you
Re:Use an enterprise commercial solution (Score:1)
http://www-306.ibm.com/software/tivoli/sw-atoz/in
Re:Use an enterprise commercial solution (Score:2)
TSM is by far the best backup product I've ever used
I just don't worry about getting my data back -- I know it's safe. It's NEVER a concern.
And even if the onsite tape(s) are damaged, TSM is smart enough to call out for the offsite copy so it can rebuild a new onsite copy. Slick. Really, really slick.
I wouldn't even -look- at other products if you're a large enterprise.
Re:Use an enterprise commercial solution (Score:1)
- Gregg
Re:Use an enterprise commercial solution (Score:2)
That's not enough time for a full check, but that's enough time for checking half the tapes...
just what ever you do make sure offsite IS OFFSITE (Score:2, Funny)
the office was in the North Tower --- The "offsite backup" was in the South Tower
oops
i would suggest minimum different zip codes different time zones would be best
other than that Grand father > Father >Son GF gets sent offsite
Re: Make sure offsite IS OFFSITE (Score:3, Interesting)
Fire, Flood, Mud, and Earthquake
In which case, the best case for off site backup is out of state, like Las Vegas or something. This also gives you an excellent excuse for monthly road trips to "check out the quality of the backups"
That said, for simple off site backups, solutions like MOZY.com do just fine for a small small business. Otherwise, something like LiveVault.com is recommended. There are plenty of vendors out there.
Another thing is the
Re: Make sure offsite IS OFFSITE (Score:2)
Close, but no cigar. The four seasons in Southern California are Fire, Flood, Earthquake and Riot. I should know; I'm the one who posted that to rec.humor.funny about fourteen years ago. Besides, Mud is just a subsidiary of Flood.
Re: Make sure offsite IS OFFSITE (Score:2)
So it becomes a nice natural cycle for California.
Riots work well as part of a slightly different cycle.
So you are the guy with the sideburns? excellent.
Although there seem to be earlier mentions of that phrase in various versions in other groups [google.com] prio
Re: Make sure offsite IS OFFSITE (Score:2)
Not unless the mud can seep 5 miles underground or more. And, yes, I'm The Guy With The Sideburns. It's a long story, and doesn't belong here. Glad to see I'm recognized. I'd have used Sideburns as my handle here but it was taken.
Re:just what ever you do make sure offsite IS OFFS (Score:4, Insightful)
Sounds funny but very true. Backups across town aren't terriby useful if across town is flat too. Sound farfetched? Ask a sysadmin in Miami how far off he ships his backups. If he was there when Andrew visited, I'll bet they're in New Mexico.
This may seem a tad offtopic, but it is relevant:
You have to think through both distance from and access to your backups as a part of disaster recovery planning. Backup isn't just recovering the CEO's email, though that is a (hopefully) far more frequent occurance than recovering from a hurricane/fire/mudslide/blizzard. Easy access to the backup media is important for daily operations. Recovery from disaster is quite a bit more complex. Your backup solution needs to be able to cover the full spectrum - from yestarday's lost spreadsheet to the area flattened by mother nature.
Personally, I keep two backups - one here locally, one 1000 miles away in another state. Backup to CD here, online rsync in NC.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." - Variously attributed, frequently to Andrew Tanenbaum
your .sig (Score:2)
I was in a meeting with the late Dr. John Hendrickson in the 1990s or 80s and file transfer options for moving large files between the Academy of Natural Sciences in Philadelphia and the Benedict Estuarian Research Labs near Washington, D.C. were being discussed. Today, we'd transfer the data constantly over a broadband connection while making local backup ar
Re:just what ever you do make sure offsite IS OFFS (Score:2)
First: All important files are to be kept on network fileservers - big RAID boxes which keep backups automagically, as configured, as part of their normal operation. All workstations automount them, all home directories are on them, laptops sync to them when on LAN, etc. (There are also "scratch" filesystems for temporary files - build intermediates, chip simulations and their results, etc. These are cheap, fast, and non-red
Focus on the systems. (Score:4, Interesting)
You'll need to identify each application that is being used, where its data is being stored and what type of "backup" is needed for it.
Don't forget to include "backups" of the system software. There's nothing more annoying than having to rebuild a system, and you have a backup of the data, but you cannot find the install CD.
Older *nix systems were far easier than the "modern" PC-based servers. I could backup my old Sequent box to a bootable tape. If anything went wrong, I could boot the tape and re-write the system. This is somewhat supported now on some of the PC-based servers.
Anyway, back to the "backups". Once you have the systems identified, then you'll need to look at what scenarios you'll need to plan for.
#1. Server crash.
The data on the disk is destroyed. The OS is destroyed. But the hardware is okay.
#2. The building burns down.
All of your servers are now smoking heaps of plastic. So's your desk. And all the CD's you had.
#3. 5 years from now someone wants a critical policy that was deleted 3 years ago.
I spend most of my time kicking co-workers to get them to NOT just dump data any where that has free space and to NOT just throw up a new web server without telling me.
Re:Focus on the systems. (Score:2, Insightful)
I second this. Nothing's worse than someone telling you "back up this system, full once a week, incrementals every other day, all local drives, blah blah" and then not telling you they've got some database on it (you can't back up a live database by just copying the files.) Of course, when failure hits, guess what needs to be restored and isn't usable?
Re:Focus on the systems. (Score:2)
Re:Focus on the systems. (Score:1)
when you're backing up a few TB of data as we do in the company I work for, and with many cost contraints imposed, you have to look at what is most likely to be requested of the backups.
Options 1 & 2 are both Disaster Recovery scenarios. The only difference being the scale of the disaster.
Option 3 is "an" end-user stupidity scenario, which goes along with the "oh crap, I accidentally hit shift+delete and not shift+end to highlight files"
we h
Re:Focus on the systems. (Score:3, Insightful)
#4: User deletes a file deemed by somebody important to be critical and you have to get it back.
Its amazing how much money is spent planning for the once-in-a-lifetime Twin-Towers disaster event, and how little is spent on the daily occurance of user-error. Unfortunately "User is an idiot" doesn't wash when its the company's financial records or the birthday party shots of the CEO's kid.
- Don't permit users to save things to their local disks. Ensure all files go onto a share that can be ce
Why do you need to backup the desktops? (Score:3, Insightful)
I can't think of any good reason to do that. All the important data should be on the server. If the user wants to save a picture on the local disk to use as a background or something that's one thing (although I wouldn't allow that myself) but nothing important should be on those disks.
Past that, I don't have the experience to help you. All I can do is reiterate what another poster has already put up. Check the backups. I can't tell you how many stories I've heard about backups that "went fine" until someone needed data. Stories where the tapes were so old they almost shredded themselves in the drives. Stories of "backing up" for at least 6 months onto a cleaning tape (I bet the drive was in good condition though!). Stories of the backup data being garbage because of a faulty cable or something. The backup is worthless if you can't get the data back off it successfully.
Re:Why do you need to backup the desktops? (Score:2)
Parent is correct - to an extent. There is still probably a requirement to bring a failed desktop up and running quickly if there is a problem that requires a desktop restoration.
If centrally storing data is the way to take c
Re:Why do you need to backup the desktops? (Score:2)
That said, there is a big difference between backing up the images and backing up each individual desktop in the company.
My backup? (Score:2)
Re:My backup? (Score:2)
You might like my backup software, Chroniton [cpan.org]. It will happily run from cron and make incremental backups (and allow you to easily restore from one). It also stores everthing to the filesystem, so even if my software crashes and burns (which it won't; it's heavily tested in practice and with unit tests
Re:My backup? (Score:1)
Re:My backup? (Score:2)
Re:My backup? (Score:2)
Perl programs traditionally start at 0.01 and move up by "hundredths" from there. Development releases contain an underscore, to prevent confusion. For example, the first test release of Chroniton was 0.01_1.
If it makes you feel better, just mentally multiply the version number by one million... then my software is at version 30000!
My backup strategy (Score:3, Funny)
Re:My backup strategy (Score:2)
best way to backup (Score:1, Funny)
Re:best way to backup (Score:1)
Re:best way to backup (Score:1)
The restore process is even quicker, and works twice as well!
My backup policy: (Score:2)
rsnapshot (Score:1)
It's downsides: it's basically just a wrapper for rsync. It requires a lot of babysitting (if your backups fail for some r
my backup policy (Score:2)
Paper (Score:5, Informative)
At work we do the same, only to a larger extent. We've got an on-site and off-site storage, and each piece of information is printed in two copies to be stored at each. All that in addition to your usual Veritas tape and CD-RW backups, which we do for convenience of restoring lost data, but which we don't trust enough to eliminate paper copies.
Re:Paper (Score:2)
Re:Paper (Score:1)
I think paper based backups would be fine if you had a paper-based business, but if you use databases to make it easier to getting to stuff, a paper-based recovery seems crazy.
You'd be far better off IMHO to get your tape backups to a state where they are reliable. Even if that means running a f
Re:Paper (Score:2)
That's why I mentioned that we also keep electronic copies, for convenience, but ultimatelly paper copies are the primary backup. It works very well even in database-driven environment, as long as you don't update fields in a database, but add new rows. And that's exactly what we're doing at
Re:Paper (Score:2)
http://ars.userfriendly.org/cartoons/?id=19971127 [userfriendly.org]
Business Continuity Planning? (Score:3, Insightful)
The first question you need to ask is:
What is the time frame for your servers to be restored in should servers and such completely fail?
If you don't know that answer to that question then how does your company know how much money to budget? Are you bound by HIPAA or Sarbanes-Oxley? You should know how much is your company's data worth prior to assigning a bidget.
Are some of your database servers supposed to be up 24x7? Maybe you should look at distributed transactions across databases located at different sites so if one server fails you still have everything live? Have you timed how long it takes to rebuild your servers to confirm your allotted time in your disaster recovery plan? Has your company considered imaging servers/ Is it possible to?
Have you consulted your disaster recovery plan? Have you checked with suppliers to see how long replacement parts will take to order? I can't tell you how many administrators get caught out by buying an expensive tape drive only to have it fail along woith the server and nothing can be restored until a new one can be sourced.
Without requirements, a disaster recovery time frame you will never be in control in the event of a disaster.
Your companies board of directors/owners will need this information. It's called operating under conditions of "due care and diligence".
If something goes wrong and you can't tell your boss exactly what is required and how long it will take to recover then you're working in the wrong job - a big part of being a network administrator is planning for ANY event.
Oh, most of the time my customers are happy with Robocopy. I hate paying for expensive hardware and backup software solutions when I can write something much simpler and document it properly rather than depending on someone else's buggy software. Of course this depends on the industry and their requirements.
Make sure that your boss completely understands these questions and issues. Ask him to see the current Business Continuity plan and Disaster Recovery documentation before you touch anything on those servers - can't stress that enough.
Hope that helps, sorry it's brief but if you're in charge of backups it's your job to be ANAL and PEDANTIC.
Mod parent up (Score:2, Interesting)
Servers - how long can they be down? Do you have replacement plans in case your data center gets hit by the next earthquake/hurricane/fill_in_the_disaster. Having tapes off site means nothing if you don't have hardware for restore. Can you get Hardware X if everyone else is looking f
backup? (Score:1)
Encryption? (Score:1)
The Help in Backup Exec mentions that the password (if specified) will be required when accessing the files from within any Backup Exec program. I assume that means the data on the tape is not encrypted? I searched Symantec's Backup Exec 10d's online PDF manual but "encrypt" appears to be available only for DLO (Desktop/Laptop Option).
Maybe NovaBACKUP http://www.novastor.com/pcbackup/backup/n_backup.h tml [novastor.com] ?
Re:Encryption? (Score:2)
Re:Encryption? (Score:1)
Re:Encryption? (Score:2)
Re:Encryption? (Score:2)
VMs (Score:2)
I ignore the sign... (Score:1)
Backups ??? (Score:2)
A fatal exeeption 0E has occurred at 0137:BFFA21C9. The current application will be terminated.
* Press any key to terminate the current application
* Press CTRL+ALT+DEL again to restart your computer. You will lose any unsaved information in all applications.
Press any key to continue _
Oh shit! Oh shit! What do we do now?! (Score:3, Funny)
get a real file server (Score:2)
It's not about backups, it's about restores. (Score:2, Informative)
I've been working with Symantec (formerly Veritas) Netbackup in my workplace for the past 6 years. About 6 months ago I became one of the backup admins, and the biggest barrier I have to break with our clients is the backup mentality - I must backup everything all the time...
Generally your data recovery will happen from two triggers:
1. A user broke his ow
Don't just look in the rear-view mirrors... (Score:4, Funny)
Think of the children!
We use rsync (Score:2)
Some special consideration is needed for Windows servers. Some files get locked so they can't be read by rsync. We're not backing up anything that we'd run into that problem with, and we back up during a period of inactivity, but
One question nobody's asked yet. (Score:2)
My back up policy is ... (Score:2)
the cron scripts don't work otherwise!
#!/bin/sh
# Daily backup script
rm -rf
mkdir
cp -R
find
find
My backup policy is in my sig (Score:1)
Re: (Score:2)
Re: (Score:2)
My Policy: NEVER backup. Archive instead. (Score:2)
Way back around 1979, it was my first serious development job, and as the junior programmer in the shop I had the onerous duty of performing the weekly backups of our production drive, containing all the code for our accounting software development. We had a big 10Gb Corvus hard drive (the original Winchester) networked to our Apple IIs
Re:My Policy: NEVER backup. Archive instead. (Score:2)
Re:My Policy: NEVER backup. Archive instead. (Score:2)
Yes, I am invulnerable. My OS and apps are backed up on their original distribution discs. My handmade data is archived
You say poe-tay-toe, I say poe-tah-toe ... (Score:2)
Now, having offended you, let me agree with some of the things you say. =)
Your assertion about maintaining a complete system backup is pretty spot on. The data is what you want to keep safe and the applications are perfectly able to be reloaded from the source media (provided, of course, tha
Re:You say poe-tay-toe, I say poe-tah-toe ... (Score:1, Troll)
Your backup system isn't a procedure, it is a fetish. You claim your "rework window" is only 24 hours. How many 24-hour time slots have you wasted over the past few years, doing unnecessary backups?
Re:You say poe-tay-toe, I say poe-tah-toe ... (Score:2)
I spend approximately 10 t
Re:My Policy: NEVER backup. Archive instead. (Score:2)
Re:My Policy: NEVER backup. Archive instead. (Score:2)
That didn't sound right, so I did a little checking. FOLDOC [foldoc.org] tells me that the drives got their name because they had two 30meg volumes, rather like the Winchester 30-30. If you really were working with a 10Gig drive, it wasn't a Winchester, and it wasn't in 1979, either, because they didn't have drives that big back then.
Re:My Policy: NEVER backup. Archive instead. (Score:2)
Re:My Policy: NEVER backup. Archive instead. (Score:2)
Re:My Policy: NEVER backup. Archive instead. (Score:2)
Re:My Policy: NEVER backup. Archive instead. (Score:2)
I have touched a Cubix machine in ~10 years (since my Banyan VINES days
Re:My Policy: NEVER backup. Archive instead. (Score:2)
Many of your statements just flat out don't make sense when you consider larger scale or corporate computing environments.
For example: System and app backups are totally useless. Sys configs a
Tape Storage: Safes and Offsite Drives (Score:2)
- Consider carefully whether you trust your tape safe. I've seen tapes damaged at temperatures lower than some tape safes are rated for.
- If you have offsite backups, you should also have offsite tape drives. If your main site is destroyed in some catastrophic disaster, it's not too hard to get emergency replacements for server hardware, especially x86. But urgently sourcing the right model of tape drive (in many cases a model that is a few years old) can be a nightmare. Whil
The most elegant solution.. (Score:2)
The Backup server or cluster of servers store 20KB blocks keyed to the block's SHA-1 hash.
Smart agents on each backup client chunks each new file to be backed up into 20KB blocks and calculates SHA-1 hashes which it compares against the backup server.
If the block is new (not on the backup server) the block itself is transfered.
If the block is old, the backup server stores an extra reference to the block for the client/file.
The end result is..
a) a 1000 windows backup clients will res
Backup policy? (Score:2)
1)Look shocked and terrified.
2)Yell.
3)Scream.
4)Pull hear.
5)Bang head to wall.
6)sit quitely sobbing a corner.
7)Kick the cat.
8)Replace HD. (if necessary).
9)Reinstall software.
10)Kick cat again.
11)redownload mp3s, movies, games and pron.
12)Feed cat.
13)Mail goatse.cx pictures to random innocent people as an act of pointless revenge.
14)Make futile threats to a deity that if it happens again
AMANDA (Score:2)
Rsync... (Score:2)
I used to work at one of the worlds most well known web hosting companies where among other things I ran their backup system. It started out with Arkeia and a 120tape library with 6 AIT3 drives. Arkeia was crap though (this was 3yrs ago), it was such a pain to setup and the trying to restore ANY amount of data would literally take days just to scan its local database. Trying to restore just one file would take 6hrs just for it to scan its local database..
rsync (Score:2)
Rosary backup policy (Score:1)
Linux Is Your Friend (Score:1)
I wouldn't do this... (Score:2)
The problem with encrypting backups is that if - on the backup - one bit of data becomes corrupted, the entire backup is likely to be worthless. Since most times when doing a restoration of data, this corruption happens when you need the data most (Murphy's Law), you will come to regret the decision. At least on an unencrypted tape, you can sometimes (with a lot of work) start in the middle of the tape (or other backup medium) and work
Re:I wouldn't do this... (Score:2)
Hmm, I guess what this will mean is the development (probably already exists in some manner) of RAID for tape backup of encrypted data...
What are your needs? (Score:2)
The most common technique is a weekly full backup with daily incremental backups. Depending upon your file retention requirements, you may be able to re-use the incremental tapes or you may have to append to them and then cycle them out when they are full.
A Finger drive (Score:2)
I don't maintain 1000 Boxes, but ... (Score:2)
It may sound crazy for most people but it goes like this:
1) All critical data on central servers. No critical data on workstations, ever.
2) Critical Stuff for MS stored on Unix via Samba (Asuming your using Ethernet and not some Turbo Protokoll I don't know of)
3) A guy responsible for backup including taking this weeks backup home + a standin for him. Both have necessary root access and have specific payd tim
Backups? We don't need no steenking backups! (Score:2)
Here's what I do when I need to back up:
It works really well, and I can almost always recover from those backups too.
The Bittorrent System (Score:2)
SD
Commvault is pretty impressive (Score:2)
But the guys here who wanted to buy a product, rather than build a solution, spent months researching all the alternatives and they even got demo hardware and software and trialed the majors on site. Their finding was that Comvault knocks the doors off everything out there for really large volumes of data on multiple operating systems. Veritas and Legato were among the o
Re:Formalise it. (Score:1)
You touch on it briefly but it's well worth highlighting how you are converting from LTO2 to LTO3. It doesn't require significant effort to perform this conversion thanks to the "separation" of data from the medium it is stored on by TSM. TSM handles all the underlying work, you just tell it to "move that data from LTO2 to LTO3 storage mediums please" and it chugs away in the background doing it.
No restores and
I love TSM (Score:2)