Re: Backup Strategies by Failure Type
Will Rickards said:
Now most people don't go the next step. Although most businesses should.
Two backups, one online or offline and one offsite.
Unless both backup devices/media fail this protects you against most failures.
And if the business is publicly traded or is subject to regulatory issues due to the industry, the backup requirements can be staggering.
The midrange systems I manage have the following backup strategy:
1. Saturday morning the entire system is backed up: OS, apps, data. These backups are retained for 7 weeks.
2. Every night of the week other than Saturday all data, security info (to catch changed passwords & new profiles), and all other changed objects since the last full backup are saved. The nightly is thus cumulative for the week. These are retained for 35 days.
3. On the 1st of every month, the entire system is backed up. This backup is maintained for 13 months.
4. On Jan 1 of every year, the entire system is backed up. This backup is retained forever.
5. Starting later this year, we will also journal our databases to our DR system to keep the production data live in case a DR situation arises.
All backups are taken offsite within a few hours of completion and are not returned on site until the tapes are due to be reused. We are not told where the tapes go and the offsite service has more than one location, thus no employee can sabotage the backups that are offsite.
Whenever we move from one tape format to another, like AIT to LTO, all existing monthly & yearly backups are copied to tapes in the new format. As we tend to change/upgrade formats every 2-3 years, this also serves as the data 'refresh' that is recommended for tapes.
As mentioned above, it's worse if you have compliance issues. Sarbanes-Oxley and other regulations force firms to store all communications & logs for several years. That means all incoming & outgoing email messages (potentially including spam), IM conversations, etc. Storage vendors should all be doing quite good right now.
