How to Determine a Backup Strategy and Find the Proper Tools to Avoid Disaster
First of all, a small business should analyze its IT structure and determine which nodes of the IT infrastructure are critical for the business. For example, downtime of the server that contains the company's electronic store can cause the loss of all potential income for the day, whereas a half an hour of downtime of a server that stores some auxiliary information is not as detrimental.
Major nodes that require protection are usually servers that are related to the main business of the company, like e-shopping or transaction servers. Second are internal servers that affect general workflow--such as CRM (customer relationship management) databases and e-mail servers.
After the critical nodes are identified, a policy should be created for each node independently. Generally, we should ask ourselves the following questions:
1. How fast should we be able to restore the functionality of this node? (so-called RTO-Recovery Time Objective)
2. Is it enough to quickly restore just the server's main functionality and then (maybe later) to restore the remaining databases?
a. If yes, what is an acceptable lag time from the time of crash to the time of restoration? For online services with many users, or e-mail servers, this time should be as short as possible, whereas it may be just fine to have a 12- to 24-hour lag time for the rest of the internal servers and data.
When you have answered these questions, you will have a list of policies and targets that you would like to achieve for every node of your IT structure. Next, you will need to find the backup tools that will cover your needs and provide a good balance between cost and functionality.
There is absolutely no reason to purchase an expensive replication system or to buy tape devices (which are quickly becoming dinosaurs due to their high maintenance costs and complexity) to back up your internal server or servers and corporate documents. It is important to choose the proper tool for each task.
Let us list the tools that can help you to organize the protection of your IT infrastructure without going to consultants.
Business-critical services should be protected both at the hardware and software levels. It is a common practice to reduce HDD failure risks by installing RAID storage. If the service is so critical that even 15 minutes or less of downtime is not allowed, then a mirror server and replication system would be a better choice. One can refer to such vendors as Hewlett-Packard, IBM and EMC to find a proper replication or CDP (continuous data protection) solution.
Secondly, infrastructure servers can be equipped with backup tools, based on imaging technology. Imaging tools make exact "snapshots" of the drive or drives and provide the IT administrator with the fastest way to recover a server in the event of a software or hardware failure. These tools give you the ability to restore the server in the shortest amount of time.
If you need to restore data, you should take backup "snapshots" as often as you deem necessary. Backup software with scheduling functionality would be suitable here. Sometimes there is no need to restore the data quickly. In this case, one can use a combination of tools: For example, one could back up a system with an imaging tool once and then set up regular backups at the file level or database level.
Another question to ask is, "Can you plan your backup activities for a time when no one is using the server or does it need to be backed up in real time?" These requirements may place additional constraints on the backup tool or tools you will use. In order to ensure the consistency of the data, when backing up the server or data "on the fly," the software should support a hot processing (hot backup) technology-either a native one or Microsoft's VSS (Volume Shadow Copy Service).
For long-term storage of documents and data, it is better to use separate storage such as a network-attached drive, tape library or separate backup server. Nodes of the IT infrastructure should be connected to these NAS (network-attached storage) devices and the backup software should regularly upload the protected data. Several vendors provide solutions for that niche.
When the backup policy is adjusted on each node, a new problem arises: how to keep track of and monitor all the actions of the backup software, and what to do if a failure occurs. The answer to this challenge is to use centralized backup systems with remote management capability. Usually, there is a single control point in the system where the administrator can set up the tasks for all of the other machines in the network. The backup software reports (via logfile, report, e-mail or simple screen message) to the administrator that the software has successfully accomplished its job. Having the reports, system administrators can keep an eye on the state of the backups and maintain an accurate data reporting system, as well. Some of the lower-cost products have this ability built in.
There are many backup solutions that are designed for different purposes. If you want to implement the solution that will suit your business needs best, you should focus on the following:
- Create the policies. Decide which nodes you want to protect, how risky failure would be, what the right recovery time should be and what the desired backup policy for each node should be.
- Decide on architecture. Once you know your policies, allocate the storage and media for your backup archives, decide where to keep your archives and determine the software and hardware needed.
- Operation. When all of the parts are determined and in place, initiate the processes and create the procedures that will help you keep track of all running systems. These can include reporting, notifications and remote control.
Alexander Onischenko, based in Moscow, is the product manager of Drive Backup Family in PSG (Paragon Software Group).
PSG is a German-based company founded in 1994, with offices in the United States, Germany and Russia. PSG's products and services include System Technology (storage management and data safety), Smart Handheld Devices (dictionaries, games, utilities and handwriting recognition for SHD), Epocware (software for the Symbian platform) and Intelware (Internet-related software development).