Organizations often believe they can adequately safeguard their data solely using disaster recovery (DR) tactics such as nightly tape backups combined with high availability (HA) solutions that maintain local or, preferably, remote replicas of production servers. But this is a misconception. HA and DR solutions are necessary but not sufficient components in a complete data protection architecture. Even when used in tandem, HA and DR do not protect against a common vulnerability.
This common vulnerability is the problem of missing recovery points. This problem arises because, for the most part, HA and DR provide only single point-in-time data recovery. In the case of HA, the point in time is the instant before a failure occurs. With tape-based DR solutions, the recovery point is the time the backup tape was created, which is typically sometime during the previous night. Most organizations keep multiple generations of backup tapes. While this allows for multiple recovery points, they are spaced 24 hours apart.
HA and DR do offer critical data protection functions; however, there is a large class of data integrity and availability conditions that they cannot resolve. What's more, the issues within this class typically occur much more frequently than the problems that HA and DR are designed to solve.
These neglected data integrity and availability issues take into account any incident that corrupts or deletes data without immediately stopping operations. That includes accidental file or object deletions, as well as data corruptions that result from computer viruses or other malicious activities.
When an event of this type occurs, an organization that depends solely on tape-based backups for data protection can recover data to its state as recorded on the backup tape created the previous night. However, the data might have been updated legitimately several times after that-before the corruption or deletion occurred. The only recovery option in this case is to try to restore the data manually.
HA technology doesn't solve this problem either. The job of HA software is to infallibly maintain up-to-date replicas of production servers. Because the HA replicator does not know if a deletion was accidental or intentional, it diligently duplicates it on the backup server as it was designed to do. Likewise, if data is modified by a computer virus or a malicious individual, the HA replicator immediately does its job of copying that change to the replica server.
Once a corruption or accidental deletion is replicated to the backup server (which is typically within seconds, at most), nightly backup tapes once again become the only electronic recovery option in these cases.