Slashdot Mirror
What is Your Backup Policy?
higuita asks: "A few days ago, I was asked to check our backups policy, how they are being applied and to try to make it safer and more useful. Being new to the company, I started to check what is being done right now and found several problems. Since I don't have much experience with enterprise backups, what are the most used backup policies, software and global ideas about this issue? We have less than 1000 workstations (Windows and Macs), about 20 Oracle and Exchange servers (split between Windows, Solaris, and Linux), and it all needs to be backed up. Right now, we use the HP data protector with several tapes, where most things have a weekly full backup and daily incremental backups, and that most full backups are archived permanently in a safe we have for this purpose. We also have off-site storage for backups, as well. What practices and policies do Slashdot users implement for backups they perform at their office (home backups practices I am not interested in)?"
"I've investigated Veritas NetBackup and other solutions, and I'm also curious if Amanda could be better or at approximate the features offered by HP Data Protector. What backup software have you used that you found enjoyable with the least bit of hassle?
I've thought about using Dirvish to backup the user's homes to a cheap server with several HDs, and only backup to tapes once every 15 days or even once a month. They will lose their Windows permissions, but I don't think that matters much, since this is just for safekeeping the users' work. I thought about making full backups of the servers every 15 days with daily incremental backups. This way I will free up tape drives' time and gain more flexibility with the backup schedule.
I would love it if users worked off of file servers, but right now this just isn't possible. It's a planned addition that we still don't have the time to make."
I've thought about using Dirvish to backup the user's homes to a cheap server with several HDs, and only backup to tapes once every 15 days or even once a month. They will lose their Windows permissions, but I don't think that matters much, since this is just for safekeeping the users' work. I thought about making full backups of the servers every 15 days with daily incremental backups. This way I will free up tape drives' time and gain more flexibility with the backup schedule.
I would love it if users worked off of file servers, but right now this just isn't possible. It's a planned addition that we still don't have the time to make."
For that many systems, use a professional, enterprise grade, commercial solution. The open source stuff doesn't supply the same manageability.
AND FOR GOD'S SAKE, REGULARLY VERIFY THAT YOU CAN READ THE TAPES BACK... More sites have been screwed by backup tapes that weren't readable than any other failure mode. Verifying every tape is best. Second best is every weekly. Random samples, but covering every single drive's tape output at least once a month, are poor third place.
The two obvious software suggestions are Veritas/Symantec NetBackup and Legato Networker.
Weekly fulls and daily incrementals are good. Your offsite schedule should be checked to ensure that you have a relatively recent restore point both onsite (in case of data loss) and offsite (in case of building loss).
In terms of offsites, having a prepared plan for where and how to restore (Disaster Recovery and Business Continuity) is also important. But those all start with "Go get the tapes...".
don't make the mistake that one guy did
the office was in the North Tower --- The "offsite backup" was in the South Tower
oops
i would suggest minimum different zip codes different time zones would be best
other than that Grand father > Father >Son GF gets sent offsite
Any person using FTFY or editing my postings agrees to a US$50.00 charge
This will take a LOT of research on your part.
You'll need to identify each application that is being used, where its data is being stored and what type of "backup" is needed for it.
Don't forget to include "backups" of the system software. There's nothing more annoying than having to rebuild a system, and you have a backup of the data, but you cannot find the install CD.
Older *nix systems were far easier than the "modern" PC-based servers. I could backup my old Sequent box to a bootable tape. If anything went wrong, I could boot the tape and re-write the system. This is somewhat supported now on some of the PC-based servers.
Anyway, back to the "backups". Once you have the systems identified, then you'll need to look at what scenarios you'll need to plan for.
#1. Server crash.
The data on the disk is destroyed. The OS is destroyed. But the hardware is okay.
#2. The building burns down.
All of your servers are now smoking heaps of plastic. So's your desk. And all the CD's you had.
#3. 5 years from now someone wants a critical policy that was deleted 3 years ago.
I spend most of my time kicking co-workers to get them to NOT just dump data any where that has free space and to NOT just throw up a new web server without telling me.
I can't think of any good reason to do that. All the important data should be on the server. If the user wants to save a picture on the local disk to use as a background or something that's one thing (although I wouldn't allow that myself) but nothing important should be on those disks.
Past that, I don't have the experience to help you. All I can do is reiterate what another poster has already put up. Check the backups. I can't tell you how many stories I've heard about backups that "went fine" until someone needed data. Stories where the tapes were so old they almost shredded themselves in the drives. Stories of "backing up" for at least 6 months onto a cleaning tape (I bet the drive was in good condition though!). Stories of the backup data being garbage because of a faulty cable or something. The backup is worthless if you can't get the data back off it successfully.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
I dump stuff on undergrads. They've got to be good for something.
/heh, just Kidding. I just mirror my scsi disks with a big ultra-ATA device weekly and daily.
My backup strategy consists of hoping that my hard drive doesn't fail before I get a new computer/hard drive. It's worked so far, even with a laptop.
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
Fire, Flood, Mud, and Earthquake
In which case, the best case for off site backup is out of state, like Las Vegas or something. This also gives you an excellent excuse for monthly road trips to "check out the quality of the backups"
That said, for simple off site backups, solutions like MOZY.com do just fine for a small small business. Otherwise, something like LiveVault.com is recommended. There are plenty of vendors out there.
Another thing is the insurance for replacements for each of your software media. Things like MS can be done in bulk via several MSDN subscriptions, a bargain even if you never develop anything. (300 bucks get you copies of everything MS is currently shipping, along with extra CDKeys for many items). In fact insurance for the media and other details is a very good idea.
It's very nice if the backup facility is also located at the bottom of a retired ICBM missile silo, or something similar.
"It is a greater offense to steal men's labor, than their clothes"
the best way ive found yet is to back everything up to /dev/null
its incredibally fast and saves you on storage space for backup tapes.
In my opinion a good backup policy should account for anything up to and including a direct nuclear strike, if I manage to get superpowers and live, I don't want to have still lost my data.
Cross my fingers and hope the hard drive gods have pity on my pathetic self.
I pray.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
It's downsides: it's basically just a wrapper for rsync. It requires a lot of babysitting (if your backups fail for some reason, it'll try to do full backups the next day possibly with disasterous consequences as it tries to jam hundreds of gig down your T1). Also, it has to log in as root on all of your boxes, so there are some very careful sercurity considerations.
But a box with a bunch of disks in it, put it off site, and whamo you have a complete backup solution.
For the windows users, I like backuppc. I have never actually used it, but it allows windows users to choose when their backups are taken, and allows them to recover files themselves through a web interface. It's big downside is the cryptic way it stores files internally, making it really hard to extract files without using the web interface.
Listen p*ssy. I'm sure your the same homo that posted earlier about alf's boner and you just want to remain anonymous fo
I have 10 chinese kids in my basement memorizing 0's and 1's.
1 click down, yell "Clear" and hit the gas.
Paul Grosfield - the quicker picker upper.
At work we do the same, only to a larger extent. We've got an on-site and off-site storage, and each piece of information is printed in two copies to be stored at each. All that in addition to your usual Veritas tape and CD-RW backups, which we do for convenience of restoring lost data, but which we don't trust enough to eliminate paper copies.
I think you're jumping the gun a little here.
The first question you need to ask is:
What is the time frame for your servers to be restored in should servers and such completely fail?
If you don't know that answer to that question then how does your company know how much money to budget? Are you bound by HIPAA or Sarbanes-Oxley? You should know how much is your company's data worth prior to assigning a bidget.
Are some of your database servers supposed to be up 24x7? Maybe you should look at distributed transactions across databases located at different sites so if one server fails you still have everything live? Have you timed how long it takes to rebuild your servers to confirm your allotted time in your disaster recovery plan? Has your company considered imaging servers/ Is it possible to?
Have you consulted your disaster recovery plan? Have you checked with suppliers to see how long replacement parts will take to order? I can't tell you how many administrators get caught out by buying an expensive tape drive only to have it fail along woith the server and nothing can be restored until a new one can be sourced.
Without requirements, a disaster recovery time frame you will never be in control in the event of a disaster.
Your companies board of directors/owners will need this information. It's called operating under conditions of "due care and diligence".
If something goes wrong and you can't tell your boss exactly what is required and how long it will take to recover then you're working in the wrong job - a big part of being a network administrator is planning for ANY event.
Oh, most of the time my customers are happy with Robocopy. I hate paying for expensive hardware and backup software solutions when I can write something much simpler and document it properly rather than depending on someone else's buggy software. Of course this depends on the industry and their requirements.
Make sure that your boss completely understands these questions and issues. Ask him to see the current Business Continuity plan and Disaster Recovery documentation before you touch anything on those servers - can't stress that enough.
Hope that helps, sorry it's brief but if you're in charge of backups it's your job to be ANAL and PEDANTIC.
Real men don't use backups, they post their stuff on a public ftp server and let the rest of the world make copies.
I wank in the shower.
What's a good inexpensive backup package for Windows that saves data encrypted to tape?
h tml ?
The Help in Backup Exec mentions that the password (if specified) will be required when accessing the files from within any Backup Exec program. I assume that means the data on the tape is not encrypted? I searched Symantec's Backup Exec 10d's online PDF manual but "encrypt" appears to be available only for DLO (Desktop/Laptop Option).
Maybe NovaBACKUP http://www.novastor.com/pcbackup/backup/n_backup.
We moved all of our servers to VMware virtual machines. Now we back them all up every night, some of them we even back up multiple times a day. We tried esxRanger first, but it took too long (back up of all of the VMs took 4 days) and used too much space. Then we moved to esXpress, which does differential backups of VMs, so it is MUCH faster and uses MUCH less space. We keep 30 days worth of backups online, but once a week we cut tapes of the monthly full and that week's differentials and ship it off-site.
The beauty of VM backups is that it is a backup of the entire system. You restore it and power on and you are running. You don't have to install an OS first and then the agent, and then restore a tape over the fresh OS install and hope it works.
Restores take exactly as much time as it takes you to read the data off of tape/disk. Once it is done reading/writing you just turn it on. Talk about your easy DR. However, for workstations this won't fly, but you really shouldn't be keeping anything important on workstations, that's why you have servers. We treat workstations as an interchangeable part. You log into any workstation with your credentials and you see your desktop/files/settings/etc, since they are all actually on the server. Our Windows workstations achieve this with roaming profiles and our Linux/UNIX workstations do it with NFS mounted home directories.
`fortune -o`
...that says "Severe Tire Damage!"
Lump lingered last in line for brains, and the ones she got were sorta rotten and insane.
Who bothers with backups? I've personally never wasted any time backing
A fatal exeeption 0E has occurred at 0137:BFFA21C9. The current application will be terminated.
* Press any key to terminate the current application
* Press CTRL+ALT+DEL again to restart your computer. You will lose any unsaved information in all applications.
Press any key to continue _
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Please God... please say someone took the project home on CD, or we're fucked!
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
Close, but no cigar. The four seasons in Southern California are Fire, Flood, Earthquake and Riot. I should know; I'm the one who posted that to rec.humor.funny about fourteen years ago. Besides, Mud is just a subsidiary of Flood.
Good, inexpensive web hosting
get a real file server,a small tape robot and veritas.
I don't give two hoots for a backup policy. What you need is a data recovery policy. When will I need to recover data, and how will it that be attained.
/. message if you want more info.
I've been working with Symantec (formerly Veritas) Netbackup in my workplace for the past 6 years. About 6 months ago I became one of the backup admins, and the biggest barrier I have to break with our clients is the backup mentality - I must backup everything all the time...
Generally your data recovery will happen from two triggers:
1. A user broke his own stuff and needs a file restored.
2. Disaster Recovery.
Each has different requirements, user wants the backup copy to be onsite, DR wants it to be offsite.
User PC's typically can be rebuilt/imaged in a disaster, you're not going to have a hot-site contract for PC's. If your DR plan is to install an OS, install a backup/restore client software then recover databases/applications, then why fret about backing up the OS?
Our policy is as follows
NT/Unix OS and flat files
Monthly full backups retained for 13 months
Weekly full backups retained for 6 weeks
Daily cumulative incremental (everything changed since the last full) retained for 15 days
Oracle Datafiles
Weekly cold for 13 months
Daily hot for 6 weeks
1-6 hour archive logs for 15 days
Exchange Datastores
Daily full for 6 weeks
Weekly full for 13 months
Every day any full backups that are more than 10 days old (not copy 0) are sent offsite.
Any customer that has a DRP contract (banks etc) with a 4 hour recovery policy (we have 3 days to get the system back to how it was 4 hours before the disaster) we either run inline tape copies, one for onsite and one for offsite, or else we backup overnight and duplicate during the day.
Your most important backup (for Netbackup) is your catalog. If you go to DR and all you have is a box of tapes, good luck. You need to know what data is on what tape, and the only thing that knows that is the Netbackup catalog.
I don't know much about other backup products (HP OpenView and BackupExec are the only others I've touched), but I'm sure they'll have something similar.
I've got lots more to say, but I don't have time to put it all down now. Send me a
what about a'lot?
Think of the children!
http://alternatives.rzero.com/
Rsync is very good at keeping two servers in sync with minimal bandwidth and disk activity, and can be configured so that you never lose a past revision. I have it set up so we have the latest copy, two weeks of revisions, and one previous revision for each file on every file share.
Some special consideration is needed for Windows servers. Some files get locked so they can't be read by rsync. We're not backing up anything that we'd run into that problem with, and we back up during a period of inactivity, but otherwise I suppose the right thing to do would be to create a volume shadow copy (look for vshadow.exe in the VSS SDK) so that rsync can back up from a consistent, non-locked copy of your data.
I'm still fighting to get our offsite backup hosting approved. It's no use to have all your servers back up to another server if it's in the same room and a fire takes them all out at once. Backup hosting advertised as backup hosting can get very expensive, but you can get dedicated linux hosting for probably 1/5th the monthly rate and configure it yourself.
There's a lot of backup software out there based on rsync. Rdiff-backup, duplicity, and BackupPC come to mind.
You write that you're archiving your old backups. This is good, of course, for several reasons. You need multiple copies in case the newest one isn't usable, and you may need to acess old data. However, how far back do you plan to go in saving old data? If you just keep all backups from now on, you'll have an endlessly rising storage fee because they'll just take up more and more room, and the chances you'll need the older data will get smaller and smaller. Part of creating a good backup policy is deciding how much to keep, and what to do with obsolete tapes. In some cases, such as tax records, you may be bound by legal requirements, but even so, there's no need to keep them once they're old enough the government can't request them any longer.
Good, inexpensive web hosting
Remember to change the tapes!
/var/db/mysql_tmp /var/db/mysql_tmp /usr/local/etc/rc.d/000.mysql-server.sh stop /var/db/mysql/./ /var/db/mysql_tmp/ /usr/local/etc/rc.d/000.mysql-server.sh start /home/*/public_html /home/*/Mail /var/mail /usr/local/www/ /etc -newer /root/backup/last_backup -and \( -type f -or -type l \) > /root/backup/daily_increment /var/db/mysql_tmp \( -type f -or -type l \) >> /root/backup/daily_increment /root/backup/last_backup /root/backup/daily_increment /root/backup/daily_increment /var/log/backup /root/backup/daily_increment /root/backup/daily_increment.`date "+%Y%m%d"`
/var/db/mysql_tmp /var/db/mysql_tmp /usr/local/etc/rc.d/000.mysql-server.sh stop /var/db/mysql/./ /var/db/mysql_tmp/ /usr/local/etc/rc.d/000.mysql-server.sh start /root/backup/last_backup /home/*/public_html /home/*/Mail /var/mail /usr/local/www/ /var/db/mysql_tmp/ /etc /usr/local/etc /home/*/public_html /home/*/Mail /var/mail /usr/local/www/ /var/db/mysql_tmp/ /etc /usr/local/etc" > /var/log/backup
the cron scripts don't work otherwise!
#!/bin/sh
# Daily backup script
rm -rf
mkdir
cp -R
find
find
touch
tar -cT
mt rewoffl
cp
mv
and
#!/bin/sh
# Weekly backup script
rm -rf
mkdir
cp -R
touch
tar -c
mt rewoffl
echo "Full weekly backup of
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
Paraphrasing a certain Mr. Torvalds:
Backups are for wimps. Real men post their data in comments and have slashdot mirror it
Comment removed based on user account deletion
Comment removed based on user account deletion
Some general comments here; some apply to the original poster, some don't, but they are all points that need to be considered.
First of all: what data needs to be retained, and for how long? Some data has to be kept for several years to satisfy regulatory requirements. That data should be backed up to tape, and several copies made; each copy should be sent to a different site. Make sure that each site also has whatever software and hardware is needed to recover that data - it's all too easy for formats to go out of fashion, and ten years later, find out that you can't read that stuff you desperately need for some lawsuit. Case in point: the BBC had a Doomsday project, in which they stored a large amount of data on a laserdisc. Ten years later, they had to scrounge to find an old Acorn system that hadn't been manufactured for eight years in order to be able to read the disc.
Secondly: as others have said, verify your backups. It's no good writing stuff to tape; you have to be able to read it. One guy I know was called out to a site to do a restore. He asks where the backup tape is, and it's handed to him. He pulls the tape out of the housing: "Hm. I didn't know these things come in clear." Yes: they'd used that tape so many times, the magnetic oxide had flaked off. Completely.
Third: do a cost-benefit evaluation. It's no good spending a million bucks on a backup server if the total value of the data you're backing up is only a hundred thousand dollars.
Fourth: get management involved. They don't need to know all the technical details, but they do have a better idea than you do of how long they need to keep the data. Make sure they understand the cost involved in longer retention periods (twice as long => twice as many tapes), then let them make the call. That way, it's not your butt on the line if you get it wrong.
In my specific case, I work at a major university in Australia. We use Tivoli Storage Manager for our backups: all servers get one initial full backup ("incremental from zero", to be precise), then all backups are incremental. TSM makes two copies of everything it backs up (in the process, it verifies that the original backup is readable), and we've configured things so that one tape silo is on site, one off site (both are live at any given time, thanks to fibre links between our data centres). Initial backups go to the "off site" silo, and the copies go back to the "on site" silo. Both silos use LTO2 (we're in the process of upgrading one to LTO3 drives, then we'll introduce LTO3 media. The LTO2 media will be moved over to the LTO2 silo as it's freed up.)
Data which needs to be kept for longer than 90 days is stored using the Archive function, which makes a copy independant of the backups. Everybody who sets up a server is required to sign off on its backup requirements; if they say "it doesn't need backups", we have it in writing. We also have software in place that alerts us if a server misses its regular backups.
Good luck. It's a thankless job, and if you're lucky, you'll never be called upon to do a restore.
I never NEVER backup. It is futile, a huge waste of time, and a monumental risk. The only time I have ever lost data was while performing backups. Let me give you an example.
/// machines, and it took a whole case of floppy disks to back up the system, IIRC something like 180 floppies. It took goddam forever, so I usually started early in the morning on Fridays, and the network was unusable during the backup, so everyone (except ME) got to sleep in on Fridays (usually they didn't show up at all).
Way back around 1979, it was my first serious development job, and as the junior programmer in the shop I had the onerous duty of performing the weekly backups of our production drive, containing all the code for our accounting software development. We had a big 10Gb Corvus hard drive (the original Winchester) networked to our Apple IIs and pre-release Apple
So I spent all morning doing the backup, shuffling floppies in and out of the stupid disk drive, then when it was all done, doing a verification pass, which took just as long as the backup. All was well, I turned the hard drive back to network usage, verified it was operational, and went for a long lunch and a haircut. Nobody was around when I left, so I locked the door and left.
I came back to the office at about 2PM, everyone was there and they all started yelling at me immediately. The moment I left the office for lunch, the Corvus hard drive died. It was totally not my fault, it was a random hardware failure, at least it was a good thing it happened AFTER the backup was finished. The only problem was, it was the only unit we had, it would take 2 weeks to get a replacement drive shipped and installed (hard drives were very hard to obtain back then). Of course everyone jumped to the conclusion that I killed the drive, I protested that it was working correctly when I left, and I tried to reassure them that the backup was verified so no work was lost. Everyone assumed that since I had taken 2 hours for lunch (I had scheduled the haircut a week earlier with my boss, who wasn't in the office that Friday) that I had killed the hard drive, then fled in a panic. No matter what I said, nobody believed me. I got fired that day. Since that day, I have never performed backups, and I have never lost ANY data. I have a totally different strategy.
System and app backups are totally useless. Sys configs and apps can be replaced easily by a fresh install, and much quicker than doing a restore, and you don't have to waste time doing repetitive, useless, time-wasting backups every week/month/etc.
The only data worth saving is irreplaceable data. This should not be backed up, but instead, archived. For the most precious data, for example, photo and graphic design jobs I created from scratch for customers, those are archived immediately upon delivery (I usually work on short deliverable cycles, like a week or two at most). Routine archiving of each job to CDs or DVDS makes it easy to create an extra copy as a deliverable, and one for my archives. Other major file stores, for example, my mp3 collection, is archived each time I acquire a full DVD worth of new data. It is better to archive as you go, than to waste time in full system backups.
Rather than wasting time with backups, it is preferable to make sure your disks don't NEED restoration, by scrupulously maintaining them in optimal condition. Maintenance is better than backups. I buy only high quality hard drives, I monitor their performance and integrity continuously, and as a result, I've never had a single hard drive failure in any system I've owned, and that goes back almost 20 years. I have never lost any data.
Two thoughts related to storage:
- Consider carefully whether you trust your tape safe. I've seen tapes damaged at temperatures lower than some tape safes are rated for.
- If you have offsite backups, you should also have offsite tape drives. If your main site is destroyed in some catastrophic disaster, it's not too hard to get emergency replacements for server hardware, especially x86. But urgently sourcing the right model of tape drive (in many cases a model that is a few years old) can be a nightmare. While most drives of [insert favorite tape technology family here] generation N+1 will read tapes from generation N, it's very easy for time to slip by to the point that most of the drives on the market are actually generation N+4, and their support for reading generation N is spotty (even if the spec sheet says otherwise). If you're using proprietary backup software, make sure you can get your hands on a copy of it quickly, too.
is http://www.avamar.com/
The Backup server or cluster of servers store 20KB blocks keyed to the block's SHA-1 hash.
Smart agents on each backup client chunks each new file to be backed up into 20KB blocks and calculates SHA-1 hashes which it compares against the backup server.
If the block is new (not on the backup server) the block itself is transfered.
If the block is old, the backup server stores an extra reference to the block for the client/file.
The end result is..
a) a 1000 windows backup clients will result in only one copy of a windows dll being saved
b) every full backup is like an differential in terms of size/speed.
c) you have weeks (if not months) of daily backups of all backup clients stored in 110% of total backup size.
d) the backup agent on the client has a larger footprint and requires more CPU while running.
Put the backup servers at a remote site with a high speed link and you have disaster recovery as well.
If the high speed link isn't an option, there is support for remote replication; requires another backup server (or cluster) of same size.
This is the way all backups will be done in the future.
This sig space tolet, reasonable rate.
Servers - how long can they be down? Do you have replacement plans in case your data center gets hit by the next earthquake/hurricane/fill_in_the_disaster. Having tapes off site means nothing if you don't have hardware for restore. Can you get Hardware X if everyone else is looking for X, maybe Y is the new standard and you're application needs X version 1.2.
Desktops, are files on a server or local? Do you have a standard desktop that can be rolled out and copies of the server. Can the desktops go 2 weeks, but you need the servers back in 12 hours. You need a plan before things get ugly.
Speaking of tapes, as mentioned you need to periodically check your restore. Backups don't matter, it's whether or not you can restore your data that counts. How often, incremental or full. Be careful shipping tapes. Since 9/11 I've noticed tapes shipped with certain carriers have read issues at the remote site. Is this X-rays on cargo or just a bad run of tapes?
If cost is a big concern, you're likely going to end up with BackupExec. It's not my best friend in the world, but it generally works. And it's pretty damn cheap compared to NetBackup. If you're more concerned with functionality and ease of use, cough up the extra $$ and use NetBackup. I have several of each and I wish they were all NBU.
Of course, one of the biggest favors you can do yourself is to get reliable tape hardware. Vendors like STK and ATL are pretty expensive, but I can't tell you how much less likely I am to shoot people now that I have a big STK library instead of a collection of small, cheap libraries that were always having problems.
LTO-2 & LTO-3 are popular tapes these days. They're fast, they hold a lot, yada yada yada. Backup to the part about "they're fast". This is important. They have minimum write speeds. If you can't keep up, they'll constantly stop & start. When they do this, they have to rewind, start again, come up to speed, write a bit, stop, rewind, etc. This is referred to as shoe-shine. This is bad. If you're backing up small boxes that can't keep your tape drive going, you have 2 options. 1) multi-stream -- where multiple clients are backing up simultaneously to the same tape and the data is interleaved. I'm not a big fan of this. 2) buy a bunch of disk space for disk staging. Back up to disk and then migrate from there to tape. This is a better option, but it'll cost money (duh).
When you back up Exchange, you need to do 3 backups. 1) system state, c:, etc. Make sure you exclude the store and the M: drive. 2) Information Store. 3) Mailboxes (aka brick-levels). You need #2 if your store becomes corrupted, your RAID controller dies, etc. You need #3 to restore email when execs delete something and then call and say "I deleted something. Can I get it back?"
If you're shipping a lot of tapes on/off site, cough up even more money and get a NBU Vault license. It'll keep track of all that mess for you.
Despite popular belief, fulls don't have to run on Friday. They can also run on other days, like Tuesday and Sunday. If you're having a hard time getting all your fulls done in one day, pick a few servers and run their fulls on another day.
Oh -- one last thing about NBU -- run it on Solaris. I have 1 Windows NBU master/media server and I hate it. I'll not make that mistake again.
If you have some data that's really important, feel free to run fulls more often. I do InfoStore fulls 3 times a week. Some important databases (which aren't really all that big) run fulls every night. You'll be happy you did when you have to restore and don't have to replay 6 (or 13!!) days of transactions.
Having a bunch of different retention periods looks good on paper, but it's a bigger headache to manage. If you really want to do this, NBU Vault can take care of some of the pain. The more stuff like this you do, the more Vault will be worth it.
I don't bother with backups. I've got a airtight policy in case of a HD crash or any other form of data loss:
1)Look shocked and terrified.
2)Yell.
3)Scream.
4)Pull hear.
5)Bang head to wall.
6)sit quitely sobbing a corner.
7)Kick the cat.
8)Replace HD. (if necessary).
9)Reinstall software.
10)Kick cat again.
11)redownload mp3s, movies, games and pron.
12)Feed cat.
13)Mail goatse.cx pictures to random innocent people as an act of pointless revenge.
14)Make futile threats to a deity that if it happens again "the cat gets it".
15)continue life as normal.
Now what could possibly go wrong with my plan?
AMANDA is really great software. In my past job, we used Retrospect (then from Dantz). That was a nightmare--it used some proprietary archiving format & we weren't able to retrieve some things. AMANDA uses standard dump or tar files (well, as standard as 'dump' is, I guess), so I'm confident that that'll never happen. It also has a first-class scheduling system. Every night, we fill almost exactly one full tape. There are very few disks which don't get a nightly incremental & we have it configures so we are virtually guaranteed a full backup of every host at least once a week.
We use it with Linux, FreeBSD, AIX, OS X, and Windows (through Cygwin). The only "ugly" part is that we backup at night & laptops are therefore not part of the regular cycle. For those, we use rsync over SSH to backup to a central file server which does get backed up at night.
So far the best "backup" software I've used is rsync.
I used to work at one of the worlds most well known web hosting companies where among other things I ran their backup system. It started out with Arkeia and a 120tape library with 6 AIT3 drives. Arkeia was crap though (this was 3yrs ago), it was such a pain to setup and the trying to restore ANY amount of data would literally take days just to scan its local database. Trying to restore just one file would take 6hrs just for it to scan its local database... On a dual processor box with SCSI drives and 1gb of ram.
We moved to Veritas NetBackup, which was a dream to work with compared to Arkeia, but it too had issues (besides its cost). You could tell the software had been around for ages, it was far from being easy to use, or even efficient, but compared to Arkeia, it was a dream. It would start like 10+ processes, and every now and then one would die, causing everything to silently stop working and you would have restart them all. This usually caused at least one days worth of backups to fail. When you had 1TB of data to get in a 8hr window from a few hundred machines, it didn't take much to miss your window.
Tape backups are just a pain to use. They are slow to backup, and even slower to restore from. They need constant cleaning, and from my experience the drives fail more often then harddisks do. It seemed we were replacing about two tape drives a year. They aren't cheap either. Ouch!
The best backup system I've used so far is rsync with its nifty snapshot ability.
I setup the backup system for a company with locations in 10 different cities (connected with broadband), where each location has its own Linux server, and a central backup server at the main branch. Each employee has a H: which maps to a Samba share on the cities local Linux server, they save all their data to this location, and twice a day the main backup server rsync's the data back to the head office. Since this process happens twice a day, the amount of data that changes is quite minimal, a few hundred megs or less across the entire company, so it only takes a couple hours at most. The main backup server keeps these twice daily snapshots for about two months, and each week the main backup server itself is backed up to tapes. Luckily we have never had the need to restore from the tapes...
So basically all data is stored locally on a RAID'd server, then remotely on a RAID'd server at head office (twice daily), then offsite on tapes (weekly). The main benefit though is that executives, or the technical staff can pull data off the main backup server from any date in the last two months immediately, just by using Windows Explorer. No need to restore from tapes, and all the data is redundant in 3 locations. To do a restore, we basically just reverse the rsync script, and push the selected data from the main backup server back out to the local server.
Works like a charm, and its free!
Open Source Time and Attendance, Job Costing a
I run the same version of my OS on QEMU and have it rsync the data.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Using "cp -al" for creating backups using hardlinks has made it possible for us to keep fullbackups online for every day the last 14days, every weeks from the last 14weeks and every month from when we started taking backups. The online backup are stored at two locations (two diffrent offices connected using VPN). Every weekend we take full tapebackups.
:-) I hope we are good.
This enable us to retrieve files without digging for the tapes. Tapes are rotated out of the building to a remote safe
I guess I'm glad you feel invulnerable with the backup scheme you've crafted (and make no mistake, it is a backup - despite that you choose to call it archiving), but really you're just playing roulette with your data.
Now, having offended you, let me agree with some of the things you say. =)
Your assertion about maintaining a complete system backup is pretty spot on. The data is what you want to keep safe and the applications are perfectly able to be reloaded from the source media (provided, of course, that it's still available - but that's a different topic). I somewhat disagree that configs are unimportant. Though backups aren't necessarily the place for those either, rather they ought to be kept in some sort of change-control mechanism (CVS or whatever) for the sake of repeatability. That way, you can do an install on a fresh box, check out the configuration and proceed to dealing with the important stuff - the data.
Back to disagreeing.
Your current scheme of burning off your work whenever you deliver something makes you vulnerable to significant data loss via accidentally fat-fingering an rm, or catching a virus, or suffering the random angst of an irritated diety (other assorted phenomenon) since you claim immunity to such catastrophe. Your major complaint about backups seems to center around the amount of effort required to do them (well, that and the bad experience you had after performing one). This is why I think you should take some time to look at using rsync to do snapshot-style backups. My backups go nightly and are almost completely automated - I just have to plug in a different external USB drive into the server each morning (though if I forget, it's no big deal). Between that and the hardware RAID, I've reduced my rework window to no more than 24 hours. As an added bonus, I don't have to worry with buying or storing a pile of CDs/DVDs or worring whether they'll still be readable when I need data off the bloody things.
Now to quibble about terms, or the reason I accused you of still doing backups.
Archiving says that you take the project data and move it off primary storage and onto your CD/DVD. Yet, when you were speaking of your MP3 collection, you said you burned a DVD when you had enough new material to fill a disk - implying that the data was not moved off, merely copied off. According to Webster, that'd be a backup. =P Thus you do some of both, probably.
In summary:
* Automated backups of your data so you don't have to actively worry about doing backups == good
* Depending on CDs and/or DVDs to keep your data safe == silly
* Calling a backup an archive == redefinition of terms
* Asserting that certain components haven't failed in the past and will therefore never fail in the future == past performance is no indication of future returns
James
I've used Amanda, Bakula, Netbackup, Networker and by far the best of the bunch for enterprise size networks is TSM. Easily. Netbackup is something I still have cold sweats and nightmares about, ok, not quite nightmares, just the occasional cold sweat. It's really a small network system which has been kludged to "enterprise" class. TSM was designed for managing large network backups from the start.
Deleted
I once had to move from TSM to Netbackup due to corporate policies. It was horrible. TSM's a fabulously powerful bit of kit i'd recommend to anyone looking for an enterprise backup system.
Deleted
I have a rosary backup policy. My prefered saints to pray to are Mary, Don Bosco, St. Ignatius of Loyola and St. IGNUcius.
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
We use a product called Storix http://www.storix.com/, which is a very inexpensively priced commercial .tar generating backup software, and we store our fileserver info on a DLT2 carousel tape changer. This software is very easy to use and maintain, and works on a wide variety of Linux/AIX systems. The software allows for backups ranging from incrementals to full bare sheet metal restores, including a boot CD. For a small additional fee, you can ensure your tape data is encrypted. Highly recommended.
An additional point I'd like to make is I'm a big fan of having MORE backup devices, lots of redundancy. Yes, it's more expensive, but if your data is truly mission-critical, consider having a backup device for every key server. The internal DAT tape backup drives on Dell rack servers are inexpensive, and will provide you with this redundancy, as well as the ability to back up multiple servers in parallel (allowing for more frequent backups). If your server is larger than what DAT will handle, paying approximately $5k more for an additional tape carousel is not what I'd consider an inappropriate insurance policy for this type of data.
Finally, your onsite and offsite storage safes need to be fireproof, lockable and combination/key changeable. Ensure that you have at least one recent full backup on and offsite for all your key servers, whether you do incrementals or not.
An aside: for HP-UX users, Ignite and BRU are a great way to go. Should your boot drives/partitions fail, you can boot from tape and be up and running your system in less than a couple hours.
Where I'm at, all I have to make sure is that my offsite is not the city. I live in the Johnstown area between Johnstown and Westmont. As far as flooding goes, I'm safe. As far as fire goes, I can store my backups in my girlfriend's room as this building is designed that a fire in F-Dorm (where I'm at) cannot get to the next dorm (E or G). My girlfriend is in B-Dorm. If I would store backups, it would be at home (where my parents live) as it is another part of the state. I would jabber some more, but I have to get my ass to class.
sudo mod me up
First, determine your needs. Are you backing data up for disaster recovery purposes, data protection purposes, or archiving purposes to meet regulatory requirements? Or maybe some combination of the three? How long does this data need to be stored?
The most common technique is a weekly full backup with daily incremental backups. Depending upon your file retention requirements, you may be able to re-use the incremental tapes or you may have to append to them and then cycle them out when they are full. Most companies with any sense will send them to off-site storage, which can be records storage company or another company-owned site a good distance away.
As far as hardware goes, again, most companies will have several servers running backups simultaneously to multiple drives or libraries in order to reduce their backup window. The hardware varies depending upon the amount of data that needs to be backed up.
An often overlooked part of DR planning is to store a copy of the backup software and a spare media device with the backup media offsite. If you have a disaster and lose your backup devices and software, you may not be able to get the same hardware/software versions that can read your backup media in the future.
Also, you must do regular DR testing. You would be suprised how many companies use a backup strategy for years, and then when disaster strikes they discover that their strategy was inadequate. Once you have done a couple of DR drills you will undoubetedly discover ways to tweak your procedures to improve performance and reliability.
We use what we call a "finger drive" (not to be confused with thumb drive). After a catastrophic failure, we are all driven to finger pointing.
I personally take care of 1.3GB of personal, very important storage (read: porn). Once every two weeks or so I rsync to another physical computer. I don't believe there's any advantage to RAID over this. Sure, if my main server dies I've lost whatever's been collected in the last two weeks, but for me that's really a non-issue.
But anyway I'd actually try to apply my 1-person-shop strategy if I would be maintaining that much.
It may sound crazy for most people but it goes like this:
1) All critical data on central servers. No critical data on workstations, ever.
2) Critical Stuff for MS stored on Unix via Samba (Asuming your using Ethernet and not some Turbo Protokoll I don't know of)
3) A guy responsible for backup including taking this weeks backup home + a standin for him. Both have necessary root access and have specific payd time devoted to maintaining a working backup policy.
4) Automated regular overturning backups (custom shell script) using an PHATT external USB 2/Firewire HDD or, in your case, a few of these (or something simular).
5) A custom polstered Zarges Box or suitcase large enough to carry a backups worth of those around (home/offsite).
Downside: Doesn't use expensive unreliable ancient-technology tape, which, for some bizar and strange reason I really can't fathom, somehow still is the ultimate way to do backups for most people. Ergo: It will be hard to convince management *and* your IT co-workers that this is actually a very good solution.
Upside: Faster, Cheaper, more reliable, easier to recover from, easier to replace/find spare parts and easier to handle than any other solution I know of - or my IT-expert geek friends use for that matter. I have actually managed to recover from backups done that way. And since I've been hearing the some horror stories about tape for almost two decades now - no matter what type of tape - I consider my observation confirmed.
Footnote: I strongly suggest using ext3 as backup filesystem. It's a slowpoke, adding maybe a few hours to your backup, but it's insanely easy to recover from any Unix without having to do panik purchases of strange GUI FS recovery software that require some strange configuration of Win XP + Service Pack 2 and the additional sacrifice of your firstborn child.
Look at your network, do the math and have some shelves built for a few of those external driveboxes. Your critcal stuff can't be more than a 1-digit sum of TBs.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
Here's what I do when I need to back up:
It works really well, and I can almost always recover from those backups too.
In times of universal deceit, telling the truth gets you modded -1 Troll
So it becomes a nice natural cycle for California.
Riots work well as part of a slightly different cycle.
So you are the guy with the sideburns? excellent.
Although there seem to be earlier mentions of that phrase in various versions in other groups prior to the 1995 rec.humor.funny posting - It's still all quite good.
"It is a greater offense to steal men's labor, than their clothes"
i would suggest minimum different zip codes different time zones would be best
Sounds funny but very true. Backups across town aren't terriby useful if across town is flat too. Sound farfetched? Ask a sysadmin in Miami how far off he ships his backups. If he was there when Andrew visited, I'll bet they're in New Mexico.
This may seem a tad offtopic, but it is relevant:
You have to think through both distance from and access to your backups as a part of disaster recovery planning. Backup isn't just recovering the CEO's email, though that is a (hopefully) far more frequent occurance than recovering from a hurricane/fire/mudslide/blizzard. Easy access to the backup media is important for daily operations. Recovery from disaster is quite a bit more complex. Your backup solution needs to be able to cover the full spectrum - from yestarday's lost spreadsheet to the area flattened by mother nature.
Personally, I keep two backups - one here locally, one 1000 miles away in another state. Backup to CD here, online rsync in NC.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." - Variously attributed, frequently to Andrew Tanenbaum
-- "Never underestimate the power of human stupidity." - R.A.H.
I'm not in IT for my company so I only know part of it, from observation mainly.
First: All important files are to be kept on network fileservers - big RAID boxes which keep backups automagically, as configured, as part of their normal operation. All workstations automount them, all home directories are on them, laptops sync to them when on LAN, etc. (There are also "scratch" filesystems for temporary files - build intermediates, chip simulations and their results, etc. These are cheap, fast, and non-redundant Probably fast drives on fast servers. Files there may persist for months but will be lost if a drive fails.) If you want your files preserved you make sure they're on a backed-up fileserver or you lose.
Second: Backup tapes (generated by the fileserver appliances) are periodically transported, by currier in locked box, to an offsite storage facility. (No idea how often or where. Not my problem.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Not unless the mud can seep 5 miles underground or more. And, yes, I'm The Guy With The Sideburns. It's a long story, and doesn't belong here. Glad to see I'm recognized. I'd have used Sideburns as my handle here but it was taken.
Good, inexpensive web hosting
We use ShadowProtect to backup all of our Windows Exchange and SQL servers. It's a hot (no downtime for backups) snapshot-based backup and disaster-recovery product similar to Symatec's V2i/LiveState products.
In the past we used Symantec's LiveState Recovery but we discovered that it consistently produced corrupt backups of Exchange servers. LiveState is basically useless for backing up Exchange. ShadowProtect has no problem making clean backups of Exchange, even under very heavy load, and it's significantly cheaper than LiveState.
The only problem we have experienced with ShadowProtect so far was that during a restore operation we did not have access to some of our drives when we booted the ShadowProtect Recovery Environment CD. However, StorageCraft (makers of ShadowProtect) support was very helpful and made a custom recovery bootable CD for us (at no cost) which resolved our issue.
One thing we found interesting is that we discovered that Symantec's snapshot technology, upon which their product is based, is actually made by StorageCraft. Take a look at the file properties copyright info of pqv2i.sys or symsnap.sys, their snapshot driver, it's copyrighted by StorageCraft. This means that StorageCraft's ShadowProtect is based on the same widely-deployed/tested snapshot technology, albeit the latest-and-greatest version of it as StorageCraft is the actual maker of this technology, not Symantec.
The problem with encrypting backups is that if - on the backup - one bit of data becomes corrupted, the entire backup is likely to be worthless. Since most times when doing a restoration of data, this corruption happens when you need the data most (Murphy's Law), you will come to regret the decision. At least on an unencrypted tape, you can sometimes (with a lot of work) start in the middle of the tape (or other backup medium) and work around the damaged portion, and only lose a bit of the backup.
With an encrypted backup, you could lose it all.
Unless your backup medium is completely foolproof (I know of no such medium), encrypting the backup seems foolhardy, unless you can stand the potential loss and/or the data, should the backup fall into the wrong hands, is valuable enough. Most data isn't this valuable, and the process for backup should take this into account, and only backup the valuable data separately (and possibly encrypted) from the main backup - so that in the event the backup is needed, the entire thing isn't hosed if an errant bit is corrupted.
BTW - I know I have simplified things a tad and an errant bit isn't likely to corrupt an entire backup, but I am using this as an illustration. If you have ever messed around with backups, you know that in the heat of the moment is when things are found to not work as planned (which should make you test your backups before needing them, but I digress) - so you know that what I am talking about is a real possibility...
Reason is the Path to God - Anon
I zip all my files and name it "Naked pictures of (insert star name here)". Then I publish the torrent. Cheap distributed offsite backup.
SD
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
Some tips from a pro:
1. Educate users. Let them know in what circumstances what file can be recovered upto when. Don't allow 'grey' backups
2. Don't backup workstations. Use a solution like Norton Ghost or PXE to distribute network booted generic images and have user homes on a WELL CONFIGURED WELL BACKED UP NAS.
3. Don't do incrementals unless you absolutely absolutely have to. differential backups (every change since last _full_ backup) allows you to have multiple copies on tape.
4. use great backup software. I'm a EMC/Legato NetWorker guy myself. don't trust homebrew freshmeat perl scripts. you don't trust your million dollar data to a 35-year old geek living in his parent's garage.
5. Test your restores. Do it often.
6. keep a copy of your critical data offsite as well
7. Have a disaster plan. test it. TEST IT!
Exercise caution when modding this message up: the author acts like a jerk when his karma is excellent.
I highly recommend a SAN solution for larger backups, using the eVault software product. We switched over about 6 months ago, I can literally restore a corrupt/deleted/cut and pasted elsewhere file within 5 minutes of the user request. No searching for tapes, no swapping and taking backups elsewhere. A fibre connection to another location that houses the server/backup array gives me gigabit connectivity to all of my backups. Each night is a full backup, even for slow backups such as Groupwise. www.evault.com
John, who was a biostatistician and the finest mathematician I have ever known, turned to me and asked what the capacity of a 9-inch reel tape was (I don't remember, I do remember we were getting 6250 bpi though). He then calculated in his head the rough bandwith of his car (because he knew how big the cargo area was and how long it took to drive to Benedict) and discovered that the fastest and most economical way for us to get the job done was shipping tapes. I was willing to take his word for it - he did that kind of thing all the time - but some of the other scientists had him explain the calculation anyway.
What John said at the time (I don't really know if it was orginal to him, but it was the first time I'd heard it) was "never underestimate the bandwidth of a station wagon full of mag tapes". No hurtling involved, he was a cautious driver.
I use a table-driven script calling rsync --link-dest onto coraid aoe racks, then archive offsite to LTO3. I back up everything nightly.
But the guys here who wanted to buy a product, rather than build a solution, spent months researching all the alternatives and they even got demo hardware and software and trialed the majors on site. Their finding was that Comvault knocks the doors off everything out there for really large volumes of data on multiple operating systems. Veritas and Legato were among the ones they trialed, I don't remember any more details (sorry!). We've tried Time Navigator and Arkeia and Retrospect in the past, none of those scaled for us.
We now run both systems (commvault and my custom one) so that we have a backup system and a backup backup system.