This article is the first in a series. In this part, we will cover building the backup infrastructure for a small team of 15 people or less, that is running their computer systems primarily on in-house hardware – a server or NAS, and PCs for each user.
We’ll assume that most information is stored locally in your building. Later articles will cover other options – backing up a cloud infrastructure and backing up a hybrid infrastructure where some data is stored on-site and some in the cloud.
Table of Contents
Data is the lifeblood of any organization. If it is lost or stolen, how long would it take to recreate the information about your customers, suppliers, partners, and products? These days there are more threats than ever to contend with and the ways to lose your data are multitudinous:
- Ransomware that encrypts your data so you can’t access it, (or even encrypts your backups as well as the online copies of data)
- Malware that erases data or sends it to another location
- Users who make mistakes and erase or overwrite files
- Equipment failures that render data inaccessible, scrambled or permanently destroyed
- Natural disasters that destroy not only your computers but the data stored on them
So you need a backup strategy, and maybe more than one – the system that can easily and quickly restore an entire server may not work well for restoring a single file that a user accidentally deleted. Fortunately, there are backup systems for every need, from simple backups of data from one system to a second to disaster recovery systems that can recreate all of your systems at a new location in minutes if necessary. Another related but separate function is archiving and e-discovery for communications – voicemail, email, instant messages, video conferences and more that might be needed if your company is involved in a lawsuit or has to document a data breach.
To provide your critical-mission data availability, follow the 3-2-1 Backup strategy when you build out your backup and recovery infrastructure.
Further reading Following 3-2-1 Backup Strategy with MSP360 Backup
To build an effective backup infrastructure, you need to ask yourself some questions before:
- Where is the data located?
- How much data is there?
- How quickly does it need to be back up and running if something happens?
- What level of security is required?
There might be 15-person companies with only a few dozen customers and a few years worth of data to protect that might store backups of everything on a single hard drive, and others that do movie special effects or scientific data processing that would need a truck full of storage to hold everything, and might need hours or days to transfer everything from one system to another.
Some might be able to survive for a week or two without access to all their data, while others would lose tens or hundreds of thousands of dollars for every hour their systems are offline. For the first, a basic backup system that can restore data to a new server in a few hours would suffice; for the second, it is possible, though expensive, to recover a complete failover data center system and have everything available in seconds even if a whole data center is taken out by a hurricane.
The traditional local backup approach involves making a copy of your data on a set schedule and storing it on a storage device that can be sent to a separate location if necessary. Rather than doing a complete backup every night, many modern systems can backup only what has changed since the last backup; this is called an incremental backup.
Further reading Incremental Backup Explained
With early backup methods, that was an iffy strategy since a complete restore required restoring from the last full backup and then all of the incremental backups since the full backup. Today, an incremental backup can be automatically integrated with the backup system so that you get the best of both worlds – an up-to-date backup that still only requires backing up the files changed since the previous backup.
Another issue to deal with is that backups must protect against ransomware that often targets and encrypts not only the day-to-day files used by an organization but even the backups. To protect backups from ransomware, vendors typically use one of two systems – either an approach like anti-virus that attempts to catch malware in the act and keep it from corrupting backups or a write once read many (WORM) system that provides protection against ransomware by never overwriting an old version of a file. Since new versions of files are kept separate from older ones when ransomware encrypts files and attempts to encrypt the backups, new versions of the files are created that are encrypted, but the old, unencrypted files are still available as well. This uses more storage space, but it is relatively cheap, and many consider this a good investment to prevent data loss.
Further reading WORM Compliance Explained
Data must be protected, but more than that, you need to be able to get up and running in case something happens to your systems. This means disaster recovery in addition to traditional backups. You need to ask yourself how long you can go without your data and the systems the data is stored on – whether it is minutes, hours, days, or weeks. If the answer is longer than it would take to buy a new server, set it up, and restore the data from your backups, then you may want to consider backing up to a virtual machine in the cloud. The downside to this approach is that it costs more, especially over time – you can buy a backup device and backup software, and that one capital expenditure will last until it’s no longer compatible with the server you’re running, probably several years. The cloud backup will cost you something every month.
The simplest example of a business network is a number of workstations connected to a file server running Windows or Linux, or a NAS device that provides the same functionality. Clients typically store all the files they use day to day locally on their workstations, but there is still file server that needs to be backed up – local workstations don’t have to be copied with image-based backup individually since they can be re-installed (re-imaged) with the master image if there are problems. But the file backup of individual workstations is still required.
In this case, all you need to back up is the server, and the size of the device you need for backups will be several times larger than the volume on the server, generally three or four times larger.
There are two technologies that can reduce the size of the backup device needed – compression and deduplication. Compression reduces the size of data, and deduplication saves space by copying only unique files or parts of the files. If you back up six home directories and they each have a file called addressbook.ost, only the first copy will be backed up. If any of the six files needs to be restored, they can be put back with only that one file. If there are two different versions of the file, both get backed up. Some deduplication systems work on small parts of files so that if two files are mostly the same, only the part that is different needs to be stored separately.
In addition to the device or devices that your backup system stores data on (targets), your backup/disaster recovery system may also include servers, whether physical systems or virtual machines. These can be used in the event of a server or even the whole data center is damaged or unavailable. If not only the data but the server that data resides on is lost, you can restore the data to a virtual server in the cloud, start the virtual server, and quickly have your whole system up and running. Once the issues with the original system are resolved, the data and applications can be migrated back to the original server.
Many companies that sell backup hardware and software can help you determine how much storage you need for backups and offer you the storage system and software to run the backup system. This is often an easy choice for part-time administrators who have many other duties – just call a company, receive the system, plug it in, and follow the prompts, and your backups are running. These companies often offer technical support to get your system up and running as well.
The backup software you need will depend partly on the services you use in your work. Most typical organizations have several different types of data stored on different types of systems, such as:
- user’s files, including word processing documents, PDFs, Excel files, etc.
- accounting data
- transaction data
- and customer information stored on database servers
- email and other messaging data stored on email servers
- payroll information stored in cloud applications etc.
Each type of data may require different backup software, or a single over-arching backup application may be able to work with all the different storage systems but require more setup to start with.
While determining the need for backup, write down all the different data types, applications, and machine types your organization has.
There are several types of backup applications, as well. One type backs up data on a set schedule, while another provides continuous data protection (CDP) capturing each change as it happens in real time. CDP ensures that little or no data is lost in the event of a failure, as compared to whatever has changed since the last backup for standard backups. However, CDP requires more system resources as it monitors data changes in real time and creates multiple file versions. This can normally be enabled for the most critical data, while once-a-day snapshots or even once-a-week backups might suffice for less critical information that isn’t changed often.
Backup and Storage Compliance
Depending on the type of business you have, there might be regulatory requirements to meet for some or all of your data. If you take payments via credit card or other online transactions, the payment card industry data security standards (PCI DSS) will apply.
If you store medical information, the health insurance portability and accountability act (HIPAA) has many different requirements. To make matters more interesting, the various regulations may have different requirements for the same data, or even contradict each other – one requiring that data be archived for the life of a patient, while another requires that personal information must be expunged after a set period. Many backup services can help you navigate these requirements offering specific compliance packages for different types of data or different industry requirements.
These regulations may influence where or how you make your backups. Many standards have strict security requirements for data kept off-site, and others may require that you make tapes or detachable disks and store them off-site.
Some Tips and Tricks on Backup Infrastructure
The best thing any administrator can do is test, and test regularly.
- Pick a file or directory and try to restore it once a month.
- Do a complete restore of one whole system once every quarter.
- Do a failover of the whole data center once in a while including spinning up virtual machines in the cloud and restoring to them.
- Don’t test something once and assume that it will work thereafter.
Unfortunately, it is often the case that a system will stop working without letting anyone know, and then when it’s needed, the data is not really there any longer. Most backup systems will send regular reports on backup jobs completed and will notify the administrator if there’s an error. However, there are ways that this can escape the notice of a busy individual and it’s very easy to miss something until someone attempts a restore and discovers that not everything was being backed up properly. So test, and test regularly.
Another common issue these days is data sprawl. One manager uses Amazon Web Services to create a database and store a bunch of information, but doesn’t set up backups. Then another user creates a different database in Azure, but uses a default password and no encryption of customer data. It’s so easy to set up software in the cloud and store a lot of data and there’s often no oversight to ensure that backups, security, or regulatory compliance are in place, until it’s too late. Many of the recent data breaches are the result of this kind of problem.
Set a company policy for approving new applications, and make sure that security and regulatory compliance guidelines are followed.
How MSP360 Can Help with Building the Backup Infrastructure
MSP360 offers a backup and disaster recovery software for servers and endpoints. With MSP360 Backup you can easily back up data to local storage: local disks, network shares, NAS devices, and perform the peer-to-peer backup (backup to the storage over a VPN)
Download MSP360 Backup and check out its advantages during the free 15-day trial.