Backup Handling and Storage

Consider the physical handling of the backup media. Where will it be stored? How many copies will there be? What makes a good off-site storage location? One possible media management program is to place backup copy 1 off-site (a bank, the manager’s home, a different office of the same company). Note that simply using a fireproof safe designed for important papers is not enough. Magnetic tapes give up the digital ghost at much lower temperatures than paper ignites — you want a safe that prevents internal temperature from rising above 125°F for at least 1 hour during exposure to fire at 1500°F. After a suitable interval you make backup copy 2, which is placed off-site, while backup 1 moves to on-site storage. After another interval, you reuse the backup 1 media to make backup 3, which is placed off-site while backup 2 is moved on-site. This means the off-site backup is always the most up-to-date.

For data-intensive operations, such as order processing where large amounts of data are added or altered every day, you can use a day-by-day backup schedule such as the six-way system. You begin by labeling six sets of media as Friday1, Friday2, Monday, Tuesday, Wednesday, and Thursday. On Friday afternoon, the operator goes to the backup storage cabinet and takes out the media marked Friday1. This is used to make a complete backup of the hard disk. The media is locked away over the weekend. On Monday afternoon, the operator goes to the media cabinet and gets out media marked Monday. This is used to make an incremental backup, overwriting the previous data on the media. The same thing happens on Tuesday through Thursday. Incremental backups are made each day on media marked for that day of the week.

When Friday rolls around again, the Friday2 media is used for a new complete backup. On Monday the incremental backup is made onto the Monday media, and so on, until Friday comes around again and you overwrite Friday1 with another complete backup. This system gives you a maximum archive period of two weeks. For example, on Fridays before you perform the Friday backup you have the ability to restore data from one or two Friday’s ago. On any day of the week you can restore things to the way they were on same day of the previous week.

This system has several advantages. The time required for an incremental backup is generally far less than that for a full backup, making the daily routine less burdensome. Nevertheless, if restoration is required, a full set of data can be put together. If you simply use the same backup media every day, this type of recovery is not possible. A variation of this six-way routine, sometimes referred to as the father/son backup cycle, requires eight sets of media with the additional ones being called Friday3 and Friday4 so that your archive goes back a whole month.

Yet another backup cycle is the ten-way or grandfather/father/son system. This covers 12 weeks and allows you to delete data from your hard disk and retrieve it up to 3 months later. A variation of this scheme involves removing some of the complete backups from circulation at regular intervals for archive purposes, for example, once a month or once a quarter. One advantage of this is a gradual replacement of media, which have a natural tendency to wear out from repeated use.

Give some thought to the time of day that backups are performed. It seems natural to do the backup at the end of the day, then lock the media away or take it off-site. Because some backup systems, such as tape units, allow backups to be triggered automatically, some people leave systems on overnight and have the backup performed under software control. This minimizes inconvenience to users and leaving systems running is not considered detrimental to their health or reliability (although monitors should be turned down or off). However, even if the hardware performs reliably, there is a problem because the backup is being performed during a period of high risk.

Theft of computers, tampering with files, or disasters such as fires can progress with less chance of detection during the night. An unsupervised overnight backup operation is no protection against these threats. Indeed, if the backup media sits in the computer until a human operator arrives in the morning, it can make a nice present to someone looking to steal data. Doing backup first thing in the morning might seem like the answer, but again, an overnight attack threatens a whole day’s worth of work. Besides, backup operations tend to tie up processing time and thus prevent systems from being used, which can make backing up in the morning counterproductive. One solution available to companies with an evening shift is to have them perform the backup and lock up the media before leaving. Indeed, with larger networks it will be necessary to budget staff specifically for this task.

Remote Backup Strategies

Off-site storage of backups is a strong defense against two serious threats, physical theft and natural disaster. However, some off-site storage options pose practical or tactical problems. Requiring staff to take backup media home with them imposes a considerable burden of responsibility, and requires a high degree of trust. Most banks are not set up to receive magnetic media for safe deposit outside normal banking hours. Fortunately, numerous companies now specialize in off-site storage of media, such as Arcus Data Security, DataVault, and Safesite Records Management.

Safesite’s SafeNet service provides off-site storage and rotation of file server backup tapes. Outgoing tapes are placed in foam shipping trays and air-freighted overnight to secure vaults where they are bar coded and stored in a halon-protected environment that is fully temperature and humidity controlled. You pay a weekly fee for this service. Other companies operate at a local level, offering daily pickup and delivery of backup media according to standard rotation schedules. This has the added benefit of reinforcing backup regimes.

One step beyond physical off-site collection and delivery of backup media is remote off-site backup. In other words, your computers are backed up automatically, over phone lines, to a remote location, a strategy known as televaulting. This not only provides protection against theft and natural disasters at your site, it also provides insurance against errors and failures in your normal on-site backup systems. A pioneer and leading supplier of this type of service is Minneapolis-based Rimage Corporation (while the company headquarters are in Minneapolis, all its eggs are not in one basket — Rimage operates backup sites in New York and Atlanta, plus one near Los Angeles and another near San Francisco).