NovaBACKUP Security Blog

Best Practices for your Backup Strategy

Everybody talks about backup strategies and backup concepts, but barely anyone explains those recovery strategies and concepts in detail (Download NovaBACKUP's Backup Strategy Guide). Let’s be honest, the backup is important, but it must be accessible when you need it and must restore the systems that enable productivity. Because: no data = no business.

Cost Vs Benefits

Best Practices for Your Backup Strategy - The Recovery

That’s why today I’d like to talk about recovery requirements and what to consider before setting up your backup and restore solution. In order to get an idea of the tasks that have to be resolved in the event of a data-loss scenario, we will put the cart before the horse and start with the call from a frustrated colleague:

“Hey, my computer doesn’t work anymore. It won’t let me save my yearly report on the file server.”

In those moments quoting one of our favorite TV shows ‘IT Crowd” with “Have you tried turning it on and off again.” probably doesn’t help. A few seconds later the next colleague is calling, and the next, and then the next… Now you are starting to realize there is something more serious going on. First advice from us: Don’t panic! (Imagine yourself running around in panic, pulling your hair out and screaming “I should have listened to my mom and become a politician.” Probably funny to look at, but that doesn’t solve the problem. And seriously, a politician?! )

Second: Try to locate the problem. Check all possible hardware, software, and setup options

  • Are all power cords plugged in (that happens more often than you think…)
  • Is it the file server?
  • One of the switches / router?
  • A cable?
  • Did someone change some settings in the last few minutes?

Recovery Objectives

Now you have to figure out how long it will take until you have the service up and running again. To estimate that you need to know how important the failed service is. Both answers to these questions in combination will help determine your plan (not the plan to take over the world domination, the other one!!!). For example, if the file server is just a file-sharing service, let the colleagues know that they have to save their data locally until the server is up and running again. But if that server also contains an order system or the support ticket system you have to hurry a little more.

Locate your latest backup. Again, depending on the type of service, an older backup may or may not be sufficient. The backup of the order system should contain a backup from just a few minutes ago. A file sharing server for example might be fine with a less recent backup. And what type of backup strategy are you running? Do you usually perform incremental or differential backups? This has a direct influence on your restore time as well.

To call a spade a spade, here are the objectives you have to have an idea of:
RTO (Recovery Time Objective) --> How long do you need, until everything is in order again?
Calculate the time until all systems have to be online again before putting the business in jeopardy. In the case that your server runs the order system as well, you'll want to have the server back online in just a few minutes. If it's a file-sharing platform, you might be able to last a couple of days.

RPO (Recovery Point Objective) --> How much data can be lost without risking the company’s future? How old is the backup allowed to be? Does the data change in minute intervals and would losing more than one hour result in catastrophe? Or is the file server just the second location for your colleague’s data and they could copy everything back to that server with relative ease?

Backup Insurance

For both objectives, you need to decide how much of your budget you are willing to invest. But keep in mind, being ‘under’- or ‘over-insured’ can also have negative consequences.

Being ‘over-insured’ probably doesn’t harm your data, but impacts your IT budget instead. Do you really need a high-end data protection solution for your one server? Or is the ‘SMB+’ solution more than sufficient?

Being ‘underinsured’ instead can (worst case) end in complete data loss, business failure, and very likely the loss of your job.

Rome wasn’t built in a day, but…

Take your time to prioritize the RTOs and RPOs for every machine and type of data in your environment. In the end, you could even decide to use two different backup solutions. One very enterprise-like software for the two servers that can’t be offline, and a more cost-effective solution for all the other servers.

After you have set up your RPOs, and RTOs, and have decided on a backup software, you need a backup strategy. Keep in mind that incremental backups (every changed file since the last full or incremental backup) are faster to complete than differential backups (every changed file since the last full backup, regardless of the number of differentials since), but they typically need more time to perform a restore of all the data. A restore from a differential backup just needs the last full and the latest differential backup, whereas a restore from an incremental backup needs the last full backup and all incremental backups in series. Thus, the disk or tape device has to search longer for the (often many) individual incremental backups.

… it was worth every minute

Do you remember your parents and teachers saying you have to practice the presentation more than once before you give it? The same applies to restores. Practice them in regular intervals, it helps you to stay calm during a disaster. The more you practice the worst-case scenario, the faster you will have everything up and running again when it does eventually happen. Also having a disaster recovery plan in written or printed form gives you a tool to reference the strategy in case you have a mental blackout.

Speak with one of our backup experts for additional recommendations for your data protection environment. Get more information about NovaBACKUP here.