Need help in creating a backup plan (template)

I am in need of backup plan.

I have submitted a plan which is rejected by the auditor.

Appreciate if someone can guide how to create a backup plan at-least for 1 server
provide me a template
LVL 31
MASEE Solution Guide - Technical Dept HeadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas RushCommented:
A backup plan needs to specify for each data store (i.e., application, database, file server, etc.):
- How much data can I afford to lose?  This is called the Recovery Point Objective (RPO).  Maybe you can afford to lose a day's worth of email, an hour's worth of personnel data, and only a minute's worth of orders.  In general, the less data you can afford to lose, the more expensive the solution will be.
- How long can this data store be allowed to be down?  This is called the Recovery Time Objective (RTO).  Maybe manufacturing has to be back up in an hour, while email can be down for three hours.  In general, the shorter the desired recovery time, the higher the cost of the solution.
- What are my legal and business requirements for data retention?  Tax data may have to be kept for three or seven years.   Contracts and related data needs to be kept for the length of the contract and another year or two.  Medical records may need to be kept for the life of the patient plus a few years.
- Are there legal or business requirements for encrypting the data?  
- What is the budget?  Knowing how much money the business principles want to spend, you can try to develop a solution that meets the requirements.  Of course, it may well be that people have an unrealistic idea of how much a data protection solution costs... but if you know the requirements, you can go back to them and say, "If this is the requirement, the cheapest solution is ____.  Or, we can leave out x and y and do it or $z."
- What are the most likely threats?  Accidental or intentional deletion of data?  Employee theft?  Power outages?  Natural Disasters?  Hardware failure?  Computer virus or other malicious code?    Each of these can require a different solution to keep the business up and running.

To develop your backup plan, you need to understand the business needs (and possibly legal requirements) that go into each of those four areas. Once you know that certain systems need to be back up and running in two hours, you can ask intelligent questions here about what kind of solution would meet that need.  

Some things to keep in mind:
- Copies on disk don't do a good job of meeting archival needs
- Backups to the cloud may not give you good restore times (RTO)
- Encryption is increasingly important, and has become easy.  Key management, on the other hand, can be more of a challenge, and is critically important -- lose your keys, lose your data.
MASEE Solution Guide - Technical Dept HeadAuthor Commented:
Appreciate if you can provide  template/example for doing the same.
Thomas RushCommented:
Make a spreadsheet.  List down column A each server you have.  If you have different applications on a server that will require different backup plans (daily fulls vs. weekly fulls + daily incrementals, or one application has one-year retention, and the other needs 10-year retention), have one line for each.

Column B, for each of those servers or data sources, write what you know about how it's being backed up today.

Column C, D, E, F, G should hold Backup Window (how long I have to back it up), Required Retention Period and Granularity (how long must I keep the data, whether I need to keep all daily backups, or only weekly or monthly backups, etc.), Frequency of Backup (daily fulls, weekly only, weekly fulls with daily incremental/differential, etc), required restore window, maximum allowable data loss (a day's worth, an hour's worth, a minute's worth, second's worth, or none)

Now, you'll have to interview the owner of each data store/application/server to understand what his real needs are on your spreadsheet.   You might want to go in with some idea of how much each option is going to cost ("We can provide clustered servers with daily full backups for $10/GB/month.  Mirrored storage only with daily full backups would be $8/GB/month.  Mirrored storage with weekly full backups and daily incremental backups would be $6.50/GB/month" or such).   But there should be some hard numbers you can get out of them, such as, "the order-taking system will cost the company $x per hour of downtime; losing one day's worth of data will cost them $y."

Getting those requirements and downtime/lost data costs will help you craft a solution that meets the requirements and risk-tolerance in a cost-effective way.  Once you have them laid out in the spreadsheet, you can start to group similar requirements together and than plan a backup strategy for each of those groups.

Now -- that may sound like a lot of work, and it is.  It's also hard to get in most smaller businesses, because people just don't know, and may not have the analytical skills to be able to calculate the answers.  So a lot of businesses just do a simple
    weekly full
    daily differential
    keep daily backups for two weeks
    keep weekly fulls for two months
    each month, promote one weekly backup to a monthly backup
    keep each monthly backup for 12 months
    each quarter, promote one monthly backup to a quarterly backup
    keep quarterly backups for two years
    once a year, promote a quarterly backup to an annual backup
    keep each annual backup forever

That's an outline for you.  More than that is going to be hard to get here.
My recommendation would be for you to start with a book called
"Backup for Dummies" (yes, really).  From there, you can find other books
that will help you devise a backup strategy for your business.

Or, hire a consultant who can come in and ask the right questions and who will propose a solution that his company will stand behind.

Do remember when you lay out the costs, that a huge proportion of companies that lose a key server are out of business in a year -- so one of the considerations is, "How much is this business worth?  Given that figure, how much  is it worth to protect the data *right*?"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
Lots of good answers here. It does sound like you need to push back on the stakeholders in your backup project and clarify exactly what the recovery parameters are. In disaster recovery you have two components, specifically:

1. How long do they plan to keep the backups? (recovery)
There may be laws governing some of this. Most companies I have set up run a full+daily incrementals for a week and kept two week's worth. The last backup set from the month then became the monthly backup which was kept for a year. This has always been tape so far, but the same sort of process could be done with a disk-based backup.

2. If any specific system fails how long do you have to recover? (redundancy)
This is what we call the "smoking crater" scenario. The building, or at least the server room is completely gone. How fast do they need to get going again? This solutions typically involve offsite redundancy either in the form of duplicate hardware, or at the very least a mirrored disk backup.
MASEE Solution Guide - Technical Dept HeadAuthor Commented:
Many thanks,
Little bit struggling in the beginning, but when  completed one server it is become easy.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.