Solved

Need help in creating a backup plan (template)

Posted on 2012-04-09
6
3,267 Views
Last Modified: 2012-06-27
I am in need of backup plan.

I have submitted a plan which is rejected by the auditor.

Appreciate if someone can guide how to create a backup plan at-least for 1 server
or
provide me a template
0
Comment
Question by:-MAS
  • 2
  • 2
6 Comments
 
LVL 20

Expert Comment

by:SelfGovern
ID: 37829172
A backup plan needs to specify for each data store (i.e., application, database, file server, etc.):
- How much data can I afford to lose?  This is called the Recovery Point Objective (RPO).  Maybe you can afford to lose a day's worth of email, an hour's worth of personnel data, and only a minute's worth of orders.  In general, the less data you can afford to lose, the more expensive the solution will be.
- How long can this data store be allowed to be down?  This is called the Recovery Time Objective (RTO).  Maybe manufacturing has to be back up in an hour, while email can be down for three hours.  In general, the shorter the desired recovery time, the higher the cost of the solution.
- What are my legal and business requirements for data retention?  Tax data may have to be kept for three or seven years.   Contracts and related data needs to be kept for the length of the contract and another year or two.  Medical records may need to be kept for the life of the patient plus a few years.
- Are there legal or business requirements for encrypting the data?  
- What is the budget?  Knowing how much money the business principles want to spend, you can try to develop a solution that meets the requirements.  Of course, it may well be that people have an unrealistic idea of how much a data protection solution costs... but if you know the requirements, you can go back to them and say, "If this is the requirement, the cheapest solution is ____.  Or, we can leave out x and y and do it or $z."
- What are the most likely threats?  Accidental or intentional deletion of data?  Employee theft?  Power outages?  Natural Disasters?  Hardware failure?  Computer virus or other malicious code?    Each of these can require a different solution to keep the business up and running.


To develop your backup plan, you need to understand the business needs (and possibly legal requirements) that go into each of those four areas. Once you know that certain systems need to be back up and running in two hours, you can ask intelligent questions here about what kind of solution would meet that need.  

Some things to keep in mind:
- Copies on disk don't do a good job of meeting archival needs
- Backups to the cloud may not give you good restore times (RTO)
- Encryption is increasingly important, and has become easy.  Key management, on the other hand, can be more of a challenge, and is critically important -- lose your keys, lose your data.
0
 
LVL 24

Author Comment

by:-MAS
ID: 37831455
Appreciate if you can provide  template/example for doing the same.
0
 
LVL 20

Accepted Solution

by:
SelfGovern earned 250 total points
ID: 37945117
Make a spreadsheet.  List down column A each server you have.  If you have different applications on a server that will require different backup plans (daily fulls vs. weekly fulls + daily incrementals, or one application has one-year retention, and the other needs 10-year retention), have one line for each.

Column B, for each of those servers or data sources, write what you know about how it's being backed up today.

Column C, D, E, F, G should hold Backup Window (how long I have to back it up), Required Retention Period and Granularity (how long must I keep the data, whether I need to keep all daily backups, or only weekly or monthly backups, etc.), Frequency of Backup (daily fulls, weekly only, weekly fulls with daily incremental/differential, etc), required restore window, maximum allowable data loss (a day's worth, an hour's worth, a minute's worth, second's worth, or none)

Now, you'll have to interview the owner of each data store/application/server to understand what his real needs are on your spreadsheet.   You might want to go in with some idea of how much each option is going to cost ("We can provide clustered servers with daily full backups for $10/GB/month.  Mirrored storage only with daily full backups would be $8/GB/month.  Mirrored storage with weekly full backups and daily incremental backups would be $6.50/GB/month" or such).   But there should be some hard numbers you can get out of them, such as, "the order-taking system will cost the company $x per hour of downtime; losing one day's worth of data will cost them $y."

Getting those requirements and downtime/lost data costs will help you craft a solution that meets the requirements and risk-tolerance in a cost-effective way.  Once you have them laid out in the spreadsheet, you can start to group similar requirements together and than plan a backup strategy for each of those groups.

Now -- that may sound like a lot of work, and it is.  It's also hard to get in most smaller businesses, because people just don't know, and may not have the analytical skills to be able to calculate the answers.  So a lot of businesses just do a simple
    weekly full
    daily differential
    keep daily backups for two weeks
    keep weekly fulls for two months
    each month, promote one weekly backup to a monthly backup
    keep each monthly backup for 12 months
    each quarter, promote one monthly backup to a quarterly backup
    keep quarterly backups for two years
    once a year, promote a quarterly backup to an annual backup
    keep each annual backup forever

That's an outline for you.  More than that is going to be hard to get here.
My recommendation would be for you to start with a book called
"Backup for Dummies" (yes, really).  From there, you can find other books
that will help you devise a backup strategy for your business.

Or, hire a consultant who can come in and ask the right questions and who will propose a solution that his company will stand behind.

Do remember when you lay out the costs, that a huge proportion of companies that lose a key server are out of business in a year -- so one of the considerations is, "How much is this business worth?  Given that figure, how much  is it worth to protect the data *right*?"
0
 
LVL 23

Assisted Solution

by:Brian B
Brian B earned 250 total points
ID: 37946931
Lots of good answers here. It does sound like you need to push back on the stakeholders in your backup project and clarify exactly what the recovery parameters are. In disaster recovery you have two components, specifically:

1. How long do they plan to keep the backups? (recovery)
There may be laws governing some of this. Most companies I have set up run a full+daily incrementals for a week and kept two week's worth. The last backup set from the month then became the monthly backup which was kept for a year. This has always been tape so far, but the same sort of process could be done with a disk-based backup.

2. If any specific system fails how long do you have to recover? (redundancy)
This is what we call the "smoking crater" scenario. The building, or at least the server room is completely gone. How fast do they need to get going again? This solutions typically involve offsite redundancy either in the form of duplicate hardware, or at the very least a mirrored disk backup.
0
 
LVL 24

Author Closing Comment

by:-MAS
ID: 37950579
Many thanks,
Little bit struggling in the beginning, but when  completed one server it is become easy.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

VM backups can be lost due to a number of reasons: accidental backup deletion, backup file corruption, disk failure, lost or stolen hardware, malicious attack, or due to some other undesired and unpredicted event. Thus, having more than one copy of …
Know what services you can and cannot, should and should not combine on your server.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now