Solved

Backup Policy and Documenting Servers

Posted on 2014-01-31
4
408 Views
Last Modified: 2014-03-11
I am currently undertaking a review of our documentation around our corporate backups.

My concern at the moment is that not enough information is documented but I cannot seem to find much information about what a backup policy should document.  
Currently our policy details the following:
What media servers are used
Who is responsible for the backup media
Tape changes - When tapes are exported and imported to the tape libraries
Details on how weekly check sheets are used to document successful, error'd or failed backups.
Details on the backup failure log

Is there anything fundamentally missing from this document, it seems a bit empty to me?

Another problem I have encountered is trying to find out exactly what is being backed up and when.  
I was able to get a list of all our servers from CMDB and a copy of one of the check sheets.  The check sheets show which media is responsible for each backup job.  However, I then had to get another list to show which which servers were getting backed up as part of which backup job.  
This started to get confusing and even more so when the lists didn't match up and it took an investigation from IT to determine exactly what was being backed up and when.  This identified several servers not being backup up at all.
My question relating to this part is, how should this be documented, is this kind of information documented explicitly by most other businesses?  
When I started this process I expected the backup policy document to list all media servers, which media servers were responsible for which backup jobs and which servers were being backed up by each backup job - all neatly documented.
0
Comment
Question by:jdc1944
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 39825648
In an ideal world everything is blanketed with documentation.  First you have to define the objective, document your objective, and then document the steps taken to obtain your objective. You should have a reporting tool that documents any failures and then resolving this problem should take priority.  You should have at least 3 backups on two different media and 1 copy should be offsite. Tools like System Center Operations Master (SCOM) can help you with the logs and alert you to any problems.  Also remember just backing up is useless without testing the restore process to ensure that you can recover from a disaster. Remember that software is a living breathing item and it evolves over time... so does hardware..... it is constantly shifting item... not much good if your backup media is on qic tape these days... as you can't buy a qic-80 tape drive nor the media any more..
0
 
LVL 21

Accepted Solution

by:
SelfGovern earned 250 total points
ID: 39825730
Your restore process document will also include things like which applications are a part of each backup and where to get the necessary information needed to restore a working version of the program -- serial numbers, account names, passwords.

If you're using encryption anywhere, document how encryption is enabled and how to restore the encrypted tapes.  Also -- where do we find  the keys, if Dear Old George who kept the encryption keys in a special encrypted file somewhere died in the fire that destroyed the data center?
0
 
LVL 2

Author Comment

by:jdc1944
ID: 39846865
Thanks for that.  this information I thought might be mising form the backup policy was:

·        Tape Cleaning.
·        Back-up Device Management.
·        Responsibilities.
·        Media Management.
·        Back-up Checks.
·        Destruction Procedures.
·        Retention Policy.
·        Systems Information.
·        Back-up Schedule.

Is the above normally found in a backup policy?
Also, like the original questions states, I'm still struglleing to find whether the back-up schedule should be documented somewhere, I thought it should be but is this common practice?
0
 
LVL 21

Expert Comment

by:SelfGovern
ID: 39848053
i agree with you about backup schedule.
If you don't have it documented, how do you know if you're doing what is needed and expected?   I ran into a client recently where 30 days of logs showed no full backups in that period.  This was unexpected, and very dangerous...  So yes, document!
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how the use of a bunch of disparate tools requiring a lot of manual attention led to a series of unfortunate backup events for one company.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question