IT Security: In this day and age, when intellectual property and physical products are equally important to the success of any organisation, the demand for a reliable backup solution is higher than ever. However, the unfortunate truth is that this matter is often pushed to the end of the “to do” list, with very undesirable results. Sebastian Rothman, an IT Engineer with Wild Coast Sun IT, gives an overview of what is required to implement and maintain a backup solution.

From the start I would ask readers please to note that I am not promoting any particular product mentioned in this document, and that the opinions expressed in this document are entirely my own.

So why perform backups?

Although this is a trivial question for most IT professionals, it is usually the first question asked by the people who have to provide the funding for such a "luxury", as I have heard it called many times. Truth be told, having a reliable backup mechanism is more of a necessity than a luxury, and justifying this statement is usually a complicated process.

I have found it easiest to use the analogy of motor vehicle insurance. Nobody enjoys paying that extra money at the end of each month to insure their car. You pay your money and you are never in an accident. It feels like money down the drain and you have nothing to show for it. It's the kind of investment you hope you never have to make. But what happens when your car does get stolen, or you are involved in an accident? Suddenly the monthly premiums on your insurance don't seem so bad. Simple analogy, but to the point.

Implementing a backup solution in your organisation is a similar experience: you spend money on tape drives and backup media, not to mention the licensing of the software you decide to use. It hardly seems worth the cost and effort. But what happens when a fire breaks out in your server room and destroys all your servers? Data gone.

Nightmare scenario? Perhaps. But there are subtler and less obviously destructive reasons for implementing a backup mechanism in your organisation: the people who work with your internal data. Any person operating a computer on your production network has the potential to destroy critical data, either intentionally or accidentally.

We've all had users phone, begging us to restore yesterday's file because they "accidentally saved it under the wrong filename", or "I didn't realise it was that important". It happens, and chances are it is going to happen for years to come.

Clearly there are a lot of other reasons to implement backups, but I am sure I have made my point as to why they are so important to the day-to-day operation of a business or organisation.

What do I back up?

Next we will take a look at deciding what to back up. This will, of course, differ from one organisation to the next, but there are two considerations that should be taken into account, regardless. For example:

• money: the more files you want to back up, the more backup media you are going to require. And the more backup media you require, the greater the cost to make your backup solution effective;

• time: depending on the type of backup schedule that is decided upon, this will affect businesses in different ways. If you are going to implement a daily backup scheme then you cannot have a backup job run for 36 hours before it is complete. Not only is the time to perform a backup a point to consider, but also the time it takes to perform a restoration of a file, or files. If you run a time-critical operation, then waiting two hours for a file to be restored from backup is going to give you a serious headache. This, of course, depends largely on what kind of backup device and media you use, but we will discuss those in greater detail further down the line.

Backup devices and media

Although copying all your important documents onto a CD or DVD disc would be a simple backup solution for your home office, or even your personal computer, this is not the best choice for backup when it comes to client-server environments. Optical media like CR-R/RW and DVD-R/RW may be less expensive and relatively fast, but they just aren't as reliable as the more popular magnetic tape media.

Backing up to magnetic tape is probably the most common method used today. Magnetic tapes are sequential storage media. This makes them considerably slower than optical media, since data cannot be randomly accessed. The high capacity, however, does make it a popular choice for backing up large volumes of data.

The following is a brief description of the two types of magnetic tapes most commonly used:

• Firstly, there is Digital Audio Tape (DAT) which is generally available in a 4mm tape that looks a lot like an audio cassette. These tapes conform to the DDS standard, with the general capacity ranging from 4Gb to 40Gb, and an average data transfer rate of roughly 20Gb/hr. This is the backup medium of choice for small and mid-range server environments.

• Secondly, there is Digital Linear Tape (DLT) with a general storage capacity of up to 40 GB if compression is enabled on the drive. There are, however, 80Gb drives available. These drives are relatively fast and are considered the standard for backups in large organisations.

The latest brand of DLT tape is Super DLT, or SDLT. These tapes allow for up to 300GB (there are larger capacity drives available) of data to be stored on a single magnetic tape. SDLT transfers data at around 13Mb/s when not using compression. The Quantum SDLT 600 solution offers 600Gb of compressed storage on a single SDLT tape, with a data transfer rate of well over 250Gb/hr.

Backup schedule

Although not a formal standard, most backups are performed during the evening. This makes sense as most people have gone home by then, and you have fewer people accessing data on your network and servers. Again, how and at what time you decide to execute your backups all depends on your organisational requirements.

You may decide to back up sensitive data every day, and less critical data every other day, or to run a full backup at the end of each week - it is all up to you.

A very common, if not the most common, approach to scheduling backups is using the Grandfather - Father - Son (GFS) scheme to rotate backup media.

The GFS scheme begins with your Son tapes, or daily backups, where you will have four tapes (following a five-day week) labelled for each day of the week, e.g., Monday to Thursday. These tapes are used to backup the files for that day, and are overwritten each week. If you want to keep data for two weeks, then you will need two sets of daily tapes, e.g. Monday_1, Monday_2, Tuesday_1, Tuesday_2 etc. Personally I would suggest having three sets of daily tapes, to allow for the highest level of redundancy...

Next in line you would have your Father tapes, or weekly tapes. These tapes are used on the days where you do not use your Son, or daily, tapes. In the example above, this would be your Friday tape. You will need five weekly tapes to accommodate a one-month cycle, i.e., Week_1, Week_2 etc. These tapes are overwritten every month.

Finally we are left with the Grandpa, or the Monthly tapes. These tapes are used on the last business day of each month, replacing either the Daily or Weekly backup tapes. These tapes would be labelled Month_1, Month_2 etc, and would be overwritten yearly (following a one-year retention cycle). Some companies only retain monthly backups for a period of three months, but again this differs from one organisation to the next.

Under the GFS backup scheme, selecting what will be backed up is just as important as to deciding where to back it up to and, as with everything, different methods have their own distinct advantages and disadvantages. We will next look at the types of backups, and when to use each.

Types of backup

A full backup copies all the files on the system, whether system files, software files or data files. You should perform a full backup on a weekly, bi-weekly, or monthly basis. With a full backup of your data set on tape, you can restore your entire system if a disaster destroys the original files.

Then there is the full/incremental backup, which means that fewer files need to be copied and less time is required for the backup procedure. However, this method can also make a complete system restore slower if you have created many different incremental backup tapes (one for each day of the week, for example), or if you need to restore only a particular file and have to hunt through several different incremental backup tapes.

Full/differential backup, by contrast, helps the “restore” process run more efficiently, because only one full backup tape and one differential backup tape are required for a complete restore of the system. This method, however, is slower on the backup process because more files are copied daily.

Below is a quick comparison of both the differential and the incremental backup methods:

Regarding differential backup, restore times are faster, while there is less downtime in event of a disaster. However, slower backup times mean increased wear on the tape, so that eventually more tapes will be required.

Incremental backup results in less wear on the tapes so that fewer tapes will be required. However, restore time is slower overall. In addition, downtime is longer in the event of a disaster.

Backup software

There are a number of software packages available to perform backups, and if you don't want to spend money on commercial software you can make use of the built-in backup software that is shipped out with Microsoft Windows or most distributions of Linux/Unix.

If, however, you do plan to go the whole nine yards, two of the more popular products are Computer Associates BrightStor and Symantec-Veritas BackupExec.

As I have yet to use the newest version of either product, I will refrain from giving my opinion regarding them, but the following hyperlinks provide information:

http://www3.ca.com/solutions/Solution.aspx?ID=370 

http://www.veritas.com/Products/www?c=product&refId=57 

As general backup suggestions I would suggest the following:

• appoint and train a backup operator for your organisation;

• store backup tapes off-site (and not in the closet next to the server);

• test your backups; there is no use in backing up 100 tapes a week with all of them failing. You need to be sure that you will be able to successfully recover from a disaster;

• generate and maintain backup logs. Not only is this a good indication as to the amount of data that gets backed up, but it is also a requirement for most audits;

• make regular use of a cleaning tape. Although most tape drives do have a warning light, it is a good idea to clean the drives at least once every two weeks;

• don't clutter your backup server with data - that's why you have a file server;

• tapes stored on site should be kept in a safe designed to store "plastic" media, as most safes are built to host paper-based materials (which have a much higher flash point that the melting point for magnetic media);

• when testing tapes, make sure you test your restores on another drive than the one you generally use. If your head alignment is so far out that it cannot be restored on another machine it will be as good as degaussed; and

• finally, once you have restored data for testing, remove the remainder of the restored material from the machine.

Conclusion

Backups are a part of life when it comes to the successful operation of a business or organisation, and they could mean the difference between sinking or swimming in the event of a disaster. Backups may be a single piece in the IT operations puzzle, but they are a vital piece nonetheless.

* This article was generated on behalf of the White Hat Information Security Group (www.whitehat.co.za). This volunteer non-profit user group was created in response to the increase in information security threats facing companies in Southern Africa. It aims to provide a monthly forum for the exchange of IT security information and experience among its members and to raise awareness of potential vulnerabilities within organisations.