“How protected am I with my backups?”
That’s a great question, however it’s more involved than you might think. The follow-up question I always ask is… what are your recovery objectives?
It is important to consider this first because the answer could very well move you to a different solution. It is best to outline your objectives first to set your expectations regarding what your backup should do.
What do I mean by recovery objectives? Let me provide some definition:
Recovery Point Objective (RPO)
This refers to the point in time in which your data is recoverable from. For example, if you run backups for your environment on a weekly basis on Friday, your RPO would be the nearest Friday backup from the point of the restoration need. Typically, backup solutions are continuous and back up incrementally, meaning they backup the changes since the last backup and not a full backup each time.
Recovery Time Objective (RTO)
This refers to how long it will take to get back to the Recovery Point mentioned above. For example, if the RTO is 4 hours that means your point of restoration, should be no longer than 4 hours away.
Another question to ask yourself, when designing a backup solution for your organization, is whether that backup should be image or file and folder based? If you run an Active Directory environment there’s a part of your environment called your system state that, according to Microsoft, covers the following items:
- Boot files, including the system files, and all files protected by Windows File Protection (WFP)
- Active Directory (Domain environments only)
- SYSVOL (Domain environments only)
- Certificate Services
- Cluster database
- The registry
- Performance counter configuration information
- Component Services Class registration database
You know the username and password you use to log into the domain every morning? That’s part of the system state.
What about the overarching security policies that enforce things like patching, screensavers with passwords, and more? Any server configurations for High Availability or Clustering? That’s in the system state too, and all of this is protected by image-based backups. Image based > File and Folder > No backup.
Does your backup, image-based or file and folder, include an offsite component? Backups that stay onsite are not an effective part of your DR/BC plan, because if there is damage to your office you will lose you can’t recover your data.
Now that you’ve got a handle on what point you’d like to be able to recover from, how long it’s going to take to get back to business as usual, and what type of backup you need – it’s time to think about continuity objectives.
When we talk about continuity objectives, we’re really talking about what level of business as usual (BAU) you’d like to adhere to in the event of a disaster or failure.
When the power goes out, what’s the contingency plan? Is there downtime associated? If the building is underwater, what’s the plan to continue some semblance of BAU in the face of severe business disruption? I hope that your backups weren’t only in the your onsite IT room!