Chapter 20

Backing Up Your Data

In This Chapter

arrow Understanding the need for backups

arrow Working with tape drives and other backup media

arrow Understanding the different types of backups

arrow Mastering tape rotation and other details

If you’re the hapless network manager, the safety of the data on your network is your responsibility. In fact, it’s your primary responsibility. You get paid to lie awake at night worrying about your data. Will it be there tomorrow? If it’s not, can you get it back? And — most important — if you can’t get it back, will you have a job tomorrow?

This chapter covers the ins and outs of being a good, responsible, trustworthy network manager. No one gives out merit badges for this stuff, but someone should.

Backing Up Your Data

Having data backed up is the cornerstone of any disaster recovery plan. Without backups, a simple hard drive failure can set your company back days or even weeks while it tries to reconstruct lost data. In fact, without backups, your company’s very existence is in jeopardy.

remember.eps The fundamental goal of backing up is simple: Keep a spare copy of your network’s critical data so that no matter what happens, you never lose more than one day’s work. The stock market may crash, Earth may be hit by a giant asteroid, or the Cleveland Browns might win the Super Bowl. But as long as you’re on top of your backups, you’ll survive.

The way to meet the primary goal of backups is, naturally, to make sure that data is reliably backed up every day. For many networks, you can back up all the network hard drives every night. And even if full nightly backups aren’t possible, you can still use techniques that can ensure that every file on the network has a backup copy that’s no more than one day old.

Choosing Where to Back Up Your Data

If you plan on backing up the data on your network server’s hard drives, you obviously need some type of media on which to back up the data. You could copy the data onto CDs, but a 500GB hard drive would need more than 750 CDs for a full backup. That’s a few more discs than most people want to keep in the closet. You could use DVDs, but you’ll still need about a dozen of them, as well as an hour or so to fill each one. Sigh. That means devoting every Saturday to creating your backups.

tip.eps Because of the limitations of CDs and DVDs, most network administrators back up network data to some other type of storage device. The three most common options are

check.png Tape: Magnetic tape, the oldest storage medium for backups, is still one of the most widely used types. One of the biggest advantages of tape backups is that tape cartridges are small and can thus be easily transported to an offsite location.

check.png Network Attached Storage (NAS): A Network Attached Storage device connects directly to your network. NAS devices are often used as backup devices because they are inexpensive. In addition, they are relatively small and easy to remove, so like tape, they can be transported offsite.

check.png Cloud backup: An increasingly popular option is to use a third-party service to back up your data to a remote location via the Internet. Cloud backup has the advantage of already being offsite.

Backing Up to Tape

Another benefit of using a tape backup is that you can run it unattended. In fact, you can schedule a tape backup to run automatically during off hours when no one is using the network. For unattended backups to work, though, you must ensure that you have enough tape capacity to back up your entire network server’s hard drive without having to manually switch tapes. If your network server has only 100GB of data, you can easily back it up onto a single tape. If you have 1,000GB of data, however, invest in a tape drive that features a magazine changer that can hold several tapes and automatically cycle them in and out of the drive. That way, you can run your backups unattended.

You have several distinct types of tape backup systems to choose from:

check.png Travan drives: A popular style of tape backup for small servers is a Travan drive, which comes in a variety of models with tape capacities ranging from 20GB to 40GB. You can purchase a 20GB drive for less than $200.

check.png DAT, DLT, and LTO units: For larger networks, you can get tape backup units that offer higher capacity and faster backup speed than Travan drives — for more money, of course. Digital audio tape (DAT) units can back up as much as 80GB on a single tape, and DLT (digital linear tape) drives can store up to 800GB on one tape. Linear tape open (LTO) drives can store 1.5TB on a single tape. DAT, DLT, and LTO drives can cost $1,000 or more, depending on the capacity.

check.png Robotic units: If you’re really up the backup creek, with hundreds of gigabytes to back up, you can get robotic tape backup units that automatically fetch and load tape cartridges from a library. That way, you can do complete backups without having to load tapes manually. As you can likely guess, these units aren’t inexpensive: Small ones, which have a library of about eight tapes and a total backup capacity of more than 5,000GB, start at about $4,000.

Understanding Backup Software

All versions of Windows come with a built-in backup program. In addition, most tape drives come with backup programs that are often faster or more flexible than the standard Windows backup.

You can also purchase sophisticated backup programs that are specially designed for networks that have multiple servers with data that must be backed up. For a basic Windows file server, you can use the backup program that comes with Windows Server. Server versions of Windows come with a decent backup program that can run scheduled, unattended tape backups.

Backup programs do more than just copy data from your hard drive to tape. Backup programs use special compression techniques to squeeze your data so that you can cram more data onto fewer tapes. Compression factors of 2:1 are common, so you can usually squeeze 100GB of data onto a tape that would hold only 50GB of data without compression. (Tape drive manufacturers tend to state the capacity of their drives by using compressed data, assuming a 2:1 compression ratio. Thus, a 200GB tape has an uncompressed capacity of 100GB.)

warning_bomb.eps Whether you achieve a compression factor of 2:1 depends on the nature of the data you’re backing up:

check.png Documents: If your network is used primarily for Microsoft Office applications and is filled with Word and Excel documents, you’ll probably get better than 2:1 compression.

check.png Graphics: If your network data consists primarily of graphic image files, you probably won’t get much compression. Most graphic image file formats are already compressed, so they can’t be compressed much more by the backup software’s compression methods.

Backup programs also help you keep track of which data has been backed up and which hasn’t. They also offer options, such as incremental or differential backups that can streamline the backup process, as I describe in the next section.

remember.eps If your network has more than one server, invest in good backup software. The most popular is Yosemite Backup, made by BarracudaWare (www.barracudaware.com). Besides being able to handle multiple servers, one of the main advantages of backup software (such as Yosemite Backup) is that it can properly back up Microsoft Exchange server data.

Comparing Types of Backups

You can perform five different types of backups. Many backup schemes rely on full daily backups, but for some networks, using a scheme that relies on two or more of these backup types is more practical.

The differences among the five types of backups involve a little technical detail known as the “archive bit,” which indicates whether a file has been modified since it was backed up. The archive bit is a little flag stored along with the filename, creation date, and other directory information. Any time a program modifies a file, the archive bit is set to the On position. That way, backup programs know that the file has been modified and needs to be backed up.

The differences among the various types of backups center on whether they use the archive bit to determine which files to back up, as well as whether they flip the archive bit to the Off position after they back up a file. Table 20-1 summarizes these differences, which I explain in the following sections.

tip.eps Backup programs allow you to select any combination of drives and folders to back up. As a result, you can customize the file selection for a backup operation to suit your needs. For example, you can set up one backup plan that backs up all a server’s shared folders and drives, plus its mail server stores, but then leaves out folders that rarely change, such as the operating system folders or installed program folders. You can then back up those folders on a less-regular basis. The drives and folders that you select for a backup operation are collectively called the backup selection.

Table 20-1 How Backup Types Use the Archive Bit

Backup Type

Selects Files Based on Archive Bit?

Resets Archive Bits After Backing Up?

Normal

No

Yes

Copy

No

No

Daily

No*

No

Incremental

Yes

Yes

Differential

Yes

No

*Selects files based on the Last Modified date.

The archive bit would have made a good Abbott and Costello routine. (“All right, I wanna know who modified the archive bit.” “What.” “Who?” “No, What.” “Wait a minute . . . just tell me what’s the name of the guy who modified the archive bit!” “Right.”)

Normal backups

A normal backup — also called a full backup — is the basic type of backup. In a normal backup, all files in the backup selection are backed up regardless of whether the archive bit has been set. In other words, the files are backed up even if they haven’t been modified since the last time they were backed up. When each file is backed up, its archive bit is reset, so backups that select files based on the archive bit setting won’t back up the files.

When a normal backup finishes, none of the files in the backup selection has its archive bit set. As a result, if you immediately follow a normal backup with an incremental backup or a differential backup, files won’t be selected for backup by the incremental or differential backup because no file will have its archive bit set.

The easiest backup scheme is to simply schedule a normal backup every night. That way, all your data is backed up on a daily basis. Then, if the need arises, you can restore files from a single tape or set of tapes. Restoring files is more complicated when other types of backups are involved.

remember.eps Do normal backups nightly if you have the tape capacity to do them unattended — that is, without having to swap tapes. If you can’t do an unattended normal backup because the amount of data to be backed up is greater than the capacity of your tape drive(s), you have to use other types of backups in combination with normal backups.

tip.eps If you can’t get a normal backup on a single tape, and you can’t afford a second tape drive or a tape changer, take a hard look at the data that’s being included in the backup selection. I recently worked on a network that was difficult to back up onto a single tape. When I examined the data that was being backed up, I discovered a large amount of static data that was essentially an online archive of old projects. This data was necessary because network users needed it for research purposes, but the data was read-only. Even though the data never changed, it was being backed up to tape every night, and the backups required two tapes. After I removed this data from the cycle of nightly backups, the backups were able to squeeze onto a single tape again.

If you remove static data from the nightly backup, make sure that you have a secure backup of the static data on tape, CD-RW, or some other media.

Copy backups

A copy backup is similar to a normal backup except that the archive bit isn’t reset when each file is copied. As a result, copy backups don’t disrupt the cycle of normal and incremental or differential backups.

Copy backups usually aren’t incorporated into regular, scheduled backups. Instead, you use a copy backup when you want to do an occasional one-shot backup. If you’re about to perform an operating system upgrade, for example, you should back up the server before proceeding. If you do a full backup, the archive bits are reset, and your regular backups are disrupted. If you do a copy backup, however, the archive bits of any modified files remain unchanged. As a result, your regular normal and incremental or differential backups are unaffected.

If you don’t incorporate incremental or differential backups into your backup routine, the difference between a copy backup and a normal backup is moot.

Daily backups

A daily backup backs up just those files that changed the same day when the backup was performed. A daily backup examines the modification date stored with each file’s directory entry to determine whether a file should be backed up. Daily backups don’t reset the archive bit.

warning_bomb.eps I’m not a big fan of this option because of the small possibility that some files may slip through the cracks. Someone may be working late one night and modify a file after the evening’s backups have completed — but before midnight — meaning that those files won’t be included in the following night’s backups. Incremental or differential backups, which rely on the archive bit rather than the modification date, are more reliable.

Incremental backups

An incremental backup backs up only those files that were modified since the last time you did a backup. Incremental backups are a lot faster than full backups because your network users probably modify only a small portion of the files on the server on any given day. As a result, if a full backup takes three tapes, you can probably fit an entire week’s worth of incremental backups on a single tape.

When an incremental backup copies each file, it resets the file’s archive bit. That way, the file will be backed up again before your next normal backup only when a user modifies the file again.

Here are some thoughts about using incremental backups:

check.png The easiest way to use incremental backups is the following:

• A normal backup every Monday

tip.eps If your full backup takes more than 12 hours, you may want to do it on Friday so that it can run over the weekend.

• An incremental backup on each remaining normal business day (for example, Tuesday, Wednesday, Thursday, and Friday)

check.png When you use incremental backups, the complete backup consists of the full backup tapes and all the incremental backup tapes that you’ve made since you did the full backup.

If the hard drive crashes, and you have to restore the data onto a new drive, you first restore Monday’s normal backup and then restore each of the subsequent incremental backups.

check.png Incremental backups complicate restoring individual files because the most recent copy of the file may be on the full backup tape or on any of the incremental backups.

technicalstuff.eps Backup programs keep track of the location of the most recent version of each file to simplify the process.

check.png When you use incremental backups, you can choose whether you want to

• Store each incremental backup on its own tape.

• Append each backup to the end of an existing tape.

tip.eps Often, you can use a single tape for a week of incremental backups.

Differential backups

A differential backup is similar to an incremental backup except that it doesn’t reset the archive bit when files are backed up. As a result, each differential backup represents the difference between the last normal backup and the current state of the hard drive.

To do a full restore from a differential backup, you first restore the last normal backup and then restore the most recent differential backup.

Suppose that you do a normal backup on Monday and differential backups on Tuesday, Wednesday, and Thursday, and your hard drive crashes Friday morning. On Friday afternoon, you install a new hard drive. To restore the data, you first restore the normal backup from Monday. Then you restore the differential backup from Thursday. The Tuesday and Wednesday differential backups aren’t needed.

The main difference between incremental and differential backups is that

check.png Incremental backups result in smaller and faster backups.

check.png Differential backups are easier to restore.

tip.eps If your users often ask you to restore individual files, consider using differential backups.

Choosing between Local and Network Backups

When you back up network data, you have two basic approaches to running the backup software:

check.png You can perform a local backup, in which the backup software runs on the file server itself and backs up data to a tape drive that’s installed in the server.

check.png Or you can perform a network backup, in which you use one network computer to back up data from another network computer. In a network backup, the data has to travel over the network to get to the computer that’s running the backup.

If you run the backups from the file server, you’ll tie up the server while the backup is running, and users will complain that their server access has slowed to a snail’s pace. On the other hand, if you run the backup over the network from a client computer or a dedicated backup server, you’ll flood the network with gigabytes of data being backed up. Then your users will complain that the entire network has slowed to a snail’s pace.

Network performance is one of the main reasons why you should try to run your backups during off hours, when other users aren’t accessing the network. Another reason to run backups during off hours is so that you can perform a more thorough backup. If you run your backup while other users are accessing files, the backup program is likely to skip any files that are being accessed by users at the time the backup runs. As a result, your backup won’t include those files. Ironically, the files most likely to get left out of the backup are often the files that need backing up the most, because they’re the files that are being used and modified.

Here are some extra thoughts on client and server backups:

check.png Backing up directly from the server isn’t necessarily more efficient than backing up from a client because data doesn’t have to travel over the network. The network may well be faster than the tape drive. The network probably won’t slow down backups unless you back up during the busiest time of the day, when hordes of network users are storming the network gates.

check.png tip.eps To improve network backup speed and to minimize the effect that network backups have on the rest of the network, consider using a 1,000 Mbps switch instead of a normal 100 Mbps switch to connect the servers and the backup client. That way, network traffic between the server and the backup client won’t bog down the rest of the network.

check.png Any files that are open while the backups are running won’t get backed up. That’s usually not a problem, because backups are run at off hours when people have gone home. If someone leaves his computer on with a Word document open, however, that Word document won’t be backed up. One way to solve this problem is to set up the server so that it automatically logs everyone off the network before the backups begin.

check.png Some backup programs have special features that enable them to back up open files. The backup programs that come with Windows Server (versions 2003 and later) do this by creating a snapshot of the volume when it begins, thus making temporary copies of any files that are modified during the backup. The backup backs up the temporary copies rather than the versions being modified. When the backup finishes, the temporary copies are deleted.

Deciding How Many Sets of Backups to Keep

Don’t try to cut costs by purchasing one backup tape and reusing it every day. What happens if you accidentally delete an important file on Tuesday and don’t discover your mistake until Thursday? Because the file didn’t exist on Wednesday, it won’t be on Wednesday’s backup tape. If you have only one tape that’s reused every day, you’re outta luck.

The safest scheme is to use a new backup tape every day and keep all your old tapes in a vault. Pretty soon, though, your tape vault can start looking like the warehouse where they stored the Ark of the Covenant at the end of Raiders of the Lost Ark.

tip.eps As a compromise between these two extremes, most users purchase several tapes and rotate them. That way, you always have several backup tapes to fall back on, just in case the file you need isn’t on the most recent backup tape. This technique is tape rotation, and several variations are commonly used:

check.png The simplest approach is to purchase three tapes and label them A, B, and C. You use the tapes on a daily basis in sequence: A the first day, B the second day, and C the third day; then A the fourth day, B the fifth day, C the sixth day, and so on. On any given day, you have three generations of backups: today’s, yesterday’s, and the day-before-yesterday’s. Computer geeks like to call these the grandfather, father, and son tapes.

check.png Another simple approach is to purchase five tapes and use one each day of the workweek.

check.png A variation of the preceding bullet is to buy eight tapes. Take four of them, and write Tuesday on one label, Wednesday on the second, Thursday on the third, and Friday on the fourth label. On the other four tapes, write Monday 1, Monday 2, Monday 3, and Monday 4. Now tack up a calendar on the wall near the computer, and number all the Mondays in the year: 1, 2, 3, 4, 1, 2, 3, 4, and so on.

On Tuesday through Friday, you use the appropriate daily backup tape. When you run a full backup on Monday, consult the calendar to decide which Monday tape to use. With this scheme, you always have four weeks’ worth of Monday backup tapes, plus individual backup tapes for the rest of the week.

check.png If bookkeeping data lives on the network, make a backup copy of all your files (or at least all your accounting files) immediately before closing the books each month; then retain those backups for each month of the year. This doesn’t necessarily mean that you should purchase 12 additional tapes. If you back up just your accounting files, you can probably fit all 12 months on a single tape. Just make sure that you back up with the Append to Tape option rather than the Erase Tape option so that the previous contents of the tape aren’t destroyed. Also, treat this accounting backup as completely separate from your normal daily backup routine.

warning_bomb.eps Keep at least one recent full backup at another location. That way, if your office should fall victim to an errant Scud missile or a rogue asteroid, you can re-create your data from the backup copy that you stored offsite. Make sure that the person entrusted with the task of taking the backups to this offsite location is trustworthy.

Verifying Tape Reliability

From experience, I’ve found that although tape drives are very reliable, they do run amok once in a while. The problem is that they don’t always tell you when they’re not working. A tape drive (especially one of the less-expensive Travan drives; refer to “Backing Up to Tape,” earlier in this chapter) can spin along for hours, pretending to back up your data — but in reality, your data isn’t being written reliably to the tape. In other words, a tape drive can trick you into thinking that your backups are working just fine. Then, when disaster strikes and you need your backup tapes, you may just discover that the tapes are worthless.

tip.eps Don’t panic! Here’s a simple way to assure yourself that your tape drive is working. Just activate the “compare after backup” feature of your backup software. As soon as your backup program finishes backing up your data, it rewinds the tape, reads each backed-up file, and compares it with the original version on the hard drive. If all files compare, you know that your backups are trustworthy.

Here are some additional thoughts about the reliability of tapes:

check.png The compare-after-backup feature doubles the time required to do a backup, but that doesn’t matter if your entire backup fits on one tape. You can just run the backup after hours. Whether the backup and repair operation takes one hour or ten doesn’t matter, as long as it’s finished by the time the network users arrive at work the next morning.

check.png If your backups require more than one tape, you may not want to run the compare-after-backup feature every day. Be sure to run it periodically, however, to check that your tape drive is working.

check.png If your backup program reports errors, throw away the tape, and use a new tape.

check.png Actually, you should ignore that last comment about waiting for your backup program to report errors. You should discard tapes before your backup program reports errors. Most experts recommend that you should use a tape only about 20 times before discarding it. If you use the same tape every day, replace it monthly. If you have tapes for each day of the week, replace them twice yearly. If you have more tapes than that, figure out a cycle that replaces tapes after about 20 uses.

Keeping Backup Equipment Clean and Reliable

An important aspect of backup reliability is proper maintenance of your tape drives. Every time you back up to tape, little bits and specks of the tape rub off onto the read and write heads inside the tape drive. Eventually, the heads become too dirty to read or write data reliably.

To counteract this problem, clean the tape heads regularly. The easiest way to clean them is to use a cleaning cartridge for the tape drive. The drive automatically recognizes when you insert a cleaning cartridge and then performs a routine that wipes the cleaning tape back and forth over the heads to clean them. When the cleaning routine is done, the tape is ejected. The whole process takes only about 30 seconds.

Because the maintenance requirements of drives differ, check each drive’s user’s manual to find out how and how often to clean the drive. As a general rule, clean drives once weekly.

The most annoying aspect of tape drive cleaning is that the cleaning cartridges have a limited life span, and unfortunately, if you insert a used-up cleaning cartridge, the drive accepts it and pretends to clean the drive. For this reason, keep track of how many times you use a cleaning cartridge and replace it as recommended by the manufacturer.

Setting Backup Security

Backups create an often-overlooked security exposure for your network: No matter how carefully you set up user accounts and enforce password policies, if any user (including a guest) can perform a backup of the system, that user may make an unauthorized backup. In addition, your backup tapes themselves are vulnerable to theft. As a result, make sure that your backup policies and procedures are secure by taking the following measures:

check.png Set up a user account for the user who does backups. Because this user account has backup permission for the entire server, guard its password carefully. Anyone who knows the username and password of the backup account can log on and bypass any security restrictions that you place on that user’s normal user ID.

check.png Counter potential security problems by restricting the backup user ID to a certain client and a certain time of the day. If you’re really clever (and paranoid), you can probably set up the backup user’s account so that the only program it can run is the backup program.

check.png Use encryption to protect the contents of your backup tapes.

check.png Secure the backup tapes in a safe location, such as . . . um, a safe.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset