- Created: Monday, 13 April 2015
- Written by Warwick Grigg
Previously, I covered personal backup systems for your laptop or stand alone PC: how to ensure your backup system is doing what you need and that you’ll be able to recover your documents; your emails; your accounts; when you need to and the choices you have for your backup strategy (online vs local, delegation to cloud services, encryption)
In this post I’ll cover backing up a single server, or many servers at the same site. This post is for the business owner, or senior manager, with 5 to 50 computer users on their staff; and for the typical business of that size.
Assess the capabilities of your existing backup system
Follow the principles I outlined in my previous two blogs on backup, but for the information stored centrally on your servers, as well as your PC, Mac or laptop. You’ll need to involve your IT people, because you probably won’t have direct access to your servers’ backup, and because making a mistake could be very damaging. Ask your IT people to show you the most recent backup, how recent it is, what is included (and what isn’t included); to do a test recovery for you; to explain the retention policy, encryption key security, storage location, recovery timeline, recovery plans for each scenario from accidental deletion all the way through to complete destruction; explain how often it’s audited to make sure every change to the system has been reflected in the backup process. Use our blogs to get an understanding of the concepts and trade-offs involved. You can’t rely on your IT people to make the right trade-offs for you unless you get involved.
How much you should you spend on backup
There is no limit to the amount you could spend on sophisticated backup solutions. But your backup strategy is fundamentally a business decision. You’ll want to make sure you’re not spending too much on backup, and you’ll want to make sure that you’re not buying too little. So you need to establish a rough idea of how much each hour, day or week of downtime costs you, how much lost data costs you, and the likelihood of various events occurring. A quick look at the Profit and Loss report is a good place to start: would one week of downtime impact annual income or expenditure by 2% and how much would that be? If you lose all your servers in a fire, a fairly rare event, and it impacts your bottom line by £20,000 in the time it takes you to recover using your existing backup and recovery system, then you probably wouldn’t want to spend £200,000 every year on a lock-step disaster recovery site. And if it impacts the business by £50,000 having to manually re-enter the latest records in a customer database that was last backed up a week ago, it’s probably worth spending up to £500 extra per year for a system that can back it up at least daily.
You can’t rely on humans to start the backup process manually each night, swap a tape, take the backup home or bring it back to the office. Manpower is also more expensive. So you’ll need to automate the backup system, and not just running the backup, but checking up on it too. You don’t want people having to log into each server to check it, nor trawl through email status reports. As telanova we use an automated monitoring system based on a “traffic light" system.
Local vs Online
If you’re like most people and you find your internet connection too slow and too costly to upgrade you’ll probably have to be choosy about what you backup online. You need online backup for some things (smaller and more important data) and local backup for others. Perhaps that’s a 50:50 split, 80:20, or 99:1, depending on the size of your data, your available bandwidth, the value of the various types of data you store, regulatory compliance, your budget etc.
You probably won’t want to backup the operating systems online each day, but keep images on USB disk. Conversely, it’s a no brainer to backup your customer database and Sage accounts online.
It’s likely that you have quite a lot of data online already. If you use cloud services such as Office 365 or Google mail, or other applications such as Xero accounts, you’ll need to consider your strategy for those separately.
One of the reasons for choosing cloud services such as Office 365, Google Apps for Work, Salesforce, Dropbox for Business, Xero, is to delegate the task of backup and recovery to the service provider: you’ll have confidence that they’ll handle hardware failures as necessary without you having to get involved. You do need to consider what happens if you or your colleagues delete information, either accidentally or maliciously. Check that the service provides you the ability to recover deleted information. You may have to upgrade to a higher service level, subscribe to an add-on service, or download backups regularly to your PC.
You’ll need to consider encryption even for the most basic level of legal compliance. Whether that’s for old fashioned tape backup, USB backup disks, or online backup you need to encrypt personal information you back up when it’s in transit and when you can’t be sure it’s stored securely.
Backup is pointless without decent recovery. Recovery time will depend on what’s gone wrong. If you accidentally delete a single file you’ll be able to recover it quickly. Hopefully your IT people have enabled Windows Server’s “shadow copy” facility that enables you and all your staff to recover document files easily via the “Previous versions” tab. This is a superb facility and very low cost.
If your hard drive fails, or your office burns down it could take much longer to fully recover: days or weeks. There are things you can do to improve recovery time and alternative approaches: calculate how much each day of downtime would cost your business so you know how much it’s sensible to invest.
Recovery Point in Time
Some online backup systems provide continuous backup: every time you change a document the system backs it up. This doesn’t work very well for database files (e.g. Microsoft Exchange or SQL server) because typically they’re too large and they change too frequently for continuous backup. And most people don’t want the backup to slow down their internet connection while they’re working. So you’ll probably choose to backup at the end of the working day, say at 7:00 pm. In this case your “Recovery Point in Time” is “at the close of business the previous day”.
Remember to consider backup and recovery every time you make a change to your systems: when you introduce a new application, change your email system, make changes to the way you do things, or handle information for a new client.