Small Biz Backup

dave-lew99 · 2 Dec 2011 at 17:03

I'm in the process of looking at our backup system and seeing what we can do (on a budget) to improve the process.

We have 3Tb's of filestore plus around 20gb of critical data from other systems (email and so on).

At the moment I do offsite backups on DVDs, but this has become many DVDs and doesn't cover all data.

The solution i'm considering is having 2 or 3 3Tb USB/eSATA HDDs and just rotating them offsite.

The budget for tape is really out unfortunately, although in the office we all agree that would be the preferred way.

As for software i currently use a free file sync tool, since nightlies are done to the filestore of the critical data, i can just backup all of that.

Some suggestions would be useful on that front and i guess what i'm really asking, are portable HDs suitable for this task? If we have 2 or 3 of them rotated and backed up weekly then that should cover us. Encryption can be covered by True Crypt.

jamesfreddie · 2 Dec 2011 at 17:14

Grab a HP Microserver (£150 after cashback) Install WHS 2011 Setup backups for each machine. Set backup to go to external HDD then store them offsite.

dave-lew99 · 2 Dec 2011 at 18:58

Ah maybe I wasn't very clear, only the filestore requires backing up - a 3Tb ZFS RAID-Z2 array on OpenSolaris, all the servers have backup scripts which backup to this.

The missing link is backing up the filestore which is currently accessed over samba. We also have a machine we can easily use to run backups with (Windows OS at the moment, but I could run backup software in a Linux VM if required)

Hades · 2 Dec 2011 at 19:46

How about:

Router and NAS in another location.
Use a dynamic DNS service and open the relevant ports on the router.
Write a script that runs on cron on the OpenSolaris server to rsync the filesystem over the internet to the remote NAS each night.

EDIT: Best to create a VPN between the two sites for security.

dave-lew99 · 4 Dec 2011 at 11:10

That could be an option, initial sync would have to be performed on site due to the large amount of data.

We do occasionally add very large amounts of data which would take more than an evening to upload. Capital cost wise it's about the same as a couple of external disks, but operational costs begin to stack up - it's one thing for someone to take a disk home, it's another to ask them to use up their internet connection and electricity to run a backup, it's not like we have another office to go to.

It's also less secure than having an offline backup, rsync may be the way to go in terms of software though. Ideally it would be simple enough for none-technical staff to run, however that is probably a bit of a fantasy!

ecksmen · 4 Dec 2011 at 12:33

What exactly are you trying to protect against, I don't want to sound rude but there seems to be a couple of basic principles here that would decide what you do.

What I mean, is that you say you have 20Gb of ciritical data. How often does this change? This I would look to backup to the cloud, its dirt cheap and you could drip feed changes over night even to multiple "cloud" suppliers depending on how much it changes and its location.

The total amount of data is what 3TB+20GB of critical data, again what are you protecting against. Fire, theft, flooding, systems failure?

If any of these happen what good is having the raw data if you have no way of using it; or by the time you do the business has gone under due to not being able to operate.

Taking data off site can a good thing but similarly it creates a whole new world of issues.

I think you need to think long and hard to ensure business continuity in a disaster and then weigh up the cost of doing so versus the risk of it happening. Taking data off site only proctects against so much, there's little point in having off site data if you havent got systems that can use it if the building has burnt down.

Suddenly, keeping the data onsite in a fireproof safe doesn't seem so silly (if you catch my drift).

bigredshark · 4 Dec 2011 at 19:56

Hades said:
How about:

Router and NAS in another location.
Use a dynamic DNS service and open the relevant ports on the router.
Write a script that runs on cron on the OpenSolaris server to rsync the filesystem over the internet to the remote NAS each night.

EDIT: Best to create a VPN between the two sites for security.

Why not just encrypt it and put in on S3? It's probably a shade more expensive but it's far more robust and bandwidth will never be an issue...

There's loads of tutorials for encrypting and dumping to S3 out there, I do it for most of my personal files as it's generally cheaper than the usual online backup products (some of which are using S3 for their backend anyway...)

If you have 2TB of data with 10% change then after your initial upload it's going to cost not much more than £100 a month for backup. If you can't afford that then I'm afraid I have to regress to the old 'how long would your business last without that data' and 'therefore how much is it worth to you' arguments.

dave-lew99 · 4 Dec 2011 at 20:00

Well it's mostly things like theft, fire, flood etc.

In terms of restoration of service, as a company of 7 people using mostly FOSS then if it came to the crunch we could run the business on a desktop from PC world with a handful of VMs, while squatting in someone's (e.g. a Director's) garage. It wouldn't be pretty, but it would work.

Restoring a handful of linux mailboxes and an SVN repository really is quite trivial, all configs are regularly backed up too, mostly for reference. (This constitutes the majority of the critical data)

In terms of the 3Tb's of filestore - it's just that, files, in the event of a disaster we could plug in an external HD and have access to the files we need.

I think its clear, the cheapest, simplest solution is 2 or 3 external disks, backed up offsite on a weekly basis. 3 to ensure there are 2 full copies offsite at any one time, with the oldest data being 3 weeks.

BRS: I'm not sure how good it would be to store all that data on S3 - in the event of a disaster we'd have to download it all somewhere, potentially in a temporary office. Our current place only has ADSL, simply because we have no need for anything more (and as we all know, the next step up on the internet ladder is rather a large one).

bigredshark · 4 Dec 2011 at 20:07

ecksmen said:
Taking data off site only proctects against so much, there's little point in having off site data if you havent got systems that can use it if the building has burnt down.

I'd seriously question that attitude, even if you don't have systems which can use it right away or even a plan of how to put some together you still have the data. If you don't have it offsite then it's gone and we all know the stats on how many companies survive a data loss like that.

Most companies can survive a week offline (and you can rebuild just about anything in a week), it'll be a nasty hit in lost customers and business but it's probably survivable for a well run company. Loss of all your data probably isn't.

You should have a copy of *everything* you need to run the business offsite, how long it takes to make it live depends on your business and budget but no matter what you should have it.

bigredshark · 4 Dec 2011 at 20:18

dave-lew99 said:
BRS: I'm not sure how good it would be to store all that data on S3 - in the event of a disaster we'd have to download it all somewhere, potentially in a temporary office. Our current place only has ADSL, simply because we have no need for anything more (and as we all know, the next step up on the internet ladder is rather a large one).

Well you know your business best but I'd say, if you were in that position and the survival of the business was at stake then most people could probably get access to a 100Mbit internet connection without too much trouble. End of the day, worst case is you can pay Sungard a chunk of cash and walk into a DR suite with 100Mbit+ within a couple of hours. That has a financial cost but when survival is at stake it's probably not a big deal.

Small business has a problem with backup today I acknowledge, it's trivial for them to create and store huge quantities of data locally and then they run into trouble when they think about backup later.

My advice (unhelpful as it is) is that they better consider whether they need to create huge quantities of data and tier their storage to divide what they need immediately, what they need sometime and what they don't need after a complete disaster. After a disaster you need your communications systems and client details really quickly but you don't need your accounting system back online on day one, billing people will wait. Too few small business have done that kind of analysis.

dave-lew99 · 4 Dec 2011 at 20:40

bigredshark said:
My advice (unhelpful as it is) is that they better consider whether they need to create huge quantities of data and tier their storage to divide what they need immediately, what they need sometime and what they don't need after a complete disaster. After a disaster you need your communications systems and client details really quickly but you don't need your accounting system back online on day one, billing people will wait. Too few small business have done that kind of analysis.

That's not at all unhelpful, very wise words - and you're right, few people even mention it, let alone recommend it.

A large proportion of our filestore is legacy data or data recordings and so on - very little of which is actually important, but useful nonetheless. The 'critical' data comprises of email, source code, customer info and so on.

With all bar one member of staff living less than 20 minutes away and most having laptops, having that data (if on an external disk) would mean a quick and largely cheap re-location. In terms of comms, any internet connection will do (as i said we run on ADSL, so anyone's home connection would be fine) and for voice we can just put on a BT re-direct to another number.

Perhaps the way would be a largely static backup of that none-essential data, plus a daily/weekly backup on some other media of the important stuff - having it all right at your fingertips without requiring expensive software or an internet connection has a lot of value, it makes restoration of service that bit easier.

If I was really pressed and I was unable to spend any money whatsoever, I am fairly confident I could have an equivalent set of systems up and running within a day.

ecksmen · 4 Dec 2011 at 20:41

bigredshark said:
I'd seriously question that attitude, even if you don't have systems which can use it right away or even a plan of how to put some together you still have the data. If you don't have it offsite then it's gone and we all know the stats on how many companies survive a data loss like that.

Most companies can survive a week offline (and you can rebuild just about anything in a week), it'll be a nasty hit in lost customers and business but it's probably survivable for a well run company. Loss of all your data probably isn't.

You should have a copy of *everything* you need to run the business offsite, how long it takes to make it live depends on your business and budget but no matter what you should have it.

Seriously question the attitude? Did you read all my post, or do you just want to take one point out of context and this misquote it? You seem to fail to not address my other points.

I'm not advocating you shouldn't have offsite as you seem to think. I'm saying that taking data off site doesn't make for a disaster plan, its merely one of a million steps you should consider.

bigredshark · 5 Dec 2011 at 14:13

ecksmen said:
Seriously question the attitude? Did you read all my post, or do you just want to take one point out of context and this misquote it? You seem to fail to not address my other points.

I'm not advocating you shouldn't have offsite as you seem to think. I'm saying that taking data off site doesn't make for a disaster plan, its merely one of a million steps you should consider.

Yes, I did and I disagree with it. That's why I said so.

It doesn't actually matter what you're protecting against, why would it? All are fairly equally catastrophic and all should be protected against as they all have the same end result if you don't.

You asked what's the good of having the data if you don't have a way of using it? Well that's a simple one, it's infinitely better than not having the data. There is absolutely no way in which having the data is not better, even if you have no idea how or where you might restore it you give yourself a chance to make a plan, find out, hire an expert, whatever.

I can only read your post as saying that offsite is an option you should consider and in my opinion that's plain wrong, an offsite copy is essential if you value your data.

If the building burns down and you don't have systems to use the data, you will find a way to build some if the business depends on it. You might still go bust depending on the state of your business but if you don't have the data you definitely will.

So, in my opinion, a fireproof safe remains just as silly as it originally looked to me...

Yamahahahahaha · 5 Dec 2011 at 15:11

Losing data shouldn't even be considered.
Anyone without solid business continuity and disaster recovery doesn't really want to stay in business, it's as simple as that.

According to the Institute of Risk Management, 90% of companies that lose data in a 'critical incident' go bust within 2 years.

It sounds scary because it is.

A fireproof safe is a must if you are leaving any backups on site, even for daily differential backups. The cost is miniscule if you compare it to the business cost of that day's productivity.

ecksmen · 5 Dec 2011 at 19:28

bigredshark said:
Yes, I did and I disagree with it. That's why I said so.

It doesn't actually matter what you're protecting against, why would it? All are fairly equally catastrophic and all should be protected against as they all have the same end result if you don't.

You asked what's the good of having the data if you don't have a way of using it? Well that's a simple one, it's infinitely better than not having the data. There is absolutely no way in which having the data is not better, even if you have no idea how or where you might restore it you give yourself a chance to make a plan, find out, hire an expert, whatever.

I can only read your post as saying that offsite is an option you should consider and in my opinion that's plain wrong, an offsite copy is essential if you value your data.

If the building burns down and you don't have systems to use the data, you will find a way to build some if the business depends on it. You might still go bust depending on the state of your business but if you don't have the data you definitely will.

So, in my opinion, a fireproof safe remains just as silly as it originally looked to me...

Actually I said backup mission critical to the cloud (multiple ones at that) depending on how often it changes / drip feeding changes. Things like fireproof safes can be option for less critical data depending on what it is...