Customers often ask what is the best practice for having redundant copies of data.
What are the best practices of backup copy management?This is a question often posed by our customers.
This article will discuss and reference some information on this topic.
The real answer is this will depend heavily on several factors, including regulatory compliance, the critical nature of business data, the feasibility of moving data copies, and business risk justification.
ExpectationsThe industry (or at least us-cert.gov) will tell you that a 3-2-1 backup copy model is the "least" you should be doing. That's exactly right. It is the absolute LEAST you should be doing.
What is 3-2-1? if the link above is tl;dr, here's the cliff notes:
- 3 copies of your data. This is not 3 different backups taken at different times (retention), this is 3 copies of EACH backup retained in different ways (redundancy)
- 2 different media types. This means not just your primary backup storage, but at least some other form of media or a completely independent storage system
- 1 offsite at all times. This is usually simply put, THE LAW for most companies. Your data typically not only needs to be offsite, there's typically additional compliance mandating how often and how far it has to go, and how it has to be secured.
Why is this important? Especially when maintaining a historical retention, more so even when those backups are disambiguated, encrypted, and deduplicated, any major disruption to the primary backup storage could be catastrophic. Why such risk? Most backup platforms today do not store a backup as an individual portable object that can be readily re-imported to another system if you crash. In point of fact, governments have asked backup providers specifically to make that impossible on purpose as a matter of security! The reality is each block you protect is disembodied stored in proprietary structures, and dependent on a critical database modeling to be able to put it back together later. The association of database to the data is critical, and if they are out of sync due to a database crash, unplanned power interruption, storage or file system corruption, or more, part or all of the data can become unrecoverable. A site level disaster would destroy both your original servers and the backups you made in one step! Even if it wasn't for legal compliance, no backup provider would ever recommend that the only copy of your backup data be in the backup appliance's own local data store. This doesn't even account for IT mistakes or even IT black hat intentional deletions. You have to have more than 1 copy of this data, it should not even be a consideration. The general rule most will quote is 3-2-1.
But is this the "Best Practice"? No, actually... We discussed this with another blog on why 3-2-1 isn't good enough. Both blog posts are worthy reads.
But what does this mean? How do you do 3-2-1 or 3-2-2, or 3-3-2 copy rotation? How does Unitrends recommend you go about meeting these conditions?
Keep reading to learn more.
Ways to get your data offsite:The Unitrends platform was designed to be used redundant and distributed across multiple sites. The general expectation is to use both Hot Copy replication as well as Cold Copy backup to either separate local storage or offsite long term cold storage.
Offsite Hot Copies: In most cases, achieving the offsite copy is most economically done through electronic data replication, what Unitrends calls Hot Copies. This ensures that data is offsite as quickly as possible, including on weekends, and that it is readily recoverable locally on demand. This can be done to Unitrends Cloud, to a licensed UB running in AWS or Azure that you operate, or to a licensed Unitrends appliance you operate at another physical location or datacetner accessible to you (even just to another building on a MAN/LAN link). The benefit of Hot Copy replication is many fold, but this ensures you have both an offsite copy and that the copy is on unique storage both.
- Makes the most efficient use of bandwidth and handles poor quality or transient connections well. Only changes are replicated not entire jobs.
- Allows direct electronic recovery of data, including selective recovery at granular levels. No 3rd party calls and no waiting on media to be shipped back to you
- Can be independently secured, including using independent encryption passphrases and even different system login credentials.
- Send the copy offsite as soon as bandwidth permits, no waiting for archives to complete and no manual efforts or job schedules to worry about
- Allows offsite DRaaS capabilities without additional recovery steps (recover to servers or VM hosts directly from the replicated system).
- Online Retention of 7+ years GFS retention in Unitrends Cloud costs less than 2X 90 days of retention.
- Plus: a familiar process comfortable to most engineers
- Plus: Offline Cold media can't be effected by outages, infections/hacking, and are typically not readily accessible to a black hat internal employee.
- Minus: take time to create and may be difficult to work into a schedule as fulls are required to be in each set. With large data sets it is not typically possible to rely on rotational media for daily offsite archive. Traditional methods used several archiving devices and several backup appliances running in parallel to accomplish this. That's a solution typically significantly more expensive than offsite electronic replication.
- Minus: media costs are linear; more retention desired directly increases long term storage cost.
- Minus: disk based recovery may not be granular, backups of VMs or applications have to be imported back to a functioning appliance first. This may also require more space with in a backup storage device than is available at the time of import leading to potentially purging backups to make room to import older data.
- Minus: recovery is not hot-online, and will delay the initiation of DR vs a hot copy appliance while cold copies are first imported.
- Recommendation: when used in conjunction with offsite Hot Copies, perform a Cold Copy to media you move offsite somewhere between weekly and monthly. Keep media as long as is needed, rotate/reuse on a GFS or traditional pyramid model for best cost reduction.
- Plus: an easy way to have another readily accessible copy. No physical movement offsite required
- Plus: can typically be more convenient to run more frequently as we'll have the current fulls on media, making daily cold copy more likely to be possible.
- Minus: Complex configuration and scheduling required to support NAS devices as offsite media, but possible with release 10.3 and higher.
- Minus: NAS typically cost substantially more per TB vs rotational SATA disks.
- Minus: Cold Copy does not use deduplication, so storage costs are linear. For retention of more than 6-10 backup chain sets, deployment of a Hot Copy Target (even locally) will often provide greater retention at lower TCO.
So what does Unitrends recommend?
Best Practice: 4-4-2 rotation. 4 copies on 4 media systems 2 of which are offsite
- Local Backups preferably with 60-90 days of retention in-appliance
- Hot Copy Replication, preferably to a UB unit operated in a datacetner that can offer direct recovery at that site or DRaaS functions. Retention to compliance minimums or more (3-7 years typical)
- Local Cold Copy to a NAS device, 3-5 backup rotations (30-45 days) Provides fast local recovery should a UB/RS unit's own storage system or host fail.
- Monthly or weekly Cold Copy on SATA disk, moved offsite after a new set is created. Provides a local option for data recovery following a large scale site disaster and also meets long term archival requirements. Requires manual movement of media offsite only monthly, media only needs to be sized relevant to the current data set.
- Local Backups preferably 60-90 days of retention
- Hot Copy replication, preferably to a UB unit operated in a datacenter that can offer direct recovery at that site or DRaaS functions. Retention to compliance minimums or more (3-7 years typical)
- Monthly cold copy maintained locally on SATA disk, moved offsite after 30 days and retained as necessary to meet archival compliance laws.
- Local backup copies preferably 60-90 days of retention
- Hot Copy Replication, preferably to a UB unit operated in a datacenter that can offer direct recovery at that site or DRaaS functions. Retention to compliance minimums or more (3-7 years typical)
- Local copy to NAS device 3-5 backup rotations (30-45 days) Provides local recovery should a UB unit's own storage system or host fail.
- Under this plan, there is no manual media rotated offsite. If Hot Copy operations cannot be met due to bandwidth restrictions or cloud operational costs, daily offsite media rotation would be required.
- Local backups with minimum retention, 2 full backup rotations, routinely less than 30 days of retention onsite.
- Traditional archive media rotation, moved offsite weekdays.
- to accomplish daily media rotation, data set may need to be limited or spread across several smaller appliances protected content and media will need to retain sufficient storage to allow multiple rotations on a single disk set to allow the purge feature to operate. Master backups will need to be spread through the calendar to prevent sending more data to archive media per day than is viable for standard SATA drives. Expected max xfer rate is 80-140MB/min for archive, on some units lower rates of 60-90MB/s may be seen. It may not be possible to use a single device to archive all data timely.