Republished with permission from WatchGuard Technologies, Inc.


Beware the Backup Blues

by Lisa Phifer, Vice President, Core Competence Inc.

Like many small business owners, I know better than to operate without regular data backups. After all, studies show that most of us lose data at some point due to human error, hardware failure, software malfunction, or virus/malware infection. So, when my own desktop's primary hard drive failed last month, why did I lose days of work and hundreds of files? My well-intentioned backup plan had not been well-executed.

As I labored to resurrect the failed PC, gather missing files from colleagues, and reconstruct data that was lost for good, I spent hours reflecting upon what had gone wrong. Simply recovering from this painful incident was not enough -- I found myself motivated to implement a better data backup process. By sharing my story, I hope that perhaps you can learn from my mistakes.

Small staff + small budget = big risk

According to a recent study by Quocirca, just 50% of mid-sized businesses, and less than 40% of small businesses, have a formal desktop/laptop backup plan in place. Although half of mid-sized businesses have at least some dedicated IT staff, just 10% of small businesses do.

Small companies make do with less because they have to. But they are not exempt from data loss or expensive consequences. Based on perceived risk/reward, many SMBs economize by focusing on high-value assets -- for example, most routinely back up shared servers and mission-critical databases, while leaving individual users on their own for desktop and laptop backups.

Herein lies my first mistake. I had automated regular backups for some key resources, but I had underestimated the value of files stored only on the failed desktop. The good news: I did not lose my highest-value data. The bad news: because desktop backups were discretionary (not automated), I lost over a week of recent work right from the start. Furthermore, because my desktop backups were ad hoc, some valuable files had been overlooked in past backups. For example, I found that mailing lists housed in application directories rather than obvious data directories had not been backed up in months.

If I had applied the same rigor to desktop backups as I do to my server and database backups, I probably would not be writing this column. For some of us, it may be impractical to immediately back up every update on every desktop or laptop. However, it wasn't hard to configure inexpensive backup software to automatically copy changed desktop files at regular intervals, from defined locations. The moral: if you make employees responsible for backing up their own systems, give them at least minimal tools and instructions to automate that process.

Can your backup restore?

Many backup programs offer a choice between taking complete system snapshots or copying only changed files. Snapshots require more storage but offer better insulation against incremental failure -- errors that crop up over time and might otherwise corrupt your backups as well as your desktop.

This brings us to my second mistake. Those ad hoc backups I dutifully burned to CD-R every week harbored errors. Lots of them. Perhaps the failed disk died a slow, lingering death. I wouldn't know, because I didn't routinely run CHKDSK before making those backups. Furthermore, in my haste to back up quickly, I often skipped the "test" phase of "test and burn," copying data at the highest available (and most error-prone) speed. Although I briefly browsed those backup CD-Rs, I had not taken even the most basic precautions to reduce the probability of error. Haste makes waste -- in this case, dozens of useless plastic "coasters."

Of course, I would have noticed these errors had I taken the time to verify my desktop backup strategy. Over time, we had restored an occasional accidentally-deleted file from backup CD. But we had never formally and thoroughly tested our desktop backup routine by executing a complete desktop recovery from start to finish.

Ironically, I often recover servers and test systems, and methodically verify the disk images that we use to accomplish those tasks. I considered using that as a common strategy for all systems, but our desktop file backup/restore needs are somewhat different, and we opted to deploy a different backup program on desktops. Ultimately, no matter what strategy you decide to implement, the moral is crystal clear: Verify your backups. If you merely assume that your restore strategy works, you could be expending considerable effort for nothing.

Space: the final frontier

Available storage space constrains the number of backups you can make and keep. Although the capacity of various types of storage continues to grow, so does our ability to fill every inch -- er, megabyte -- of that space. This is why I originally opted to write desktop backups to CD-R. Writable CD (or DVD) storage is inexpensive and effectively unlimited.

But, as my recent mishap reminded me, a backup destination should be highly reliable, easily catalogued, and readily available. CD-Rs are great for taking files with you on the road or sending them to colleagues, but perhaps are not the best destination for fully-automated, unattended backups.

Enterprises usually employ some type of network-attached storage (NAS) or storage area network (SAN) for centrally-initiated server and desktop backups. Sophisticated supervisory suites like Veritas NetBackup coordinate distributed data backup, recovery, and archiving across large enterprise networks. Recent backups may be written to high-speed temporary storage, then archived at intervals to persistent storage, like tape or optical media.

Some mid-sized businesses can afford scaled-down versions of this approach. But, for some small businesses, these sophisticated systems may seem like expensive overkill -- particularly for desktop backups. According to Quocirca, only 10% of small businesses have NAS; over half lack any kind of shared storage accessible to desktops. Given this reality, what are some entry-level desktop backup storage options for small businesses?

In my office, server and test platform backups are copied from one internal hard disk to another. Large capacity disk drives are relatively inexpensive these days and add little to the total cost of each desktop. For example, you can purchase a 7200 rpm 250 GB EIDE drive for about $150. However, some small-footprint desktops and many laptops cannot house an extra internal disk. Backups could be written to a designated backup partition on the same drive, but this does not insulate against physical drive failure. In either case, internal disk storage is ultimately limited, and may restrict you to maintaining just a couple of complete system backups.

Our server backups are periodically copied (archived) from internal drives to a larger-capacity network file server. For backing up a small number of servers, this approach has been manageable. But when I considered using this server to store all desktop backups, clearly we needed a lot more storage or a new network-attached storage device. NAS has appealing reliability, but purchasing a NAS appliance could run up to three times the cost of the same-size raw EIDE drive. But I decided against NAS due to performance -- even over a 100 Mbps Fast Ethernet LAN, writing very large backup files to NAS can take many hours. NAS wasn't right for our office, but NAS can be attractive for smaller uploads, such as nightly incremental backups.

In the end, I decided to perform backups directly on each desktop or laptop, without depending upon high-speed network connectivity or access to a network file server. This lead me to consider removable external storage devices, commonly connected via USB or Firewire. Removable drives cost slightly more than comparable raw EIDE drives. For example, an external 250 GB Firewire drive can be purchased for about $180. A 300 GB dual interface USB 2.0 and Firewire drive retails for about $250. For users with both a desktop and laptop, a single removable drive can be designated as a backup destination for both (although not simultaneously.)

For backups, 12 Mbps USB 1.x is not going to cut it. However, USB 2.0 reaches 480 Mbps; Firewire, 400 Mbps. At these speeds, full backups can be completed weekly or even nightly. For example, a 10GB backup of a 1 GHz PC can complete over USB 2.0 in about 2 hours. Because our newer PCs have either Firewire or USB interfaces, I chose a dual-mode external EIDE drive (7200 rpm, 8MB cache) as my "standard desktop backup device." On older PCs with USB 1.x, I could have installed a PCI-to-USB 2.0 adapter in each desktop or a USB 2.0 PCMCIA adapter in each laptop. But every desktop in my office has a PCI-to-PCMCIA adapter, so I went with USB 2.0 PCMCIA adapters for all.

Programs and Policies

The external drive that I chose included a data backup program, EMC Dantz Retrospect. Although quirky at times, this program was easy to install and configure for automated backups, creating full system restore points or incremental backups on schedule or on demand. You can use many other inexpensive programs to automate desktop backups -- including Microsoft's Windows NTBackup, found in Windows 2000 and XP operating systems. Whatever approach you choose for your small business, seek to minimize end user setup and on-going interaction.

Ultimately, the most foolproof backup system is one that does its job transparently. But that isn't always possible. For example, regular Saturday night backups cannot occur if mobile laptops are not attached to the destination drive at the office. My advice: create a fully-automated backup routine, but empower users to refine default backup schedules for their own desktop/laptop(s). Complement this with monitoring so that you'll know when backups are not occurring regularly, and periodic verification and archival of backup files.

Finally, give some thought to data privacy and access control. Backup files can be associated with user accounts with a file system like NTFS, but not FAT32. For desktops running older operating systems, look for a backup program that provides its own stored file encryption. When backing up data to a network file server or NAS, secure the data in transit between the desktop/laptop and the backup destination. Physical security of the backup destination is also important -- that device is a valuable asset, not only to you, but to would-be thieves. For example, use peripheral locks (available from Kensington, Fellowes, et al) to keep removable storage devices where they belong.

I've been using my newly-defined office desktop backup routine for a few weeks now, implementing it on one desktop to work out the kinks, then on a second desktop and pair of laptops. Remaining systems will be outfitted gradually as time and budget permit, but long before the memory of last month's failure fades. I hope that automated desktop backups will help my small business avoid future data losses. If you're among the majority of small businesses without any desktop backup plan, don't wait for a similar fate to befall you before taking action to mitigate this risk. ##

      Copyrightę 2005, WatchGuard Technologies, Inc. All rights reserved. WatchGuard, LiveSecurity, Firebox and ServerLock are trademarks or registered trademarks of WatchGuard Technologies, Inc. in the United States and other countries.