Backup strategy for customer data?
-
@PhlipElder said in Backup strategy for customer data?:
We've worked with a variety of hosting solution providers. Most start with a base of one backup done per 24 hours with a fee to restore if required.
Some have a built-in backup feature that we can then set up for the VMs we have our cloud desktop clients running in. It can be set up to run relatively often. They charge a fee for that one.
Start with once per day.
As far as the "how" what is the underlying virtualization platform?
Our hosting solutions are set up to use Veeam at the host level.
StarWind's Virtual Tape Library (VTL) can be used to augment the backup in another DC with Veeam's Cloud Connect being another option to tie in to get the backup data out of the production DC.
As far as expectations go, we're in the process of setting up a BaaS and DRaaS service based on Veeam. Backups and DR will be multi-site with one goal to be a two to four week no-delete option available.
In our investigations of BaaS/DRaaS providers none were able, or wanted, to answer the, "How do you back up our backup data to protect against failures in your system?" question.
As we are are getting into SaaS and not infrastructure, I think our primary concern are being able to restore the customers data in case something bad happens that's our fault or responsibility - for instance software bugs, hackers, ransomware, multiple hardware failures etc.
We are not as concerned with being able to restore the customers data in case they screw up, as we are if we screw up. That said, if we can without to much investment, we might be able to add something here. Have to think about that one. In either case we will provide some way for the customer to export and backup their data.
For now we run on xen (xcp-ng). The goal is to be able to restore the infrastructure with automation, so I don't expect us to really need a lot of host based backups. We have a lot more testing to do on this.
From what I can gather right now, I think we will backup to disk storage on-prem. Then from there we will go to tape. Tape will be moved off site once a week. We will do incremental backups to the cloud or another site so we can restore completely using off-site tape and the incremental backups.
This will allow us to restore from on-prem disk in most cases. If we are hacked or infected we can restore from on-site tape. In case of a fire or something we can restore from off site tape and incremental backups.
-
@Pete-S said in Backup strategy for customer data?:
@PhlipElder said in Backup strategy for customer data?:
We've worked with a variety of hosting solution providers. Most start with a base of one backup done per 24 hours with a fee to restore if required.
Some have a built-in backup feature that we can then set up for the VMs we have our cloud desktop clients running in. It can be set up to run relatively often. They charge a fee for that one.
Start with once per day.
As far as the "how" what is the underlying virtualization platform?
Our hosting solutions are set up to use Veeam at the host level.
StarWind's Virtual Tape Library (VTL) can be used to augment the backup in another DC with Veeam's Cloud Connect being another option to tie in to get the backup data out of the production DC.
As far as expectations go, we're in the process of setting up a BaaS and DRaaS service based on Veeam. Backups and DR will be multi-site with one goal to be a two to four week no-delete option available.
In our investigations of BaaS/DRaaS providers none were able, or wanted, to answer the, "How do you back up our backup data to protect against failures in your system?" question.
As we are are getting into SaaS and not infrastructure, I think our primary concern are being able to restore the customers data in case something bad happens that's our fault or responsibility - for instance software bugs, hackers, ransomware, multiple hardware failures etc.
We are not as concerned with being able to restore the customers data in case they screw up, as we are if we screw up. That said, if we can without to much investment, we might be able to add something here. Have to think about that one. In either case we will provide some way for the customer to export and backup their data.
For now we run on xen (xcp-ng). The goal is to be able to restore the infrastructure with automation, so I don't expect us to really need a lot of host based backups. We have a lot more testing to do on this.
From what I can gather right now, I think we will backup to disk storage on-prem. Then from there we will go to tape. Tape will be moved off site once a week. We will do incremental backups to the cloud or another site so we can restore completely using off-site tape and the incremental backups.
This will allow us to restore from on-prem disk in most cases. If we are hacked or infected we can restore from on-site tape. In case of a fire or something we can restore from off site tape and incremental backups.
There are some keys to providing a customer facing solution:
- Customer facing network(s) are not in any way connected to the hosting company's day to day network (DtDN)
- Privileged Access Workstation structures are in place to keep things separate
- Backups are air-gapped in some way to protect against catastrophic failure or encryption event
- Customer resources are on separate equipment from DtDN
Ultimately, the entire solution set for DtDN, Support, and Customer Facing networks should be segmented completely from each other with significant protections in place to keep them that way.
- iNSYNQ
- Wolters Kluwer/CCH
- Maersk
- PCM
- WiPro
- Hosting company (UK 123 something?) lost everything due to backups being wiped
- Secure mail hosting company lost everything when perp took everything out right through the backups
- ETC
-
@PhlipElder said in Backup strategy for customer data?:
hosting company's day to day network
With day to day network, do you mean the hosting company's own internal IT, for managing their own company?
Or do you mean the hosting company's management network for managing the hosting infrastructure? -
@Pete-S said in Backup strategy for customer data?:
@PhlipElder said in Backup strategy for customer data?:
hosting company's day to day network
With day to day network, do you mean the hosting company's own internal IT, for managing their own company?
Or do you mean the hosting company's management network for managing the hosting infrastructure?DtDN = Sales, HR, Financing, ETC where folks blindly click on things and get hit by drive-by web sites.
Management would be with PAW (Privileged Access Workstation) and segmented away from the DtDN with absolutely no crossover between them.
-
@scottalanmiller said in Backup strategy for customer data?:
When comparing tape, it's important to not look at raw capacity. LTO tape has hardware compression that is real time, on the fly and incredibly powerful. The compression ratios on tape are crazy. It's part of the sequential write mechanism. Hard drives don't offer this mechanism, nor could they because of the random access model. Tapes don't actually write raw, so an LTO8 is actually going to get 30TB on average. Sometimes less, sometimes more. But that's a real number to work with.
Question: Am I correct in assuming that this compression doesn't offer any benefit where the backup content is video media? If it DOES allow compression of video files, how good is the compression ratio?
-
@NashBrydges said in Backup strategy for customer data?:
Question: Am I correct in assuming that this compression doesn't offer any benefit where the backup content is video media? If it DOES allow compression of video files, how good is the compression ratio
That depends. But generally it does, but relatively little. You likely still want it on (especially on tape) because the compression mechanism normally speeds the writes to and from the media because it is compressed in real time. But heavily compressed video media is going to get very little additional compression, but generally some.
-
I did some comparisons of the cost involved for disk versus tape and disregarding the difference between the media types.
Tape is much cheaper per TB (about $11/TB) but you need to offset the cost of the tape drive/autoloader.
Disk on the other hand will require a more expensive server with more drive bays and also requires additional disks for partition data.In our case I found that at 150 TB of native storage it will break even. If you have more data in backup storage than that, then tape is cheaper.
-
In our case I'm thinking about two options.
OPTION 1
We'll put together a backup server with a large-ish disk array (maybe 100TB or so) connected with SAS to a tape autoloader. Backups go from backup clients to the disk array and when done it's all streamed to tape. The tapes are exchanged and put off-line. Each week a full backup of disks are taken off-site as well.To keep the networks separated as far as possible we can put the backup server on it's own hardware and it's own network and firewall it off from the production servers. So if production servers or VM hosts are breached the backup server is still intact. If somehow it's also compromised we have to restore everything from tape.
OPTION 2
We put a smaller backup array, say 10TB or so, on each physical VM host. Backups are run on each host from the production VMs to the backup VM with the backup array. Remember our VMs are running on local storage so this will not require any network traffic.When done, we stream the data from each backup VM to a "tape backup"-server that just basically contains the tape drive (with autoloader) and will write the data to tape. Firewall and tape handling will be the same as option 1. Since the disks with the backups are on each host, several backup servers have to be breached to lose all disk backups.
What do you think?
-
@Pete-S said in Backup strategy for customer data?:
What do you think?
I think you have done an awesome amount of research.
Why offsite disks if tape is already offsite? This seems like extra work that is not worth the cost of doing. Either way, when needing either these disks or the tapes, you are full restoring. I can't imagine that it would be a big enough different in restore times to matter in that scenario.
-
@Pete-S said in Backup strategy for customer data?:
What do you think?
The difference between options 1 and 2 seem to be two things to me.
- How much can be easily compromised at once
- Where the complexity of configuration is
Option 1 seems to be easier to compromise the entire setup, but is also easier to manage the configuration of the entire process.
Option 2 will be harder to compromise the entire setup, but is more complex to manage the entire setup.
-
@Pete-S said in Backup strategy for customer data?:
I did some comparisons of the cost involved for disk versus tape and disregarding the difference between the media types.
Tape is much cheaper per TB (about $11/TB) but you need to offset the cost of the tape drive/autoloader.
Disk on the other hand will require a more expensive server with more drive bays and also requires additional disks for partition data.In our case I found that at 150 TB of native storage it will break even. If you have more data in backup storage than that, then tape is cheaper.
How many tapes in the library?
How many briefcases to take off-premises for rotations?
Where is the brain trust to manage the tapes, their backup windows, and whether the correct tape set is in the drives?
If the tape libraries are elsewhere then the above goes away to some degree (distance comes into play).
-
@Pete-S said in Backup strategy for customer data?:
In our case I'm thinking about two options.
OPTION 1
We'll put together a backup server with a large-ish disk array (maybe 100TB or so) connected with SAS to a tape autoloader. Backups go from backup clients to the disk array and when done it's all streamed to tape. The tapes are exchanged and put off-line. Each week a full backup of disks are taken off-site as well.To keep the networks separated as far as possible we can put the backup server on it's own hardware and it's own network and firewall it off from the production servers. So if production servers or VM hosts are breached the backup server is still intact. If somehow it's also compromised we have to restore everything from tape.
OPTION 2
We put a smaller backup array, say 10TB or so, on each physical VM host. Backups are run on each host from the production VMs to the backup VM with the backup array. Remember our VMs are running on local storage so this will not require any network traffic.When done, we stream the data from each backup VM to a "tape backup"-server that just basically contains the tape drive (with autoloader) and will write the data to tape. Firewall and tape handling will be the same as option 1. Since the disks with the backups are on each host, several backup servers have to be breached to lose all disk backups.
What do you think?
Inside Job puts # 2 to rest. Let's just say there are plenty of stories about entire setups being wiped starting with the backups then hitting go on 0000 for the SANs.
-
@Pete-S This made me think of something I haven't considered since the 90s. Back then UNIX based systems were so much better at streaming data to the tape that we'd use IRIX systems to make backups of all the things rather than Windows. Anyone know if OS makes a difference in keeping tape drives fed with data today?
Back to your current question. A worst case scenario with either option will lead to full restore from off-site. So Option 1 would make the most sense to me. Feeding enough data to today's tape drives can be a challenge even from local disc.
-
@travisdh1 said in Backup strategy for customer data?:
Anyone know if OS makes a difference in keeping tape drives fed with data today?
Hasn't been a factor in a long time.
-
@PhlipElder said in Backup strategy for customer data?:
How many tapes in the library?
How many briefcases to take off-premises for rotations?
Where is the brain trust to manage the tapes, their backup windows, and whether the correct tape set is in the drives?
If the tape libraries are elsewhere then the above goes away to some degree (distance comes into play).A 2U high autoloader will have two magazines with 12 tape slots in each. With LTO-8 tapes that means 720TB of data (2.5:1 compression) in one batch without switching any tapes. 24 tapes will fit in one briefcase so not much of a logistical problem. If you go up to a 3U unit it will hold 40 tapes and I think that might fit in one briefcase as well.
Tapes have barcodes that the autoloader will scan so that's how the machine know which tape is the right one.
If you are going to swap several tapes at once, you can get additional magazines that holds the tape and just swap the entire magazine. For daily incremental backups you can swap one tape at a time - if you have less than 30 TB of data change per day.
You can also monitor that tapes have been replaced so you could set up that as a prerequisite for starting the next daily backup. We'll just have to see how long things take and how much data we need to backup on average before putting procedures in place.
I haven't actually used tape since the late 90s so it will be exiting testing this. For off-line storage and archival storage the specs are just so much better than harddrives. Bit error is 1 in 10^19 bits (enterprise HDDs are 1 in 10^15). That's actually 10,000 times better than HDDs. And 30 years of archival properties.
-
@Pete-S said in Backup strategy for customer data?:
Bit error is 1 in 10^19 bits (enterprise HDDs are 1 in 10^15). That's actually 10,000 times better than HDDs. And 30 years of archival properties.
yeah, the tech behind LTO8 is freaking fantastic. And unlike HDD where research is stagnating, tape keeps advancing.
-
@scottalanmiller said in Backup strategy for customer data?:
@Pete-S said in Backup strategy for customer data?:
Bit error is 1 in 10^19 bits (enterprise HDDs are 1 in 10^15). That's actually 10,000 times better than HDDs. And 30 years of archival properties.
yeah, the tech behind LTO8 is freaking fantastic. And unlike HDD where research is stagnating, tape keeps advancing.
I still haven't seen anything that scales like tape. Just keep adding drives and tapes as needed till you're into silly town: https://spectralogic.com/products/tfinity-exascale/
-
@travisdh1 said in Backup strategy for customer data?:
@scottalanmiller said in Backup strategy for customer data?:
@Pete-S said in Backup strategy for customer data?:
Bit error is 1 in 10^19 bits (enterprise HDDs are 1 in 10^15). That's actually 10,000 times better than HDDs. And 30 years of archival properties.
yeah, the tech behind LTO8 is freaking fantastic. And unlike HDD where research is stagnating, tape keeps advancing.
I still haven't seen anything that scales like tape. Just keep adding drives and tapes as needed till you're into silly town: https://spectralogic.com/products/tfinity-exascale/
Quick! I need tapes 39,763 and 40,659!
-
@Pete-S said in Backup strategy for customer data?:
@PhlipElder said in Backup strategy for customer data?:
How many tapes in the library?
How many briefcases to take off-premises for rotations?
Where is the brain trust to manage the tapes, their backup windows, and whether the correct tape set is in the drives?
If the tape libraries are elsewhere then the above goes away to some degree (distance comes into play).A 2U high autoloader will have two magazines with 12 tape slots in each. With LTO-8 tapes that means 720TB of data (2.5:1 compression) in one batch without switching any tapes. 24 tapes will fit in one briefcase so not much of a logistical problem. If you go up to a 3U unit it will hold 40 tapes and I think that might fit in one briefcase as well.
Tapes have barcodes that the autoloader will scan so that's how the machine know which tape is the right one.
If you are going to swap several tapes at once, you can get additional magazines that holds the tape and just swap the entire magazine. For daily incremental backups you can swap one tape at a time - if you have less than 30 TB of data change per day.
You can also monitor that tapes have been replaced so you could set up that as a prerequisite for starting the next daily backup. We'll just have to see how long things take and how much data we need to backup on average before putting procedures in place.
I haven't actually used tape since the late 90s so it will be exiting testing this. For off-line storage and archival storage the specs are just so much better than harddrives. Bit error is 1 in 10^19 bits (enterprise HDDs are 1 in 10^15). That's actually 10,000 times better than HDDs. And 30 years of archival properties.
We used to manage HP based tape libraries and their rotation process. It was a bear to manage.
We have one company we are working with that has a grand total of 124 tapes that they need to work with for one rotation.
GFS, that is Grandfather, Father, and Son, is an important factor in any backup regimen. Air-gap is super critical.
Having software
thethat manages it all for you is all fine and dandy until the software fails. BTDT and what a freaking mess that was when the servers hit a hard-stop.Ultimately, it does not matter what medium is used as GFS takes care of one HDD or tape dying due to bit rot (BTDT for both HDD and tape).
The critical element in a DR plan is air-gap. No access. Total loss recovery.
-
@dafyre said in Backup strategy for customer data?:
@travisdh1 said in Backup strategy for customer data?:
@scottalanmiller said in Backup strategy for customer data?:
@Pete-S said in Backup strategy for customer data?:
Bit error is 1 in 10^19 bits (enterprise HDDs are 1 in 10^15). That's actually 10,000 times better than HDDs. And 30 years of archival properties.
yeah, the tech behind LTO8 is freaking fantastic. And unlike HDD where research is stagnating, tape keeps advancing.
I still haven't seen anything that scales like tape. Just keep adding drives and tapes as needed till you're into silly town: https://spectralogic.com/products/tfinity-exascale/
Quick! I need tapes 39,763 and 40,659!
Oh yeah, does that bring back memories. Feeding the machine to get the combination of tapes needed to recover a set of databases or the like. Ugh. SMH