Its 3am. Do you know where your backups are?

A constant source of quiet amusement for me is drawn from visiting sites where the server room is secured by multi-factor authentication, but the backup tapes are stored in the unlocked cupboard above the system administrator’s cubicle. The thinking goes something like this: the server room is locked because servers are expensive to replace. The backup tapes are unlocked because no one has really thought about how much important data is actually stored on them, or because last year Rocky had a dentist’s appointment on a day when Jeff needed a file restored and Kleefy forgot where he’d put the spare key.

Backup tapes contain all your organization’s data. They should be as secure as your servers are.

Of course all someone needs to do to get access to all of an organization’s data is wander off with a backup tape. In many organizations, backup tapes are so poorly organized that it would take the person doing the backup a while to figure out if some of them had actually been stolen (mostly because the first assumption, when you can’t find a particular tape, is that someone left it on top of the tape drive in the server room!).

Just because backup tapes should be as secure as your servers, doesn’t mean you keep them in the server room! Storing the backup tapes in the cupboard above the sysadmin’s cubicle is better than storing the backup tapes in the server room. If the server room goes up in flames or drowns because the sprinkler system decides to get creative, it is a pretty sure bet that the backup tapes will be turned into decorative piles of goo (or wet slush)! Store tapes in an unlocked cupboard and someone might eventually walk off with them. Store them in the server room and your chance to recover from a serious disaster isn’t all that great.

In all the textbooks that talk about disaster recovery, backups are rotated to a secure offsite location. In reality only the most serious administrators and organizations bother doing this. In my experience, a backup tape only ends up off site because someone accidentally took it home. Rotating things off site costs money. In today’s cost cutting environment, even those organizations that are serious enough to rotate tapes off site might be reevaluating their strategy.

With Windows Server 2008, the problem of rotating tapes away from the server to somewhere safe might get worse. The backup utility built into Windows Server 2008 writes to internal hard disks or removable drives. Removable drives take a lot more effort to remove from the vicinity of the server than backup tapes do. Tapes are removable devices. Even though you can unplug a USB disk, unplugging a USB disk is a lot more effort than ejecting a tape. The greater the effort required, the less likely it is to get done. Sure, Windows Server Backup is not designed as a fully featured backup solution and you can use tapes with Win2K8 and other products. But just because it isn’t meant to be a full solution doesn’t mean that a whole lot of people aren’t going to use it in that way!

As systems administrators, we take backups at some level because we want to be able to recover our organization’s data in the event of a disaster. Generally what we end up doing with them is recovering a file that some dude in accounting “accidentally” deleted. When what we mostly do with backups is occasional file recovery, it makes sense not to have the tapes too far out of reach. We do have to remember that a disaster recovery policy is a balance between being able to quickly restore small things like that dude from accounting’s data and being able to restore the core data identity of an organization in the event that something dramatic happens to the server room.

Backup tapes are important. They contain all of an organization’s data. The stuff, unlike server hardware, that can’t be replaced by calling a vendor and getting out a purchase order. Given how important they are, how many people do you think treat them in a reasonable way?

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.