On 7/18/11 12:58 PM, Brian Cuttler wrote:
On Mon, Jul 18, 2011 at 10:30:44AM -0600, Charles Curley wrote:
On Mon, 18 Jul 2011 11:32:01 -0400
Chris Hoogendyk<hoogen...@bio.umass.edu> wrote:
On 7/18/11 9:39 AM, Brian Cuttler wrote:
It is ALWAYS a good idea to test your restores.
A good argument can be made that you are not so much interested in
backing up your system as in being able to restore it.
You could, if you wanted, call that the first rule of backups -- Test
your recovery.
Is there any purpose to making backups other than being able to recover?
Oh, well, job security, I suppose. If you aren't thinking things
through.
On going discussion in my office. One person feels we are the
'data custodians' and need to keep data safe and is pushing
for periodical archives.
The manager says we don't do archives. Why not ? Because we never have.
I manage amanda, a very robust system in an instutition with
very sloppy rules and goals.
Too many people focus on "backups" where this core group understands
that is not backups but successfull recovery that is the goal.
Its not the universal understanding tough, not by a long shot.
People lose focus.
This was kind of getting of on another track, so I renamed it. Not sure to what extent anyone cares
to continue on this line.
One comment I would have on this issue relates to questions of security and liability. Being in a
public institution, we are subject to freedom of information and other laws. If I have a room full
of ancient tapes in various formats, and I'm hit with a legal request for information, I could be
from now to doomsday sorting through all that to provide the requested information. On the other
hand, if we have an institutional policy of only keeping the last x months of backups, we can cite
that. So, in the last couple of years, we have instituted that policy.
Individual laboratories may have needs to keep research data for longer periods of time, and that
too may be regulated by laws and granting agency regulations. We consider that to be the Principle
Investigator's responsibility.
In our case, this can be a very real threat. We happen to have some of the top climate change
researchers in one of our departments. They and their colleagues at other institutions have been the
subject of hacking attacks as well as congressional subpoenas (if you have ideological issues with
the science, just whack at the researchers so that they don't have any time for their research).
Because of all of this, our official policy is now that the purpose of backups is to protect against
system failure of any sort, whether it is drive failure, human error losing a file, server meltdown,
whatever. Backup is to recover from loss. So, don't come asking me to recover and deliver every
email sent by or received by any particular researcher over the past five years. I don't have it. I
can't do that. All I have is what was stored on the system in the last several weeks.
We also have cleared all our systems, to the extent possible, of all Personally Identifiable
Information (PII). This includes things like social security numbers, student IDs, credit card
numbers, etc. There are a whole set of laws and regulations governing these, with reporting
requirements if your system is hacked and has such data on it. This is another reason for ditching
long term backups or archives. If a tape contains a backup of a system that had such data from a
time before it was cleaned up and removed, then the tape becomes a liability.
All of this is a significant change from when I was responsible for backups for a small software
company in the span around 15 years ago. We used encrypted drives on computers that we took to trade
shows, but in house we kept tapes back to the beginning of time. Those tapes included the sales,
marketing and accounting systems with the full customer database including credit card information.
Perhaps a little scary in retrospect. The company was sold, and the tapes went to another state
along with the programmers and the source code. I wonder if the tapes still exist, whether anyone
has any clue what's on them, and whether they could figure out how to read them.
--
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology& Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<hoogen...@bio.umass.edu>
---------------
Erdös 4
