[H-GEN] Tape Drives

Robert Brockway robert at timetraveller.org
Sun Jan 6 01:31:57 EST 2002


[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

On 6 Jan 2002, Jason Henry Parker wrote:

> I've thought about it.  Rsync has that nifty `tunnel me over ssh'
> feature.

Indeed.  I'll be using this soon for a pair of peered mail servers for a
large organisation.  They will be on different floors of the same building
(couldn't get them in different buildings at this stage :)

> Another fun story:
> 
>    Tiger Team is paid to go onsite to find a way to break into the
>    company network and find a way to steal their IP (so the hole can
>    be closed).  After a week of examining how things work, they pack
>    up and leave.  The next day, a Team member waltzes into the office,
>    and steals that week's backup tapes from the secretary (presumably
>    distracted by a convenient phone call) who has them sitting around
>    waiting for the courier.

2 words: physical security :)

So often people build whapping great firewalls & forget physical security.
Indeed, that's another whole thread on its own :)
 
> > Indeed.  I'm a fan of making a restore system so straightforward you
> > can do it either with everyone around asking when it will be done
> 
> How do you, Robert, go about doing that?

Easy.  You make it so straight forward that you can do it "under
pressure".

I've had to do alot of restores either under pressure or at unpleasant
times of the day/night.  People do wander in every 5 minutes & ask when it
will be done.  This is disturbing, so you need the procedure to be well
documented and _simple_.  These people are usually under pressure from
those above so explaining that it will "just take time" for the
data to come off tape doesn't seem to cut it for them.

These situations usually stemmed from lack of preperation of DR.  In my
previous job I was called in all too late, all too often to fix problems
that never would have occured if I (or another competent admin) had been
brought in 6 months before.

It is possible to make a restore procedure so straight forward that you
can do it easily under pressure when dog tired, or that a junior admin can
do it because you're on holidays in the Amazon Basin.  The procedure has
to cover these eventualities because they are real eventualities.

To be honest I'm not sure why people seem so resistent to the idea that
backups should be simple.  Too often I see people implement elaborate
backup routines (Jason none of this applies to you guys) but don't regard
how they will restore under optimal conditions, let alone poor conditions.

A restore should never get more complicated than having to boot off the
install media, pull a few tapes & restore the needed data.  Having to have
special apps installed just to go a restore (which seems to be the case
with certain commercial backup packages) or having to rebuild the OS just
to be able to restore (which is the case with at least some NT backup
packages) doesn't cut it. That's why I recommend people do DR tests.  Get
an old box with compatible h/w and try to restore the server to it.  See
if the logic fails. 

> As for people asking when it will be done, I'd like to think that I'd
> have sufficient clout to ask my boss to take everyone to lunch.  (If
> the company is going to bleed money it may as well spend it wisely.)

I've just stopped being a consultant.  The employees are worried because
the server has broken & the clock is ticking.  They have called you in 
as they are out of their depth (they have never stopped to consider
backup issues strongly).  They are under pressure. They're trying to be
nice but you can tell that they are stressed.

It's a bit different if you have a good relationship with your boss, but
if it is a client you might only have met a few times up to that point,
you can't ask them to take everyone to lunch :)

To sum up my opinion on this: Backup procedures need to follow the KISS
principle more than most things.  They need to be simple or their
complications will come to bite you at the worst possible time.

A general assessment of the network as a whole may be needed to ensure the
backup procedure is rational. Eg, do you need seperate tape units on each
server?  Can you backup several systems across the network to a single
tape?  If you do, how do you restore that data to the (remote) system
without having to jump through hoops to do so?
Rob

-- Robert Brockway B.Sc. email: robert at timetraveller.org  ICQ: 104781119
   Linux counter project ID #16440 (http://counter.li.org)
   blake: up 41 days, 20:09, 12 users,  load average: 1.00, 1.00, 0.94
   "The earth is but one country and mankind its citizens" -Baha'u'llah


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list