[AusNOG] Offsite Backup Recommendations

Robert Brockway robert at timetraveller.org
Tue May 16 11:43:31 EST 2017 

On Tue, 16 May 2017, Alex Samad wrote:

> What are peoples thoughts about the backups being "online", atleast with
> tape backups, a malicious user would have to request all the tapes and then
> process them one by one - or get some big magnet.
>
> But with online backups, presumably you can do it all with a click of a
> button, isn't that a bit of a worry ?

I've argued for a long time that when developing backup & DR solutions we 
must avoid 'failure of imagination'.  You have to try to protect against 
failure modes you didn't think of.  To this end I've developed an approach 
I call TOOS.

Tested:  The backup solution must be tested.  All you can ever say is that 
it worked the last time you tested it.  Testing should cover file recovery 
and disaster recovery.

Offsite: The backup solution protects against physical threats, to the 
extent that the physical separation allows.  How far you choose to go is a 
cost benefit analysis.  Even for my persoanl data I keep the backups 10s 
of km away.

Offline: The backup solution protects against logical threats.  This 
includes ransomeware, malfunctioning backup systems and various other 
types of threats.  The key here is that a human hand, not a machine is 
required to put a backup back online.

Siloed: The backup solution protects against administrative threats. 
Humans that control the primary systems should not also control the 
backups.  No one human or group of humans should be able to damage 
primary data and backups.

With such an approach a single failure of any particular type can be 
protected against. Protecting against multiple simultaneous failures is 
more difficult and complex.  Protecting against a concerted effort by 
humans to do you or your systems harm may be an intractable problem.

I also argue for making disaster recovery as straight forward as possible 
with as few dependencies as possible but that's another topic...

This should all be viewed as a last line of defence of course.  There 
could be sophisticated solutions in place to make reliable HA systems, 
etc.  The backups are there for when everything else fails.

Cheers,

Rob

> On 15 May 2017 at 23:15, Aus Net Servers Australia Pty Ltd <
> info at ausnetservers.net.au> wrote:
>
>> Hi Daniel,
>>
>>
>>
>> All the data is stored here in Australia. Well we are syncing to an
>> Australian IP Address.
>>
>>
>>
>> *From:* Darren Moss [mailto:Darren.Moss at cloud365.com.au]
>> *Sent:* Monday, 15 May 2017 8:23 AM
>> *To:* Robert Hudson <hudrob at gmail.com>; Aus Net Servers Australia Pty Ltd
>> <info at ausnetservers.net.au>
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* RE: [AusNOG] Offsite Backup Recommendations
>>
>>
>>
>>
>>
>> Just wondering, what are the ramifications of using software/services from
>> a US based/incorporated provider ?
>>
>>
>>
>> Is your/your customer’s data subject to the Patriot Act and potentially
>> accessible ?
>>
>>
>>
>>
>>
>>
>>
>> D.
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Robert Hudson
>> *Sent:* Monday, 15 May 2017 9:35 a.m.
>> *To:* ANSA SERVERS
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] Offsite Backup Recommendations
>>
>>
>>
>> I hope you discovered the lack of recoverability as part of your testing
>> regime, rather than when you needed to recover as part of a DR event.
>>
>>
>>
>> Untested backups are worthless. You simply must include regular testing as
>> part of your backup regime if you want any confidence that recovery is
>> possible when you really need it.
>>
>>
>>
>> I currently have about 20TB backed up with Crashplan, in their Australian
>> datacentre. I've had no issues recovering data from them on multiple
>> occasions, including a big recovery back onto my NAS a few months ago.
>> Crashplan also lets you keep a local or remote copy of your backup data
>> yourself (and in fact lets you do so completely free).
>>
>>
>>
>> On 14 May 2017 10:44 pm, "Aus Net Servers Australia Pty Ltd" <
>> info at ausnetservers.net.au> wrote:
>>
>> Hey,
>>
>>
>>
>> First time posting here… My boss has asked me to look into what cloud
>> providers they are in Australia to backup all our backups (Over 10tbs) to
>> after having a major disagreement with Crashplan after finding out when we
>> went to recover files that there was no files there to recover and they
>> will not explain why.
>>
>>
>>
>> We have looked into probax.io but that’s a bit cost prohibitive
>>
>>
>>
>> Any suggestions would be great
>>
>>
>>
>> Regards
>>
>>
>>
>> James
>>
>> Server Engineer
>>
>> Aus Net Servers Australia Pty Ltd
>>
>>
>>
>> [image: Follow us]
>>
>> [image: Facebook] <https://www.facebook.com/ANSASERVERS>
>>
>> [image: Twitter] <http://twitter.com/#!/ANSASERVERS>
>>
>> [image: Google+] <https://plus.google.com/101907839864050850442/>
>>
>>
>>
>>
>>
>>
>>
>> The information transmitted in this e-mail is for the exclusive use of the
>> intended addressee and may contain confidential and/or privileged material.
>> Any review, re-transmission, dissemination or other use of it, or the
>> taking of any action in reliance upon this information by persons and/or
>> entities other than the intended recipient is prohibited. If you received
>> this in error, please inform the sender and/or addressee immediately and
>> delete the material. If you have been sent this email and it is not
>> addressed to you please forward the email as is to
>> hostmaster at ausnetservers.net.au and delete all local and inta-local
>> copies including backups from your system. E-mails may not be secure, may
>> contain computer viruses and may be corrupted in transmission. Please
>> carefully check this e-mail (and any attachment) accordingly. No warranties
>> are given and no liability is accepted for any loss or damage caused by
>> such matters.
>>
>>
>>
>>
>>
>> This email has been scanned before transmission with business grade
>> antivirus and antispam software but as mentioned above no warranties can be
>> given that the email has not been contaminated after transmission.
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> [image: Follow us] [image: Facebook]
>> <https://www.facebook.com/ANSASERVERS> [image: Twitter]
>> <http://twitter.com/#!/ANSASERVERS> [image: Google+]
>> <https://plus.google.com/101907839864050850442/>
>>
>> The information transmitted in this e-mail is for the exclusive use of the
>> intended addressee and may contain confidential and/or privileged material.
>> Any review, re-transmission, dissemination or other use of it, or the
>> taking of any action in reliance upon this information by persons and/or
>> entities other than the intended recipient is prohibited. If you received
>> this in error, please inform the sender and/or addressee immediately and
>> delete the material. If you have been sent this email and it is not
>> addressed to you please forward the email as is to
>> hostmaster at ausnetservers.net.au and delete all local and inta-local
>> copies including backups from your system. E-mails may not be secure, may
>> contain computer viruses and may be corrupted in transmission. Please
>> carefully check this e-mail (and any attachment) accordingly. No warranties
>> are given and no liability is accepted for any loss or damage caused by
>> such matters.
>>
>> This email has been scanned before transmission with business grade
>> antivirus and antispam software but as mentioned above no warranties can be
>> given that the email has not been contaminated after transmission.
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>

More information about the AusNOG mailing list