{"id":3040,"date":"2011-04-16T14:54:53","date_gmt":"2011-04-16T04:54:53","guid":{"rendered":"http:\/\/nsrd.info\/blog\/?p=3040"},"modified":"2018-12-11T18:10:43","modified_gmt":"2018-12-11T08:10:43","slug":"first-backup-everything","status":"publish","type":"post","link":"https:\/\/nsrd.info\/blog\/2011\/04\/16\/first-backup-everything\/","title":{"rendered":"First, backup everything"},"content":{"rendered":"<p>Martin Glassborow, aka <a title=\"storagebod on Twitter\" href=\"https:\/\/twitter.com\/storagebod\">@storagebod<\/a>, and I had a bit of a discussion via Twitter, which came down to the following:<\/p>\n<ul>\n<li>Martin feels the default backup policy within an environment should be to backup nothing;<\/li>\n<li>I feel the default backup policy within an environment should be to backup everything.<\/li>\n<\/ul>\n<p>Now the interesting thing is, we both <em>actually<\/em> meet in the middle, but just start from different points.<\/p>\n<p>Martin has discussed his reasoning behind his default policy here, in &#8220;<a title=\"Don't BackUp!\" href=\"http:\/\/www.storagebod.com\/wordpress\/?p=538\" target=\"_blank\">Don&#8217;t BackUp<\/a>&#8220;, which I encourage you to read before continuing. There is, indeed, as Martin suggested in a tweet to me last night, a nice absolutism in either approach \u2013 don&#8217;t backup, or backup everything. Yet, neither is really the case.<\/p>\n<p>My approach \u2013 that being to start with &#8220;backup everything&#8221;, starts with the following assumptions:<\/p>\n<ol>\n<li>Hardware can fail.<\/li>\n<li>Software can fail.<\/li>\n<li>Humans can make errors.<\/li>\n<li>Processes can fail.<\/li>\n<\/ol>\n<p>By my very nature I think I&#8217;m perfectly suited to working in the backup space. I&#8217;ve <em>always<\/em> been into backup. On the Vic-20, when I was learning to program, I&#8217;d always save my programs onto two different tapes. On the Commodore 64, I&#8217;d always save my programs and documents onto two different disks. When I went to the PC, I&#8217;d always have a copy on a hard drive, and a copy on a floppy drive.<\/p>\n<p>Martin&#8217;s approach is this:<\/p>\n<blockquote><p>Making it policy that nothing gets backed-up unless requested takes out all ambiguity. There can be no assumptions about what is being backed-up, it makes it someone\u2019s responsibility as opposed to an assumed default.<\/p><\/blockquote>\n<p>There is, undoubtedly, logic in what Martin suggests, but it&#8217;s not a logical starting point I can personally reconcile myself with, for the fundamental reason that it (IMHO) assumes that everyone who interacts with the system understands the system and the nature of their interaction.<\/p>\n<p>It in fact runs completely contrary to an axiom in user desktop\/laptop backup approaches \u2013 if you leave backups up to the users, nothing will get backed up. That holds true for pretty much every business I&#8217;ve ever interacted with, from the most, to the least technical.<\/p>\n<p>It&#8217;s for that reason, that lack of total systems awareness and data responsibility from <em>all<\/em> users of <em>any<\/em> environment, that my approach starts from the other end. Backup <em>everything<\/em>.<\/p>\n<p>But I don&#8217;t really mean it. I abhor wastage. Recently, I&#8217;ve learnt that wastage comes in many forms, which is why the decision to move interstate and re-evaluate what I\/we own has been cleansing. (See the article &#8220;<a title=\"The deconstruction of falling starts\" href=\"http:\/\/unsane.info\/wordpress\/?p=863\" target=\"_blank\">deconstruction of falling stars<\/a>&#8221; over at my personal blog for a bit more on that front.)<\/p>\n<p>As I abhor wastage, I don&#8217;t actually believe you should backup everything within your environment. Sure, some vendors might like that notion \u2013 infinite tapes, disk, storage, snapshots, you name it. But it&#8217;s neither practical nor commercial reality to do this.<\/p>\n<p>No, there is a middle ground. For me, the sweet spot is this what I always come back to:<\/p>\n<blockquote><p>It is always better to backup a little more than you need, and waste some storage media, than it is to not backup quite enough, and be unable to recover.<\/p><\/blockquote>\n<p>So if your tape usage is say, 5-10% higher than it should be, or your VTL\/B2D environment is 5-10% bigger than it really needs to be, I&#8217;m not concerned. (If it&#8217;s a crazy amount, like 100% more, then there&#8217;s a problem \u2013 a serious problem that has arisen from a lack of capacity planning, etc.)<\/p>\n<p>I&#8217;ve seen IT sites where NetWorker agents have been deployed on every server within the environment, and when I&#8217;ve done a coverage analysis, I&#8217;ve seen servers that have this as the saveset:<\/p>\n<pre>\/etc\/hosts<\/pre>\n<p>Just that. Nothing more, nothing less. (You couldn&#8217;t get much less anyway.) I&#8217;ve equally seen sites where not only was a hot backup done of the production Oracle database via a module, but the database files were backed up as part of the filesystem backup, and then export\/dumps were generated and backed up as well. Overkill? Yes. Were some backups unrecoverable? Yes.<\/p>\n<p>Both are very clear examples of <em>wastage<\/em>, but I&#8217;ll tell you the difference.<\/p>\n<p>The latter one \u2013 backing up too much, is time and money wastage. Neither are pleasant, both can hurt the bottom line of a company, yet that&#8217;s where it stops.<\/p>\n<p>The former \u2013 backing up only what is explicitly requested, nothing more, is <em>corporate wastage<\/em>. There&#8217;s a little bit of monetary wastage involved (why spend the money on an agent to backup a single file?) \u2013 the real wastage though is that it could <em>waste the company<\/em>. Unable to recover legally required files because someone forgot to request them to be backed up? Hello, lawsuit loss. Unable to recover financial data that proves your company has correctly paid its taxes because someone forgot to request them to be backed up? Hello, double tax payments. For me it triggers thought of every possible nightmare scenario a company might experience, right through to total dissolution and loss of the company itself.<\/p>\n<p>In my <a title=\"Enterprise Systems Backup and Recovery: A corporate insurance policy\" href=\"http:\/\/www.enterprisesystemsbackup.com\" target=\"_blank\">book<\/a>, I make the differentiation between what I call inclusive and exclusive backup products. I define:<\/p>\n<ul>\n<li>An inclusive backup product is one where you have to explicitly specify what gets backed up. By default, nothing is backed up unless you specify it.<\/li>\n<li>An exclusive backup product is one where you have to explicitly specify what <em>doesn&#8217;t<\/em> get backed up. By default, everything is selected and you have to winnow that selection down yourself.<\/li>\n<\/ul>\n<p>The first, I consider to be the hallmark of a workgroup backup product approach. Cost reduction is the primary focus of this approach. The second, I consider to be a fundamental requirement for a product to earn the &#8220;enterprise backup product&#8221; badge of honour. Without this, there is a distinct lack of trust.<\/p>\n<p>While I can understand Martin&#8217;s starting point, and that he moves more to the middle of making sure the right things are backed up, I can&#8217;t agree with this logic that this is the best approach.<\/p>\n<p>I&#8217;ve seen, heard of, and witnessed too many IT war stories.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Martin Glassborow, aka @storagebod, and I had a bit of a discussion via Twitter, which came down to the following:&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3,5,8,13],"tags":[138,143,148,362,375,460,1252,1114],"class_list":["post-3040","post","type-post","status-publish","format-standard","hentry","category-architecture","category-backup-theory","category-data-loss","category-general-thoughts","tag-backup","tag-backup-everything","tag-backup-nothing","tag-enterprise","tag-exclusive","tag-inclusive","tag-recovery","tag-workgroup"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pKpIN-N2","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/3040","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/comments?post=3040"}],"version-history":[{"count":1,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/3040\/revisions"}],"predecessor-version":[{"id":7515,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/3040\/revisions\/7515"}],"wp:attachment":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media?parent=3040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/categories?post=3040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/tags?post=3040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}