Published on October 30, 2020 | By Infrascale

Backup and Recovery 101: The Basics

Science fiction celebrates machines that can transport a person backward or forward in time. Many people would love to be able to do the same with their lives — to relive experiences or to revise decisions and actions. By analogy, in the world of information technology, backup and recovery is a time machine for data.

Backup and recovery help businesses ensure their critical data and systems are protected and recoverable in case of a disaster or other emergency. Properly configured backup and recovery provides flexible options to ‘rewind’ to a previous state of the data, to get the system up and running again, as if nothing happened. By regularly backing up computer systems to a safe and secure location, businesses mitigate the risk of data loss, system downtime, and possible financial losses and reputational damage.

Backup and recovery are both processes and a set of tools to implement the processes in a robust, secure, and easy-to-manage manner. To grasp the broad picture of backup and recovery, it is important to identify the basic terms and concepts behind them.

In the beginning, there was data…

Data is at the core of backup and recovery.  Simply put, data is any kind of information that is stored on a computer in a binary format. To make data manageable and allow for its manipulation, data is stored as a chain of bytes referred to as files. Files have human-readable name formats and are stored in containers (folders).

Folders are organized in a hierarchy called a directory system: a tree that provides organization the information so it can be identified and located by users or software applications.

Regardless of the structure of data, at the physical level, data is stored on storage devices called disks.

An analogy for the data/structure concepts above is a traditional library with paper books.  In a library, words (data) are brought together to form books (files). Bookshelves and book catalogs are the directory structure, various library premises are storage devices (disks), and the entire library building is the computer system.

… and then there was data backup

Regardless of any potential security measures implemented for our fictional library — metal detectors and alarm systems (firewall), library security guards (antivirus software), video surveillance (monitoring and reporting software), and so on — there is always a risk of accidental or intentional property damage (data loss or corruption).

If your computer is turned off, nothing can happen to the data stored on its disks.  That is to say, when you turn the computer back on, the data will be in the same place as it was before.  Your only concern need be for the physical safety and operation of the computer — and its disks. While storage corruption is a potential reality, it is not the highest concern. The true threats to the data only become possible when you turn on the computer (and connected it to the internet). Those threats include malware, ransomware attacks, failed hardware, application and system updates gone wrong, and the most inevitable of them all — accidental deletion due to human error.

To avoid risks and mitigate impact associated with data loss or corruption, businesses must implement data protection policies and procedures (beyond those security measures!) An integral part of such policies and procedures is a data backup and restore strategy.

Backup, the noun, is a new, stored copy of data. To back up, the verb, is the act of creating and storing a copy of the source data. The goal of the backup process is to have copies for a future need to recover backup data or restore system functionality from a copy.

Most backup and recovery tools provide a choice as to the level of data protection. That is to say, a choice of which data, at what level in the structure or storage medium, to protect via backup. The following list of backup types is not exhaustive, but merely a starting place for exploring the concepts and approaches to data backup and recovery.

File backup

Imagine a few words or paragraphs in a book were deleted, some book pages were torn out or covered with coffee, or the book itself was stolen from the library. We lost bits of data, and we may not be able to read and understand the text in its entirety. This is a simple concept of data loss or corruption at the file level. To avoid, or more importantly to overcome, damage to our data, file backup is an appropriate backup solution choice.

In this type of backup, all data from the original file is copied byte-by-byte into a new copy of the file. Therefore, the backup copy of the file is identical to its original, at a given point in time.

To ensure that no part of the original file is changed while the backup process is running, file backup is best accomplished when data is ‘idle’, that is, not involved in any other process than backup itself. Otherwise, after restoring your critical files from backup, you may find out that while you have successfully copied the data, the files may not be consistent with one another (version-wise).

File backup does not include any kind of synchronization between the original file and backup copies. To keep your backup up-to-date, the backup process should be run repeatedly to capture ongoing changes.

Disk backup

Now, consider that a part of our fictional library caught fire or flooded, and a great number of books (data) are now lost or corrupted, resulting in closed premises. This gives an idea of data loss or corruption at the disk level — as the disk itself has suffered. To mitigate the consequences of restoring data to the exact state before the disaster, we should employ a disk backup strategy.

Disk backup entails creating an image (copy) of a computer storage device (HDD, SSD, or the like) at the block level (comparing to the file level). In case of an operating system error or a disk failure, this type of backup allows for the full restore to the exact state of the disk (including data residing on it) at a given point in time.

System backup

Again, referring to our ‘library’ analogy, imagine the entire building was destroyed in a fire, earthquake, or by tsunami. No need to explain the aftermath — all data is gone with the library being out-of-service completely (there may not even be a building!) But, if we had copies of all books and other data arranged and ready in another building, we could simply continue operating and providing library services.

Mitigating the impacts of this type of data loss requires use of a system backup. System backup manages backup operations for the entire operating system and storage attached to it, including files, applications, system configurations, and so on. In this type of backup, the configuration state, the files, and all system data are saved as a single file (image or snapshot), ready to be recovered and run instantly, if the primary system goes down or its data gets corrupted or lost.

A system backup approach ensures that not only the user data in the system is protected, but also preserves overall integrity and operational state of the system. This helps in restoring the system (and user data) to a “last-saved” operational state.

Optimizing backup and recovery

Backup priorities and scope

Not all information needs to be protected. For example, temporary data may be deemed non-critical, and therefore does not need to be backed up. However, when data is critical, it should be backed up immediately.  Obviously, the time needed to complete backup directly depends on the size of data and the speed the data can be transferred with. Both are hard to be traded off.  Luckily, there is a technique based on the data change tracking. It allows transforming data from the original state to any other state by applying changes that were made to the data in between. This technique defines backup methods: full, incremental, and differential. They give an opportunity to have a scope of the data as a tradeoff  for execution time minimization.

The scope of a full backup entails creating a copy of all data selected for backup, whether some parts of it changed or not. This is usually done on Fridays or over the weekend when substantial amounts of data can be copied without affecting business operations. Subsequent backups performed Monday through Thursday, until the next full backup, can be differential or incremental (see below), to save time and space on the storage media. Full backups should be done at least weekly.

As the amount of data grows, the process of backing up the full data set becomes time-consuming. If you have large amount of data to back up, and only a few files changed or were added, then it is reasonable to choose incremental or differential backup where only changes are copied.

With an incremental backup, only files that have changed since the previous backup are backed up. Subsequent incremental backups only add files that have changed since the previous one. On average, incremental backups take less time because fewer files are backed up. However, the data recovery process takes longer as the data from the last full backup must be restored, plus the data from all of the subsequent incremental backups. At the same time, unlike differential backup (see next paragraph), changed or new files do not replace old ones, but are added to the storage medium independently.

With a differential backup, every file that has changed since the last full backup is backed up every time. The value in differential backup: speed up the recovery process! All you need is the last full backup and the last differential backup to be on your way to recovery. Differential backups are growing in popularity — primarily because all copies are made at certain check points in time. This is particularly important when restoring your business data after a virus or ransomware infection — when knowing that check point is a critical factor.

Backup targets

For optimal data protection, companies must make the right choices about where to store their backup data.

The main and the most essential recommendation is to store backup data separate from the originals. The approach here is obvious — if a problem occurs, it will be localized in one place (and only impacting that copy), thus allowing you to continue using the non-affected data and to get your business systems up and running without major interruption. For example, if the hard drive on your computer breaks down, a physically separate backup drive will function.

Further, it is necessary to choose the right media for storing backup data. This can be a direct-attached storage (for example, an external hard drive, connected directly to the computer), or online storage (network-attached or cloud). Directly attached storage provides reliability and speed, while the online storage provides ease of accessibility to backups and permanent, physical separation from the original data. But, as in all things, a combination of, and balance between, all available options is preferred.

Additionally, retaining multiple copies of data (ideally in multiple locations) provides insurance and flexibility to restore to a point in time not affected by data corruption or malicious attacks.

Backup schedule and frequency

For best results, backup copies should be created on a consistent regular basis to minimize the amount of data lost between backups. Sometimes it can be very painful to lose even just a few working days due to a missed backup. To decide how often to make backups, we must be clear about least painful timespan to lose data for. The more time between two backup copies, the more potential for data loss when recovering from the backup.

Schedule and frequency of backups is called the backup policy. The backup policy depends on the needs and requirements of the company and is defined by criticality of data and the risk of its loss. There is not a golden standard for every company, but a good rule of thumb is to implement the following backup policies:

  • weekly full backups, with daily incremental backups, for moderate risk data environments; and
  • daily full backups, with hourly incremental backups, for high-risk data environments.

Backup consistency

There is no point in making backups without checking their consistency — else we may suffer corrupted data or lose a part of our data irrevocably.

Backup consistency is a combination of validity, accuracy, and integrity of the original files, application data, and the operating system of a source computer or a virtual machine. Data consistency is critical for any backup and restore system, regardless of its scope and corporate security policies.

As soon as the initial backup of the data is created, you must immediately check that the data can be restored. Backup and recovery management tools provide different techniques to check backups for data consistency. For example, as part of its image-based system backup, Infrascale Disaster Recovery offers the boot verification option to check if a system backup can boot and run, and thus safely be used to restore or spin-up.

…. and last but not the least, recovery

Regardless of industry, when an unanticipated event takes place and brings day-to-day operations to a halt, an organization needs to recover as quickly as possible and continue to provide services to its clients. From data security breaches to natural disasters, there simply must be a plan for when disruption occurs. Not having an effective disaster recovery plan established can put the organization at risk of high financial costs, reputation loss, and even greater risks for its clients and customers.