3.12. Identifying the Purpose and Characteristics of Disaster Recovery
Whereas fault tolerance can be defined as the capability of losing a network component without losing data and or functionality, disaster recovery is the process of rebuilding the network after having lost functionality or data. In fact, the definition of "disaster" to a network administrator is any event that could cause a loss of data or functionality in the network. A disaster could therefore be a natural disaster such as a tornado or an earthquake, or it could be simply a mistake that causes a loss of functionality or data. In this section, we discuss the elements involved in disaster recovery.
3.12.1. Critical Information
You should be able to identify the purpose and characteristics of disaster recovery. More specifically, you should be able to identify the purpose and characteristics of disaster recovery in regard to backup and recovery, offsite storage, hot and cold spares, and hot, warm, and cold sites.
3.12.1.1. Backup and Recovery
Even if you use RAID you should still implement and maintain a backup and recovery strategy. You can choose among many different types of backups, but your choice will largely depend on the amount of time that you have to back up data and the amount of time that you will allow to restore data. A backup type is not defined by the media on which it is recorded, but rather is defined by the elements that are backed up. In the paragraphs that follow, we discuss the main types of backups and compare and contrast these types. You should know the advantages and disadvantages of each type of backup.
3.12.1.1.1. Full Backups
In many organizations today only a full backup is used. A full backup simply makes a backup of all selected files and folders. These files and folders can be selected using backup tools provided with the server software. The advantage of a full backup is that all of the data can be restored in one session. In other words, if you performed a backup to tape, it would take only one tape to fully restore the data. The main disadvantage of a full backup is that it takes the longest amount of time to create; therefore, some organizations simply don't have time to create a full backup every day. Because of this fact, many organizations use a full backup at the beginning of the week combined with another type of backup during the week.
3.12.1.1.2. Incremental Backups
An incremental backup takes much less time because only the files and folders that have changed since the last full or incremental backup are included in it. In order for the system to know what to back up, the incremental backup uses a special bit called an archive bit, which identifies all of the files that have changed since the last backup. An incremental backup uses the archive bit and then clears the archive bit when it has finished copying the file. The system then begins again, adding archive bits to files and folders that have changed after the last backup.
In an organization with a relatively normal schedule, an incremental backup will take about the same amount of time every day (or night). The obvious advantage of an incremental backup is that there will be enough time to create the backup while users are not on the system or while the traffic is relatively light. The main disadvantage of an incremental backup is that a full restore will require the last full backup plus all of the incremental backups to be run in the same sequence that they were backed up. This means that a restore from a combination of full and incremental backups will take much longer than a restore from a single full backup. If users are waiting for the restore, the restore time might seem even longer. For example, suppose an organization uses a backup schedule that requires a full backup on Monday and an incremental backup on Tuesday through Friday. If the system should crash at the start of Friday morning, a restore would require running Monday's full backup and then running Tuesday's, Wednesday's, and Thursday's incremental backups in succession. This could be a time-consuming process while users are waiting to get to their data.
3.12.1.1.3. Differential Backups
A differential backup is a backup that includes all of the files and folders that have changed since the last full backup. This becomes very different than an incremental backup as we progress through a week. A differential backup is created by using the archive bit in a different manner. To understand the difference in the way that a differential backup uses the archive bit, you have to walk yourself through a standard week of differential backups.
Suppose an organization requires a backup schedule that includes a full backup on Monday and a differential backup on Tuesday through Friday. After the full backup on Monday, the system will begin placing archive bits on the files and folders that have changed since the last full backup. The differential backup on Tuesday will use the archive bits to determine what to back up, but it will not clear the archive bits after it uses them. This means that on Wednesday the differential backup will include all of the files that have changed since the last full backup on Monday. Likewise, on Thursday the differential backup will include all of the files that have changed since the last full backup on Monday. As you can see, the backup will take longer to perform on each day because it replaces the backup from the previous day and then adds to it.
Because of this fact, if the system were to crash at the start of Friday morning, then only the last full backup and the last differential backup will need to be restored in order to complete a full restoration. Since only two restores must take place, the restoration will be faster than it would have been if they had used incremental backups. It should be noted that this system will still be slower than if a full backup had been performed every day.
3.12.1.1.4. A Comparison of Backup Methods
You may have noticed that we have combined full and incremental backups as well as full and differential backups but we have not combined incremental and differential backups. This is because incremental and differential backups should not be combined in a backup schedule. Table 3.2 illustrates the differences between full, incremental, and differential backups.
3.12.1.2. Offsite Storage
In the event of a physical or environmental disaster such as a tornado, earthquake, or fire, the data on your servers as well as the data on any locally stored backups could be destroyed. For this reason, many organizations use an offsite storage facility for their backups. Typically, the offsite backup is a copy of a locally stored backup. Using this method, the organization maintains the ability to quickly restore data with the local copy while at the same time ensuring that the data is safe in the event of disaster. Many companies specialize in storing data offsite for organizations. You should, however, realize that your backup tapes have a tremendous amount of sensitive information regarding your organization, so you should choose only a most trusted organization to store a copy of that data. Some organizations with multiple locations simply store a copy of each location's backup at their other location.
3.12.1.3. Hot and Cold Spares
Depending on the type of hardware that you are using and the sophistication of its components, you may be able to use both hot and cold spares. A hot spare is typically a device, such as a hard drive or a network interface card, that is already in place and powered up, ready to be used in the event that the primary device fails. Typically, hot spares require no intervention by the network administrator in order to replace the failed device.
A cold spare, on the other hand, is simply a device that is suitable to replace the primary device and is stored in a convenient location so as to be easily installed by the network administrator in the event that the primary device fails. While a cold spare solution is typically much less expensive than a hot spare solution, it does require intervention by the network administrator. For example, if a company operates 24 hours a day and a NIC on a server that is protected by a hot spare fails in the middle of the night, anyone who needs connectivity to the server will still be provided connectivity through the hot spare and the network administrator will not have to fix the problem during the night.
3.12.1.4. Hot, Warm, and Cold Sites
In the event of a natural disaster, the main goal of the network administrator is to get the network back up and running as soon as possible. As we discussed earlier, a significant part of bringing the network back up is the ability to replace the data from the backups. This is why offsite storage is highly recommended for most organizations.
Just the ability to replace the data, however, may not be enough to get the network back up and running if the hardware has also been damaged or destroyed. For this reason, many organizations have an alternate site to be used in the event of a natural disaster. Depending on the degree of planning and preparation, these alternate sites can be divided into three categories: hot sites, warm sites, and cold sites. You should be able to compare and contrast the different types of alternate sites. In addition, you should know the advantages and disadvantages of each type. In the paragraphs that follow, we discuss each type of alternate site.
3.12.1.4.1. Hot Sites
A hot site is an alternate site that is completely equipped to handle all computer needs for an organization. Hot sites have servers, client computers, printers, and network equipment installed and ready for use. Everything is powered up and has been recently tested to ensure that it can meet the computer needs of the organization in the event of a disaster.
As you can imagine, hot sites are very expensive to implement and maintain and are therefore very rarely used. In fact, hot sites are typically used only when lives or national security would be at risk. Most organizations choose a less expensive option for their alternate sites.
3.12.1.4.2. Warm Sites
Warm sites are alternate sites that provide an environment including power and connectivity that can be used as a place to move computer equipment in the event of a disaster. Typically, there is no computer equipment or a very small amount of computer equipment in a warm site. Because of this fact, warm sites cannot actually be tested and therefore are not as complete an alternative site as hot sites. Also, since all of the computer equipment must be moved in the event of a disaster, warm sites do not provide as immediate disaster recovery as hot sites provide. The main advantage of warm sites over hot sites is that they are much less expensive to implement and maintain. Consequently, most organizations choose the warm site approach for their alternate sites.
3.12.1.4.3. Cold Sites
A cold site is simply a location agreed upon in advance that can be used in the event of a natural disaster. It does not contain any computer equipment and may not even be specifically configured in regard to power or connectivity. In other words, it's just a building or a portion of a building that computer equipment could be moved to in the event of a disaster. The only advantage offered by a cold site is that it is very inexpensive. In fact, some organizations simply make an agreement with another organization that each could use a portion of their building in the event of a disaster. In this case, the cold site costs the company absolutely nothing; which coincidentally is about what it's worth!
3.12.1.4.4. Location of Alternate Sites
You should understand that any alternate site would only be effective if it is not also damaged by the natural disaster. For this reason, an alternate site should typically be balanced in regard to its geographical location. It must be close enough so that computer equipment and users can be moved to it rather easily, but at the same time it must be far enough away from the primary site so as not to be affected by the same natural disaster. For example, if the primary site is located close to the coast of Florida and therefore in the path of potential hurricanes, an alternate site should be chosen that is not likely to be affected by hurricanes.