Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

5/13/2010
11:11 AM
George Crump
George Crump
Commentary
50%
50%

Knowing That Your Recovery Will Work, Verification

In our last entry we talked about the importance of creating and managing to service level agreements (SLA) to set recovery expectations correctly and to give some sense of clarity and priority to the backup jobs that you manage. The second step is to be able to verify that those critical jobs will actually work when you need them to.

In our last entry we talked about the importance of creating and managing to service level agreements (SLA) to set recovery expectations correctly and to give some sense of clarity and priority to the backup jobs that you manage. The second step is to be able to verify that those critical jobs will actually work when you need them to.The absolute best way to be able to verify that a recovery is going to work is actually recover that data and start the application. Clearly you can't do that for every single application in the environment. Once again SLAs add value here knowing what applications are the most critical and building a periodic test recovery into the SLA provides the ultimate confidence in the ability to recover data. This recovery can be recovery of the system in a local environment maybe once per quarter and then recovery in a DR location twice a year.

In my experience when I managed a backup technical support center the number one problem IT professionals had in the recovery process was lack of experience in actually doing it. They did backups and dealt with backup problems every day. If they had to recover most often it was a single file, they did not very often have to deal with full application recovery nor dealing with the problems that might ensue. As the saying goes practice makes perfect. The challenge for backup administrators is how do you find the time to practice something hard like system recoveries when all your doing is putting out fires? We find that when you create and manage to SLAs and formalize data protection from a set of loosely related tasks into a process or workflow then you have organized your day to the point that time spent putting out fires greatly diminishes.

To make the testing of the recovery capabilities in your environment fit into that work flow we recommend that you leverage image backup and server virtualization. Image backups essentially store the servers as a self contained unit that can be quickly restored or even launched in place without recovery at all. Software that can provide image backups and leverage them in virtualized server environments can launch the backups servers within the virtual environment. This makes verification of a backup job as simple as starting the virtual machine. Again in environments with 100's of servers, virtual or physical, you won't want to do this on every system every day, but with SLAs in place you could certainly do it more routinely then we describe above. This can even be applied to backup of non-virtualized servers. The non-virtualized server is backed up but then stored in a VM ready state, allowing for similar testing.

There are some misconceptions about image based backup like they can't do incremental restores, they can't do point in time restores, their slow, they put more of your data at risk and there is no tape out functionality. We'll address those issues in part three of this series.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21257
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it possible for an attac...
CVE-2021-21279
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively ...
CVE-2021-21280
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written header is not checked t...
CVE-2021-21281
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a packet with a data offse...
CVE-2021-21410
PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (<code>uncompress_hdr_iphc</code>) does not pe...