Home > Resources > System Admin Guide to a Secure Network > Data Backup Strategy for a Comprehensive Disaster Recovery Plan

Data Backup Strategy for a Comprehensive Disaster Recovery Plan

One of our projects we worked on was to design a have a comprehensive data backup strategy with a requirement to be able to restore data (several hundred gigabytes) within just a few hours. The objective is to have the ability to effectively and quickly recovery from a disaster, as any business would. To define what a comprehensive backup means, as it relates to this particular project, here's a summary list of the requirements:

Project Requirements

  1. To be able to recover files from a backup within hours (Recover Time Objective - RTO) if attacked by ransomware (and not have to pay the ransom)
  2. To be able to recover files from a backup within hours (RTO) if the office or network becomes inaccessible for a long period of time (e.g, power outage, earthquakes, and similar)
  3. To be able to recover files as it was from a particular time period (Recover Point Objective - RPO) during the past six year (e.g., for audits, investigative purpose, retention, and similar scenarios)
  4. Employees must be able to access and interact with files from a backup while at home using either a company-issued or personal computer (in the event office building is inaccessible)
  5. Minimal administrative effort to manage backups ("set it and forget it")
  6. No tape medium are to be used (too much effort to rotate and manage tapes)
  7. Avoidance of consumer-grade equipment
  8. Minimal cost to implement
  9. One month project deadline

With the requirements defined, we are than able to propose a design that will meet the requirements for our small business client, their budget, and small I.T. staff.

Design Requirements

  1. Incremental daily backup performed nightly
  2. Full weekly backup performed on a weekend day
  3. Full monthly backup performed the first of every month
  4. Full yearly backup perform at the first of every year
  5. Daily and weekly backups kept for five weeks
  6. Monthly backups kept for 13 months
  7. Yearly backups kept for six years
  8. A real-time replication of files kept on-premise, in its native file format (e.g,. no compression or save in a proprietary format by a backup software)
  9. A 24-hour replication of file kept off-premise, in its native file format
  10. Implement an on-premise hot backup using a NAS
  11. Implement a warm offsite backup using Amazon AWS S3 cloud storage service
  12. Implement a cold offsite backup using Amazon AWS S3 and Glacier could storage service with life-cycle management to retain files for the required six year retention period

This design consists of three levels of data backup each with offering specific benefits when it comes to recovery time, retention, and accessibility.

Backup Type Advantages Disadvantages

Cold Backup

  • Follows retention policy using life-cycle management
  • Can restore data from up to six years ago with the content as it was at the time it was backed up
  • Daily, weekly, monthly and yearly backup schedules
  • Can be used to recover from a malware attack (e.g., ransomware)
  • Files are compressed to minimize storage requirement
  • Requires time and process to restore files
  • Large files make downloading lengthy

Warm Backup

  • 24-hour file synchronization
  • Stored on Amazon AWS S3 cloud storage with "anywhere" access
  • Malware infection on the network can render backup useless
  • Does not follow retention policy
  • Added cost for storage on Amazon AWS
  • Files consume more storage space as they are not compressed

Hot Backup

  • Stored on-premise using a network attached storage (NAS)
  • Real-time/near real-time file synchronization
  • Data is backed up in their native file format and directly usable – no need to use backup software to “unpack” the backed up data
  • NAS can be configured to be a file server to enable staff access to files
  • Malware infection on the network can render backup useless
  • Added cost for equipment and administration
  • Does not follow retention policy
  • Files consume more storage space as they are not compressed


Cold Data Backup

This design executes a data backup job daily to maintain a duplicate copy of electronic data files. The backup files created are encrypted and a copy of it is stored on premise for short-term, and off-site at Amazon AWS using their S3 and Glacier cloud storage service for long-term. Daily, weekly, monthly, and yearly data backups are performed, and the resulting backup files are retained for a period of time as specified in the clients data backup policy.

Backup data files are encrypted, using AES 256 when possible, regardless if the files are kept on premise or sent offsite. Only one backup software, with integrated support for Amazon AWS storage service, was used to support the data backup process.

Because of the how this backup software works, as with almost any other backup software of this nature, packages our native computer files into larger file set in a propriety format and adds its own application layer-specific processes. This, along with the fact the files are stored off-premise, restoring files requires a process and time. Because the native files are not readily accessible at a moment’s notice, this type of backup is considered cold.

Hot Data Backup

While the cold data backup provides the ability to restore data, it does require time to do so - more than what the client requires. Depending on the file size of the backup set and the number of files that need to be restored, it can potentially take several hours to recover the entire set of files in a worst case scenario. To minimize the data recovery time, a hot backup of the client data is maintained on-premise. This was accomplished using a network attached storage (NAS), which is a file-level computer data storage server connected to a network. This, in conjunction with a real-time file synchronization software installed on our file server, a mirror copy of the client files is maintained on the NAS. In the event of a server failure or other scenarios that render the file server inaccessible, the NAS can then be used as a file server using its built-in feature.to create network shares and login accounts.

Network Attached Storage (NAS)

NAS makes a great addition to your office. Set up a hot backup job to sync all your important file on your file server to your NAS to maintain a real-time copy. If disaster strikes, your NAS becomes a temporary file server giving you more time and reducing your pressure to repair your file server.

See this on Amazon.com

With this arrangement, the file synchronization software will replicate files on the server to the NAS. Any changes to files, or the creation or deletion of files on the file server are mirrored in real-time to the NAS. This provides the client with a real-time replica of their files on a separate independent device. Files stored on the NAS are in their native file format. This means files can be immediately accessed without the need of timely conversion process as we have with the cold backup.

Finally, since the NAS is portable, it can be unplugged from the network with ease and evacuate from the premise if a situation calls for it. Since file replication happens in real-time, this will allow the client to have possession of the latest version of our files.

Warm Data Backup

In conjunction with our hot backup, a warm backup was implemented for our client to replicate their files to their Amazon AWS S3 storage service account. The particular NAS was used for the hot backup has a built-in feature to perform a data backup of its content to Amazon AWS cloud storage service. As part of the requirements, we configure the NAS to perform a backup of its content to AWS S3 storage every evening. Stored in its native file format, the warm backup provides our client a quick and “anywhere” access to their files without the need of timely conversion process as we have with the cold backup.

Use of Off-Site Storage of Backup Files

To maximize the chance of a successful data recovery in the event of a disaster that limits the client's access to their physical office space or office building, a copy of their data backup files are stored offsite as mentioned. The client has an existing active account to Amazon AWS and thus was already familiar with the services provided. With the warm backup storing files in the cloud, data recovery process is quick and can be performed from any computer with Internet access. Additionally, setting up their employees with access to these files can be accomplished with relative ease. For this project, a software designed for use with cloud storage services is to be installed on any computer that will map a drive letter to the AWS S3 bucket containing the (warm) backup files. Thus, from an end user's perspective, interacting with these backup files is no different than working with them if they were on their on-premise file server.

Data Restoration

At least once a year, the client will perform a data restoration test and mock disaster recovery to verify that the data backup jobs are performing as expected and that their documents on the procedure and processes related to this are accurate and current.