Everyone agrees that backups should be sent off site, but not everyone agrees on how that should be accomplished. The decision about which method to use will affect your recovery-time objective (RTO), recovery-point objective (RPO), risk level, and cost – so it’s rather important.
Factors affecting backup RTO
How you make sure that your data is stored off-site can affect a variety of important things. Your off-site method will determine your RTO – how long it takes to restore data that gets lost.
For example, some people use a common carrier like FedEx to ship their tapes to somewhere very far away to keep their data out of harm’s way. These people are worried about things such as natural disasters that might take out both their organization’s facilities and those of any nearby off-site storage company. While this may make sense from a risk-avoidance perspective, it also guarantees a very long RTO if your only copy of your data is a FedEx shipment away. Storing data much closer would help you have a much tighter RTO.
Factors affecting backup RPO
Your off-site method will also affect your RPO – the gap between your last backup and the incident that causes a loss of data. If you are shipping tapes with Iron Mountain, and they only show up once a day, the best you can do with an RPO is 24 to 48 hours. Worst-case RPO could actually be much longer. Make sure to take RPO into account when considering your off-site method.
Assessing backup risk
In addition to affecting your RTO and RPO, your method will also affect your risk level. Storing a copy of your data in a hot site immediately next door might give you a great RPO, but a big disaster might affect both locations. For example, there were companies that ceased to exist on 9/11 because they had a hot site in the other tower.
The farther away your data, the lower your risk. The closer your data, the better RPO possibilities such as synchronous replication. You will need to decide which risks you are going to mitigate, and which risks you are willing to accept. The method that you choose to get your data off-site should then be determined by these risks.
Weighing the cost of backup
Your off-site method will affect how much it costs. Sending your only copy of last night’s backup via FedEx to your subsidiary might be the least expensive method. Synchronously updating a live copy close-by might be the most expensive. But since each method will come with associated RTO, RPO, risk level and costs, your job will be to weigh all of these factors together to determine which method is most appropriate for you.
Getting backup off-site
If a company is shipping tape off-site, there are two options for what to send: the original or a copy. Many companies ship their original tape off-site, because it is the easiest and least expensive. However, there are several challenges with doing this. If your only backup is off-site, it’s not available on-site for a recovery, dictating a longer RTO.
Some companies deal with this issue by holding backups on site for a week and shipping last week’s backups off-site. This gives them a good RTO for operational recoveries, but a lousy RPO for disasters. This is why most experts advise against shipping the original backup off-site.
An alternative to shipping the original off-site is to ship a copy off-site and leaving the original on-site. In most data centers today, this is done by first backing up to a deduplicated disk system and then copying to tape. If your only option is to use tape for DR, this would be the optimal way to do it.
Another very common way to get backups offsite is
Share this post if you enjoyed! 🙂