How much confidence do you have in your backup system?

Have you ever had to test your backup system? In an emergency, do you think you could recover lost data quickly and easy? What measures has your nonprofit taken against data loss?

If you're looking for ways to make your backup system stronger, check out Backing Up Your Data on TechSoup. Written by ONE/Northwest and recently updated by Kevin Lo of TechSoup's Healthy & Secure Computing initiative, the article identifies tools and strategies for protecting your organization against data loss.

We run Norton Save and Restore. It's a new name for an old product.

Prior to the current release, which brought about the new name, the product was called Norton Ghost.

I've used Ghost for about three years or so. Prior to that, I used a product that became the basis for the newer version of Norton Ghost. Symantec bought out PowerQuest, chiefly for its main product, DriveImage, which is the backbone for much of Norton Save and Restore.

I was involved in beta testing the last two versions of Drive Image, as well as the two most current versions of Norton Ghost and Norton Save and Restore.

For most people, I would suggest going with the less expensive Norton Ghost. Norton Save and Restore introduces a few extra features, all of which can be found on Symantec's online store.

I use both products in the office, as well as home, on my personal computers (yes, I have the appropriate licenses). I have almost two terabyters of storage, which holds the backups as I specify.

All the backups are encrypted, so no one can access anything in the backups without the passphrase. Since it is over 35 characters long, I feel comfortable with the passphrase being secure.

All storage devices are given what's called a PGPwipe at least twice a month. What's that? A tool called PGP is used to do a hard drive fill, using an encryption algorithm, and the entire hard drive is filled with garbage. For cleaning to Dept. of Defense standards, this must take place at least three times. Because I am security conscious, I do a minimum of five times, and at least twice a year, I set it to run at least seven times. This means there's effectively no way anyone will ever retrieve the old information -- whether it was stored in encrypted format, as plain text, or in a regular document, such as OpenOffice, Microsoft Word, or PDF.

I do back up some stuff to CD and DVD. When I do that, there's a lifetime expectency on those backups, usually less than a week, but all content on the CD or DVD is encrypted -- at least once -- using a cryptographically-strong passphrase at least 35 characters long with as few people having access to the passphrase as possible.

At the end of its life, the CDs or DVDs are tossed into a microcut security shredded. It slashes the CDs and DVDs into chunks about 1/8" wide and about 1/2" long. For added security, after each CD or DVD is shredded, the contents are divided into at least four bags and disposed of at different times. That way, should someone have the technology to pull information for destroyed CDs or DVDs, they will never have a full CD or DVD.

When I travel, I often carry data on USB keyfobs. The data stored on those handy devices, which are always around my neck, is encrypted, as well.

I don't have much confidence in my backup system, it's just a BoOD.

Take a look at the article on my web site for a bit for specific steps to follow to do backups

Bob Alston's Nonprofit Backup Advice

I created the above information primarily for nonprofits which are fairly small and don't have an inhouse IT person. Also it was focused on those who were not doing much if anything in the way of a backup.

Bob

A little off-topic, but possibly interesting to readers of this post:

Actually, Scoop0901, Ghost was not based on PowerQuest's DriveImage. I believe Symantec bought PowerQuest primarily for the PartitionMagic system. Ghost was a product that was developed by a company called Binary Research. At that time, it was just called Ghost and I was able to buy a site license for my old company prior to Symantec's purchase of the product (Symantec changed the licensing scheme). Symantec re-branded the same product as Norton Ghost. Binary Research is still a software solutions company and I'm unsure exactly what their relationship to Symantec is, but I imagine its amicable as they are also a reseller of Symantec products.

The value of an untested disaster recovery system is questionable. You don't want to find out after your disaster that your recovery does not work. That is a great article, definitely try to implement of much of it as you can in your agency.

Shipley.c, I didn't say, nor did I intend for anyone to interpret anything that I wrote that Ghost was based on DriveImage.

Norton used parts of DriveImage to enhance Ghost 10, then kick it a little more with Ghost 11, including the "feature" of allowing an encrypted password in the GUI version of Ghost. I can't remember if the command line version of Ghost allowed for a passphrase, let alone an encrypted one, but I don't believe so.

Then again, many companies buy out other products to improve one of their existing products or to get a new product in its line, and Symantec is one of them, as is Apple, Microsoft, and so on.

The licensing, though, is where things always get crummy. Blech.

Aha, now I get it Scoop0901/Dave! That's pretty neat. :)

We are using Carbonite.com to backup our server and it has been working great for only $50.00 a year and it is off-site.

We have tested revocery and worked great for our firm.

I've been at this for so long and seen so many kinds of failures that I no longer have any confidence in anything.

So I deploy redundent backup strategies for all my clients and frequently check to confirm that restoration procedures actually work.

-ENO

Hi-
This seems like an affordable and easy solution. I looked at their website, and wonder how you know if they are "legitimate" (not stealing data, etc.). Thanks for any info you can offer!

At first sight my suggestion for small non-pofits (<=10 people) might seem a little odd. However, here goes. Microsoft's recent new product Windows Home Server (www.homeserver.com) has some unique backup features, including redundant storage which is not based upon RAID. The word "home" makes you feel that it might not be up to the task but I would like to suggest that you check out its useful features, which incidentally go way beyond backup. It is already attracting a lot of attention in the small business space beause you basically set it up and forget about it. Small organizations often don't have much IT expertize and don't want to spend valuable time "playing" with computers. I have been running WHS now as part of the beta program and since RTM (end of last year) without ever once doing any kind of manual backup for my 4 PC's at home- it's all automatic right out of the box and at $160 for the software you won't find a better bargain. In the event of a drive failure in a PC I can do a bare metal restore in 15 - 20 mins! Equally I can restore individual folders or files at my choice.

jointer,

Thanks for the input.

I've been hearing mixed reviews on WHS but it seems to have a lot of potential, for exactly the reasons you've mentioned.

I think I'll wait awhile though. The initial release still seems to have a few bugs.

-ENO

This is correct but the article puts a slightly overly negative twist on it. I personally haven't experienced any problems saving files to the Shared Folders. It also seems that people don't actually understand what MSFT did with putting WHS togethor. The Linux fanatics will always say that can do the same standing on one leg but they totally fail to realize the very limited capabilities of the typical consumer user who has to support themselves. This is not an anti Linux comment it is simple fact. The people who engage in "technical banter" (polite version) are light years above the typical consumer and therefore cannot put themselves in that place. It is indeed unfortunate that this problem has arisen but it is entirely because MSFT wanted to create a product with a new backup system with redundancy that the consumer takes home, plugs in like an appliance and forget about. The challenges behind that are much greater than the nay sayers appreciate. WHS is not file based backup. When the corruption issue is fixed there will be nothing out there that achieves the same ease of use as WHS with the features that it provides. Will there ever be competition from the "other side"? Very probably. I am not here to sell or praise MSFT. I just happen to work in that environment and think that WHS will be a good product. I just don't get my "knickers in a twist" trying to debate Darth Vader MSFT versus the Linux Jedi Knights at nauseating length. It's a total waste of time.

i have very little confidence at this exact moment.

we have 3 macs, 1 pc, 1 mac/pc combo, and 1 mac server. we used to use retrospect remote but since it was sold off and the support moved to india it's sucked big time. then we tried various other solutions like superduper, carboncopycloner, and another one that i have blessedly forgotten the name of (intego?), and all seem to be mostly written for desktop-to-hard-drive backups, and had various minor or major issues for us.

i finally got it all up and working right several months ago and left town. i checked in on it last week, and all but one system had stopped running backups without notifying the user. i'm sure some of this is user error at my end, but i am a qualified geek and this is *still* not easy.

i'm about to rebuild the system and i'm looking at going with apple's built-in Time Machine daily backups to a remote hard drive on the server, and weekly backups from the server to an external drive for the off-site security. i like the idea of time machine; it's from apple, it's "free" on 10.5, it should "just work."