Section 12.0 Managing Disaster Recovery and Business Continuity

0

Backup as a service (BUaaS)

Helps small and medium-sized organizations use traditional backup services to protect data and store that data in cloud storage designed specifically for that purpose

Usually slower, have higher capacity, and are much less expensive

Storage as a Service (STaaS)

Primarily used for accessible, flexible, and cost-effective storage solutions in the cloud.

Backup as a service (BUaaS)

Helps small and medium-sized organizations use traditional backup services to protect data and store that data in cloud storage designed specifically for that purpose

Usually slower, have higher capacity, and are much less expensive

Storage as a Service (STaaS)

Primarily used for accessible, flexible, and cost-effective storage solutions in the cloud.

Full Backups

Complete backups of the system. They often take a relatively long time, especially when there is a lot of data on the server

Restoral process is relatively quick because only one backup job needs to be used

Synthetic Full Backups

Create a full backup by combining the latest full backup with subsequent incremental backups, instead of reading data directly from the source, resulting in faster backups and restores

Incremental Backups

Only copies modified data since the last backup

Quicker than differentials, but the restoral process is slower

Differential Backups

Backs up all data changed since the last full backup, meaning each subsequent differential backup includes all changes since that initial full backup

Backups are slower as the week progresses, but restorals are faster

Snapshot

Capture a system's state at a specific point in time, offering fast recovery to that stat

Usually most useful for retaining system setting

Archives

Retain data for long periods and are optimized for storage space efficiency

Offer long-term data retention for legal or regulatory purposes

System-State Backups

Duplicate the essential operating system (OS) configurations. These configurations can then be restored quickly to the same machine in case of corrupted system files or misconfigurations

Small and fast

Application-Level Backups

Focus on a single program, backing up essential configuration files, executables, and supporting files

Filesystem Backups

Protect user data

Gnerally run every 24 hours

Database Dumps

Gathers metadata into a series of SQL statements that can recreate a failed or corrupted database

Can back up or move database contents or extract the contents to a new location for analysis and additional research

3-2-1 Backup Rule

Three copies of data on two different media types and one copy stored offsite

Tape Media

Often have a good cost-to-capacity ratio, have excellent long-term archive ability, and are easy to move and store

Disk Media

Quite fast (for both backup and restore), are often easy to move and store, and are efficient for general backup use

Object Storage

Allows for greater scalability and cost savings

Distributes data and related metadata across storage space for efficient storage

Best for data that is written once and does not change often

User data

Must be backed up frequently enough to recover file versions

Configuration files

Must be backed up any time you make edits or configuration changes

System-state configurations

Server and operating system backups run when major version changes occur or major configuration changes are made

Data Retention

Policies cover active data stored in files, databases, and other locations

Govern how long the data must be stored (minimum time) and the maximum time data can be retained

Cloud backup retention policy best practices include the following:

Maintain compliance with industry regulations and legal requirements.

Be aware of and compliant with data sovereignty considerations.

Classify data to help maintain retention compliance.

Automate data deletion and backup purging to remain compliant and manage storage costs

Data Replication

Copying data to another server or site to retain business continuity and scalability or keep data near users

Asynchronous Replication

Sends data to the primary storage (a database, for example)

The client machine receives confirmation that the data was written. The data is then replicated to the second database server, which responds to the first database server with a confirmation

Synchronous replication

The client machine is only informed that the transaction was successful once both servers have a copy of the data

In transit encryption

Mitigates threats to data as it moves across the network. The network connection might be within a LAN, between LANs over a WAN, or between the on-premises LAN and the cloud service provider's data cente

At rest encryption

Helps protect data residing on storage media in the private or public cloud environment

Recoverability

The ability to successfully restore information, services, and systems from a backup

Backup Data Integrity

Confirms the data has not undergone any unexpected changes, such as altered information by a malicious actor or file corruption during a transfer process

Normally managed using hashing to compare the information at two different points

In-Place/Overwrite Restoral

You may recover data in bulk back to its original location, overwriting whatever data currently resides there

Side-By-Side/Parallel Restoral

Recovering the original production server without overwriting the existing data on that server

Granular File Restoral

Allows you to explore the contents of the Virtual Disk files of a VM backup. That way you can easily restore specific files and folders from a VM backup without having to restore and attach the entire VM

Alternate Location Restoral

Restores backup data to a different system or path, allowing for testing of recovery procedures without affecting the production environment

Snapshot Restoral

Restored and associated with a VM instance for access to the recovered data.

Offer a view of file contents at a given point in time, which may be useful for troubleshooting or recovering specific versions of file

Availability zones

Are one or more data centers within a region offering fast network connectivity

Located within a logical regional area but are distant enough from each other to mitigate natural or man-made threats

Cloud Bursting

When on-premises or private cloud resources become overwhelmed, additional resources can be brought online from the public cloud environment

Company only pays for the extra services when needed and retains on-premises control of services otherwise

Edge Computing

Offers increased service and availability by moving compute resources nearer the point of data generation

Data is processed more quickly, helping to ensure adequate performance and data/service availability

Cloud monitoring

Includes checking for service and application performance and cost-effective management

Also includes maintaining availability and receiving alerts when resources become inaccessible

Availability monitoring characteristics include:

Downtime alerts.

Automation capabilities to react to failures or performance issues.

Tracking uptime and downtime for service level agreement and business objective compliance.

Long-term reporting and analytics that allow for planning and reliability

Prometheus

Open-source monitoring tool capable of managing applications, services, and infrastructure components

Grafana

Open-source visualization tool that integrates with Prometheus and other monitoring platforms

Azure Monitor

Monitoring utility provided with Microsoft's Azure cloud service

Network redundancy

Ensures data availability and connectivity to services

Ensure data availability and continuous connectivity by eliminating single points of failure in the network

NIC Teaming

Two or more NIC aggregated into a single channel link for fault tolerance and increased throughput. Also known as NIC bonding.

Hardware load balancer

This network appliance distributes a workload across servers. It resides between the client computers and the servers

Software load balancer

This is installed directly on the servers

Round-robin

Assigns connections in order

Weighted scheduling

Used when the server's hardware capabilities vary, allocating more connections to the more powerful servers

Hybrid cloud

Mix of private and public cloud services

Multi-cloud

Mix of public cloud resources from two or more vendors, such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP)

Multi-cloud solution

Allow companies to select the best cloud provider for specific services, such as using one provider for database capabilities and another for data backups

Multi-cloud environments

Avoid vendor lock-in, especially with provider outages. If your company's e-commerce website is hosted by a single CSP, it will become unavailable if that provider suffers an outage

Multi-cloud deployments

Very complex, requiring planning, monitoring, and management.

Not all cloud service providers offer compatible solutions or encourage working with other providers

Service level agreements (SLAs)

Set service requirements and expectations between a consumer and a provider

Recovery time objectives (RTOs)

The maximum time allowed to restore a system after a failure event.

Recovery point objectives (RPOs)

The longest period that an organization can tolerate lost data being unrecoverable

Mean time to recovery (MTTR)

A metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Mean time between failures (MTBF)

A metric for a device or component that predicts the expected time between failures.

Warm Sites

An alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

Hot Sites

Immediately take over operations in a disaster. They have all the equipment necessary for the business, including servers, workstations, network devices, office furniture, power, and Internet connectivity.

Costly

Cold Sites

Contain the necessary space without essential equipment like workstations, servers, network devices, and furniture. You must migrate data to the cold site