Dealing With Threats
So far we've discussed backup principles (independence being the most important),
the six threats,
and described hardware and software choices.
Now we'll discuss more specifically how each of the threats can be dealt with.
To make things a bit simpler, we'll group the six threats into three major categories, because several backup methods deal with more than one threat:
- User Error, Equipment Failure, and Disappearance
- Surge
- Office Destruction and Regional Disaster
Backup for User Error, Equipment Failure, and Disappearance
For desktops that stay connected to lots of things anyway (network, speakers, keyboard, mouse, external drives, iPods), you should attach a large external drive, via FireWire or USB 2.0, and keep it running all the time.
If you turn it off you'll forget to turn it on again and you'll miss backups.
You don't have to worry about surge or fire, because they're in a different threat category (see below).
One of the best things about keeping an external drive permanently connected and switched on is that backup to it can be completely automatic.
For that to work, the backup software has to run automatically as well.
Of course, your computer has to be on for the automatic backup to run, which generally means leaving it on all the time.
For a laptop, you'll have to connect it when you want to back it up and then disconnect it.
Backups won't be entirely automatic.
If all your data is on your computer's internal disk, it's best to get an external drive that's the same size or bigger and just copy your entire disk to it each night, or, if you have a Mac running OS X 10.5 (Leopard), use Time Machine, which does copy all the data to the drive, but in the form of versions.
(It's straightforward but slow to recreate a crashed internal disk from Time Machine. You boot from the Leopard DVD.
Here's an article about how to do it.)
If you have several active disks, there are two cases:
- You can back them up individually with separate backup jobs.
This means one backup drive for each active drive, or, perhaps you can fit more than one active drive on a large drive, assuming the backup software allows you to do that.
- Sometimes one or more external drives contains data that changes rarely, such as an image archive. In this case you might back up such drives only occasionally, or even keep several generations of DVDs instead.
Peter Krogh recommends in The DAM Book (DAM stands for Digital Asset Management) that you organize your photos into DVD-sized folders he calls buckets, starting a new bucket when the previous one fills up, and then you can easily copy a bucket to a DVD.
Comment by Uwe: We did that in the past also. Now with these large RAW files it does not make much sense anymore because we may get more than 10GB in a day and this way we were always behind in creating new DVDs.
On a Mac, if you don't have Leopard you should use Super Duper to clone the internal disk.
On Windows, there are lots of choices for cloning the internal disks, including Complete PC Backup, which comes with Business, Ultimate, and Enterprise editions of Vista.
(But see Part 5 of this series for its limitations.)
Other choices for backing up your entire Windows system are Norton Ghost, Retrospect, and Acronis True Image. (Marc did use Retrospect for years, but never had to do a restore.)
The only one of the three that Marc has tested is Acronis True Image Home ($37 or so from Amazon), and it seems like a fine program that works well.
It can image your main drive, so you can boot directly from the backup, and also back up just the folders you want.
It's a much better choice than the backups built into Vista (Complete PC Backup and Back Up Files) because it allows you to verify the backup
and restore individual files (without installing VHDmount, which is a pain),
and, unlike Back Up Files, it allows you to control exactly what's backed up.
It can even send you an email when its finished.
There's a 15-day free trial.
Most complete system utilities refresh the backup by only replacing files that have changed.
But you don't get to keep previous versions; all you have is the most current complete backup.
Also, if the backup fails, you may have nothing, which might mean that you are not backed up at all, which is an unacceptable situation, even for a minute.
A practical solution to backup failure, since it's pretty rare, is to put in into the Office Destruction category, which I will discuss shortly.
In other words, if the backup fails and the primary disk also fails, you will suffer the pain of recovering from Office Destruction.
If that's too much, then take the external backup drive offline once a week (or every other day, or whatever) and replace it with a fresh one, perhaps rotating the drives so you don't have to keep buying new ones.
Backup for Surge
A surge protector is a good idea, but you still have to eliminate the possibility of surge damage, and that requires that the backup device be completely unplugged.
The drive you're using for automatic backup (protection against User Error, Equipment Failure, and Disappearance) can't be unplugged, so it doesn't qualify.
If surge is very common in your area (either from power-utility problems or from lightning), you may want to keep a weekly complete backup drive offline, just as you would to protect against both the nightly automatic backup and the main computer failing simultaneously.
But, if surge is rare, and especially if you're using a surge protector, you can simply consider surge to be Office Destruction and deal with it that way (next section).
Backup for Office Destruction and Regional Disaster
To protect against these attacks you have to get the backup media offsite, and there are only two ways to do that:
- Physically move it offsite, by walking it, driving it, or sending it somewhere else. (Walking it probably won't get it far enough away to protect against Regional Disaster.)
- Store the backup online, making sure the online site is very far away.
(If you live in a large city you might find out it's in your building. Check that out!)
Both options have severe disadvantages, which is why you can't use them for your nightly automatic backup.
Fortunately, both of these severe forms of attack are very rare, so you may be able to afford much longer restore times than you would when recovering from, say, Equipment Failure, which is very common.
You're going to need the longer time anyway, because you might have to drive across town (on flooded streets, maybe) to retrieve your backup drive.
The actual backup hardware and software for offsite backup isn't any different from what you use to protect against User Error, Equipment Failure, and Disappearance (see above).
The difference is the independence you gain by moving the media or device offsite.
The problem is that this requires extra work and isn't automated, so it may not happen.
It doesn't do any good if an office fire destroys the drive that's been next to the door waiting for somebody to take it away.
Marc use two drives:
One is offsite (at a friend's house, about 20 miles away), and the other is in his office.
About once a week he writes a new backup to the drive that's at hand, and then he takes it with him when he sees his friend and swaps drives.
That way he has at worst a one-week-old backup 20 miles away.
(Of course, a one-hour-old backup is online, hidden underneath his desk, but that's to deal with a different group of threats, as we explained above.)
Marc is perhaps least qualified person in the world to give anyone advice on how to develop good organizational habits, but here's some advice anyway.
These are things he actually manages to do.
- Designate special drives, at least two, for offsite storage.
Don't just use whatever other drives might be available.
- LaCie makes drives that are bright orange, which he likes because if he sees them on my desk he knows they're not where they belong.
You can put colored tape on other drives to accomplish the same thing.
Make sure you don't cover any air-circulation holes.
- Set up easy-to-use computer procedures, possibly even scripts, to populate the drives so you won't have to hassle with various dialog boxes each time.
Most backup utilities let you set up a script.
- Keep the drives in special boxes so you'll know that they have to go.
A bare drive is too likely to be mistaken for ordinary office clutter.
(Marc's article about this is here.)
- As soon as you've written the drive, put it in its case and then carry it to your car.
That way, even if you forget to take the drive anywhere, it's driving around with you instead of sitting in the same room as the computer.
- After you exchange drives, keep the old one near to the computer so it will be handy when it's time to write it, but in a media safe (see above).
Since you're protecting against very rare events, it's not necessary for the offsite drives to contain a complete system backup.
Marc only backs up his own folder tree, skipping the OS, application programs, and general preferences and settings.
If his office is destroyed or there's a regional disaster, he's willing to spend a week rebuilding his system.
But he's not willing to lose any irreplaceable data.
For active work, Marc doesn't want to risk losing a week of data.
He burns CDs and DVDs and put them in his media safe, or takes them to his friend's house.
(Marc's ImageIngester has a built-in disc-burning feature.)
Remember, as long as the media or device is small and not plugged in, you're protected against User Error, Equipment Failure, Disappearance, and Surge.
Backup Overview
|