Untested backups give a false sense of security

Backups may be worthless if they’re not tested, says Warren Olivier of Veeam – and the consequences could be dire, especially in virtualised environments.

“People sometimes have a false sense of security because they’re running backups, and getting confirmation that the backups were successful,” says Olivier, Territory Manager at Veeam. “But your backup software is only as good as its last restore. When last did you test that you could actually restore a machine from your backups? You could be backing up a serious problem that won’t reveal itself until the day you need to restore – and then it’s too late.”

The risk is significant, he says. “Of 500 companies VMWare surveyed in 2010, 43% had experienced a data loss within the past two years, and failed recoveries cost them an average of over R3.5m (US$ 400,000) a year. Yet only 2% of backups were ever tested.”

Antivirus updates, operating system upgrades and patches are among the most common causes of recovery failures, says Olivier. “These changes require a system reboot, which could result in an inconsistent operating system or application state. Machines suffer from this issue all the time: You reboot and get to a blue screen or application problem, then have to roll back to the last known good configuration, or try and restore from a successful backup.”

“That’s fine if you reboot immediately after the upgrade and your last known good configuration was yesterday,” adds Olivier. “But reducing the amount of downtime and rebooting machines less often is one of the primary benefits of virtualisation – not to mention a top requirement in most SLAs. You could have been running for weeks or months with a problem quietly incubating, waiting for a reboot to commit the changes that will mess up your server.”

Olivier says he’s seen at least one client lose months of data to exactly this kind of hidden trap. “His backup software told him the backups were successful, and they were – but the restore wasn’t. To make matters worse, those assurances gave him a false sense of security and he was careless in the reboot process, thinking he could always do a recovery if there was a problem. Sometimes a false sense of security can be far worse than no security at all.”

“The only way to manage your risk is to test your backups,” says Olivier.  “Everybody would like to, but in most cases it’s just too expensive, too time consuming or even physically impossible.  It takes hours to rebuild a machine, import the backup and try to restore – and if it doesn’t work, you may have to go back a day further and test again. It’s not feasible, economically or physically, to test backups made on physical media in a physical environment.”

But everything changes in virtualised environments, says Olivier. “If you’re running a virtualised environment, you definitely shouldn’t be using backup tools designed for physical hardware. Rather use the opportunity to take a flexible approach to backup and replication. Treat the entire virtual machine as a file, which it is, and take advantage of the resulting flexibility and portability. The hidden advantages of virtualisation go far beyond the typical reductions in the cost of cooling, power and hardware.”

Veeam’s backup and replication tools make the testing process automated, incredibly fast and economically viable, says Olivier. “We can restore a machine in 20 seconds and have you at the logon screen in two minutes.  That changes the whole game: suddenly testing every backup, every day is entirely feasible.”

The process can be entirely automated, he adds. “Few people want to babysit their backup and recovery jobs,  so an automated process that delivers a high-level report meets their requirements. There are also compliance requirements around backups, and this makes it easy to meet those requirements.”

Leave a Reply

Your email address will not be published. Required fields are marked *