Best Practices for Backup
Back up system state in addition to performing a full backup. Schedule backups to occur at regular intervals. Keep copies of backups in a safe place on location for quick restorations of critical files and servers. Keep copies of backups offsite in case a disaster destroys the data center or the local backup media as well as server drives. Review system logs of backups to ensure scheduled backups are occurring. Keep a manual log of backups that records when they occur, which tapes or other media were used, where they were stored, and by whom. Be sure to have anyone who handles the backup media sign the log and keep records of where and when backup media is taken offsite. Provide a secure offsite location miles away from your site. This ensures that a local disaster, such as flood, hurricane, or tornado, does not destroy your site and the offsite backup location. Back up the system files after system files are changed or new drivers are added. You can do this when backing up system state by using the advanced options. Develop backup procedures and test them. Train backup operators on how to back up and how to determine whether the backup or scheduled backup is working, and regularly hold drills in which a new server is built and backups are restored. Make the following types of backups: Automated System Recovery (ASR) backup Complete backup System state backup Data backups of critical configuration data Secure backup devices and media as well as storage locations. Do not disable volume shadow copy. To back up clusters, perform an ASR backup of each node in the cluster, each cluster disk, and each individual application running on the nodes. When backing up critical or sensitive servers, consider making backup media accessible only to the owner of the files or members of the Administrators group. Use separation of privileges to manage backups of critical or sensitive data and servers. This can be done by not adding members to the Backup Operators group and creating custom groups. One group is given the Backup privilege, while the other group is given the Restore privilege. Because administrators have both rights by default, you may need to restrict them as well by removing or denying privileges. Remember that administrators can give themselves back these rights and audit for its abuse. |