[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Best way to duplicate HDs



> > You might say "tape backup"... but keep in mind that it doesn't offer
a
> > "plug n play" solution if a server goes down. With the above method, a
> > dead server could be brought to life in a minute or so (literally)
> > rather
> > than half an hour... an hour... or more.
>
> It occours to me that in most cases, recovery from a catostrophic
> failure is not going to be as easy as plug and play. Let's take some
> common situations where we need to recover a system.
>
> Virus -
> The way I traditionaly deal with a virus, is to never have it touch
> my system. As a system admin it is my job to keep viruses from hitting
> machines in the first place, not clean them up once they arrive.
> Cleaning up is the mentality of the Microsoft security world, and I
> refuse to accept such poluted doctrine. However, I do have a contingency
> plan should I miss a virus. I have a master OS image burnt onto a disk,
> and each of my systems make a backup of their data nightly (simple tar).
> The backups rotate and are incrimental, so I can restore data to the
> current date, masking out any infected paths. This, however, is not a
> plug and play solution, it requires manual control.
>
> Hardware failure-
> I run arround and sceam alot. This kind of failure is mostly luck
> of the draw, but I try to follow the same strategy as above.
>
> Hacker-
> If they wipe the disk, then the OS image and data backup will work
> nicely. If they do something else,  then I wipe the disk myself (no
> backdoors that way), and recover.
>
> In none of these situations do I see any value in making a replica of a
> tainted or damaged disk every 12 hours.

You are thinking resource-intensive work, which would require more than a
basic or low level sysadmin to do. I would not trust a low level sysadmin
to start performing restoration work on a system. At least if we catch it
within 12 hours or 24 hours then the sysadmin could at least pull out the
backup hard disks from the drive caddies, plug them into the backup system
on standby (basically has everything except hard disks) and have a working
system up and running instantly. A high level sysadmin can slowly sift
through original information carefully once the system is up and running.

Your assumption is that you can have a sysadmin onsite within a certain
amount of time to perform said restoration work on the filesystem, which
may not be possible especially with cutbacks everywhere and everyone
tightening their belts. Calling in a high-level sysadmin at 3am in the
morning to perform such tasks is not always possible resource-wise.



Reply to: