Backup and Disaster Recovery

On this episode of Tech Tuesday, Roland Carter from PCG talks with John Maher about backup and disaster recovery for businesses. He explains the importance of backup and disaster recovery and dives into the concepts of recovery time objective (RTO) and recovery point objective (RTO).

John Maher: Welcome to Tech Tuesday brought to you by PCG, a managed IT services company in Portsmouth, New Hampshire. I’m John Maher, and with me today from PCG is Roland Carter. Welcome, Roland.

Roland Carter: Hi John, nice to be here.

What Is the Purpose of Backup and Disaster Recovery?

John: Great. So Roland, today we’re talking about backup and disaster recovery. So what’s the purpose of backing systems up and doing disaster recovery? Obviously when you have a problem you want to recover your files, that sort of thing. What’s the general purpose of those systems?

Roland: Yeah, so there’s actually a ton of purposes to do this. I mean, one, you want to make sure you’re saving all of your information somewhere just in the chance that you might delete it. That’s a really common situation that happens. We have clients call us all the time saying, “Hey, I accidentally deleted this or I’d moved it somewhere. I can’t find it.” Those are fairly common scenarios. And those are the easy things to take care of. But there’s other situations too. I mean anything from weather events that happen. Even if your roof leaks and it happens to get into the server room and ruin a server, it’s nice to know that you can recover all of your information.

But this goes even a bit further. If you get hit by a ransomware attack or someone is able to get into your system and just, say, delete everything that’s all in there, we’re able to take your information that’s backed up and just rebuild the machine. There’s no need to pay the ransomware and no need to worry about what other people are going to do to your system. Obviously we want to mitigate all of your risks that you can, but sometimes that just isn’t possible. So having the backups really helps you against all of the things that could possibly happen out there in the world, whether it’s human intervention doing something bad to your machines, or mother nature knocking a tree down, God forbid, but things happen and it’s nice to know you’re backed up.

What Are RTO and RPO?

John: So in terms of a backup and disaster recovery, there’s a couple of things called RTO and RPO. What are those?

Roland: So when we first start talking with our clients about backups, we try and gauge what’s the acceptable amount of downtime you would expect. For some clients it’s definitely we need to be up as soon as possible. If we could be up in 10 or 15 minutes, that’d be awesome. And for others, it’s, “Well if we’re missing our systems, we could probably still get through a day or two.”

RTO: Recovery Time Objective

Roland: Maybe they don’t rely heavily on the computer systems because their job is primarily outside. Maybe they’re in a service industry that’s construction based or landscaping, things like that, where they’re not completely tied to computer systems.

So RTO is recovery time objective, and that helps us determine what kind of system we actually should be providing to you. Do we need to have a basic backup system, and within maybe a few hours to a day, we’re able to get the system back up and running, and do we need to give you a beefier system, something that is capable of getting you back up and running in maybe half hour to an hour, sometimes even last. So that’s really the recovery time objective.

RPO: Recovery Point Objective

Roland: The recovery point objective is how much time in between the backups should we be worried about? And we can do everything from taking a backup every 15 minutes, we can do it every hour. Sometimes we’re doing the backup just once a day. But it’s really a matter of how much backup should we be storing for you based on how much change happens during that time.

So RPO is the recovery point objective, and it’s basically how much time would it take for you to put something back into your system? It’s an accounting system and you just entered a bunch of checks into it. How much time would it take you to put everything back into that again if you had to.

Determining Recovery Time and Recovery Point Objectives

John: Right. So how is it that you help to determine what those recovery time objectives and recovery point objectives are? Is it just a matter of talking to a client and trying to figure out how often do you make changes on your server and how quickly do you need that information back, or are you actually looking at the server and seeing when changes happened to try to figure out what the RTO and RPO should be?

Roland: Yes, it’s a little of both, and it really does depend on the client. We always start with a conversation and if there’s not a whole lot of change, the client knows there’s not a whole lot of change, and they’re cool with say an every hour kind of backup, that’s typically what we’ll put in. There are definitely clients that get a little bit more intricate in what they do. They’re making pretty heavy changes to a CAD drawings, and if they were to lose that work, they’re paying an engineer to produce these drawings, so they’re losing time, they’re losing money, and we want to make sure that we’re putting a system in place that is going to back up more frequently, and if they were to go down, they’re able to get back up and running quickly. So it definitely has a mix of talking with a client, but also looking at the systems and determining how much change happens over a certain period of time.

How Often to Test Backup and Recovery Systems

John: And do you test the backup and recovery system and how often do you test it?

Roland: Yeah, absolutely. So we offer a couple of different services, and one is the standard backup, and one is the backup with the spin-up options where we’re able to take your system and get you up and running in that 30 minutes, an hour time frame. So we’ll do testing based on what kind of system we’ve installed for you.

And we’ll do those every quarter and especially determined depending on what kind of system you have in place, we might do it more frequently or less frequently, but it’s really a good idea to do those every quarter, do a test restore and make sure we can access the files. And for the systems that have the spin-up options to get up and running quickly, we will do a test restore of a full system and make sure that we can actually run that machine, log into it, make sure the data is there.

Doing Test Restores Without Affecting Network Users

John: And do you do that test restore to a separate place so that then you can test it without it affecting where I’m actually working?

Roland: Absolutely. So in most cases we’ve installed a server that’s called a BDR. So it’s a backup and disaster recovery system. And we’re able to do all of this testing right on that machine, which definitely helps us out. We don’t have to take your current systems down in order to test things out. We’re able to get the information right there and make sure you guys can keep running.

What to Expect With System Failures or Disasters

John: And what should I expect in the event of system failure or some other disaster situation like my server crashing or one of these ransomware attacks or something like that? Walk me through how that process works.

Roland: Sure, yeah. I mean, it definitely depends on what the situation is, but most of the times we start off with the incoming phone call of, “Hey, my system just crashed,” or it’d be a hack or whatever that might be. And from there we’ll make some determinations. Is the system currently running in any manner? Are we able to just put some files back onto it? Or do we need to do a full restoration.

In the event of a full hardware crash, typically we’re having to wait for new hardware to come in in order to actually restore that system. But this is where the backup system comes into play if you have the spin-up, because we’re able to take the BDR server that we have in house and run your systems until we can get the new hardware in place. Most of the time when we run these off of the BDR, they might run a little bit slower, but at least gets you through until we have the new hardware in place that’s supposed to run your systems properly.

So from there, I mean, if it’s a ransomware product, our typical option is to say, “Let’s not worry about what’s on that system right now. Let’s see what happened and make sure that we can mitigate your risks in the future.” But usually it’s a, “All right, we’re going to take everything off of this machine and just restore back to your last restore point and get you running from there.”

The environmental items that happen, usually those are, those are a loss scenario where you’ve lost the machine because it either got ruined because the roof was leaking, water got on the machine. Maybe something hit the building and physically broke the devices, something like that.

And again, that’s waiting for new hardware to come in and then we can put your systems back in place, but we’d love to make sure you’re up and running as soon as possible. That’s why we have the conversations about how much time do you think you can actually be down if your systems were to crash. So we want to make sure we’re fitting your expectations and your budgets. So if you’re able to get the spin-up options, that would be ideal for everyone, but we understand that sometimes it’s just not in the cards.

How Much Data Can You Backup?

John: So how much data can I back up? Is it everything that’s on every server and every computer in my company?

Roland: You can back up just about as much data as you would like. Obviously the cost goes up as you add more and more data to your storage there, but you can back up as much as you want. We have these conversations because sometimes you don’t need to back everything up. Typically it’s just the servers that we’re backing up, not the desktops, PCs, laptops, things like that.

There might be a few desktops that you like to back up. We have a number of clients that like to have their computer that’s in their shipping areas backed up because it does have the UPS and FedEx applications, and maybe it has all of your information for where you’re shipping to are already stored in there, things like that. So it’s a little more painful if you have to rebuild that machine from scratch.

But typically it is just the server, so we like to back up and tell all of the users that are in an environment that they should be saving their information and their file shares that are hosted on the servers. That way there’s no question. We can recover a PC a lot easier, turnaround a repair on a PC a lot faster than we can on a server. So it’s definitely a good idea to just make sure you’re saving everything on the servers. And that way we just have a couple of places that we need to from the backups and not all over, not every single PC and a ton of recovery points to have to manage. Just makes it easier for everyone.

Contact PCG Today for Help With Backup and Disaster Recovery

John: All right. Well, that’s really great information about backup and disaster recovery, Roland. Thanks again for speaking with me today.

Roland: Thanks for having me.

John: And for more information, visit the PCG website at pcgit.com or call 603-431-4121.