Professional Documents
Culture Documents
Backup
Backup
Backup
Backup can be understood as a copy of used data pages or a copy of transaction log records.
Backup has to be done regularly. Backup is needed not only to restore databases in case of
physical or logical failure, but it is also useful when, for example, we want to make a copy of the
database or migrate the database to another SQL Server instance.
Backup types
A full backup is simply the backup of a complete database. When performing a full backup, SQL Server
stores metadata of the database (its name, creation date, all options set to the database, paths to all
files belonging to the database, and so on), used data pages of every data file, and also the active part of
the transaction log (which means all transactions that are not checkpoint yet and all running
transactions even if they are not finished).
Let’s dive in to know more about the types of backup, the difference between
them and which one would be the best fit for your business.
Database Backup and Recovery Best Practices
The ability to restore databases from valid backups is a vital part of ensuring business
continuity. Backup integrity and restorations are an important piece of the IT
Governance Institute’s IT Control Objectives for Sarbanes-Oxley,
2nd Edition. In many instances, IT auditors merely confirm whether backups are being
performed either to disk or to tape, without considering the integrity or viability of the
backup media.
This article covers the topics related to data loss and the types of database backup and
recovery available. Best practices that can assist an auditor in assessing the
effectiveness of database backup and recovery are also provided. This article focuses
on the technologies and capabilities of the Oracle relational database management
system (RDBMS) and Microsoft (MS) SQL Server because, together, they cover
approximately 40 percent of all database installations. Figure 1 provides a short
comparison of Oracle and MS SQL Server.
One of the key responsibilities of a database administrator (DBA) is to prepare for the
possibility of media, hardware and software failure as well as to recover databases
during a disaster. Should any of these failures occur, the major objective is to ensure
that the database is available to users within an acceptable time period, while ensuring
that there is no loss of data. DBAs should evaluate their preparedness to respond
effectively to such situations by answering the following questions:
How confident is the DBA that the data on which the company business
depends are backed up successfully and that the data can be recovered
from these backups within the permissible time limits, per a service level
agreement (SLA) or recovery time objective, as specified in the
organization’s disaster recovery plan?
Has the DBA taken measures to draft and test the procedures to protect
as well as recover the databases from numerous types of failures?
The following is a checklist for database backup and recovery procedures that are
explained throughout this article:
Set up a process so that disk backups get transferred to tape without loss of time.
The backup media from the offsite storage is retrieved and loaded. A message appears
on-screen that states that the backup media are “unreadable” due to integrity issues.
What could have happened?
Many things could have happened. However, it is clear that a critical step
did not happen. The restoration from the backup media was never really tested. The
control was marked as effective because a backup process was in place and being
performed. In addition, no errors were ever received when the enterprise backed up to
the backup media.
Backups are of no use if the IT team cannot restore the data to the system at the time of
need. A DBA should formulate a detailed strategy for this task:
Conclusion
The primary responsibility of the database administration team is to review all types of
RDBMSs in the enterprise and to develop a comprehensive backup plan to conduct
effective backup management by proactively monitoring backups, getting alerted for
failed backups and rerunning these seamlessly, without loss of time. It is good practice
to back up data to physical disk and to then archive the data to tape for disaster
recovery purposes.
IT auditors can assist data administration teams in strengthening their controls and data
recovery processes by validating the DBA operations, including the testing of the
recovery of data. This continuous, proactive and cooperative effort between internal
audit and the DBA team can provide assurance to management that, in the event of a
disaster, the business’s data can be recovered.
Ali Navid Akhtar, OCP, has more than two decades of experience with
databases. He works as a lead database administrator at Solo Cup Co.
Jeff Buchholtz, has more than 18 years of design, implementation and support of
global IT technology solutions. He works in an IT leadership role and is an Oracle
database administrator.
Michael Ryan, CIA, CPA, is the director of internal audit for Solo Cup Co., with
the primary responsibility of building and executing US Sarbanes-Oxley Act 404
compliance strategies.
Kumar Setty, CISA, has more than 10 years of experience in the areas of data
analysis, systems administration, auditing and computer security. He is a manager at
PricewaterhouseCoopers LLP.
Reference
https://www.isaca.org/resources/isaca-journal/past-issues/2012/database-backup-and-
recovery-best-practices
Full Backup
A full backup is the most complete type of backup where you clone all the selected
data. This includes files, folders, SaaS applications, hard drives and more. The
highlight of a full backup is the minimal time it requires to restore data. However,
since as everything is backed up in one go, it takes longer to backup compared to
other types of backup.
The other common issue with running full backups is that it overloads storage space.
That’s why most businesses tend to run a full backup and occasionally follow it up
with differential or incremental backup. This reduces the burden on the storage space,
increasing backup speed.
Differential Backup
A differential backup straddles the line between a full and an incremental backup.
This type of backup involves backing up data that was created or changed since the
last full backup. To put it simply, a full backup is done initially, and then subsequent
backups are run to include all the changes made to the files and folders.
It lets you restore data faster than full backup since it requires only two
backup components: an initial full backup and the latest differential backup.
Day 3 – Schedule a differential backup. It will make a copy of all the data that has
changed from Day 2 (this includes the full backup on Day 1 + differential backup) and
Day 3.
Incremental Backup
The first backup in an incremental backup is a full backup. The succeeding backups
will only store changes that were made to the previous backup. Businesses have more
flexibility in spinning these types of backups as often as they want, with only the most
recent changes stored.
Incremental backup requires space to store only the changes (increments), which
allows for lightning-fast backups.
Difference Between Full, Differential and Incremental
Backups
Full Differential Incremental
Most recent full backup & Most recent full backup &
Media Required for
Most recent backup only most recent differential all incremental backups
Recovery
backup since full backup
For instance, if you have a high volume of data, you need a backup strategy
that uses the combined power of a full and an incremental backup.
These insights offer clarity for your SaaS backup buying process and can help
you narrow down your search for the right backup solution that meets your
backup needs. After all, you want a reliable solution that will store your
business information, like Google Workspace, Office 365 and Salesforce data,
and help you recover it when you need it.
Full backups
The most basic and complete type of backup operation is a full backup. As the name
implies, this type of backup makes a copy of all data to a storage device, such as a
disk or tape. The primary advantage to performing a full backup during every
operation is that a complete copy of all data is available with a single set of media.
This results in a minimal time to restore data, a metric known as a recovery time
objective. However, the disadvantages are that it takes longer to perform a full backup
than other types (sometimes by a factor of 10 or more), and it requires more storage
space.
Thus, full backups are typically run only periodically. Data centers that have a small
amount of data (or critical applications) may choose to run a full backup daily, or even
more often in some cases. Typically, backup operations employ a full backup in
combination with either incremental or differential backups.
2. Incremental backups
An incremental backup operation will result in copying only the data that has changed
since the last backup operation of any type. An organization typically uses the
modified time stamp on files and compares it to the time stamp of the last backup.
Backup applications track and record the date and time that backup operations occur
in order to track files modified since these operations.
Because an incremental backup will only copy data since the last backup of any type,
an organization may run it as often as desired, with only the most recent changes
stored. The benefit of an incremental backup is that it copies a smaller amount of data
than a full. Thus, these operations will have a faster backup speed, and require
less media to store the backup.
3. Differential backups
A differential backup operation is similar to an incremental the first time it is
performed, in that it will copy all data changed from the previous backup. However,
each time it is run afterwards, it will continue to copy all data changed since the
previous full backup. Thus, it will store more backed up data than an incremental on
subsequent operations, although typically far less than a full backup. Moreover,
differential backups require more space and time to complete than incremental
backups, although less than full backups.
As shown in "A comparison of different types of backup," above, each backup process
works differently. An organization must run a full backup at least once. For
subsequent backups, it is possible to run either another full, an incremental or a
differential backup. The first partial backup performed, either a differential or
incremental, will back up the same data. By the third backup operation, the data that is
backed up with an incremental is limited to the changes since the last incremental. In
comparison, the third backup with a differential will back up all changes since the first
full backup, which was "Backup 1."
Full daily
As shown above, performing a full backup daily requires the most amount of space,
and will also take the most amount of time. However, more total copies of data are
available, and fewer pieces of media are required to perform a restore operation. As a
result, implementing this backup policy has a higher tolerance to disasters, and
provides the least time to restore, since any piece of data required will be located on at
most one backup set.
Running a weekly full backup plus daily differential backups delivers results in
between the other alternatives. Namely, more backup media sets are required to
restore than with a daily full policy, although less than with a daily incremental
policy. Also, the restore time is less than using daily incremental backups, and more
than daily full backups. In order to restore data from a particular day, at most two
media sets are required, diminishing the time needed to recover and the potential for
problems with an unreadable backup set.
4. Mirror backups
A mirror backup is comparable to a full backup. According to a blog from backup
vendor Nakivo, "This backup type creates an exact copy of the source data set, but
only the latest data version is stored in the backup repository with no track of different
versions of the files." The backup is a mirror of the source data, thus the name. All the
different backed up files are stored separately, like they are in the source.
One of the benefits of mirror backup is a fast data recovery time. It's also easy to
access individual backed up files.
One of the main drawbacks, though, is the amount of storage space required. With
that extra storage, organizations should be wary of cost increases and maintenance
needs. In addition, if there's a problem in the source data set, such as a corruption or
deletion, the mirror backup experiences the same. As a result, it's a good idea not to
rely on mirror backups for all your data protection needs, and to have other types of
backup for the data. You'll want to follow the 3-2-1 rule of backup, which includes
three copies of data on two different media, with one copy off site.
One specific kind of mirror, disk mirroring, is also known as RAID 1. This process
replicates data to two or more disks. Disk mirroring is a strong option for data that
needs high availability because of its quick recovery time. It's also helpful for disaster
recovery because of its immediate failover capability. Disk mirroring requires at least
two physical drives. If one hard drive fails, an organization can use the mirror copy.
While disk mirroring offers comprehensive data protection, it requires a lot of storage
capacity.
Most of the advanced types of backup such as synthetic full, mirror and continuous
data protection require disk storage as the backup target. A synthetic full simply
reconstructs the full backup image using all required incremental backups or the
differential backup on disk. This synthetic full may then be stored to tape for offsite
storage, with the advantage being reduced restoration time. Finally, continuous data
protection enables a greater number of restoration points than traditional backup
options.
When deciding which type of backup strategy to use, the question is when to use each,
and how these options should be combined with testing to meet the overall business
cost, performance and availability goals.
The purpose of most backups is to create a copy of data so that a particular file or
application may be restored after data loss, corruption or deletion, or a disaster strikes.
Thus, backup is not the goal, but rather it is one means to accomplish the goal of
protecting data. Testing backups is just as important as data backup and restore.
Again, the point of data backup is to enable restoration of data at a later point in time.
Without periodic testing, it is impossible to guarantee that the goal of protecting data
is being met.
This backup method is typically done periodically for large data centres, however,
if the database is a small one, this type of backup could be done on a daily or even
a more frequent interval.
Although it takes time for a full backup, this method ensures all data is at one
location from a specific timestamp. Restoration time, therefore, is faster though
there might be some loss of data in time but the operation can be resumed with a
good amount of data. This may occur, provided the backup has been scheduled
periodically and at reasonable time intervals (especially if this is the only method
employed in the organisation).
Incremental Database Backups
Incremental backups make a copy of updated or newly created files since its last
normal backup in an iterative manner. This type of backup compares the state
change since the last incremental backup. This type of backup is best when the
restoration requires you to store recent changes in smaller chunks.
Incremental means the backup is done in a shorter time with a smaller amount of
data, hence this backup method is faster and requires less space. If the entire data
set is lost, both backups (i.e full and incremental backup data) are required for a
full database restoration.
A full database backup takes longer to backup and needs large storage space. If the
organisation considers to do a frequent full back , a retention policy would be
necessary to know how to manage and archive the older backup copies. A full
backup can be done while the database process is still running or it may require a
downtime for a full backup . This, of course, depends if the organisation is able to
have downtime. At any time , during a recovery period , the full backup will be the
best option for a fast and safe recovery.
Differential backups are faster when compared to the full backup method.
Restoration is faster as only the last full backup and differential backup sets are
required for recovery. There are two perspectives to consider when it comes to
space management. Differential backups do save space (as it only stores the last
changes) but progressively it does require a larger storage space compared to the
incremental backup method. A full backup must be available before starting a
differential backup. If any subsequent differential backup fails, the recovery
process will fail as well. This method always compares the changes with the full
backup, hence it requires high network bandwidth.
Conclusion
It’s best to have at least two types of database backups available at all times for
data protection. A set of full backups is always best to have to handle any full-
recovery scenarios. Full and Incremental backups would be a good combination to
have (the full backup copy to hold the recent transactions).
Reference
https://backup.ninja/news/Choosing-a-Database-Backup-Method
Written by
MADELINE CLARKE
Why is TechnologyAdvice Free?
For situations like these, database backup and recovery plans can provide some reassurance that
your data is covered – if they are successful. But if your data backup fails, you may still be
unable to recover your organization’s data despite having these precautions set in place. This is
why database backup and recovery plan testing are vital for organizations.
Testing backup and recovery plans enable you to better prepare for worst-case scenarios and
avoid loss of data that could interrupt production and be detrimental to the success of your
organization. Read on to learn about the importance of backup and recovery plan testing and the
best way to test your backup and recovery processes to ensure the safety of your company data.
Skip to:
While ensuring the security for your business may not seem like a life or death situation like the
one I just described, let’s face it, data breaches can wreak havoc on the success of an
organization. Whether you like it or not, your livelihood and your workers’ positions are
dependent on your data security to keep the business safe and keep operations moving forward.
Many risks can be involved with the failure to maintain security through database backup and
recovery plan testing. Loss of essential data can put businesses at risk and cause organizations to
halt operations. For example, a Coveware study reflected the average downtime for businesses
due to a ransomware attack to be 22 days. The inability of a company’s operations to continue
for so long due to poor backup recovery plans could result in a loss of money, customers, and
credibility.
If you’re not sure how to accurately test your backup and recovery plan, you’ve come to the right
place. The following text will provide a step-by-step explanation of how to test your plans and
maintain data safety for your organization.
It is crucial to ensure that your organization is familiar with the backup and recovery software
and processes before you need to use them. The last thing you want in an emergency is to be
confused about accessing your restored data because you or your team is inexperienced with the
technology. Your organization’s IT or security staff must know about your software’s
infrastructure, storage capacity, and other components of your backup systems. By having this
knowledge, you will know whether your system meets your database’s needs and how to access
and recover your data quickly.
In the case that your files become deleted or corrupted, you should be able to rely on your
backup systems to restore them to their original capacity. Testing this can confirm that your
system can restore these files correctly and allows you to familiarize yourself with the process.
To begin, choose some files within the specific file system that you are testing. These files
should have been recently altered or added. Next, you can create a folder for the testing process.
After, you can use your backup system to locate these files and restore them to that folder. Once
you have the files that the system produced, you may then compare the restored files to your
actual files.
When comparing the restored files to your actual files, you should consider any changes or
alterations between the two. For example, ensure that the restored files can be opened and
accessed, that they are the same size as the originals and that all of the recent updates to the
original files are included in the restored ones. This will help you determine whether your system
accurately restored the files and would be able to in a situation where the originals were lost.
Applications can house essential data that may be lost if they aren’t properly backed up. Similar
to the process of testing your file recovery, you can run a restore of your applications.
When comparing the restored application to the original, you should test for changes in the data
contained within the application and the functionality of the application. The restored application
should be accessible with a similar amount of stored data and the same capabilities as the
original.
You should look for consistency between your original and restored applications. If your restored
application cannot be utilized with your original data, then your application backup cannot be
considered successful.
Database recovery consists of restoring the entire database, should it be compromised. This
process is a bit more extensive, as you first need to ensure that the place you restore your data
has the database software installed but won’t interfere with the original database. Therefore,
using a separate database server or restoring the data virtually to the cloud is suggested.
Suppose you only have one database server available. In that case, you can still perform this test
on the same machine that hosts the production database if it has enough space, as long as you use
a separate name for the restored database to avoid the possibility of overwrites or interferences to
the original database during the restoration process.
Once your software has restored the database, test the recovered database compared to the
production database. This can be done by running queries against each database, running macro
tests, and connecting apps to the recovered database to ensure that they function correctly.
It is beneficial to test how long it takes for your system to complete the backup restoration
throughout this process. This is important to be aware of since a long time for backups to process
could mean more downtime for your company and consequences to your internal operations,
clients, and reputation.
By taking note of the time your system takes to backup your test data, you can apply this to the
amount of data necessary for your organization to function. This can enable you to determine
how long your restoration process could leave your company waiting before work became
possible again if an emergency wiped out the entire system.
Knowing this information can allow you to plan for such a scenario and may help you to
consider faster alternatives for backing up your data if necessary.
Many organizations utilize cloud-based applications and software systems because they are
accessible from remote locations. Likewise, being able to restore your data remotely can be
crucial in case of an emergency.
It is beneficial for organizations to ensure that they can access their data in an emergency, even if
it must be done remotely. This could be due to several reasons, such as natural disasters
damaging your company infrastructure or a system failure.
Therefore, running an offsite restore test will help you test whether your cloud-based or remotely
located data can be restored and how long this would take before your company could
commence operations.
7. Continue to test your database backup and recovery plan regularly
Testing your database and recovery plan can give you peace of mind, but changes to your data
storage and system are ordinary for organizational networks and may cause changes in your
plan’s capability to restore your data. It is because of this that many organizations conduct these
tests regularly.
So how often should organizations conduct database backup and recovery testing? It is best to
schedule tests regularly, such as weekly or monthly. The frequency of tests can also be based
upon resource needs. For example, you can test the backup of data that is necessary to the
company’s operation more frequently, as its ability to be restored is more critical.
Database backup and recovery plans should be tested on their reliability to restore data as
accurately and quickly as possible. By conducting regular tests and staying on top of
your backup and recovery plan’s capabilities, your organization will be more protected from
potential threats.
Reference
https://technologyadvice.com/blog/information-technology/how-to-test-database-backup/