CYBR 4330 - Chapter 3
RAID Level 5
- Data striping over multiple drives w/o a parity drive most commonly used in orgs that balance saftey with redundancy against costs of acquiring and operating the systems stripes acorss multiple drives no dedicated parity drive segments are interleaved with parity data, written across drives in a set can be hot swapped
full backup
A full and complete backup of the entire system, including all applications, operating systems components, and data. adv: comprehensive snapshot of org system dis: requires large media to store
differential backup
A type of partial backup that involves copying all changes made since the last full backup. Thus, each new differential backup file contains the cumulative effects of all activity since the last full backup. advs - faster - less storage space dis - each sequential backup is slower - if one is corrupt, previous day is the same
incremental backup
A type of partial backup that involves copying only the data items that have changed since the last partial backup. This produces a set of incremental backup files, each containing the results of one day's transactions less space and time than differential if incident, multiple backups needed designed to complete the backup in the shortest amount of time economical in the amount of room needed to store yield shortest time needed to restore files
•Disk to Disk to Cloud
AKA disk-to-disk-to-onlin rapidly gaining acceptance in the consumer and corporate area org may not want to go directly to cloud aggregate all local backups to central repository and THEN back up that repository to online vendor allow only trusted backup server or service - reduce risk of corruption to CIA users can backup data to a central location and org can periodically upload backup to the online repository most commercial bcackup providers use an encryption process prior to data being transmitted to cloud storage location - not transmitted in plaintext easily access that data to restore it to another system quickyly - minimize downtime ability to automate the cloud backup process - back up more frequently - minimize amount of lost data ensure data is being retained in multiple geographical location to reduce data loss
retention schedule
All data storage that involves backups or archives should be based on this •guides the location, frequency of replacement, and duration of storage.
mirroring
An approach that provides real-time protection as well as data backup is the use of provides duplication of server data storage by using multiple hard drive volumes, as discussed with RAID. can be extended to the point of vaulting and journaling One strategy for implementing server recovery and redundancy through THESE servers uses hot, warm, and cold servers can increase the reliability of primary systems and enhance effectiveness of BR strategies
Community cloud
An implementation in which several orgs with common interests share computing resources can be managed by a 3rd party or by orgs themselves can be hosted internally or externally
Private cloud
An implementation in which the computing resources are operated solely by a single org extension of an org's intranet into the cloud
RAID Level 6
Block-level striping with double-distributed parity systems can recover from two drive failures
RAID Level 3
Byte-level striping of data data is stored in segments on dedicated data drives parity info is stored on a sep drive one large volumes for data, parity drive operates alone for error recovery
•Public cloud •Community cloud •Private cloud •A hybrid combination of the above
Clouds are deployed in the following ways
Snapshot replication
Copying data from one database to another
RAID Level 1
Disk mirroring twin drives in a computer system computer records all data to both drives simultaenously backup if primary drive fails expensive inefficient use of media variation is disk duplexing mirroring: same drive controller manages both drives duplexing: each drive has its own controller often used to create duplicate copies of OS columes plan can be developed that mirrors and then splits disk pairs to create highly available copies of critical system drives
RAID Level 0
Disk striping not a form of redundant storage creates one larger logical volume acorss several available HDDs stores data using disk striping failure of 1 drive may make all data inaccessible does not improve risk situation, increases risk of data loss
cost of specialized equipment media and time required to store and retrieve info market for consumer-grade tape backups has dwindled
Drawbacks of tape backups
recovery plans
Each backup and recovery implementation should have complete need to be developed, tested, and rehearsed periodically.
•establishing and operating costs, •downtime estimates, •estimates of the security provided by the option, •how the option affects the sequence of recovery based on the relative priority of included systems, and •how the option fits into broader organizational planning efforts.
Each backup and recovery option should contain planning for the total cost of operation, including:
scheduling of the backups, coupled with the arrangement for the storage of the media
First stage of tape-based backup and recovery
data storage "int he cloud"
For the corporate user, this online data storage is sometimes referred to as commonly associate with leasing of computing resources from a third party
If you don't own the hardware, software, and infrastructure, you can't guarantee effective security, so you must scrutinize the service agreement and insist on minimal standards of due care
From a security perspective, the leasing of services from a third party is always a challenge. Why?
daily, weekly
In general, data files and critical system files should be backed up HOW OFTEN, with nonessential files being backed up HOW OFTEN
Merger replication
Merging data from multiple databases into a separate database
daily on-site backup either incremental or differential weekly off-site full backuup off-shift hours
Most common schedule for tape backup is
RAID Level 7
RAID 5 on a single virtual drive proprietary variation of RAID 5 array works as a single virtual drive performed by running special software over RAID 5 HW
RAID Level 5+1
RAID 5 plus a separate data parity drive RAID 5 - robustness method adds a separate data parity rive not found in RAID 1
bare metal recovery
Recent advances in server recovery have developed technologies designed to replace operating systems, applications, and data when they fail allow you to reboot the affected system from a CD-ROM or other remote device and quickly restore your OS by providing images many Linux/UNIX versions fewer Windows - Windows 7 repair disk - use the setup disk
RAID Level 0+1
Striping then mirroring combination of RAID 0, 1 RAID 0 - performance RAID 1 - fault tolerance second striped set to mirro a primary striped set
Database Backups
Systems that use databases, whether hierarchical, relational, or object-oriented, require special considerations when planning backup and recovery
•Legacy backup applications - "lock and copy" •Online (cloud) backup applications - also "lock and copy", but backups to online/cloud •Continuous data protection - near real time copies to secondary storage
Systems that use databases, whether hierarchical, relational, or object-oriented, require special considerations when planning backup and recovery
electronic vaulting
The bulk batch-transfer of data to an off-site facility is known as ________________. conducted via leased lines or data comms services for a fee online/cloud backup are quickly taking over recieving server archives data as it is reciveed primary criteria for selecting an e-vaulting solution: costs, bandwidth, security needs, needed service level ensure org can do this without affecting other operations •used to be more expensive than tape backup and slower than data mirroring; however, the explosion in the online/cloud market has changed this. consider using specalized THIS applications for data that warrants the additional expense can be performed over VPN SW agent is typically installed on all serves - initiates full backup to remote vault - prepars to continuously copy data as it is created - vendor must maintain and protect data - access through Web interfave of SW Amazon, Rackspace
Public cloud
The most common implementation a service provider makes computing resources available over the Internet and WWW
online (or cloud) backup, disk backup, and tape backup
The most common varieties of data backup include
Redundant array of independent disks (RAID)
These systems can overcome some of the limits of tape backup systems uses a number of hard drives to store information across multiple drive units Another form of data backup is the use of additional disk drives for redundancy enhances capabilities can spread out data can elimiate reduce impact of a hard disk failure nine RAID configurations doesn't address need for off-site strategy deals with most common need for restoring from backup - recovery from HD failure
Microsoft - Virtual Server VMware's - VMware Server Oracle - VM VirtualBox
Three applications dominate the virtualization market
full, differential, incremental
Three basic backup options
network-attached storage (NAS) and storage area networks (SANs).
Two other advances in data storage and recovery are
•Hardware-level virtualization •OS-level virtualization (a.k.a. software virtualization) •Application-level virtualization
Virtualization can occur in a variety of ways
Hardware-level virtualization
Vm acts like independent computer with own OS allows deployment of simulated HW components physical host's resources are divided between VM and host most common and popular
easily and accurately back up an entire system and then move it to another hardware platform, usually within minutes
What makes virtualization important to CP is the ability to
Tape Backups and Recovery: General Strategies
able to store larger quantities of data in smaller containers cost-effective method
NIST SP 800-34
according to this, alternative should be considered when designing backup and recovery strategies =
cold server
administrator's test platform should be identically conigured to the hot and warm servers upgrades and new applications are tested here added as the new warm server while the hot server is taken offline for repair
system backup can only work correctly if
all user access to the drive is stopped
Database shadowing
also known as databank shadowing •a technology that can be used simply, with multiple databases on a single drive in a single system, or using databases in remote locations across a public or private carrier. combines e-vaulting with RJ multiple copies of DB to two locations used for orgs needing immediate data recovery after incident available for reading and writing - dynamic backup works well for read-only functions (pg 106) each transactional event written simultaneously to multiple DBs can be bufferedm, transmitted across network, stored in DB on a remote server primary DB and shadowed DB get transaction entry, update, deltion request - only primary responds - both DBs make request
Software as a Service (SaaS)
applications are made available on the Internet (and over the WWW) orgs can lease this often include online backup services
daily backup
backs up only files that were modified that day date-specific incremental backup
•The backup plan: Who, what, when, where, and how? •Backup creation: Who, what, when, where, and how? •Backup verification: Who, what, when, where, and how? •Data storage: Who, what, where, how, and for how long? •Encryption: Who, what, when, where, how, and why?
backup and recovery plans should include answers to the following
copy backup
backup of a set of specified files allows admin to make sure all files are backed up but only a subset at a time could be considered a partial full backup
Application-level virtualization
broad term designed to improve portability and compatibility virtualization layer appears to the application as the expected OS answers all necessary API calls made by the application app percieves it's interacting with host Os and resources allows app to run on computer that otherwise support an app
Disaster Tolerant Disk Systems (DTDS)
consists of two or more independnet zones, either of which provides access to stored data
disk striping
data segments, called stripes, are written in turn to ach disk drive in the array
Platform as a Service (PaaS)
development platforms are made available to developers
disk striping without parity
disk striping to allow multiple drives to be cominedin order to hain large capacity without data redundancy
Contingency planning (CP)
encompasses everything done by an organization to prepare for the unexpected
storage area networks (SANs)
fiber-channel direct connections between systems needing storage and storage devices high-speed and higher-security only accessible by devices connected
•Delayed data protection •Real-time data protection •Server recovery •Application recovery •Site recovery
five key mechanisms that help restore critical information and the continuation of business operations:
one
for full backups of entire systems, at least x copies should be stored in a secure location - bank - security deposit - remote branch
one or two one
for routine data backups of critical data, the org only needs to retain the blank or blank most recent copies and at least blank off-site copy(ies)
Infrastructure as a Service (IaaS)
hardware and operating systems resources are made available for whatever the organization desires to implement
host platform
host machine the physical server and operating system that the virtualization application and all virtual machines run on
Site recovery
includes the steps needed to plan for and execute the procedure to quickly establish critical capabilities at an alternate site when the organization's primary site or sites are not available providing alternate processing capabiliy may be necessary - may be necessary to quickly put a computing environment into operations determining factor: cost the exclusive control options are hot sites, warm sites, and cold sites, the three popular shared-use options are time-shares, service bureaus, and mutual agreements, and the independent option is mobile sites
•Disk to Disk to Tape
individuals and organizations can build libraries of these devices to support larger-scale data backup and recovery secondary data disk series should be periodically backed upt o tape 2nd disk avoids need to take the primary set offline for duplication reduces resource ysafe on the primary systems initial copies can be made efficiently and simultaneously with other processes
disaster recovery plan (DR plan)
lists and describes the efforts to resume normal operations at the primary places of business
digital audio tapes (DATs) quarter-inch cartridge (QIC) 8-mm tape digital linear tape (DLT)
most common types of tape media for smaller orgs and individuals
Continuous data protection
near real time copies to secondary storage using an application interface data is stored within one-second tolderance only R1Soft
application recovery or clustering services plus replication
next level of recovery software replication can provide increased protection from data loss clustering services and application recovery work is similar to hot, warm, and cold server model sysadmins install applications on multiple servers for redundancy expands on this premise: rather than simple services providing failover capabilities for critical applications, it uses SW to detect failure of the primary applicaiton server and to hen activate the secondary app server to begin accepting and servicing requests
online backup to a third-party data storage venro
one of the newest forms of data backup this option offers multi-terabyte online data storage anywhere Memeo, Dropbox, Google
hot server
online primary server provides services necessary to support operations
OS-level virtualization (a.k.a. software virtualization)
only host's OS used multiple virtual sessions of OS each application can be independent of the others increased controls over resource utilization
cloud computing
originally described as the provision of three fundamental services •Software as a Service (SaaS) •Platform as a Service (PaaS) •Infrastructure as a Service (IaaS)
Failure Tolerant Disk Systems (FTDSs)
protect against loss of data access because of failure of any single component
Failure Resistant Disk Systems (FRDSs)
protects against data loss due to disk failure and its enhancement, FRDS+
warm server
serves as an ancillary or secondary server services requests when the primary is busy or down should hot server goe down, this automatically takes over
Grandparent/Parent/Child method
similar to the six-tape rotation method retains 4 full weekly (friday) backups and ads a full monthly backup, retaining 12 monthly backups the most common method of tape rotations once the monthly backup is created, the four (or five) Friday tapes are reused
network-attached storage (NAS)
single device or server attaches to network uses common communications methods to provide online storage environment implemented as additional storage space allows user or groups to access data storage does not work well with realtime apps - latency of comms methods TCP/IP-based protocols and comms methods more compatible anyone who can intercept the IP address can access
Virtualization
the development and deployment of virtual systems rather than physical implementations of systems and services develop and deploy different applications and enviornments without requiring a separate HW platform for each environment or OS take existing HW and deploy any other OS or application using specialized tech memory, storage, data, and networking can be virtualized physical host and virtual hyperivosr provide them by mapping them roots trace back to 1960s with development of IBM CP-40 Only in last 15 years became commercial - SoftPC - 1988 - Virtual PC - 1997 - VMware - 1998 allows admins to create snapshot backups, copy collection of file that support the particular VM to another location - image loaded into new host orgs don't worry about quickly purchasing and setting up multiple pieces of HW
primary site
the location or group of locations at which the organization executes its functions
Snapshot replication Merger replication Transaction replication
three types of database replication
virtual machine
to a virtualized environment operating in or on a host platform guest hosted operating system or platform running on the host machine
Legacy backup applications
traditional •"lock and copy" DB must be accessible while a backup is created to a local drive
Remote journaling (RJ)
transfer of live transactions to an off-site facility. Developed by IBM in 99 only transactions are transferred transfer performed online online activities on a system level two locations are written simultaneously can be asynchronous recovery of key transactions in near real time OS initiates a process that created record of object behavior - all changes are recorded in a journal entry - sotred in journal reciever - full receiver is available for stoage - sotred receviers can be pulled from tape and applied to data transference of journal entries to a remote journal
business resumption plan (BR plan)
two major elements 1. DR plan 2. BC plan these are not indistinguishable
Data backup
typically involves making a copy or snapshot of the data from a specific point in time data = volatile, subject to change For data recovery from an incident or disaster, this is the most common solution
hypervisor
virtual machine monitor The virtualization application specialized software that enables the virtual machine to operate on the host platform.
six-tape rotation
when addressing the selection of files to backup, a popular method is six sets of media are used in rotation uses five media sets per week and offers two weeks of recovery capabailiy org first attempts to recover files using Mon-Thurs tapes If needed file is not contained, last full backup that was stored off-site is retreieves and recovered org myay make two copies of each full backup so an onsite version is on hand
Online (cloud) backup applications
•"lock and copy", but backups to online/cloud
RAID Level 4
•Block-level striping of data data is stored in segments on dedicated data drives parity info is stored on a sep drive one large volumes for data, parity drive operates alone for error recovery
RAID Level 2
•Disk striping with parity not widely used Hamming code to store stripes on multiple data drives and corresponding redunent errorcorrection on separate err-correcting drivess allows reconstruction of data if some data or redundant parity is lost no commercial implementations
formal policy and plan
•Management should create a WHAT that - with input from legal counsel - for conforming to applicable laws, regulations, and standards. •Data that is not covered by laws or regulations may even be in the organization's best interest to quickly destroy.
RAID Level 1+0
•Mirroring then striping second striped set FROM mirro a primary striped set
Failure Resistant Disk Systems (FRDSs) Failure Tolerant Disk Systems (FTDSs) Disaster Tolerant Disk Systems (DTDS)
•RAID vendors have come to use a standardized classification that identifies three types of RAID implementations:
on-site - fireproof safes - filing cabines off-site - safety deposit - prfessional service - conditioned environment - each unit should be labelled and write-protected retire tapes periodically
•Regardless of the strategy employed, all on-site and off-site storage must be secured.
near real time copies to secondary storage
•Some applications use file systems and databases in ways that invalidate the customary way of doing backup and recovery. some apps write large binary files •Make sure that members of the application support and development teams are part of the planning process when these systems' backup plans are made and that these team members are included in training, testing, and rehearsal activities. advances in cloud computing have opened a new FIELD in THIS ask that the service agreement include contingencies for recovery
Transaction replication
•Using a master database for regular operations but periodically copying new and updated entries to a backup
business continuity plan (BC plan)
•When the IR process cannot contain and resolve an incident, the company turns to the disaster recovery and THIS plans to help restore normal operations quickly at the primary site or a new permanent site if the old one is no longer viable. contains the steps for implementing critical business functions at an alternate internal or external location until normal operations can be resumed at the primary site (or at a new location). occurs concurrently with the DR plan when the damage is major or long term
Disk to Disk to Other: Delayed Protection
•With the decrease in the costs of storage media, including traditional hard drives, solid-state drives, and tape backups, more and more organizations are creating massive arrays of independent, large-capacity disk drives to store information at least temporarily. availability of devices avoids cost oand implementation challenges of tape quick and easy recovery of files and directories
incident response (IR)
•focuses on detecting, evaluating, and reacting to an incident, with later phases of the process focusing on keeping the business functioning even if the physical plant is destroyed or unavailable.
data archive
•involves the long-term storage of a document or data file, usually for legal or regulatory purposes.
Database replication
•similar strategy to DB shadowing multiple backups
