Backup in depth

In security circles, there is often talk about “defense in depth.” This refers to the fact that a security system is not relying on a single element to accomplish its goal; the “defense in depth” strategy is a form of remove a single point of failure from security mechanisms. That is, if one element in the security infrastructure goes down (such as firewall collapse) other elements will be waiting to prevent an attacker from entering further.

Backup in depth (my term) is similar. In one environment I was priviledged to be in, the database administrator and I worked out a backup plan like this: each database would be backed up on the machine itself (backup #1); this backup would be saved to a location on a central server for up to 30 days (backup #2); and both the database servers and the central repository would be backed up to tape daily (backups #3 and #4). In at least one case, having the database backup on the local disk saved the database administrator from a long drawn out restore from tape.

When you are backing up your own personal data, this is also a good procedure to follow. Don’t rely just on tape or a remote site. Backup your data in several ways and in several locations (varying by ease of access and completeness of backup).

One could, for example, save your home directory to SpiderOak (the remote backup facility I mentioned earlier) and a copy to an external USB drive. SpiderOak thus provides the space and deep history, and the external drive provides immediate and fast restores that are not dependent on the Internet.

Virtual environments provide an inherint ability to create a “backup in depth” – the host can be backed up (including the virtual environments) and the virtual environments can do a standard backup.

With multiple backups in place, restoring a file should not be a problem in most cases – or restoring entire directories or systems. Isn’t that worth taking some time to accomplish on your personal machines?

Pull files out of a Ignite-UX recovery archive

Perhaps you have a regular backup utilizing make_net_recovery, and want to get some files out of it. How is this done? The standard way to utilize a Ignite-UX backup is to restore the machine completely, using Ignite-UX.

However, if just one file – or a series of files – is desired, log into the Ignite server. Change to the directory /var/opt/ignite/recovery/archives and then into the directory matching the host you want to restore files to. The files in these directories are gzipped archives of the sort that you specified when you did the make_net_recovery (tar files by default). The file names are of the format YYYY-MM-DD,HH:MM.

Use your favorite tools to extract the files from the desired archive. For example, the following will extract the /stand directory (where HP-UX keeps its kernels):

gunzip -c 2009-01-24,07:05 | tar xvf - stand

The actual configuration of the archive process is kept in a different directory in /var/opt/ignite/clients followed by the host name. Most of these files should not be changed, as it would be easy to mangle the backup (or restore) process by making a bad change to one of these files.