Hi, all. We're looking at options for an offline DR backup and were wondering if anyone has tried using a NAS appliance to receive backup copies and then just disconnecting it from the network once the backup completes? If so, what were your results?
Disclaimer: I have not tried this kind of a setup.
@JasonRkr are you trying to emulate something like the Iron Mountain offsite tape by using the "air gapped" NAS appliance for backups?
Just a few thoughts. DR experts will probably chime in with more comments/questions.
The idea for having a DR backup is a good one but how I understand it, seems flawed. If you want to keep backups on NAS appliance, during a DR you would want to use those to restore data. That would mean that the catalog needs to manage those images. Without the storage unit of the NAS appliance connected to the backup system, you will get partial success for your Image Cleanup jobs (if not failures). How do you plan to verify that the Image Cleanup's failure - was it due to the NAS appliance being absent or some other issue? The setup creates too much work if I think about it.
Is the NAS appliance planned to be at the same site? It wouldn't be a true DR if it is! Also, if this is being done manually, I would say it is a no-no for current times. It should be automated and turnkey.
As X2 mentioned your solution ought to be automated and not something you have to constantly be modifying - I don't believe a NAS appliance target regularly dropping off the network fits that requirement. If you want something both offsite for DR and completely offline, you're probably better off with just physical tapes. Cut them, ship them, record what images are where (or outright include a full catalog tape amongst the shipment) and call it good.
Otherwise everytime you connect that NAS appliance back up to refresh your DR images you're exposing it and negating your original purpose. Every time you have someone having to make config changes to bring it back online, or power up the box, you're opening yourself up to user-mistakes and/or additional wear-and-tear on the physical gear. Also, I find the idea of data being critical enough that it justifies this kind of protection ever truely being "done" with its backups rather interesting...I'd almost guess that it would be backing up and replicating almost around the clock because it was so vitally important to the business.
Also, in general NetBackup itself tends to be very unhappy with offline backup infrastructure components that it cannot talk to. Processes cycle through connection attempts to them pretty regularly and you're going to start seeing delays in regular activities if you keep forcing them to timeout instead of instantly succeeding. Food for thought.
Thank you, X2 and jnardello for sharing your thoughts. Your points are well taken. This is almost a last resort type DR setup. We have our traditional backups and then have replication configured for our Tier I/II application pools.
Yes, the idea would be to run something like bi-weekly full backups to the NAS and then disconnect it once those are complete.
X2, regarding your image cleanup comment, are you thinking images not on the NAS could fail if that storage unit is disconnected? I was thinking that would only apply to those images on the NAS.
jnardello, since myself and two colleagues would own this process, I'm less worried about the manual aspect of it, but I get what you're saying. Also, can you expand a little on what delays in regular activities we would likely see?
What's your aim for having the offline NAS device?
If it is to protect a set of backups from any ransomeware, then maybe investigate one of the immutable storage pool options that are now available (company hat on here - check out the Flex 5150 appliance for an immutable storage option, or the 5350 for larger capacity).
Ha! We would love to buy one, but can't at the moment. So, while we review our options, we want a locked copy of the backups to protect against ransomware. A stopgap for the time being.
Things to make this less of a problem: