> > You might say "tape backup"... but keep in mind that it doesn't offer a > > "plug n play" solution if a server goes down. With the above method, a > > dead server could be brought to life in a minute or so (literally) > > rather > > than half an hour... an hour... or more. > > It occours to me that in most cases, recovery from a catostrophic > failure is not going to be as easy as plug and play. Let's take some > common situations where we need to recover a system. > > Virus - > The way I traditionaly deal with a virus, is to never have it touch > my system. As a system admin it is my job to keep viruses from hitting > machines in the first place, not clean them up once they arrive. > Cleaning up is the mentality of the Microsoft security world, and I > refuse to accept such poluted doctrine. However, I do have a contingency > plan should I miss a virus. I have a master OS image burnt onto a disk, > and each of my systems make a backup of their data nightly (simple tar). > The backups rotate and are incrimental, so I can restore data to the > current date, masking out any infected paths. This, however, is not a > plug and play solution, it requires manual control. > > Hardware failure- > I run arround and sceam alot. This kind of failure is mostly luck > of the draw, but I try to follow the same strategy as above. > > Hacker- > If they wipe the disk, then the OS image and data backup will work > nicely. If they do something else, then I wipe the disk myself (no > backdoors that way), and recover. > > In none of these situations do I see any value in making a replica of a > tainted or damaged disk every 12 hours.
You are thinking resource-intensive work, which would require more than a basic or low level sysadmin to do. I would not trust a low level sysadmin to start performing restoration work on a system. At least if we catch it within 12 hours or 24 hours then the sysadmin could at least pull out the backup hard disks from the drive caddies, plug them into the backup system on standby (basically has everything except hard disks) and have a working system up and running instantly. A high level sysadmin can slowly sift through original information carefully once the system is up and running. Your assumption is that you can have a sysadmin onsite within a certain amount of time to perform said restoration work on the filesystem, which may not be possible especially with cutbacks everywhere and everyone tightening their belts. Calling in a high-level sysadmin at 3am in the morning to perform such tasks is not always possible resource-wise. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
