> From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of
> Edward M. Corrado
> Sent: Tuesday, September 01, 2009 3:57 PM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] FW: PURL Server Update 2
> This should be a lesson to each and everyone of us who are in charge of
> maintain systems to actually try to restore a system from your backups
> on a some-what regular basis to ensure that you can get important
> systems up and running in a timely manner. From personal experience, I
> can tell you that you can learn a lot from these tests, and on at least
> one occasion they saved my ____ when I had a critical system fail.
I would be surprised if GPO wasn't backing up their data or even imaging
their server drives on a periodic basis. However, in my experience with
operation folks over many years, it isn't as simple as grabbing a backup
tape, putting it in a drive, and copying the data. Just copying the
data, depending on how large it is could take some time.
1) Data drive fails. Grab a new drive from stock, reformat the drive,
grab the backup tape, reload the data, then figure out what was lost
between the time it was backed up and it went down. If it were a SQL
database can you recover from any intact journals? Yes, then apply
the journals. What if this isn't the only service running on the
server, you got to restore the data for those applications too.
2) OS drive fails. Grab a new drive from stock, reformat the drive, grab
the backup tape or image and reload the OS, then figure out what
security or application patches were applied between the time the
backup/image was taken and today. Reinstall the missing patches.
3) Total hardware failure. Do (1) and (2) above. Your organization
might keep pre-built spare servers around, but you still have to make
sure that they are up-to-date with security and application patches,
that they have the correct applications installed, you need to change
the IP address, the server name and other little details like that.
4) Server compromised. Worst case scenario. They need to preserve all
the drives so they can analyze them and turn over information to
police. They are not going to trust the backup/image since they don't
know how long the server was compromised. So they are most likely
going to rebuild the server from scratch and insure that it has *all*
the latest security and application patches, in addition to doing (1).
We had a research server get compromised a few years ago and it took
several weeks to get it back online due to rebuilding it from scratch.
Nothing is as simple as it seems...