Lesson 15 of 33
In Progress

Backup & Recovery Process

1                  Introduction

1.1              Purpose

This document outlines the various components within Global Security Operations Centre (GSOC) and their respective backup responsibilities. Where the responsibilities lie within GSOC, this document will describe further details pertinent to the backup process which is to ensure that a redundant copy is kept for all data of importance within GSOC. Equally important is the ability to use the backups when the need arises.

For backup responsibilities outside the GSOC, their respective backup processes will be referenced.

1.2              Scope

As per the purpose section above, this process document will provide additional detail where backup responsibilities belong to GSOC. The details include:

  • Process for backing up
  • Types of testing to be performed to confirm that backup was successful.
  • Recovery processes.

For backup responsibilities outside the GSOC, their respective backup processes will be referenced.

1.3              Ownership

This document is ultimately owned by the Head of GSOC.  He or she is responsible for ensuring that this is updated and maintained.

1.4              Audience

This document is intended for all GSOC members (see Section 2.7 – Responsibilities).

1.5              Exceptions

Exceptions to this process can be temporarily authorised by GSOC Operations Manager.

1.6              Reporting Violations

Failure to adhere to this process must be reported to the GSOC Operations Manager.

1.7              Responsibilities

The following roles have overall responsibility for elements of this process.  Please note that these are not comprehensive listing of responsibilities of each of the following roles, but represent these roles’ specific responsibilities to support the backup and recovery process.

1.7.1          Head of GSOC

The Head of GSOC is ultimately responsible for the proper functioning of the backup and recovery process. The Head of GSOC will have the authority to delegate the responsibilities to other members of the GSOC where he deems fit.

1.7.2          GSOC Operations Manager

The GSOC Operations Manager’s responsibility is to ensure that the day to day operations of the backup and recovery process is working as intended and to manage any exceptions that might occur during the execution of the process.

1.7.3          Tooling Engineer

The Tooling Engineer will be responsible to execute the processes as documented within this process.  

1.8              Upstream (Dependent) Processes

  • Change Management Process
  • Data Handling and Privacy Process

1.9              Downstream (Affected) Processes

  • Disaster Recovery Plan

2                  Process Overview

Backups for GSOC are split between two main sites as described in the following sections. For all instances where GSOC has to export files, refer to Section 3.4 for management of these export files.

Refer to Change Management Process for backups related to changes. The scope of this document is limited to systems owned by the GSOC only.

2.1              Backups within Amsterdam Data Centre

2.1.1          Hewlett-Packard’s Responsibilities

Hewlett-Packard (HP) is responsible for backing up all data within the Amsterdam Database. The below documents HPs backup practices[1].

  • What is the backup to tape schedule and format? Saturday to Thursday Incremental and Friday Full?
    • Backups are scheduled between 18.00 and 06.00 depending on the request. Every day, an incremental backup is performed, a differential backup is performed weekly and a full backup every 2 weeks.
  • How long are the tapes retained for?
    • All backup data is retained for 8 weeks.
  • What is required to change the retention duration for a specific server?
    • A change ticket shall be raised for the required retention (if that is different from default).
  • Are the tapes stored onsite or offsite? If it’s a mix, what is the schedule?
    • Every day, backup media is shipped off to the Iron Mountain site.
  • Are the tapes stored in a secure location and transported through a secure procedure?
    • Yes, backup media are stored in secure racks and employ the use of secure cases while shipping.
  • Do we have the ability to encrypt the tape backups? If so, what encryption settings are available to us?
    • Yes, AES 256-Bit. (Software Encryption)
  • Are all tape backups encrypted by default? If not, what process is required to have tape backups for a specific server encrypted?
    • Yes, all backup tapes are encrypted by default.
  • What is backed up as part of the default option?
    • When a Windows server is deployed, backup software is installed by default. And it is configured to back up everything except for “*.MDF”, “*.NDF”, and “*.LDF” (SQL database files).

2.1.2          KPMG GSOC’s Responsibilities

2.1.2.1         Databases

Because KPMG has not purchased SQL backup option from HP, GSOC is responsible for exporting SQL database as .BAK, .DIF, or .SAVE file. Once this is completed, the backup software will automatically include these files within the backups.

2.1.2.2         Linux Systems

At time of writing on 14th April 2015, there is no mechanism to backup Linux systems. It is a manual activity to identify and save the important data out to the Windows server to be backed up. Once the Linux data is exported to a Windows system, the Windows backup software (provided and operated by HP) will backup the data automatically as per Section 3.1.1.

2.1.2.3         Application Configurations on Linux Systems

The process to backup application configuration on Linux systems are as follow:

  • Export the configurations from the application
  • Transfer it to a Windows system

Ensure that management of export files as documented in Section 3.4 is followed.

2.2              Backups within UK

2.2.1          ITS UK’s Responsibilities

ITS UK will be responsible for backing up all data within UK’s datacentres. ITS Global will also maintain the Virtual Desktop Infrastructure images. For management of Active Directory (AD) backups, it is documented within this link.

However, data within VDIs are not backed up each VDI will be rebuilt upon logout. All data created by the user will be lost upon logout.

2.2.2          KPMG GSOC’s Responsibilities

For end user equipment, i.e. laptops, each user is to ensure that their important files are stored on GSOC’s secure SharePoint.

2.3              Restoration

The restoration procedure is the same regardless of location. A service request shall be raised via Remedy for restoration.

2.4              Management of Exports

All files exported will be in the format of YYYYMMDD_XXXX.ext where YYYYMMDD is the date of backup, XXXX is the type of backup and .ext is the respective extension for the backup.

Three versions of the exports will be kept before they are deleted.

2.5              Restoration of Backups Testing

2.5.1          Backup Testing within Amsterdam

HP is responsible for checking the backup status, and making sure all the backup tapes are in good condition. Quarterly, a service request ticket shall be raised by GSOC via Remedy for HP to test the restoration of the tapes to ensure that they are usable in the event a data recovery is required. The backups shall be restored, and GSOC staff will go through the restored files to determine success of restore.

2.5.2          Backup Testing within UK

For AD, a service request ticket shall be raised by GSOC via Remedy quarterly for ITS UK to test the restoration of AD.

  1. Constraints and Assumptions

The purpose of this appendix is to describe significant constraints and assumptions that are the key drivers for the design and content of this process.  The purpose of identifying these key constraints and assumptions is to ensure that when constraints change or assumptions are disproven, that the processes are examined to ensure that they still apply and are optimised for the goals of the GSOC.

Objective of Backups

The backup process detailed in this document does not cater for backups of dependent systems. Therefore, if systems across the landscape fail at the same time, it will not be possible to guarantee consistency of data across all failed systems when they are restored.

Limitation of Backups

Backups are point in time snapshots of a system. Therefore, it is impossible to guarantee that restoration of a backup will bring the state of system to the latest known state. If that is desired, near real-time replication systems will need to be implemented.


[1] Information obtained from Shigeo Suzuki