Mistakes to avoid when creating backups
There are a lot of different ways to mess up a backup solution for a client.
Problems arise from unmonitored solutions, insufficient redundancy, misunderstood recovery expectations, and failed backups that weren’t caught. Many MSPs have been fired because the backup solution they touted and sold failed when it mattered most. Don’t let that be you. Here are some common issues we’ve seen time and again and ways to address them.
A provider comes in and sets up a backup. It’s supposed to run every night automatically. They leave and don’t think about the backups again. Then, six months later, the server crashes. They go to their backups only to find that they stopped successfully completing five months prior, which is the most current data they have.
There is a simple solution. You should only implement backup solutions that you know how to monitor. Set up your RMM solution so that you get an alert immediately if a backup doesn’t complete successfully. A ticket is created, and your time has time to respond and correct the situation.
A backup solution without any time of monitoring or alerting is incomplete and will leave you in a very sticky situation with the client if you need to recover. Do it right from the beginning and ensure that you can monitor and get alerts on your backups.
Just one copy?
If one copy is good, then two is better. It’s recommended that you always have a local and an offsite copy of your data. This allows you to respond quickly in an emergency. For example, if the server crashes, you have a local copy you can recover quickly from.
This also covers you in case of a major disaster. Fire, theft, earthquake, whatever. Even if your whole site is destroyed and the local backups with it, you can still recover the lost data. Grab that offsite data and get to work.
Be smart about backups and make sure you always have a local and offsite copy.
RPO and RTO
Asking the right questions about your client’s expectations regarding backups upfront is critical. This allows you to understand their goals for RTO (Recovery Time Objective) and RPO (Recovery Point Objective. Essentially you need to know how quickly they need to recover from a disaster and how long they need to keep their data.
An improper understanding of these two goals will have you select a backup solution that doesn’t meet the clients' needs. Then, in the critical moment when recovery is needed, they will be very upset to find out that you can’t get them operational as soon as they expected. They may also be concerned that you can’t go back far enough to recover the needed data.
Make sure that you understand your clients' expectations for these key factors and plan a backup solution to meet their needs.
Another area where some IT companies fall short is planning for recovery testing. Many organizations have security compliance which requires their backup and disaster recovery plan to be tested regularly. Unfortunately, this can be cumbersome and time-consuming, and thus it is frequently skipped.
Don't skip recovery testing! If it’s a requirement of your client, make sure it gets done regularly and that you can recover backups as planned. Many modern backup solutions such as Veeam allow you to automate backup testing on a schedule. This gives you peace of mind while minimizing the workload that backup and disaster recovery testing adds.
Careful with snapshots
If you’re using snapshotting technology to grab snaps of VMs for your client, do so with caution. I’ve seen many instances where a misconfiguration of this feature causes multiple snapshots in succession, filling the space on the server and crashing it.
If you choose to use this for backups, do so with caution. Monitor the solution and the space on the server so that if a misconfiguration happens, you get notified and can rectify the situation before the crash.
Take "if" off the domain
Recent ransomware attacks have necessitated some changes when it comes to your backup server. Previously it was always a best practice to have it set up as a domain server. Many ransomware threats will spread through the network via that domain connection. You may want to consider removing your backup server from the domain to help protect your backups against ransomware. This little tip could save your bacon.
Backups are critical for every MSP. Make sure that you’re implementing solutions that you can easily monitor and get alerts on. Keep a local and an offsite copy of your data. Make sure you understand the needs for RPO and RTO and set up your backups accordingly. Do your recovery testing. Take caution with snapshots and consider removing your backup server from the domain.
We hope these tips have helped. Backups can be a great source of revenue for MSPs, but if done poorly, they can bite you worse than any other service. So take care to do them correctly, and they can be a great line of business for your MSP.
Stay up-to-date on all things SuperOps.ai