There has been a lot of news about the Conficker Worm in the past week including a segment on 60 Minutes. According to these articles, the Conficker Worm is set to be activated on April 1st. Right now millions of computers could be infected with the Worm and we would never know because it has been laying dormant waiting for commands since being installed.
Once activated, the Worm will try to disable essential services on your computer including Windows Updates and Windows Security Center. In addition, Conficker may be able to log your keystrokes on web sites which could compromise the user names and passwords of your personal accounts. The worm may also be able to exploit weak administrator passwords in your network. These are just of few of the behaviors that Conficker can exhibit if you are not properly protected.
To help protect your computer from Conficker make sure you have Microsoft Security Bulletin MS08-067 installed. According to Ars Technica, Conficker installs its own version of this patch when it detects that it has not been installed. Also make sure that you are up to date with your Anti-Virus software and definitions. Then make sure that all your administrator accounts have strong passwords. For more steps to protect your computer, see the Microsoft TechNet Article, Conficker Worm: Help Protect Windows from Conficker.
There are people out there that say the threats of Conficker are being exaggerated and they very well may be correct. But why take the risk? Make sure you are up to date on Windows Security Patches, and your Anti-Virus Software, and you shouldn’t have anything to worry about.
If worse comes to worse and you think your computer is infected, check your Anti-Virus Software Vendor’s web site. They should have some type of removal tool for Conficker.
In my last post, we discussed the importance of backing up your database and we briefly discussed the importance of testing your backups. In this post we will discuss, in more detail, the importance of testing your backups and some ways to achieve testing to best suite your needs.
This afternoon I did a quick search on Google to find out others' ideas on testing backups and I found a cool site about backup policys. The Tao of Backup is a creative look why a sound backup policy is necessary. In their section on testing, they provide us with an interesting thought:
“If you really believe that your backups are sound, would you be comfortable erasing everything on your hard drive right now, and restoring it from backups?”
If you said yes, then I hope it is because you have done thorough testing of your backups and know that they will work as planned if, or when, the time comes. If you said no, then it is time to start testing your backups so you can be confident that you will be able to restore all your data when the time comes.
There are various reasons why your backups may not be sound. These include (but are definitely not limited to) the following:
- Failed Backups through the Blackbaud Management Console or SQL Server
- Not all software is perfect. The BMC and SQL Server can run into issues when attempting to backup your. Luckily the BMC, provides an easy to read Maintenance History to provide you with a specific error
- Failed Third Party backup software
- Most backup solutions have a backup history and should provide you with errors on why the backups are failing
- You may need to check with that vendor’s Customer Support if necessary
- Corrupt Backups
- Sometimes the backups will complete successfully but the backups will be corrupt
- The only way to find this out is to find out the hard way or by testing your database
- Your backup job is not backing up everything you need
- The BMC will back up everything you need for a Blackbaud database to a .BAK file
- However, you may not have your Tape backup solution backing up the BMC backups
These are just a few reasons why your backups can fail but these should be enough to show us that testing your backups is necessary for a sound backup Policy.
Now that we have established the need to create backups, let’s discuss some options we have for testing your backups. The best case scenario would be to setup a separate server to test your backups. (This doesn’t necessarily have to be as powerful as your live server. It could even be just an extra workstation you have that doesn’t already have client installations of your Blackbaud products.) In addition to using this server to test your backup, you could also use this to test upgrades to your Blackbaud applications, upgrades to SQL Server and upgrades to other applications. On this test server you would have the same exact versions of your applications so that you know the restore would work on your live server. I would suggest that you run the test restore once a week or once every other week. Restoring a backup on your test server will not only test the integrity of your backup but it will also refresh your test database with new data.
I understand that not everyone has the resources to have a permanent test server. Another option is to use your current Blackbaud Management Console to go through the restore process. However, this process requires that you take your live database down for a period of time because the BMC does not allow for two databases to be attached with the same serial number. In this case, you would need to detach your live database and the reattach the backup that you plan to test to a different folder on this server. Then reverse the steps to reattach the live database. This is not the preferred method of testing because it requires you to take down your live database.
Another option for those without a permanent test server is to setup a Virtual Machine (more to come on VMs in a later post) on your server or workstation using VMWare, which has a few free virtualization solutions, or other virtualization software.
We have mostly been discussing Blackbaud backups through the BMC but these same rules apply to all your backups including your server backups to external media. You can even use similar testing options, such has using a test server or a Virtual Machine, to test any type of backups you have configured.
Remember not to follow the Ron Popeil backup system. When it comes to backups do not “Set it and forget it”. You need to “Set it and test it” (I know not quite as catchy)!
One a side note: Nicholai Burton, author of The Spotlight, has some good ideas for using online storage, in his post, "Because Even the A-Team can't find your lost data," to keep your backups secure and off site.
Other Recommended Reading:
- Backing Up and Restoring Databases in SQL Server
- Planning for Disaster Recovery
- Disaster recovery worst practices: Don’t test your backups