NYU Data Protection Overview
Data backup is available to all registered client systems upon request via IBM Spectrum Protect servers. The backup backend environment consists of a disk based virtual tape library (VTL) and magnetic tape library. All magnetic tape media are regularly sent off site via Iron Mountain to accommodate disaster recovery plan requirements.
Standard Resource Specifications
Client Host Requirements
- Client machines must be hosted in NYU IT data centers
- Client machines must have the IBM Spectrum Protect Backup
- Archive Client installed
- Databases that are not backed up by Spectrum Protect “Data Protect for Database” must be exported to a flat file in order to be backed up
- NYU IT Infrastructure offers active support for the latest version of the Spectrum Protect Backup-Archive Client as available from IBM, with legacy support for the previous two versions
- Individual client machines and exception cases are subject to review
Backup Specifications
- Progressive incremental backups run once every 24 hours after an initial full backup
- Estimated compression ratio for physical tape is 3:1
- AES-256 encryption is enforced across all backups
- For exception cases in which the data source is not co-located with the data protection systems, backup traffic is encrypted
Disaster Recovery Backup Classification
- The Disaster Recovery/Resiliency team determines which applications are targeted for recovery in a disaster situation
- Departmental, dev, QA, test hosts are not eligible for DR classification
- DR designated applications will have their backup tapes retrieved from Iron Mountain and delivered to an off-site recovery location in the event of a disaster
Standard Backup Offerings
- By policy default, deleted file systems will be retained in backup for a period of one year
- If deleted file systems must be purged from backup before one year, NYU IT Infrastructure will reach out to the client to confirm data is eligible for removal from backup
- Hosts are reviewed and categorized by the NYU Infrastructure team into one of three categories, outlined below
Physical Hosts and Oracle DBs
- Backup IOPS run on client machine
- Data written to backup server disk, then to tape
- Offsite to tape
Virtual Hosts
- Backup IOPs run on proxy server with vStorage agent
- Utilizes VMware snapshots
- Backups written to virtual tape
- Offsite to tape
- LAN-free
Data Protection for Oracle
- RMAN writes to virtual tape
- Requires two installations of the TSM software: Data Protection for Oracle and Spectrum Protect Storage Agent
- Offsite to tape
- LAN-free
Data Retention
Refer to Retention and Destruction of Records and Practices Concerning the Retention and Destruction of NYU IT Log Data to determine the appropriate retention period of your data.
Onsite
- 90 day data retention for Academic Linux hosts and Digital Library hosts.
- 30 day data retention for all others
- Retention exceptions may be made based on requirements review
Offsite
- Retention periods are the same as on-site
- Iron Mountain pick-up Mon – Sat
- Tapes are recalled on demand with next day return
Data Restoration
- Data restoration from tape should be pursued only after other avenues, such as restoration from local host backups and snapshots, have been exhausted
- Restoration times are variable based on size of data restore, file sizes and count, and other considerations
Glossary
- Progressive incremental backup – After the initial full backup, no additional full backups are necessary because the backup server, using its database, keeps track of whether files need to be backed up. Only files that change are backed up, and then entire files are backed up, so that the server does not need to reference base versions of the files.