Virginia Tech® home

Data Recovery

Introduction

Safeguard 11 - Data Recovery

Procedures

11.1 - Establish and Maintain a Data Recovery process

A data recovery process should address what data needs to be backed up, where it should be backed up to, and how often it should be backed up based upon business needs. The process should be sufficient to restore university data that has been lost, accidentally deleted, corrupted, or otherwise made inaccessible. It must also adhere to all university record retention requirements, wherever applicable. Refer to Safeguard 3.4 for more information.

  1. Virginia Tech has a contract with CrashPlan for Data Recovery and recommends the use of this service.
  2. Virginia Tech has services through OneDrive which can be utilized for backups and recovery.
  3. Data can also be backed up yourself using restic.

In some cases databases require additional tools to export data in a format suitable for backing up. Below is a non-exhaustive list of some applications. If you need help with an application you wish to back up that is not covered here, please contact the Virginia Tech IT Security Office at itso@vt.edu.

  1. PostgreSQL - pg_dump or pg_dumpall to create a backup, psql to restore.
  2. MySQL - mysqldump to create a backup, mysql to restore.
  3. SQLite - sqlite3 to create and restore backup files, see the .backup and .restore special commands.
  4. Mongodb - mongodump to create a backup, mongorestore to restore.

11.2 - Perform Automated Backups

Make sure backups are done weekly. Below are the instructions on how to use Restic with Linux. However, backing up and restoring files on a Windows or macOS client is almost identical to the procedures on Linux, with the main difference being the installation.

Installation

Restic Installation Instructions

Initialize a Repository

After installation, you’ll need to prepare a repository, which is the location your backups will be saved to. Below are a few common repository locations; consult the restic documentation if you require a different location or further information.

Local

To create a repository at the location /srv/backup, run the following command.

$ restic init --repo /srv/backup

You will be prompted to enter a password for the repository, so create a password that is unique and secure. Restic will prompt you to re-enter the password to confirm.

$ restic init --repo /srv/backup  
enter password for new repository:   
enter password again:   
created restic repository 4ff40f86d1 at /srv/backup  
  
Please note that knowledge of your password is required to access  
the repository. Losing your password means that your data is  
irrecoverably lost.

Keep your password safe. If you lose your repository password, you lose access to your repository and the data in it. 

SFTP

To back up data via SFTP, you’ll need a server with SSH and set up SSH key authentication. This is done by copying your public key to the remote server.

Note: Replace username with your username on the remote server and remote-server with the server address.

$ ssh-copy-id username@remote-server

Then, to create a repository at the location /srv/backup on the remote server, run the following command.

$ restic init --repo sftp:username@remote-server:/srv/backup
Amazon S3

To back up data to an Amazon S3 bucket, first create the bucket on AWS and set up the following environment variables with the credentials obtained.

$ export AWS_ACCESS_KEY_ID=<MY_ACCESS_KEY>
$ export AWS_SECRET_ACCESS_KEY=<MY_SECRET_ACCESS_KEY>

Then, to create a repository at the bucket named backup, run the following command.

$ restic init --repo s3:s3.amazonaws.com/backup

If the bucket does not exist it will be created at the default location.

Back Up Files

To back up files, run the following command and enter the repository password when prompted.

$ restic backup <file_location> --repo <repository>

Example

Backing up the Documents directory in your home folder to a restic repository called /srv/backup looks like the following.

$ restic backup ~/Documents --repo /srv/backup

The string of numbers and letters after snapshot is the snapshot ID to use when restoring a backup.

Restore a Backup

To restore a backup, first display the list of available snapshots.

$ restic --repo <repository> snapshots

Once you’ve identified the snapshot ID to restore, run the following command, specifying the <target-location> as where the files are restored to.

$ restic --repo <repository> restore <snapshot ID> --target <target-location>

Alternatively, restore the latest backup using the keyword latest.

$ restic --repo <repository> restore latest --target <target-location>

To restore only a subset of files (/etc in this example), pass the --include flag.

$ restic --repo <repository> restore latest --target <target-location> --include /etc

Consult the restic documentation for more information.

Example

Restoring the snapshot created in the previous example to the location tmp/restore-work looks like the following.

$ restic -r /srv/restic-repo restore 09ea62f2 --target /tmp/restore-work
enter password for repository:
restoring <Snapshot of [/home/user/Documents] at 2015-05-08 21:40:19.884408621 +0200 CEST> to /tmp/restore-work

11.3 - Protect Recovery Data

Ensure you have a password and/or other protections in place for your backed up data. If you are using restic, consider encryption.

11.4 - Establish and Maintain an Isolated Instance of Recovery Data

DO NOT store your backed up data to the same device/application as the original data.

11.5 - Test Data Recovery

Test backed up data quarterly. If you are using restic see Integrity and Consistency in the documentation.

Other

If you have questions that are not covered in these procedures, please contact the VT IT Security Office itso@vt.edu for a consultation.