Data Recovery
Introduction
Safeguard 11 - Data Recovery
Procedures
11.1 - Establish and Maintain a Data Recovery process
A data recovery process should address what data needs to be backed up, where it should be backed up to, and how often it should be backed up based upon business needs. The process should be sufficient to restore university data that has been lost, accidentally deleted, corrupted, or otherwise made inaccessible. It must also adhere to all university record retention requirements, wherever applicable. Refer to Safeguard 3.4 for more information.
- Virginia Tech has a contract with CrashPlan for Data Recovery and recommends the use of this service.
- Virginia Tech has services through OneDrive which can be utilized for backups and recovery.
- Data can also be backed up yourself using restic.
In some cases databases require additional tools to export data in a format suitable for backing up. Below is a non-exhaustive list of some applications. If you need help with an application you wish to back up that is not covered here, please contact the Virginia Tech IT Security Office at itso@vt.edu.
- PostgreSQL -
pg_dump
orpg_dumpall
to create a backup,psql
to restore. - MySQL -
mysqldump
to create a backup,mysql
to restore. - SQLite -
sqlite3
to create and restore backup files, see the.backup
and.restore
special commands. - Mongodb -
mongodump
to create a backup,mongorestore
to restore.
11.2 - Perform Automated Backups
Make sure backups are done weekly. Below are the instructions on how to use Restic with Linux. However, backing up and restoring files on a Windows or macOS client is almost identical to the procedures on Linux, with the main difference being the installation.
Installation
Restic Installation Instructions
Initialize a Repository
After installation, you’ll need to prepare a repository, which is the location your backups will be saved to. Below are a few common repository locations; consult the restic documentation if you require a different location or further information.
Local
To create a repository at the location /srv/backup
, run the following command.
$ restic init --repo /srv/backup
You will be prompted to enter a password for the repository, so create a password that is unique and secure. Restic will prompt you to re-enter the password to confirm.
$ restic init --repo /srv/backup
enter password for new repository:
enter password again:
created restic repository 4ff40f86d1 at /srv/backup
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
Keep your password safe. If you lose your repository password, you lose access to your repository and the data in it.
SFTP
To back up data via SFTP, you’ll need a server with SSH and set up SSH key authentication. This is done by copying your public key to the remote server.
Note: Replace username
with your username on the remote server and remote-server
with the server address.
$ ssh-copy-id username@remote-server
Then, to create a repository at the location /srv/backup
on the remote server, run the following command.
$ restic init --repo sftp:username@remote-server:/srv/backup
Amazon S3
To back up data to an Amazon S3 bucket, first create the bucket on AWS and set up the following environment variables with the credentials obtained.
$ export AWS_ACCESS_KEY_ID=<MY_ACCESS_KEY>
$ export AWS_SECRET_ACCESS_KEY=<MY_SECRET_ACCESS_KEY>
Then, to create a repository at the bucket named backup
, run the following command.
$ restic init --repo s3:s3.amazonaws.com/backup
If the bucket does not exist it will be created at the default location.
Back Up Files
To back up files, run the following command and enter the repository password when prompted.
$ restic backup <file_location> --repo <repository>
Example
Backing up the Documents
directory in your home folder to a restic repository called /srv/backup
looks like the following.
$ restic backup ~/Documents --repo /srv/backup
The string of numbers and letters after snapshot
is the snapshot ID to use when restoring a backup.
Restore a Backup
To restore a backup, first display the list of available snapshots.
$ restic --repo <repository> snapshots
Once you’ve identified the snapshot ID to restore, run the following command, specifying the <target-location>
as where the files are restored to.
$ restic --repo <repository> restore <snapshot ID> --target <target-location>
Alternatively, restore the latest backup using the keyword latest.
$ restic --repo <repository> restore latest --target <target-location>
To restore only a subset of files (/etc
in this example), pass the --include
flag.
$ restic --repo <repository> restore latest --target <target-location> --include /etc
Consult the restic documentation for more information.
Example
Restoring the snapshot created in the previous example to the location tmp/restore-work
looks like the following.
$ restic -r /srv/restic-repo restore 09ea62f2 --target /tmp/restore-work
enter password for repository:
restoring <Snapshot of [/home/user/Documents] at 2015-05-08 21:40:19.884408621 +0200 CEST> to /tmp/restore-work
11.3 - Protect Recovery Data
Ensure you have a password and/or other protections in place for your backed up data. If you are using restic, consider encryption.
11.4 - Establish and Maintain an Isolated Instance of Recovery Data
DO NOT store your backed up data to the same device/application as the original data.
11.5 - Test Data Recovery
Test backed up data quarterly. If you are using restic see Integrity and Consistency in the documentation.
Other
If you have questions that are not covered in these procedures, please contact the VT IT Security Office itso@vt.edu for a consultation.