Well Managed

Blog archive

Separation of Permissions in Backup and Recovery

The more systems and applications that have to be managed at a company, the more people you have managing them. This generally leads to the creation of several different groups within IT, each of which possesses specific expertise of, and distinct responsibilities for keeping the IT infrastructure up and running. Typically, this also means that IT ends up with several different administrative domains that for sound operational and security reasons, require special permissions to be maintained. It's bad policy in a large IT environment to allow just anyone to go wherever they please.

But this separation of permissions raises a big question: How can IT possibly keep the administrative domains separate when it needs to back up all the data in the company?

To illustrate the problem, let's take a simplistic approach and consider three different groups:

  • Database Services (Microsoft SQL)
  • Messaging Services (Microsoft Exchange)
  • Backup Administrators

In the traditional agent-based backup world, the backup administrators needed full access to database and messaging services so that they could deploy specialized software (agents) to back these systems up. And when it came to recovery in the traditional world, backup administrators once again had a great deal of power because they had access to the backups and the permissions to restore the items requested by database or messaging services.

How Can Virtualization Change Things?
Virtualization is changing the way backups are performed. No longer is it required (or even recommended) to run a backup agent on each server; the entire virtual machine can be backed up at the image-level. After all, virtual machines are nothing but files on disk. With the extra layer of abstraction, backup administrators no longer need access inside the applications, because they can back up the entire virtual machine and all the applications/data inside of it at the image-level.

But what about recovery? Recovering the entire image is a pretty straightforward process: simply restore the files that represent the VMs back to your shared storage. Of course, this process can be very time consuming, since we're talking about potentially hundreds of gigabytes of data that need to be recovered. Also, recovering the entire image can be a serious case of overkill if all you need to recover is a single file or database/email record. Why spend hours recovering the entire image for only one small bit of data? Why roll the entire server back in time due to a single lost email from the CEO's mailbox? The image-level model can completely break down when you start to consider these limitations, especially since these recovery limitations didn't exist in the traditional agent-based model as long as backup administrators had all the permissions they needed.

Some backup vendors are currently working on ways to eliminate this limitation within image-level recovery, and it appears that many of their solutions will still rely on application-specific agents or software for granular item-level recovery. Unfortunately, application-specific agents and software don't solve the separation of permissions issue. When the backup solution relies on agents, the backup team needs permissions to access applications and databases. Only a true image-level recovery that does not rely on agents and delegates restore to the appropriate teams will solve the permissions problem.

Virtualization has changed backup. And it's about to change recovery as well.

Posted by Doug Hazelman on 09/08/2010 at 12:49 PM


Subscribe on YouTube