Why Mirroring Is Not a Backup Solution

Craig writes "Journalspace.com has fallen and can't get up. The post on their site describes how their entire database was overwritten through either some inconceivable OS or application bug, or more likely a malicious act. Regardless of how the data was lost, their undoing appears to have been that they treated drive mirroring as a backup and have now paid the ultimate price for not having point-in-time backups of the data that was their business." The site had been in business since 2002 and had an Alexa page rank of 106,881. Quantcast said they had 14,000 monthly visitors recently. No word on how many thousands of bloggers' entire output has evaporated.

DUH!

[by Anonymous Coward]

DUH!

Again a frost post to a red story

[by Anonymous Coward]

While this mirrors previous comments, it's not really a backup solution.

When is backing up *not* an option?

[wandazulu (265281)]

Mirroring, RAID, grid, whatever. At some point, you want your data safe and secure on something not physically attached to any power source.

Re:When is backing up *not* an option?

[by Anonymous Coward]

Incremental backups to tape every night, full backup at the weekend. Tapes must be stored off-site at a proper storage location. Got lots of data and a small backup window? Get a faster tape drive and a tape robot. It costs money, but you data costs more.

This is at a minimum people. Come on!

To many shops think HA==DR

[uncledrax (112438)]

It's more an issue that some people think that HA == DR.. which obviously this story reminds us that it is not the same thing.

Mirroring / RAID == HA.. if one of your HDDs let the smoke out, you still don't incur downtime. If you have a hot-spare, you're even better.. all it does it let you have alittle time to correct the
issue (ie: "It can wait until morning").

Also, one other very important thing.. mirroring doesn't prevent/restore data corruption. If you're mirroring your rm -rf (as pointed out by Corsec67 below), your RAID will happy do what it does.. and span your command to all your disks.... Congrats, you just successfully gave yourself HA to your disk erasing! :]

Backups are DR.. If your RAID croaks.. your SOL if you don't off-machine backups. If you accidently nuke your disks with an rm or something, you can still go back and restore data.. sure you'll likely loose -some- data, but -some- is better then all in this case.

Dear Every Corporate Tool in the Universe:

[yttrstein (891553)]

And that's why your IT department actually needs funding. Sleep tight.

Re:Dear Every Corporate Tool in the Universe:

[TubeSteak (669689)]

And that's why your IT department actually needs funding. Sleep tight.

They've had the site live for 6 years.
This wasn't a lack of funding, it was just sheer stupidity.

6 years and nobody ever thought it'd be a good idea to back everything up to dvd or an external hard drive. HTML compresses really well in case they didn't know.

Re:Dear Every Corporate Tool in the Universe:

[yttrstein (891553)]

Stupidity IS a lack of funding. Pay the salary of someone smart enough to handle your data correctly if you have no interest in becoming smart yourself. Simple.

Re:Dear Every Corporate Tool in the Universe:

[mrchaotica (681592)]

Hell, they could have spent $50 on a USB hard drive (i.e., half-assed it) and been better off!

rm -rf /

[corsec67 (627446)]

rm -rf /

That is one reason why mirroring isn't a backup, and why backups should ideally be off-line.

Excellent!

[GravityStar (1209738)]

Excellent! We can use their demise as yet another cautionary tale.

Re:Excellent!

[El Torico (732160)]

Excellent! We can use their demise as yet another cautionary tale.

Ironically, it's more useful than the entire collection of blogs that they stored.

That's what backups are for

[MBCook (132727)]

It's really unfortunate that this happened. If they had simply had a backup snapshot of the DB they could have restored it. RAID only saves you from disk failures. It doesn't work on OS/user failures.

Unfortunately this is the kind of thing you tend to learn from experience (either yours or someone else). It's very easy to think "RAID 1 = disks are safe".

Just like a database cluster wouldn't have saved them. A clustering database can save you from load, or you can swap servers if a disk goes bad. But when someone issues "DELETE * FROM..." the other cluster nodes start to happily run the same thing and now you have 2 (or 3 or 10 or...) empty database boxes.

I hope those bloggers had a backup of some sort of their own.

Re:That's what backups are for

[MBCook (132727)]

My guess (and this is a guess, I'd never heard of the site before yesterday) is that this is some guy who started his own little site and it got bigger and bigger. Basically he never designed the backup, the system was just slowly pieced bigger and bigger until it got to it's current state.

The comments in the messages from the site's operator about the cost of the drive recover and thinking both drives just died at once indicate to me that this site was basically a hobby for him and he isn't experienced as an admin.

How hard is it to remember:

[computersareevil (244846)]

Mirroring: High availability
Backups: High reliability

The rules of backups

[by Anonymous Coward]

The rules of backups:

1. Backup all your data
2. Backup frequently
3. Take some backups off-site
4. Keep some old backups
5. Test your backups
6. Secure your backups
7. Perform integrity checking

To the HR department

[squeegee_boy (319210)]

Important note: don't hire the IT dude with Journalspace.com on his resume.

A lesson for admins, and users too

[gzipped_tar (1151931)]

No doubt this incident is the result of the admin's fault. He's been confusing mirroring and backup and carried on the mistake until it's too late, as pointed out in other comments.

Now what about a user's angle? The morale is you can never think your data is safer when it's "in the cloud". If you value your blog and your readers, you *should* save a copy of your work as well as the readers' info, *locally*, somewhere you have control over.

There's no place like $HOME.

Re:A lesson for admins, and users too

[djmurdoch (306849)]

And a corollary to the parent's good advice: if you can't easily get a complete copy of your work, find another host. Manual one-by-one downloads don't cut it.

No Archive.org either

[computersareevil (244846)]

They also purposely blocked archive.org via a robots.txt exclusion, so the bloggers can't use that to try and recover some of their blogs.

There is a denial going on

[hwyhobo (1420503)]

In today's world where primary storage and protection storage are well-defined, and where entire industry grew around it (examples: NetApp, Data Domain), one is hard-pressed to understand the reason for such a debacle. The reading of the note referred to in the article [journalspace.com] leads me to believe, unfortunately, that Journalspace's IT department did not understand the difference.

It is sometimes considered a bad form to say something bad about fellow techies. We prefer to look for 'outside' causes. Still, to learn and avoid the same problems in the future, one has to admit his mistakes first. This paragraph from the Journalspace's page:

The value of such a setup is that if one drive fails, the server keeps running, using the remaining drive. Since the remaining drive has a copy of the data on the other drive, the data is intact. The administrator simply replaces the drive that's gone bad, and the server is back to operating with two redundant drives.

makes me believe there is a denial going on.

Re:stunned silence

[conureman (748753)]

I am experiencing a strange phenomenon. The jaw-drop reflex has been popping my mouth open for several minutes and won't stop. If I focus I can close it, but then it pops open again. wow.

Re:El Oh El

[kurtmckee (870398)]

I'm really surprised that with all the users they had, they are so quick to say "everything is gone and we're giving up"

Considering how complete and unrecoverable the loss is, they have no idea who their users are. The accounts would have to be recreated from scratch, but who would try? Their users have no reason to ever trust them again. Journalspace would have a difficult time wooing back their original users, and no new user would seriously consider using them.

Bowing out is the only recourse, but I'm glad they're considering releasing their source code.

Re:Ouch

[conureman (748753)]

Or even one, stale, backup.

Re:Noobs. No, really.

[emag (4640)]

Even the greenest IT employee knows that mirroring is to protect against hard drive failure and not software corruption.

I only wish that were true. I've given up arguing with friends about this, who insist that their mirrors are good enough backups. I just stare at colleagues who think such, especially those who SHOULD know better. And I *know* coworkers are doing this @ work, too, and I'm just waiting for about 50TB of data to suddenly go missing...