The discussion of technology security goes beyond cybercrime and hacking. It also must focus on the backup of important technology data and assets. The importance of data backup is not a new idea. Churches and other organizations have long recognized the importance of backing up their critical data. Your important church data resides in several possible locations, such as local file servers, on-premise email servers, individual user machines (not recommended), cloud-hosted repositories such as your Office365 tenant or your cloud-hosted ChMS platform, etc. There are numerous mechanisms and approaches to backing up this type of data, but a backup of data alone is not sufficient to ensure that crucial ministry technology resources are available.
The focus of this article is enhancing backups of on-premises systems and servers themselves, not just the data on the systems. Your aim should be to ensure that ministry operations can continue as usual when the systems running your ministry applications are compromised or unavailable. To describe the difference between traditional backup and enhanced ministry continuity, we offer the following analogy.
Continuity vs. Backup: An Analogy
Scott Smith, the President of Enable Ministry Partners, and his family suffered a house fire years ago fire which destroyed much of the structure of their home. They were able to save many of their personal belongings and some of their clothing from the fire, but they could no longer live in the structure. They had to rebuild their home from the foundation. In the meantime, they had to locate a temporary place to live as they went about the daily routines of school, work, and life.
The personal items the Smiths were able to save are analogous to data. They were blessed to be able to retrieve their personal items (regular data backup), but they couldn’t just leave them in the front yard while their house was rebuilt. These items needed to “reside” somewhere. Without a place to house and utilize the items, they were not nearly as useful. The Smith’s house was akin to a church’s on-premise computer systems and servers; that was where the personal items (data) “resided” and where the Smiths lived. It was the base from which the operations of the family occurred. The Smith’s insurance (much like a good ministry continuity plan) provided a temporary home in which they could live, work, go to school, etc. They could continue on in their regular lives and routines during their house renovation, just like a solid ministry or business continuity plan allows churches to continue operating like normal in the wake of a data crisis.
A Few Important Definitions
- Data Backup is the process of copying or archiving data to a static repository to restore it in the event of data loss. Simply replicating data between devices/servers/locations does not constitute effective backup. If data suffers corruption at the primary site, (due to hardware failure, intentional or accidental deletion, a ransomware attack, etc.), a replicated copy will suffer the same corruption.
- Geographically Diverse backup includes copies stored in different physical locations. Geographical diversity can be as simple as a copy at the office and a copy at home. Or it can be as robust as copies in your office as well as in both East-Coast and West-Coast datacenters. Geographic diversity ensures that backup data is accessible in the event of a localized disaster, e.g., an electrical fire in the server room, regional flooding, earthquake, etc.
- Recovery Time Objective (RTO) is a measure of the organization’s tolerance for downtime. That is, how quickly do we need to restore data in the event of an outage? Different data might have different RTOs. On the one hand, email might have a very short RTO because predominantly, that’s how we communicate with both internal and external resources. On the other hand, depending upon the data stored on them, we may be able to live without one of our file servers for a few days before it becomes a problem.
- Recovery Point Objective (RPO) is a measure of how much data an organization can afford to lose when we are forced to roll to a backup. It informs the required frequency of backup. In a highly transactional database, we might need recovery points every 15 minutes. An example would be a fast-moving business with many retail transactions. Most church environments do not share the fast-moving, commercial transaction-based environment and may have very different RPOs.
The Evolution of Backup and Ministry Continuity
Traditional backup mechanisms focused on the data itself. For example, a backup of a file server might include only the actual files hosted there. When a server itself becomes unavailable – due to hardware failure or the loss of accessibility to the location where it runs, there is no way to utilize the backed-up data. The typical server recovery process involves the following: activate spare equipment or work with the hardware vendor to have failed parts replaced under warranty; re-install the server operating system and the applications; re-create the file shares; and, finally, restore the data to the “new” server.
This process can take a week or more and is very disruptive to operations. Nevertheless, this traditional backup scheme may still be perfectly reasonable in areas where an organization has a high tolerance for an outage. A file server that holds archived copies of sermons or worship service videos that are not accessed often or where immediacy is not required is a perfect example. This traditional backup scheme would also work in the case of the loss of a physical site or location when redundant hardware is available in a geographically diverse location.
The next iteration in backup moved to full system images. With this approach, a complete copy of the server, (including its operating system, configuration, installed software, and data,) is backed up. In the failure scenario described in the paragraphs above, the recovery process would begin the same, i.e., activate spare equipment or work with the hardware vendor to repair the system under warranty support. However, rather than re-install operating systems, software, etc. manually, the image of the entire system would be pushed back to the spare/repaired system, with the operating system, configuration, installed software, and data included.
The current generation of backup is much more robust and can be described more accurately as a Ministry Continuity or Business Continuity solution (“BDR”). It includes regular intra-daily backups, (as frequently as every 15 minutes,) that collapse into a full server image for rapid restoration. This BDR approach utilizes a local appliance to speedily restore the backup in the event of the loss of the original hardware.
Additionally, these BDR appliances send a copy of the server images to multiple, geographically diverse data centers for offsite access. If the physical site or location is lost, the backups can be restored in the remote datacenters and can be made available to the organization remotely. This type of backup ensures that data and server systems aren’t unduly interrupted and can meet or exceed an organization’s required RTO and RPO objectives.
Admittedly, the above is technically focused and a bit theoretical. Below, we describe a real-world example where Enable was able to activate our BDR continuity solution to mitigate a week-long outage for one of our church clients.
A Real-World Example: Failed Hardware
We had recently deployed our Enable Business Continuity solution to a church with a single, on-premise SBS server. This server platform is designed to be an “all-in-one solution” for mid-sized organizations and includes directory services (user accounts and passwords), file and print sharing, as well as email, website, and database application hosting. Their Church Management Software application, Shelby v5, was installed on this server and they used it to maintain membership data and all of their financials, including payroll.
The SBS server was backed up using the Enable Business Continuity appliance (“BDR”). The BDR performed hourly backups of the server which were stored locally and copied to geographically diverse datacenters in the cloud. This particular unit was a lower cost version that did not allow for running a local restoration of the server backups. Instead, we mounted the backup in the data center, and the appliance was used to create a secure VPN “tunnel” to the data center.
As sometimes happens, a hard drive failed in the server. Since the hard drive was one redundant drive in the array, we initiated a warranty support call for a replacement drive while the server operated in a degraded capacity. The replacement drive arrived and, while the array was being restored, the array controller also failed. The server was now unusable.
While we worked with the hardware provider to replace the other failed component, we restored the most recent backup in the datacenter. We then created a secure VPN tunnel using the local appliance. Due to the server’s location in a remote data center, access was a little slower than usual. However, the server was still very usable, and ministry operations continued unabated.
Over the next several days, the hardware vendor ended up replacing almost every single component in this server – it simply kept failing. Eventually, we were able to convince them to ship an entirely new server to the church. During this entire event, lasting about three weeks total, the backed-up server was running successfully in the cloud. The church was able to operate normally – including running payroll and making payments to its vendors. Once we received the replacement server, we restored the current cloud-version of their environment to the replacement server.
Had the church been protected by traditional backups only, the environment would have been down for close to three weeks, and ministry operations would have been hampered significantly. The fact that the church did not suffer degraded ministry operations illustrates the power of a robust ministry continuity plan that goes well beyond standard backup.
If you would like to talk with someone about the status of your current Ministry Continuity plan, or would like assistance in creating one, please don’t hesitate to reach out to us at [email protected]. We would be honored to serve you in this way!
Written By: James Vavra, Senior Engineer, Enable Ministry Partners