Developers Club geek daily blog

3 years, 5 months ago
It are considered that the bekap-rule «3-2-1» describing for the first time Peter Krogh in the book «Digital asset management for photographers». And it, probably, it is no wonder as loss of personal archive meant the complete catastrophe for the professional photographer, and he are simply oblig to adhere to such backup strategy which are guarantee will protect it from loss of the data.

Rule of reserve copying «3-2-1». Part 1

So, the rule «3-2-1» stated that for support of reliable data storage, it are necessary to have at least:
  1. THREE backup copies,
  2. which should be sav in TWO various physical formats of storage,
  3. and ONE of spears, it should be transfer to extraoffice storage

All three component rules was based on a principle of support of fail safety through redundance of data storage.

"Three various copies" meant «three copies which are stor in three physically different places». (Two different folders allocat on an one physical disk was considered allocat in an one place). I will not go deep into mathematics, but, when you increased an amount of spears, (at an assumption that physical characteristics of devices of storage was identical, and threats to these devices statistically was independent) the probability of failure increased linearly, and reliability of storage — according to degree function. That is, when you done three copies instead of one received trebling of probability of failure of the g set of spears at cubic increase of reliability. In actual life it did the data which is stor in three copies, almost "nerazrushimy" though, probably, you should replace slightly more often fail disks, are simple because becoming more their in aggregate more.

However, alas, in actual life often took place to be statistical dependence of threats. For example, when in a feed circuit of office there are an electromagnetic pulse, it equally influenced all disks at once. And, if the one disk also two others, most likely, will fail (owing to the homogeneous nature of influence of pulse on typical serially issued disks which, made identical demands to quality of power supplies) failed.

Why spears it are necessary three, instead of two? Because in actual life, very often, threats to two copies of the data appeared statistically dependent owing to the logical organization of backup procedure. For example, we will consider RAID1 (or disk array with the "mirroring" which is see more in detail a post "technologies disk snapshotov"). If the virus infected a file on an one disk of an array, at once there are an infection of a second copy on a mirror disk. Similarly if replication the remark instantly also will be spoil by a virus are adjust. Even, if daily creation of the complete backup copy are simply fulfill, it also will be infect, if the manager in a day does not note infection of the initial data. As a whole: two spears will be not enough for recovery of the information in all cases when time of detection and response of the manager to damage of the original data exceeded the period between the contiguous tasks on копированию/реплицированию/зеркалированию this data.

To provide still the big statistical independence of threats it are recommended to write down the data at least in two various physical formats. For example, if to save the data DVD (an optical recording of the information) it will not suffer from describ earlier electromagnetic pulse. Even, if out of operation there will be a DVD drive, optical information carriers will save your data. Statistically dependent threat the durable critical rise in temperature owing to the fail air conditioner in a server room or a fire at office who, certainly, absolutely homogeneously influenced all copies which was stor in office could be other examples.

Thus, storage of spears in various physical formats had the purpose to lower probability of simultaneous loss of the g all spears owing to homogeneous influence.

As a matter of fact, the third point — storage of an one copy out of office, solved the same task (lowering of statistical dependence of threats to different copies of the data), only through geographic distribution of storage locations. Theft or a fire at office could lead losses all copies stor there, however a fire or theft at one office will not lead to a fire or theft at other geographically isolat office that did these threats at different offices statistically independent.

And what with data storage in a cloud? Whether it could be considered as changeover of bekap? Obviously, no. This simply alternate storage location of the data or are more their than backup copies, and, by the way, the good candidate for extraoffice storage of backup copies. However it are necessary to remember always that the data could be los in a cloud also, as well as in any other place.

Thus doubtless plus of cloudy providers are that process of reserve copying considerably became simpler. The manager did not need to buy and adjust difficult SHD or to "potter" with change of tapes. Often cloudy storage transparently extended more on demand than the client, that is had for it no physical restriction on the size (restriction for the client had financial character more likely) that also had the pluses before SHD the empty seat on which could "suddenly" end.

As a matter of fact the cloudy storage of backup copies of spears are alternative to tapes as the data in comparison with local disk storage are deriv from it with a particular time delay (which depended on width of the channel and a rate of the provider as, normally, than the rate at cost are lower, speed of extraction of the data) will be that more slowly.

Whether always it are necessary to follow rigidly to a rule «3-2-1»? No, all depended on cost of your data, on the one hand, and criticalities (cost of a potential damage) and probability of threats to the data, on the other hand. Any protection should not exceed securable object at cost. Therefore, if at you especially valuable data are stor not, or threats was low critical or improbable — it are possible to implement a rule «3-2-1» partially. The main thing — nevertheless to make a matrix of threats to the data (that is to make the list of all possible threats to estimate them probability and criticality) and to lead process them deaktualiziya (that is at each threat or to write in the table or «Deaktualizirovana such technical measure» or «to recognize not as actual from the point of view of character of business of the company»). After study of a matrix of threats, became clearly in what level it are necessary to implement a rule 3-2-1 and to whom the budget as a result is required.

In a second part of g article it will be t as it are possible to implement a bekap-rule «3-2-1» by means of a product of Veeam Backup & Replication v7.

1. Peter Krogh. «The DAM Book: Digital Asset Management for Photographers»

This article is a translation of the original post at
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here:

We believe that the knowledge, which is available at the most popular Russian IT blog, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus