I recently came across a control in a client’s processes that threw up a red flag and will definitely get a bit more attention from me during our audit. The control mentioned Clustering and Mirroring as part of their Backup and Recovery solution:
In this post, I will describe what Clustering and Mirroring are and explain the reasons why they are not suitable Backup and Recovery options (in many cases). In the case of the control above, the auditor should investigate to verify that proper backup and recovery solutions are in place, or if the control simply needs to be re-worded to better represent the recovery and backup solutions in place.
After reading this post, the auditor or IT manager will have a better understanding of the technologies and how they best fit into the IT operations of the organization.
What is Clustering and Mirroring?
Clustering and Mirroring are “High Availability” solutions. In information technology, high availability refers to a system or component that can quickly recover from a failure. (read more)
Clusters are a collection of IT components (e.g. servers and virtual machines, routers, network switches, hard disks) that are configured to operate as if they were a single component. This allows for uninterrupted access to the service being provided in the event of the failure of a ‘node’ in the cluster.
Mirroring is the replication of one disk to separate hard disks in real time. A popular implementation of mirroring that might be implemented on a personal computer is RAID 1 (Redundant Array of Inexpensive Disks Level 1).
Considerations for the Auditor
Let’s assess the high level issues with using clustering and mirroring as part of a Backup and Recovery solution.
Clustering as a Recovery Solution
While clustering offers a higher degree of availability in the event of a system or component failure, typically the nodes that comprise a cluster reside in the same geographic location (i.e. clustered routers sit in the same rack within the same data center), resulting in the data center being a single point of failure.
Further, in the case of clustered Virtual Machines, all the nodes that comprise a Cluster might reside on a single Host (the physical server that hosts all the Virtual Machines), resulting in the Host being a single point of failure.
Unless WAN Clustering or GeoClustering (i.e. clusters whose nodes are geographically dispersed) is implemented, clustering is not a suitable recovery solution.
Mirroring as a Backup Solution
While Mirroring and Backup involve making copies of data, the two should not be confused.
It is true that Mirroring might allow you to create a backup from a healthy disk in the event that another disk in the array fails, but were Mirroring fails as a backup solution is in the case of data corruption, such as database Input/Output errors or issues caused by viruses.
Once bad/corrupted data begins being wrote to disk, the bad/corrupted data is then replicated to the next disk in the case of mirroring.
On the other hand, a Backup is an image or snapshot of a specific point in time that exists independently of the live disk system. If a disk or database become corrupted, a full restore to a specific point in time can be achieved.
The short and easy is, if you discovery either Clustering or Mirroring being cited as a Recovery or Backup solution respectively, investigate!
- Unless the components of a cluster are geographically dispersed, they are not suitable for Disaster Recovery purposes.
- Mirroring and backups both provide data redundancy but Mirroring differs from backups in that mirroring is real time redundancy to safeguard against disk failures, while backups are snapshots of data at a specific point in time.
- Clustering and Mirroring are “High Availability” solutions!
Want to really impress the IT Operations staff? Understand the difference between High Availability and Fault Tolerance and call them out for misusing the terms.