Kevin Burke, Head of IT Services at Carmel College and John Paul Szkudlapski, IT and Technical Services Manager at Birkenhead Sixth Form College worked together to set up an off-site backup solution following internal audits suggesting this as an issue. Off-site backups consisted of encrypted hard drives being taken home by a member of IT staff. This was not thought to be best practice and needed an alternative solution.
Both of these colleges are single site sixth form colleges within the Merseyside district but are approximately 14 miles apart and are separated by the river Mersey. Kevin and John Paul have a strong working relationship and have collaborated on projects in the past.
The main difficulty to overcome was getting the data from one site to the other securely and without generating so much data that there was an impact on network performance.
Internal audits flagged up the problem for both colleges regarding off-site backup. In this age of data protection taking data home on encrypted discs is not ideal as the colleges have a responsibility to keep the data secure. To solve this problem they looked at setting up an off-site backup.
They first looked at commercial providers but they were too expensive for the volume they needed to backup. This is why they then started looking into a reciprocal off-site backup solution.
Keith Wilson, Technical eLearning Adviser and Judy Bloxham, eLearning Adviser had a meeting with Kevin and John Paul to run through the issues and put them in touch with Janet and Jisc Legal to see if this was possible.
Both colleges already had Janet connections and checking their Netsight graphs discovered that during the night there was very little traffic. They realised they could utilise this resource instead of paying a cloud company to provide the same service. This was made relatively simple due to the fact that they both utilise the same backup software; Microsoft System Center Data Protection Manager.
They looked into running DPM to DPM backups using a physical server at each end with Network Attached Storage and Birkenhead Sixth Form bought a new firewall. They each paid half a day consultancy to establish a Site-to-Site VPN Tunnel between the two sites. This brought about a slight issue as the connection was not completed within the specified timescale. With hindsight it was felt this could have been done in-house by running the Site-to-Site VPN tunnel wizard on both firewalls. This was the only issue and arose because the two firewalls had different firmware versions. Since setup has been completed it has functioned flawlessly.
To complete the setup the off-site DPM server was configured to back up the on-site DPM server on a scheduled basis. DPM performs incremental backups of data so only transfers the amount of data needed. Backups are scheduled outside business hours so they never had the problem of there being too much traffic.
Initially the colleges considered applying for funding but they decided this was not necessary as the costs were minimal so they could fund it themselves. The two colleges are connected via Janet and each college hosts a physical backup server in their data centre which is owned by the other college. For total security the network configuration is such that the hosted server is only accessible from its home network.
“This is just a little idea we have come up with but has massive potential. I think people are really wary about their data not being secure.”
~ John Paul Szkudlapski, IT and Technical Services Manager
There are now four different backup methods so the colleges are water tight in terms of backups and security.
“This could all be set up within a week or two depending on requirements such as setting up a firewall. The benefits far outweigh the risks because the risks are tiny.”
~ Kevin Burke, Head of IT Services
This new off-site backup solution has created many benefits:
Security: The primary concern before implementing this system was security. The way the system is set up ensures it is secure and each college can only access their own remote server and the data it holds. In the event of a disaster the data is immediately available to fully restore working servers.
Only one server from each college is allowed to communicate with their own off-site backup server. The server is password protected and physically secured, in a locked server room with a locked panel to which only the owner of the data has the key. There is a fob door which is auditable so you can see who has accessed the room if anything were to go wrong. There are local accounts on both servers, so there is a Carmel account on the Birkenhead server which Birkenhead have the password for and vice versa. This makes it possible for someone on site to access the server if given the password to do a reboot for example and then the password can be changed to protect access to the data.
Cost saving: The solution is extremely cost effective in comparison to a cloud solution or a different method of off-site backup; the total cost of this project was approximately £4,000. This was a one off expenditure with no recurring costs. If an institute possessed the relevant resources and technical knowledge and could locate a replication partner this project could be repeated at a much lower cost.
Time saving: The previous method of off-site backup was manual and labour intensive. The backup disks needed to be manually attached to the server, the backups completed, the disk encrypted and then taken off site – usually to the staff member’s home. Also the data became out of date as soon as the disc was removed. In the current solution everything is backed up automatically overnight so the maximum data timescale that can be lost is 12 hours. This is fantastic from a disaster recovery point of view and it also means no disk changing or staff intervention required.
This solution has been discussed many times in recent years but this is the first time in this region that two colleges have co-operated in such a trusting way.
““For us as a college, it’s a win, win. I know where my data is, who has access to it and if a disaster was to occur and on-site data was unrecoverable it is just a short journey to start recovering our data.”
“Do it - find a trusted partner and do it! …….. It is crucial to have the SMT on board.”
Anyone interested in this can get in touch with Keith Wilson (firstname.lastname@example.org), John Paul Szkudlapski (email@example.com) or Kevin Burke (firstname.lastname@example.org) to get tips or to discuss this further.