Piye carane ngrancang strategi backup lan disaster recovery?

Question

Accepted Answer

Strategi backup lan disaster recovery (DR) menjawab: yen kita ilang data utawa kabeh region, **pira akeh data sing bisa kita ilang, seberapa cepet kita bisa balik online, lan apa kita bener-bener bisa mulihake?** Iki adhedhasar **aturan 3-2-1**, target **RPO/RTO** sing jelas, lan — paling penting — **mulihan sing diuji reguler**.

## Aturan 3-2-1

```text
3 copies of the data
2 different media / storage types
1 copy offsite (different region or provider)
→ no single failure (disk, host, datacenter, ransomware) destroys every copy
```

Backup kudu **otomatis** (ora ana manungsa sing lali njalanake) lan **offsite** supaya bencana regional ora njupuk backup bebarengan karo primari.

## RPO lan RTO

Rong target iki ngarahake saben pilihan desain:

- **RPO (Recovery Point Objective)** — pira akeh ilangan data sing bisa ditoleransi, diukur ing wektu. RPO 1 jam tegese ilang paling akeh wektu sak jamé tulisan, sing nemtokake frekuensi backup/replikasi.
- **RTO (Recovery Time Objective)** — sabarané wektu kanggo pulih. RTO 30 menit tegese sistem kudu dipulihake lan ngayani ing wektu 30 menit, sing nemtokake arsitektur DR.

```text
frequent backups / replication → smaller RPO (less data lost)
hotter standby infrastructure  → smaller RTO (faster recovery)
both cost money → pick targets per business criticality
```

## Tingkat DR (biaya vs RTO)

```text
Backup & restore  → cheapest; restore from backups on demand   (RTO: hours)
Pilot light       → minimal core running, scale up on disaster  (RTO: tens of min)
Warm standby      → scaled-down live copy, scale up to take over (RTO: minutes)
Multi-site active → full live copies serving traffic            (RTO: ~seconds)
```

## Uji mulihan mu

**Backup sing durung tau dikembalike dudu backup — iki harapan.** Jadwal latihan mulih reguler: benere-benere bangun maneh saka backup menyang lingkungan bersih lan verifikasi integritas. Iki ketemu backup sing rusak, bagian sing ilang, lan runbook sing rusak *sadurunge* bencana nyata.

## Kenapa penting

Ilangan data lan bencana regional nalika kelangsungan hidup perusahaan diuji. 3-2-1 mesthekake siji salinan urip saka kasalahan apa wae; RPO/RTO ngowahi "kita duwe backup" sing ora jelas menyang komitmen sing bisa diukur; tingkat DR ngidini sampeyan maparing biaya menyang kritikal; lan mulihan sing diuji minangka bukti tunggal manawa kabehé bener-benere bisa.
 Nglirwakake tes yaiku carane tim nemokake, ing tengahe pemadaman, manawa backup dheweke ora gatéke.