0

In my company, we have business critical applications with 0-hour RTO (Recovery Time Objective) and RPO (Recovery Point Objective) requirement. Usual strategy to ensure the RPO objective is to have regular backups (let’s say daily incremental, weekly full) and ensure the database is mirrored in real time into two geographically separate datacenters. This a good setup in case one of the datacenters goes BOOM. Application service is redirected to the other one and no data is lost.

But let’s say that a business application is compromised and starts deleting data from the database. The deletions are then mirrored to the other datacenter and restore is only possible from the last full/incremental backup image.

What is a good strategy to prevent this scenario and ensure that the 0 hour RPO requirement is met?

Luc
  • 31,973
  • 8
  • 71
  • 135
Abhoras
  • 1
  • 2
    This sounds more like a question for https://serverfault.com/ – meowcat Apr 08 '19 at 22:25
  • 2
    A *backup strategy* is not going to achieve a 0 hour RPO. You need technology on the mirrored systems to roll back changes, like using journalling. – schroeder Apr 09 '19 at 09:21

1 Answers1

2

Many relational databases can be configured to store transaction logs in addition to the actual data. These transaction logs store the changes that have been made to the data.

A common approach is to back up the database on a regular database, and then keep the transaction logs. Then a data corruption type disaster of the type you described can be recovered from by restoring the database to the last backup, followed by rolling forwards the transaction logs to the point in time just before the disaster happened.

This would typically be combined with real time replication to a 2nd Datacenter to cope with the Datacenter destruction scenario.

Anthony the Engineer
  • 71
  • 3