Backup & Recovery Policy¶
Version 1.0 | Classification: CONFIDENTIAL — Internal Use Only
Purpose¶
Establish minimum requirements for backup frequency, retention, integrity verification, and recovery testing across all GPUS-IT systems.
Backup Requirements¶
| Server | Minimum Backup Frequency | Minimum Local Retention | Offsite Backup |
|---|---|---|---|
| SKY | Daily | 30 days | Weekly to GCS |
| RAIN | Daily | 30 days | Weekly to GCS |
| SUN | Daily | 30 days | Weekly to GCS |
| WIND | Daily | 30 days | Weekly to GCS |
In addition, ESXi snapshots are taken daily (7-day retention), weekly (4-week), and monthly (12-month) for all four VMs.
Encryption¶
All backup archives must be encrypted. Local archives use filesystem-level controls (restricted permissions). GCS archives are encrypted in transit via VPN and at rest by Google-managed keys.
Backup Key Permissions¶
Backup encryption keys: chmod 640, owner root:dnsadmin (SKY/RAIN) or root:monitadmin (SUN/WIND).
Integrity Verification¶
Backup archives must be verified weekly via tar -tzf integrity check. Any archive failing verification must be reported to the IT Manager and re-run.
Recovery Testing¶
| Test | Frequency | Owner |
|---|---|---|
| Backup archive integrity check | Weekly | Backup Admin |
| Config restore test (any server) | Quarterly | Backup Admin |
| Full DR drill | Annually | IT Manager + Full Team |
Recovery Objectives¶
| Server | RTO | RPO |
|---|---|---|
| SKY | < 5 min (failover) / < 30 min (rebuild) | 24 hours |
| RAIN | < 30 min | 24 hours |
| SUN | < 30 min | 24 hours |
| WIND | < 30 min | 24 hours |
See Backup & Restore Runbook for operational procedures.
Backup Recovery Policy · v1.1 · 2026-03-14 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only