Terms of Use
Guidelines for Using the RRZ ISP Backup Service
Version: 27 February 2024
Definitions
- ISP server: The Regional Computing Center (RRZ) operates multiple central IBM Storage Protect (ISP, also known as TSM) servers to secure data that cannot be restored by reinstalling the operating system or application programs after a hard disk failure or accidental deletion.
- ISP nodes: Every client (VM or server) registered on the server is run as a node by the ISP system. The ISP client software is installed and configured on each node by the User. The RRZ provides the software and installation guides for Linux and Windows operating systems. Where special protection methods (including SQL Server Agent, VMware, Exchange, etc.) the RRZ can provide the required licenses and, in some cases, documented backup procedures.
- Backup: The ISP system creates a regular (usually, daily) and time-controlled copy of data, known as a backup. The system copies all data changed since the last backup cycle.
- User: A User is a person who locally maintains the ISP node. The User has administration rights, or “backup-operator” rights on the local server and is usually an IT administrator who operates the servers.
Terms of use
- User groups: The ISP backup systems are available to every server administrator or Universität Hamburg institution to save the data mentioned above. Institutions outside the University may also be included with approval from RRZ management. By applying for access rights, the Users acknowledge these Guidelines for Using the RRZ ISP Backup Service.
- Access information: Every ISP node is assigned a unique name and password to access the ISP server. The client changes the password automatically every 1–7 days. The RRZ can reset the password for required configuration changes. The registration of a node is also linked to an individual, whose contact data (email, ideally an office email) is required for a node. Data such as the operating system version and the type of hardware are automatically saved in the ISP server. The RRZ must be informed immediately of any changes to contact data. The Users must expressly consent to the storage of this personal data by the RRZ, and to any processing required for bookkeeping or statistical purposes. The address will not be disclosed to third parties. Newly registered ISP nodes must go into operation within 30 days. If a new ISP node does not actively begin saving data on the ISP server within this period, the RRZ is authorized to delete the node. The RRZ will send an email advising of the impending deletion in advance.
- Access protection: If the password has been entered incorrectly 5 times, access to the node is automatically blocked. The User must make an informal application to the RRZ for reactivation, and may be provided a new password where required or desired. The RRZ uses appropriate operating systems to ensure access to the ISP system and its data is restricted to the authorized administrator or registered node.
- Blocking a node: If no contact has been made between the ISP node and the server for more than 180 days, access to the node will be automatically blocked.
- Deletion of the node: The User can request the deletion of their node and the stored personal data at any time. This will result in the permanent deletion of all personal data as well as all data saved with the ISP client from the ISP server.
- Automatic deletion of the node: Nodes that are not reactivated by the User within 180 days of blocking will be automatically deleted from the ISP server, resulting in the permanent removal of all stored data. The User will be advised of the pending deletion by email 30 days before the end of the retention period.
- Backup times: The standard, daily backup occurs between 8 pm and 6 am. The start time will be determined by the backup service to ensure optimal operation. Where operations permit, the backup start time can be changed on request. Compulsory times resulting from the type of server or its data will be considered where operations permit, and only changed in consultation with the User.
- Availability of ISP services: The RRZ operates the ISP service twenty-four seven, and strives for ISP server availability of 96% through appropriate operating processes and redundancies. Upcoming downtimes for maintenance will be announced on the RRZ web pages in a timely manner if possible. Error messages or outages will be processed or remedied Monday to Friday during the usual core working hours.
- Use of ISP services from outside the Universität Hamburg network: Backups can be conducted from outside the Universität Hamburg network, where static IP addresses are used and communicated to the RRZ backup service.
- Use of encryption: The Transport Layer Security (TLS) encryption provided by the RRZ must be used for all backups. Local data encryption in the ISP client must also be used for backups of data with higher protection requirements where required (see also Responsibility for Backups).
- Non-backed up data: Temporary data and directories, as well as browser cache histories, etc., are not backed up, as these are only short-term (saved temporarily) and are not required for computer operation. The RRZ is authorized to use server policies to exclude such data from the backup process. Data excluded by such policies are listed in the relevant backup process documentation.
- Scope of data: The available storage volumes are determined by the requirements of the system to be backed up. If a backup volume for a node exceeds 25 TiB, this must be agreed with the RRZ in advance. Amounts significantly exceeding this limit may require an application to the University, jointly with the RRZ backup service where required, for approval of the increased operating costs. In addition, all backups with a data volume of over 20 TiB must be agreed with the RRZ backup service at least 3 days in advance, to prevent negative effects on server operation.
- Data storage: Deleted data and older versions of edited files from a node will be stored for 3 months. After this period, the data will be automatically deleted from the ISP server and can no longer be restored. Active data, i.e., data saved on the client, will not be deleted as a matter of principle. All data (regardless of age) will be stored in 2 copies in separate locations. As the second copy is created asynchronously, this may take up to 3 days. The RRZ does not accept any liability for the loss of data when neither copy is readable despite operational processes being observed.
- Backup errors: If the daily backup fails or has errors, the RRZ backup service will inform the Users by automated email. Detailed error reports are only listed in the ISP node log files. The User should check these files and the error reports before contacting RRZ Support at rrz-serviceline(at)rrz.uni-hamburg.de(rrz-serviceline"AT"uni-hamburg.de?subject Anfrage Backup (RRZ#SRQ-Backup)).
- Status of stored data: Where desired, the RRZ can provide amount and scope of data stored in the ISP system at the beginning of each month.
- Responsibility for backing up: The User must ensure regular, complete, and error-free backups. The RRZ does not guarantee that the backed up data will suffice for a complete system recovery in the event of a complete outage or damaged node. The User must implement appropriate measures (e.g., by activating data encryption in the ISP client) to ensure current data protection requirements are maintained for the data to be backed up, and that any encryption keys generated are securely stored and available for decryption where required. Users must react to any warnings or error reports sent from the ISP system in a reasonable period of time. Deadlines provided by email are deemed accepted if the User does not object within 30 days.
- Restoration of data: To prevent interruptions in operation, the RRZ backup service must be informed where the amount of data to be restored exceeds 20 TiB. The User is expressly advised to conduct regular and targeted testing of backup and restoration to practice the required workflows in advance.
- ISP client software: Users should only use official IBM-supported ISP client versions on the installed/operated nodes. The RRZ home page provides relevant information. If problems arise in backing up or restoring data following use of an unsupported or no longer supported client version, the RRZ may not be able to provide support, which will result in the data being lost.
- Updating ISP client software: Where required, the RRZ may request ISP client software be updated to protect against software security vulnerabilities or repair serious errors. This requirement to update software will be communicated to the contact address registered for the node in a timely manner, where possible. This update must be conducted within 30 days at the latest. If the User rejects or does not conduct the update, the RRZ is authorized to block access to the node until the User independently updates to the required version.
- Final provisions and interim regulations: On publication, these Guidelines for Using the RRZ Backup Systems repeal and replace all previous versions. If one or more provisions of these Guidelines are or become invalid, this does not affect the legal validity of the remaining provisions. The RRZ reserves the right to adapt or change these Guidelines, particularly when required to do so by law. Changes will be communicated to Users by email. These are deemed acknowledged if a User does not object within 4 weeks after notification. Objections must be made in writing. As data can only be stored in the ISP system under the currently valid policy, where an objection is received in good time, the User will be given a further 4 weeks to save the data from the system before it is permanently deleted.