# Backup and Disaster Recovery

## Backup Solution
- Product: **NONE CURRENTLY** — implementation planned as Phase 0 of network migration (Session 3, 2026-03-07)
- Priority: **CRITICAL** — no backups means no recovery from ransomware, hardware failure, or accidental deletion
- **HIPAA:** §164.308(a)(7) requires contingency plan including backup. Synology NAS and CS-SERVER both store PHI. No backup = regulatory violation.
- See `migration/session3-2026-03-07.md` for detailed setup steps

## Migration Plan — Backup Implementation (Phase 0.1 + Phase 4.4)

See `migration/phase0-safety-net.md`.

### Phase 0.1: Synology Active Backup for Business

| Setting | Value |
|---------|-------|
| Product | Synology Active Backup for Business (free) |
| Target | Synology NAS (192.168.0.120), Volume 1 |
| Source | CS-SERVER C: and D: drives (entire machine) |
| Agent | ABB Windows agent on CS-SERVER |
| Schedule | Nightly at 2:00 AM |
| Retention | 7 daily + 4 weekly |
| Compression | Enabled |
| Transfer Encryption | Enabled |

#### Storage Capacity Analysis

| Item | Size |
|------|------|
| Synology Volume 1 free space | ~540 GB |
| CS-SERVER C: used | ~137 GB |
| CS-SERVER D: used | ~455 GB |
| Total data to back up | ~592 GB |
| Expected after ABB compression (40-60%) | ~240-355 GB |
| Estimated remaining after first backup | ~185-300 GB |

ABB automatically excludes pagefile, hibernation file, and temp files. With compression and dedup, first full backup should fit. Incrementals will be small (daily changes are minimal). Monitor after first backup.

### Phase 4.4: Offsite Backup

| Setting | Value |
|---------|-------|
| Product | Synology Hyper Backup |
| Target | Backblaze B2 or Wasabi (~$3/mo) |
| Schedule | Daily after ABB completes (e.g., 5:00 AM) |
| Retention | 30 daily + 12 monthly |

## Available Backup Targets
| Target Name     | Type         | Location  | Details              |
|----------------|--------------|-----------|----------------------|
| Synology NAS   | Local NAS    | On-site   | cascadesds / synology.cascades.local, IP: 192.168.0.120 |
| CS-SERVER      | Server RAID  | On-site   | 192.168.2.254, has RAID storage |

## Backup Jobs
- None configured (Phase 0 will establish first backup)

## M365 Backup
- M365 Backup Product: None
- Exchange Backed Up: No
- SharePoint Backed Up: No
- OneDrive Backed Up: No
- Teams Backed Up: No

## Disaster Recovery Plan
- RTO Target: Not defined
- RPO Target: Not defined
- DR Site: None
- Last DR Test Date: N/A

## Notes
### Backup Implementation Recommendations

**For servers/workstations (on-prem):**
- Synology Active Backup for Business — free with the Synology, backs up Windows PCs and servers to the NAS
- Or Datto BCDR / Axcient x360Recover for full BDR with cloud replication

**For M365:**
- Datto SaaS Protection, Veeam Backup for M365, or Acronis — protects Exchange, SharePoint, OneDrive, Teams

**Minimum viable backup plan (HIPAA required):**
1. Enable Synology Active Backup for Business (free, already have the hardware) ← Phase 0
2. Back up CS-SERVER and critical workstations to the Synology nightly ← Phase 0
3. Add an M365 backup solution for email/SharePoint (email may contain PHI)
4. Configure Synology Hyper Backup to replicate critical data to a cloud target ← Phase 4
5. After Phase 4: enable NTFS audit logging on PHI shares migrated from Synology