azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a264ee3fabfdfded7e2bb64dc86ece16c31d99e
claudetools/clients/cascades-tucson/docs/security/backup.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

86 lines
3.3 KiB
Markdown
Raw Blame History

# Backup and Disaster Recovery
## Backup Solution
- Product: **NONE CURRENTLY** — implementation planned as Phase 0 of network migration (Session 3, 2026-03-07)
- Priority: **CRITICAL** — no backups means no recovery from ransomware, hardware failure, or accidental deletion
- **HIPAA:** §164.308(a)(7) requires contingency plan including backup. Synology NAS and CS-SERVER both store PHI. No backup = regulatory violation.
- See `migration/session3-2026-03-07.md` for detailed setup steps
## Migration Plan — Backup Implementation (Phase 0.1 + Phase 4.4)
See `migration/phase0-safety-net.md`.
### Phase 0.1: Synology Active Backup for Business
| Setting | Value |
|---------|-------|
| Product | Synology Active Backup for Business (free) |
| Target | Synology NAS (192.168.0.120), Volume 1 |
| Source | CS-SERVER C: and D: drives (entire machine) |
| Agent | ABB Windows agent on CS-SERVER |
| Schedule | Nightly at 2:00 AM |
| Retention | 7 daily + 4 weekly |
| Compression | Enabled |
| Transfer Encryption | Enabled |
#### Storage Capacity Analysis
| Item | Size |
|------|------|
| Synology Volume 1 free space | ~540 GB |
| CS-SERVER C: used | ~137 GB |
| CS-SERVER D: used | ~455 GB |
| Total data to back up | ~592 GB |
| Expected after ABB compression (40-60%) | ~240-355 GB |
| Estimated remaining after first backup | ~185-300 GB |
ABB automatically excludes pagefile, hibernation file, and temp files. With compression and dedup, first full backup should fit. Incrementals will be small (daily changes are minimal). Monitor after first backup.
### Phase 4.4: Offsite Backup
| Setting | Value |
|---------|-------|
| Product | Synology Hyper Backup |
| Target | Backblaze B2 or Wasabi (~$3/mo) |
| Schedule | Daily after ABB completes (e.g., 5:00 AM) |
| Retention | 30 daily + 12 monthly |
## Available Backup Targets
| Target Name | Type | Location | Details |
|----------------|--------------|-----------|----------------------|
| Synology NAS | Local NAS | On-site | cascadesds / synology.cascades.local, IP: 192.168.0.120 |
| CS-SERVER | Server RAID | On-site | 192.168.2.254, has RAID storage |
## Backup Jobs
- None configured (Phase 0 will establish first backup)
## M365 Backup
- M365 Backup Product: None
- Exchange Backed Up: No
- SharePoint Backed Up: No
- OneDrive Backed Up: No
- Teams Backed Up: No
## Disaster Recovery Plan
- RTO Target: Not defined
- RPO Target: Not defined
- DR Site: None
- Last DR Test Date: N/A
## Notes
### Backup Implementation Recommendations
**For servers/workstations (on-prem):**
- Synology Active Backup for Business — free with the Synology, backs up Windows PCs and servers to the NAS
- Or Datto BCDR / Axcient x360Recover for full BDR with cloud replication
**For M365:**
- Datto SaaS Protection, Veeam Backup for M365, or Acronis — protects Exchange, SharePoint, OneDrive, Teams
**Minimum viable backup plan (HIPAA required):**
1. Enable Synology Active Backup for Business (free, already have the hardware) ← Phase 0
2. Back up CS-SERVER and critical workstations to the Synology nightly ← Phase 0
3. Add an M365 backup solution for email/SharePoint (email may contain PHI)
4. Configure Synology Hyper Backup to replicate critical data to a cloud target ← Phase 4
5. After Phase 4: enable NTFS audit logging on PHI shares migrated from Synology
Reference in New Issue View Git Blame Copy Permalink