azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e00d4ebeb294ed647ea7ddc4c428ce8560e5e975
claudetools/clients/cascades-tucson/docs/security/backup.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

3.3 KiB
Raw Blame History

Backup and Disaster Recovery

Backup Solution

  • Product: NONE CURRENTLY — implementation planned as Phase 0 of network migration (Session 3, 2026-03-07)
  • Priority: CRITICAL — no backups means no recovery from ransomware, hardware failure, or accidental deletion
  • HIPAA: §164.308(a)(7) requires contingency plan including backup. Synology NAS and CS-SERVER both store PHI. No backup = regulatory violation.
  • See migration/session3-2026-03-07.md for detailed setup steps

Migration Plan — Backup Implementation (Phase 0.1 + Phase 4.4)

See migration/phase0-safety-net.md.

Phase 0.1: Synology Active Backup for Business

Setting Value
Product Synology Active Backup for Business (free)
Target Synology NAS (192.168.0.120), Volume 1
Source CS-SERVER C: and D: drives (entire machine)
Agent ABB Windows agent on CS-SERVER
Schedule Nightly at 2:00 AM
Retention 7 daily + 4 weekly
Compression Enabled
Transfer Encryption Enabled

Storage Capacity Analysis

Item Size
Synology Volume 1 free space ~540 GB
CS-SERVER C: used ~137 GB
CS-SERVER D: used ~455 GB
Total data to back up ~592 GB
Expected after ABB compression (40-60%) ~240-355 GB
Estimated remaining after first backup ~185-300 GB

ABB automatically excludes pagefile, hibernation file, and temp files. With compression and dedup, first full backup should fit. Incrementals will be small (daily changes are minimal). Monitor after first backup.

Phase 4.4: Offsite Backup

Setting Value
Product Synology Hyper Backup
Target Backblaze B2 or Wasabi (~$3/mo)
Schedule Daily after ABB completes (e.g., 5:00 AM)
Retention 30 daily + 12 monthly

Available Backup Targets

Target Name Type Location Details
Synology NAS Local NAS On-site cascadesds / synology.cascades.local, IP: 192.168.0.120
CS-SERVER Server RAID On-site 192.168.2.254, has RAID storage

Backup Jobs

  • None configured (Phase 0 will establish first backup)

M365 Backup

  • M365 Backup Product: None
  • Exchange Backed Up: No
  • SharePoint Backed Up: No
  • OneDrive Backed Up: No
  • Teams Backed Up: No

Disaster Recovery Plan

  • RTO Target: Not defined
  • RPO Target: Not defined
  • DR Site: None
  • Last DR Test Date: N/A

Notes

Backup Implementation Recommendations

For servers/workstations (on-prem):

  • Synology Active Backup for Business — free with the Synology, backs up Windows PCs and servers to the NAS
  • Or Datto BCDR / Axcient x360Recover for full BDR with cloud replication

For M365:

  • Datto SaaS Protection, Veeam Backup for M365, or Acronis — protects Exchange, SharePoint, OneDrive, Teams

Minimum viable backup plan (HIPAA required):

  1. Enable Synology Active Backup for Business (free, already have the hardware) ← Phase 0
  2. Back up CS-SERVER and critical workstations to the Synology nightly ← Phase 0
  3. Add an M365 backup solution for email/SharePoint (email may contain PHI)
  4. Configure Synology Hyper Backup to replicate critical data to a cloud target ← Phase 4
  5. After Phase 4: enable NTFS audit logging on PHI shares migrated from Synology
Reference in New Issue View Git Blame Copy Permalink