Skip to main content
ExLibris
  • Subscribe by RSS
  • ExLibris Dev

    Backup and Recovery

    Is it possible to have local backups?

    Ex Libris offers an optional premium service - Alma Local Backup.
    Customers that subscribe to this optional premium service will be able to request - up to once a quarter - a backup copy file of their production data for local backup purposes.
    For more details see the Online Help - here (https://knowledge.exlibrisgroup.com/...a_Local_Backup)

    How and where are backups stored?

    Ex Libris has a well-developed backup plan consisting of multiple daily snapshots including a full daily backup. The backups are made to a separate set of disks which offers a much more reliable fast retrieve backup media, and is stored at the data center site and in a remote secured location over a private dedicated fast secured line. This guarantees that at any point in time, in case of a disaster, Ex Libris holds copies of the data onsite and in a remote and secured disk backup. On a regular basis, Ex Libris performs a system backup to back up application files, database files, and storage files. The privacy controls in practice at the company apply as well to all backup files. All backup files are subject to the privacy controls in practice at Ex Libris. Ex Libris has a 10 week retention policy. The restore procedures are tested on an ongoing basis to ensure rapid restoration in case of data loss.
    Ex Libris maintains both onsite and offsite data backups of all customer Data for disaster recovery purposes, and such backups are regularly monitored and checked for errors.
    On-site backup - Incremental and full daily backups of the customer data maintained at Ex Libris' data center facility. Backups are based on multiple snapshots during the day using storage snapshot technology. The backups are kept for one week on-site at a separated set of disks.
    The snapshots are automatically mounted with specific access restriction values seen by the operating system in a special set of directories allowing for an easy and immediate restore at any time by Ex Libris authorized personnel.
    Off-site backup – Full daily backups of customer data that are maintained at a secure offsite location for a period of 10 (ten) weeks. Backups are performed daily using snap mirror technology over a private dedicated fast secured network connection from the primary data center to an off-site backup location using the same storage technology as the storage at the primary location.

    Does Alma offer strong mechanisms for recovery?

    Part of the overall Ex Libris recovery plan includes the recovery of the entire institution’s data to the last point a backup was taken. Ex Libris takes several data snapshots per day and also maintains a full backup at an offsite remote secured location. This data includes the entire institution's data and configuration.
    Alma is a true multi-tenant solution, and as such the complete data of all of Alma customers is backed up together. Recovery of a customer’s specific data can be done on several levels, depending on the nature of the recovery needed.
    Alma is a true multi-tenant solution, and as such the complete data of all of Alma customers is backed up together. Recovery of a customer’s specific data can be done on several levels, depending on the nature of the recovery needed.
    In some cases, customers can use their most recent exports of their bibliographic and holding records in order to load them again to Alma as a means for recovery. Or, for example, when patron records are loaded from the institutional student information system, the SIS can serve as a source for recovery of student data. In rare cases where data recovery is required and the customer cannot utilize any of Alma’s existing capabilities, the customer is asked to open a support case for data recovery, which is handled by Ex Libris engineers. If the recovery is possible (this depends on the nature of the data loss and its dependency on other data elements in the system), then Ex Libris engineers will recover the data or advise the customer on ways they can do it. In general, Ex Libris does not charge for data recovery requests as long as these are a rare occurrence.
    The Executive Incident Management Team (EIMT) oversees the handling of security incidents involving personal data (i.e., Personally Identifiable Information" - PII). An EIMT may also oversee the response to other high-severity incidents, but the primary purpose is to deal with incidents involving personal data. The purpose of the EIMT is to provide executive guidance to the response process: a) to insure an appropriate, timely, and legal response, b) to make decisions related to the incident, and c) to notify appropriate parties. The team consists of:
    1. Ex Libris Chief Operating Officer (COO)
    2. Head of affected product Business Unit
    3. Ex Libris General Counsel
    4. Representative from Product Management teams
    If the SIRT determines that personal data has been or may have been breached, the SIRT will immediately notify the COO. The SIRT will oversee additional analysis to gather as much information as possible about what happened, being sure to properly protect evidence.
    If after analysis the COO and SIRT have confirmed that personal data was not breached, no further special action is required and normal incident response procedures may continue. However, the security of the affected system should be carefully assessed.
    If the analysis confirms that personal data was breached, the COO will convene the EIMT as quickly as possible. The EMIT will oversee the response, addressing the following issues:
    • Determine which customers need to be notified, how soon they should be notified, and the appropriate method for notification
    • Determine the exact scope of the personal data breach (which individuals were affected, what data was compromised, etc.)
    • Provide affected customer(s) with a description of the breach, the type of data that was the subject of the breach, and other information customer(s) may reasonably request concerning the affected individuals.
    • Assist the affected customer(s) in handling any required notifications to third parties (such as content of public statements, notice to affected individuals, regulators, or others as required by law.
    Ex Libris has developed extended authorization controls to protect customer data with role-based access control (RBAC):
    • Staff members must authenticate prior to accessing Alma
    • Each staff member has privileges and access to data limited to his/her role
    • Only authorized staff members have access to view and edit patron data
    • Alma’s browser sessions are encrypted using SSL.

    What processes are in place for disaster management?

    Ex Libris is responsible for recovery, and maintains a business continuity plan which is implemented following a disruption to service. The Ex Libris cloud services group has classified disasters and emergencies into the following three levels – minor, major and catastrophic:
    Minor Disaster - A minor disaster is characterized by an expected downtime of no more than 48 hours. Damage can be to hardware, software, and/or operating environment.
    Ex Libris cloud services could be restored to normal operations at the primary site and repairs can be started as soon as possible:
    Major Disaster - A major disaster is characterized by an expected downtime of more than 48 hours but less than 7 days. A major disaster will normally have extensive damage to system hardware, software, networks, and/or operating environment. Ex Libris cloud services could be restored to normal operation with the assistance of certain recovery teams who will be called to direct restoration of normal operations at the primary site.
    Catastrophic Disaster - A catastrophic disaster is characterized by expected downtime of greater than 7 days. The facility is destroyed to the extent that an alternate facility must be used.
    Damage to the system hardware, software, and/or operating environment requires total replacement / renovation of all impacted systems. The implementation of the Disaster Recovery Plan in a remote recovery site is required to restore Ex Libris cloud services to normal operation.
    In the event of a major or catastrophic event, data recovery is performed using backups retrieved from the disaster site from the offsite backup locations. After identifying salvageable equipment, early data recovery efforts first focus on restoring the operating system(s) for each system. Next, mission critical system data is restored. After system data is restored, individual customer data is restored.

    Are there different tiers for backup and restores services?

    Ex Libris provides a uniform SLA for all the customers using the multi-tenant SaaS service and as such we don’t have different tiers for backup and restore services.

    What is the expected time frame for a restore to occur?

    The length of time that the process takes depends on the point of time from which data is required to be restored and whether we can utilize our onsite backups or will we be required to utilize offsite backups. A full restore from onsite backups could be performed within 12 hours depending on the exact scenario and usage of the onsite backups.

    What granularity of restores are available? By granularity can indivudal deleted MARC or Patron records be restored or does the entire data need to be restored?

    Specifically for bibliographic records – Alma supports versioning. Every change either manual done using the metadata editor or a batch change create a new version of the bibliographic record. Using the metadata editor, staff users can view previous versions and restore a specific previous version.
    In general restore processes from backups are based on a “full restore” process – because of data integrity considerations (connections between data elements etc.) we don’t perform a “partial restore” process. Only in rare circumstances, a “partial restore” will be considered if it is considered to be the best restore approach for that specific scenario.

    What will happen in worst-case catastrophic data-center level failure?

    Ex Libris determines it cannot continue to operate the SaaS service from the Ex Libris data center due to catastrophic events, a new instance of the customer’s environment will be created by Ex Libris in a new location. The customer data restoration is then performed from the offsite backups.

    Total views:

    1
    • Was this article helpful?
    //doorbell.io feedback widged