Database backups are useful in disaster recovery scenarios and can help organizations comply with state-specific data retention laws. HIPAA does not have a time retention requirement for ePHI. Although Healthcare Blocks uses a highly available, durable storage system, it is strongly recommended that you backup your database on a regular basis. Our database backup framework can be used to automate the process of daily backups, which are compressed, encrypted, and stored in a separate location (via Amazon S3).
If your database size exceeds 1 TB, we recommend the use of a different strategy than described in this article. Please contact us for details.
Default Backup Policy
A daily backup process runs nightly, according to the following rules:
- Generate a daily backup, keeping the last 7 files
- Generate a weekly backup every Sunday, keeping the last 5 weeks
- Generate a monthly backup on the 1st day of every month, keeping the last 72 months
Retrieving Backups from Amazon S3
In the examples below, replace YOUR_BACKUP_BUCKET with your environment's pre-configured value. Contact us via help desk to obtain your bucket name and authentication credentials.
Set your credentials
Load your credentials into memory so that the commands which follow can execute successfully.
(To clear these from session when finished, either exit the console or type unset AWS_ACCESS_KEY_ID and unset AWS_SECRET_ACCESS_KEY)
Listing backup folders
sudo aws s3 ls s3://YOUR_BACKUP_BUCKET
Listing contents of a specific folder
sudo aws s3 ls s3://YOUR_BACKUP_BUCKET/daily/
Downloading a specific backup file
sudo aws s3 cp s3://YOUR_BACKUP_BUCKET/daily/database/2014.11.20.19.51.00/database.tar /data/backup/restore/
Note: the above command transfers the file to a directory, /data/backup/restore, on the encrypted data volume. DO NOT download files to your user directory (~), /tmp, and any other non-encrypted parts of the filesystem. Anything under /data is a suitable place.
Extracting a Backup File
1. First, extract the wrapper file, which contains one or more files, depending on how many databases are being backed up:
sudo tar -xvf database.tar --strip=2
2. Now, extract the contents:
If your file ends with bz2:
sudo bzip2 -d PostgreSQL.sql.bz2
If your file ends with gz:
sudo gunzip PostgreSQL.sql.gz
Restoring a Backup
Running a Backup Manually
If you have direct SSH access to your database machine, you can create on-demand backups.
Examine the current automated tasks lists by running this command:
sudo crontab -l
Look for a command that is similar to this one:
docker run --rm --env-file=/data/backup/config/.env --cpu-quota 75000 healthcareblocks/backup_postgres
Copy that command and paste into the shell and execute it.
Note: you can omit any fragments that look like this:
>> /var/log/cron.log 2>&1
...since you'll want to observe the output in your shell rather than output it to a log file.