Backups at Jefferson Lab


The Computing and Networking Infrastructure (CNI) group is committed to providing reliable and redundant backups of all system and user generated data on each of the systems we administer.  Our intent is not to only provide a service to the computer users who may wish to retrieve archived documents that are no longer stored on primary disk storage.  We are also preparing for both random mechanical disk failures as well as for the recovery of Jefferson Lab (JLab) work and research in the event of massive physical disaster (i.e. fire, flood, hurricane).

Computer users are responsible for backing up all data that is not stored on a disk managed by CNI. This includes all personal computers (Windows, Linux, and Macintosh), as well as, workstations not under the support of CNI.  The Accelerator Controls and Engineering (ACE) team manages the majority of desktops for the Accelerator Division and Engineering Division.  If important desktop data is saved on the home or group areas (on Windows the J: or M: or O: drives) they will be backed up.  We do not back up individual desktops.

Backups are maintained of the following centrally maintained directories that are provided from central network fileservers: home, sgroup, group, apps, and site. The scratch, work, and cache directories are not backed up.  Detailed information on centrally provided directories can be found on the JLab-CUE Directory Structure page.

Further Information is on JLAB's Disaster Recovery Plan.

Data backups at Jefferson Lab (JLab) fall into four types, (1) File System backups, (2) Virtual Machines (VM) backups, (3) Business Database File backups, and (4) Email backups.


File System Backups. 

These backups come from file systems that are normally touched by human interaction.  They include home directories, group directories, software repositories, CAD drawings, databases, and many others.   These backups are done to a disk based appliance (Rubrik).   Once the backup is completed on the Rubrik device, a secondary copy is made to a file server located in another building on campus (TestLab).   This is so that the servers and the backups are not located in the same place (Cebaf Center Data Center).  

The Rubrik backup environment uses “incremental forever”.  This means that a first full backup is done.   And then from that point forward, only the files that have changed since the last backup are stored.  Rubrik provides powerful data scanning techniques that keeps track of all changed files day to day. 


Rubrik Backup retention: 


Backup frequency 

Backup retention 


45 days 


52 weeks 


7 years 





Virtual Machine Backups


VM backups are a disaster recovery (DR) backup only.  No long term backups of VMs are preserved.  VMs are backed up incrementally every night using the same Rubrik appliance as above.  We keep the last 30 versions of a VM in the backup system before they are deleted.    


Business Database Backups


Business sensitive databases are routinely backed up via the File System Backups described above.  Given the crucial importance of these backups to the business needs of Jlab, extra backups are completed.   These database files are first encrypted by Jlab and then they are synchronized with an offsite file backup service.  This is an automated process and requires no administrative actions.  These backups are synchronized with the offsite service daily.  Due to the nature of the database dumps, these are all full backups.   These are considered quaternary backups (4th in line).   These would only ever be needed if we lost the databases themselves, the backups stored in Rubirk, and the secondary Rubrik copy. 



 Email Backups


Email backups are divided into 2 categories.  Microsoft O365 Email users and JLAB Legacy email users.   All JLAB staff are O365 users.  JLAB scientific users are in JLAB’s legacy email environment. 


O365 accounts (Email, One Drive, SharePoint, Teams) are all backed up every day to a cloud service provider called Druva InSync.   Druva is a cloud based service that makes connections to JLAB’s O365 tenant and does the backups directly into Druva’s storage.  The backup retention policy mirror that of the Rubrik backups listed above. 


JLAB’s legacy email environment is backed up as files using the same Rubrik backup appliance described above.