Restore Drills, RTO, and RPO
Backups are only useful if restore is tested, timed, and documented.
Key Terms
| Term | Meaning |
|---|---|
| RTO | Recovery Time Objective: max acceptable service downtime |
| RPO | Recovery Point Objective: max acceptable data loss window |
Drill Template
restore-drill.sh
# 1) pick snapshot
SNAPSHOT="2026-02-10"
# 2) restore to isolated path
rclone sync remote-prod:snapshots/${SNAPSHOT}/data /restore/drill/data --progress
# 3) verify integrity
rclone check remote-prod:snapshots/${SNAPSHOT}/data /restore/drill/data --one-way
Drill Record Table
| Drill date | Snapshot used | Restore duration | RTO met | RPO met | Notes |
|---|---|---|---|---|---|
| 2026-02-11 | 2026-02-10 | 24 min | Yes | Yes | Network stable |
tip
Always restore into an isolated environment first. Never test first against live production paths.
Common Pitfalls
| Pitfall | Consequence | Prevention |
|---|---|---|
| No timed drills | Unknown recovery behavior | Track restore duration each quarter |
| Only latest snapshot tested | Historical restore risk | Rotate snapshot dates in drills |
| No app-level validation | Files restored but app fails | Add smoke tests after restore |