Microsoft 365 Backup
Email, SharePoint, OneDrive, and Teams chat backed up to immutable storage. Microsoft stores your data but does not back it up. Hexafusion does.
Backup and DR · Vancouver, BC
Backup & Disaster Recovery Vancouver
Hexafusion designs, deploys, and tests backup and disaster recovery for Vancouver businesses. Immutable storage, documented RTO and RPO, tested restores, and ransomware-resistant architecture.
Backup and Disaster Recovery for Vancouver Businesses
Most businesses do not find out their backups are broken until they need them. Hexafusion designs, deploys, and tests backup and disaster recovery systems for Vancouver businesses with documented recovery time objectives (RTO) and recovery point objectives (RPO).
Server Backup
Veeam, Datto, Acronis, Axcient. Image-level and file-level backups, local + cloud replication, and ransomware-resistant immutable snapshots.
Endpoint Backup
Laptop and desktop backup for critical users. Instant file recovery, full bare-metal restore.
Cloud Workload Backup
Azure, AWS, and SaaS application backup. Backup as a Service (BaaS) for cloud-native environments.
Test Restores
Monthly or quarterly simulated restore tests. We verify backups work before you need them. not during a disaster.
Documented DR Plan
Written runbook with RTO, RPO, failover procedures, communication plan, and tabletop exercise (simulated disaster walkthrough) schedule.
Ransomware-Resistant Backups
Modern ransomware specifically targets backup repositories. Our backup designs include immutable storage, separate credentials, network isolation, and offline copies so backups remain protected even if attackers gain full access to your network.
Compliance-Aligned Retention
Retention policies aligned to your industry: 7 years for accounting and legal, 10+ years for healthcare, and your contractual obligations with clients. Canadian data residency available.
The 3-2-1-1-0 backup rule we follow
Industry standard for resilient backup architecture, updated for the ransomware era. Every Hexafusion-managed backup deployment satisfies all five components.
3
Copies of data
The production data plus two backup copies. Catches accidental corruption, hardware failure, and most ransomware scenarios.
2
Different media types
Disk and cloud, or disk and tape. Reduces the chance that one media failure (firmware bug, supply-chain incident) takes out all your backups at once.
1
Off-site copy
Geographically separate from production. Canadian region preferred for PIPEDA and BC's Personal Information Protection Act (PIPA) compliance.
1
Immutable or offline copy
Object-lock S3, immutable Veeam repository, or air-gapped media. Ransomware cannot encrypt or delete it even with full domain-admin access.
0
Errors on restore tests
Quarterly restore drills. If a test fails we fix the underlying issue and re-test. A backup you have not restored is not a backup, it is a hope.
Recovery time objective (RTO) and recovery point objective (RPO)
These two numbers define your disaster-recovery target. We document them per system and engineer the backup architecture to meet them. If your stated RTO is unrealistic for the budget, we say so during design rather than after a disaster.
RTO. recovery time objective
How long the business can tolerate the system being down. Email might be 1 hour. Finance system might be 4 hours. A static marketing site might be a day. Each RTO drives different architecture: replica server, warm standby, cold restore from cloud.
RPO. recovery point objective
How much data the business can tolerate losing. Transactional data might be 15 minutes. File shares might be 4 hours. Each RPO drives backup frequency: continuous replication, hourly snapshots, nightly full backup.
Why most Vancouver SMB backup setups fail when needed
We have audited backup configurations across hundreds of small and mid-sized businesses. The same five problems show up over and over.
- Never restored. The backup software reports "successful" every night. Nobody has ever actually pulled data back. The first attempt happens during a real incident, when there is no time to learn the tools.
- Backed up to the same place. Servers and backups on the same storage array. Ransomware that encrypts the array takes both. We see this with cheap network-attached storage (NAS) deployments specifically.
- Microsoft 365 not backed up. Common misconception that Microsoft handles it. Microsoft handles uptime, not retention. Email deleted from the Recycle Bin and emptied is gone after 30 days unless you have a third-party backup.
- Encryption keys lost. Encrypted backups with the key stored only on the production server. After a disaster you have backups but no way to read them.
- Retention too short. 30-day retention assumes you discover problems within 30 days. Insider data theft, slow database corruption, and undetected ransomware often live in the environment for months before discovery.
What our disaster-recovery plan deliverable contains
Every client gets a written DR plan. Stored separately from production so it is reachable during an incident. Reviewed annually with a tabletop exercise.
- System inventory with documented RTO and RPO per workload
- Recovery sequence. which systems come back online first and why
- Step-by-step restore procedures with screenshots, tested quarterly
- Vendor contact tree (carriers, software vendors, cyber insurance, legal counsel, regulators)
- Communication plan for staff, clients, regulators, media
- Tabletop exercise calendar and post-exercise lessons-learned log
- Backup credential vault separate from production identity systems
Frequently asked questions
Does Microsoft 365 back up my data?
Not the way most business leaders assume. Microsoft handles uptime, not retention. Deleted email is kept 30 days. Deleted OneDrive or SharePoint items 93 days. After that, gone. For any business with compliance or recovery requirements we add third-party backup (Veeam, AvePoint, or equivalent) with documented retention.
How long does a full server restore take?
Depends on data size, restore destination, and architecture. A 500 GB server restored from local immutable storage to existing hardware: 1 to 4 hours. Restored from cloud to fresh hardware: 4 to 24 hours. Restored to a brand new cloud virtual machine with no pre-staging: up to a couple of days. We engineer to your stated RTO during the design phase.
Can backups survive a ransomware attack on the domain?
Yes, when designed correctly. Immutable storage (S3 Object Lock, Veeam hardened repository, Datto SIRIS immutable) cannot be deleted or encrypted even with full administrator credentials. Combined with separate backup-admin identity and network isolation, this survives the worst-case scenario where the attacker owns everything.
How often do you test restores?
Quarterly for Professional plan clients, monthly for Enterprise. Tests cover both file-level restores (specific items) and full system restores (failover to a sandbox environment). Test results are documented and provided as evidence for cyber insurance and audit questionnaires.
Is data stored in Canada?
Yes when required. We default to Canadian regions (Veeam Canada, AWS ca-central, Azure Canada Central) for PIPEDA, BC's Personal Information Protection Act (PIPA), and FINTRAC-regulated clients. Cross-border storage is available for clients with no residency requirements at a lower price point.
What does this typically cost?
Bundled into our managed-IT plans on Professional and Enterprise tiers. Standalone backup-as-a-service is available as a separate engagement and quoted on a per-environment basis. We provide a fixed-price quote after a one-week discovery.
Ready to talk?
A Hexafusion consultant will review your environment and respond within one business day with a scoped proposal.
Request a free assessmentRelated services
Managed IT VancouverCybersecurity VancouverIT ConsultingCloud ServicesMicrosoft 365Google WorkspaceNetwork SupportIT Supplier / Dell
Service areas across Metro Vancouver
Related Hexafusion resources
Deep-dive pages on the cybersecurity and compliance topics referenced above.