Zane Bartlett


Intro #

I implement a full 3-2-1 backup system that's fully encrypted, only spending the cost of hard drives and cloud storage. It's as close to FOSS as you can get without having to host your own server.

Notes #

Backup 1 #

I use my personal desktop as the first place there’s a full backup for anything I care about. This way my first layer of backups I just worry about having enough storage on my computer. I use Syncthing as mentioned above to get anything from any device synced to my computer.

Backup 2 #

Different medium #

I use Deja Dup (also referred to as simply “backups” on system applications usually) to automatically back up to an external hard drive nightly

This was the easiest way to set up backups. Also, this app does actually come by default, but I had never heard of it, you might already have it on your system! Lastly, while I did kind of have to fight with this application, it is still the best I could find (FOSS anyway, if you want to pay for something/are okay with proprietary, there might be better options) and once I got through those problems, I haven’t had to worry about it.

Backup 3 #

it’s offsite, and is a different medium #

Then I have a cloud storage system. I use Pcloud, but really most will work as long as they can be pointed at a folder in your file system to stay in sync and can do a rewind. The rewind is important to keeping it a true backup. If you don't have a rewind feature, then if you were to experience data loss, that would be copied over to your cloud storage. Pcloud has an up to 30 day rewind function, down to the hour.

Restore every 6 six months #

Backups are only as valid as their ability to be restored #

Then, every six months I’ll restore from my cloud backup to a fourth external hard drive. I installed VeraCrypt on this one, and restore directly into a vault when I do my restores. This is only necessary if you're wanting to keep everything encrypted at every step. This provides me with a 4th backup that's air gapped, but that’s honestly just overkill. The reason to do it on a different hard drive is just so you don’t have to unplug or fiddle with your one that’s always plugged in. If you’re not doing restores, you’re not really checking that you know you have backups. Then, when I’m done with the restore, I unplug the hard drive. This provides me with a single, air gapped, back up. I keep two full copies here. So, short of someone waiting a year to encrypt all my files for ransomware, I can lose at most, 6 months of data. Still a lot, but not the important stuff. Technically this is referred to as 3-2-1-1-0, 3 copies, 2 mediums, 1 offsite, 1 air gapped, 0 errors. Although the 0 errors is a bit of a stretch since the verify process of restoring is weak and in-frequent.

Conclusion #

While I think this is a bit much to have to do to set up, the overall experience once it is set up is very easy. The only time I spend after I've set this up is if I need to buy more hard drive storage or cloud storage, and then whatever time it takes to verify a restore. A product idea would be something that's basically just a raspberry pi with syncthing, Deja Dup, and the ability to read your OS and automatically backup to other devices, you could automate basically all of this. You'd have what is basically a hard drive you plug in, a window would pop up, ask you what folders you want to back up (which is handled by Deja Dup), and if you want to connect any off site backups, which would be handled by syncthing.