Good Backup Strategy for Home Use

ninjai

Explorer
Joined
Apr 6, 2015
Messages
98
Hi,

Right now I'm using an external USB disk for backup (ZFS replication), but once in a while if there are power interruptions the pool sees corruption. I was wondering if there is any better alternative than building a whole separate NAS. Yes, my personal data is precious to me, but surely there's a better more cost-effective solution.

One thing I was wondering about was eSATA. Can I connect a disk externally with eSATA? Would that be acceptable? If not, I'm 100% out of SATA ports on my motherboard, and I have 1 or 2 2.5" bays in my case I could use... but I'd need some kind of PCIe SATA card.

Preferably I'd like an external solution so I can pull the drive off if there's a fire or something and run with it :).
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
I was wondering if there is any better alternative than building a whole separate NAS.
I don't think there's a "better" option than this, if "better" refers to resilience--even better if you have the backup server offsite somewhere. I think the most common answer, though, is to use one of the cloud sync options.
 
Joined
Oct 22, 2019
Messages
3,579
How you're doing it with an external USB drive may in fact be the "best" option for you, if it means you're going to actually backup everything and be conscious of it. The most expensive, super duper, sophisticated idea is inferior to a simple USB drive if you never end up using it or perpetually put it on hold!

An aside, you don't have your server plugged into an UPS unit?
 
Last edited:

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Preferably I'd like an external solution so I can pull the drive off if there's a fire or something and run with it :).

First, that is not advisable... Once the fire is confirm, you run away and the only thing that could hold you back would be a person in need because he / she can not escape by him / herself. Also, this is possible only if you are onsite at the moment, that the fire did not started wherever the backups are, ... A lot of points for not relying on something like this... You have time and resources ahead of the catastrophe, so better to design and do something that will be appropriate for it.

As @danb35 mentioned, cloud storage is a common solution for those who do not have a second NAS. Such a solution is exposed to risks that are completely different than the ones existing against the primary server. For most cases, that copy should survive.

The limitation here is the sync mechanism itself. Should something goes wrong with the sync mechanism, a single failure can compromise both copies or be detected only at the moment you rely on your second copy to restore it.

As for me, my backup strategy is the 3 copies rule explained in my signature. I also do restore tests at least once a year and should the restore fail, I fix it and re-test it mid-year. Remember that a backup is as good as non-existent until it has been restored. So do not limit yourself to taking backups. Restore them also.
 

kiriak

Contributor
Joined
Mar 2, 2020
Messages
122
for a home user the usb (or eSATA) way is very convenient, because of the following reasons:

1. a 2nd server is many times impossible especially for those that live in an apartment like me
2. a 2nd server would ideally be placed somewhere else (otherwise you still need another offsite backup)
3. many of us don't want cloud (my data are well below 1 TB, if I has to backup them on the cloud, they would be already there)

I'm experimenting with FreeNAS and trying to find an alternative to my 2 disk Synology.

I'm thinking of the following backup stategy:

Snapshots replication to 2 different ext HDDs that will keep in my workplace (GELI encrypted) that will bring home alternately every other week, just for the snapshot repication
A 3rd backup taken with a window or linux app on my desktop PC, taken every 3-4 months to another HDD (again encrypted - bitlock or LUKS ) just in case there will be a problem with both of the other 2 ext HDDs with the snapshots

I'm looking to find any problems with this procedure.
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
1. a 2nd server is many times impossible especially for those that live in an apartment like me

No reason for a second server to be more difficult to do from an apartment, a condo, a house or anywhere else...

2. a 2nd server would ideally be placed somewhere else (otherwise you still need another offsite backup)

Indeed, like mine which is at my father's place...

3. many of us don't want cloud (my data are well below 1 TB, if I has to backup them on the cloud, they would be already there)

Why not ? All you need to do is to encrypt them before sending them. That way, the cloud provider will have no clue what your data are, no clue when you access them, where you are when accessing them and more. There is a gigantic difference between putting your backup in the cloud versus working your live data from the cloud.

Snapshots replication to 2 different ext HDDs that will keep in my workplace (GELI encrypted) that will bring home alternately every other week, just for the snapshot repication

So neither of these will offer any redundancy. Also, physically moving the drives all the time will greatly increase the risk of damaging / loosing them. Physical transportation represents a lot of vibration, shocks and more.

A 3rd backup taken with a window or linux app on my desktop PC, taken every 3-4 months to another HDD (again encrypted - bitlock or LUKS ) just in case there will be a problem with both of the other 2 ext HDDs with the snapshots

That one being on a live system next to the original copy, it would be easy to do that backup at a much higher frequency so you gain a much more precise backup.

Also, the disk-level encryption would be of little use because that PC will be running most of the time. As such, the partition will be decrypted and accessible most of the time.

I'm looking to find any problems with this procedure.

I trust that you understand the many problems I exposed you here....

So for you, I would recommend :
For your second copy (online but offsite)
--An offsite server at a friend or family member place
or
--A cloud-based storage where you would send your data encrypted from FreeNAS

For your third copy (offline, either onsite or not)
--Sync to drives you power on and off when needed, using a workstation you have on site.

Also, remember that whatever solution you select, a backup does not worth anything until it has been restored successfully. So whatever you will do as a backup, ensure to test your restore procedure.

Good luck designing your solution,
 

kiriak

Contributor
Joined
Mar 2, 2020
Messages
122
Thanks for your spot-on comments.
I understand your point and your recommendations
(except for this about apartment and a 2nd server :D as I'm struggling to find room for a mini tower case to replace my small synology box that sits in a shelf.
Maybe the 2nd server can be something in the form of an odroid or similar and rsync to it from the FreeNAS -
but again as a newbie I find it easier to replicate snaphots to a HDD)
Snapshot replication to another server in another place requires some reading from me and maybe additional H/W in the other place (a better router? I'm not sure).

Thanks again for the recommendations, and for your time. I'll consider these and look how to improve my backup routine.
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
I find it easier to replicate snaphots to a HDD

The only way to replicate a snapshot is using ZFS send - receive, so you need to do that towards a second server that is handling ZFS just like FreeNAS.

(except for this about apartment and a 2nd server :D as I'm struggling to find room for a mini tower case to replace my small synology box that sits in a shelf.

Then ask a friend or a family member to deploy that second server at their own place. That way, your second copy will be offsite, so protected against physical threats. Also, if you sync that one with something like rsync, a raspberry pi may be enough on the receiving end. You connect a few drives to it, create a raid structure with Linux native' raiding solution, you secure the link between the 2 servers with SSH and voilà...

a better router? I'm not sure).

Not impossible but most routers can do port forwarding, so you should be good. The router itself will forward the port from everyone, including all the attackers over the Internet. So on the server, use something like iptables, the firewall that is built in Linux, and allow only from your legitimate IP.

Good luck with your setup,
 

kiriak

Contributor
Joined
Mar 2, 2020
Messages
122
The only way to replicate a snapshot is using ZFS send - receive, so you need to do that towards a second server that is handling ZFS just like FreeNAS.

In my tests I used a USB HDD that created as a pool, imported, scheduled snapshot replication to it, did it and exported it.
I haven't yet tried to restore or read the data form it. I want to find another pc to boot as a temporary FreeNAS just to find how easy I can have my data back in case of destruction or loss of my NAS.

Isn't it considered a replicated snapshot? Sorry for the noob question, I'm very new in this.


Then ask a friend or a family member to deploy that second server at their own place. That way, your second copy will be offsite, so protected against physical threats. Also, if you sync that one with something like rsync, a raspberry pi may be enough on the receiving end. You connect a few drives to it, create a raid structure with Linux native' raiding solution, you secure the link between the 2 servers with SSH and voilà...



Not impossible but most routers can do port forwarding, so you should be good. The router itself will forward the port from everyone, including all the attackers over the Internet. So on the server, use something like iptables, the firewall that is built in Linux, and allow only from your legitimate IP.

Good luck with your setup,

Again I understand your points and that your proposals is the best I could do.

But at first I have to study some things and feel comfortable about some other.
I'd like to avoid port forwarding as my knowledge in securing things behind it is very little and iptables is chinese to me.
In this case I'd prefer to do it via VPN
(my router has a VPN server running, if I could do it with an openVPN client on the other place, it could be the easiest workaround for me, but again I have to do some study).

Thanks again for your help!
 

rmaglin

Cadet
Joined
Feb 19, 2021
Messages
1
I just had a Synology EOL itself and thinking seriously about a Truenas Mini X+ as a replacement. (This is a home user case)
I have checked and have a full backup on an external USB drive. I also have some backup in 'the' cloud.
This backup issue is important to me too, as I would like to do a local backup to an attached USB hard drive.
So...
Is it possible to run a Linux or Windows machine in a VM, on the Truenas, and automate and incremental backup from the VM using a scripted rsync or robocopy respectively.
I assume that the VM would be able to mount an external drive, (tell me if I'm wrong on this) but would the VM be able to access an entire pool (or at least all the contents of the pool) to complete the backup?
I would also like to run several VMs on the Truenas and back them up to the external storage as well.
Am I really setting myself up for big problems with this path, or is it do-able, assuming I can get the scripting dialed in.
Thank you.
 

ChrisRJ

Wizard
Joined
Oct 23, 2020
Messages
1,903
You do not need a Linux VM to run rsync.
 

kiriak

Contributor
Joined
Mar 2, 2020
Messages
122
You can also replicate snapshots to external USB hard drive (Synology cannot do this).
It can be done with GUI and no scripting is needed.
 
Joined
Oct 22, 2019
Messages
3,579
It can be done with GUI and no scripting is needed.
Can you share what options you use in the GUI?

I could never get it to work, since any Replication Task created in the GUI expects to point to an existing Periodic Snapshot Task (or similarly-named snapshot pattern), which defeats the purpose and practicality of occasional manual backups to external USB drives.

So for now I'm using a script, though I prefer to stick to the GUI.
 

kiriak

Contributor
Joined
Mar 2, 2020
Messages
122
Can you share what options you use in the GUI?

I could never get it to work, since any Replication Task created in the GUI expects to point to an existing Periodic Snapshot Task (or similarly-named snapshot pattern), which defeats the purpose and practicality of occasional manual backups to external USB drives.

So for now I'm using a script, though I prefer to stick to the GUI.

I'll look if I can do it.
I'm just a noob withTrueNAS setup on an old PC, trying to get familiar with it before migrate from Synology
 

kiriak

Contributor
Joined
Mar 2, 2020
Messages
122
ok, I have a snapshot replication task, that replicates a dataset and it's snapshots to an external USB disk.
More finetuning of which snaphots will be replicated can be done.

In my case, both source and target datasets are encrypted with the (new encryption method of TrueNAS).

So I turned off the TrueNAS (it's just a test machine), attached the USB HDD, imported it, unlocked the datasets and
manually run the task. It worked fine.

There is a snapshot replication task in the source. I don't know if it is a prerequisite, but then you can have one (even if it runs once every six months).

I'm not sure if this is what you asked, but here are the screenshots.


Screenshot from 2021-02-23 20-36-32.png

Screenshot from 2021-02-23 20-38-35.png


the k300 is the pool of the external HDD drive (an old 300 Gb disk) that is occasionally plugged in.
the kir500 is the main pool (an old 500 gb disk again).
 
Top