good ways to store backups

[flashiling]

Hey again people.

so i've been tasked with trying to aquire knowledge about backups and a good way to do a full backup of all of our data.
the plan is to run freenas on the backup and equip it with raid 6 and 34TB storage with the seagate enterprice v5.

i've researched a little and heard of something called a three way backup where you have the daily backup and a full backup 3 different places, one on the network one on the console and one on the storage server that we're trying to aquire.

So question is.
how secure is such a method and if you are a data backup wizard with secrets in your beard what tweaks would be good.
or if the concept i mentioned above is garbage what would be a good way to make sure that we can get the data secured?

thanks for your time and apologies if some information is lacking or explanation seems odd i'm still learning.

 

[JohnDigital]

Nightly incremental (or several daily) rsync over ssh backups to an offsite location with nightly snapshots, keeping a weeks worth of recursive snapshots or more on both machines is how we do it. Youll want to set up certificates for the SSH connection and run on a non standard port for added security. Im not claiming its the absolute best way, but its direct and does what we need. Other than the IPs, Names and Location these two servers are identical Dell Servers. Both have RAIDZ3 arrays to protect from multiple drive failure. Both have several master config backups, and run bi-monthly short SMART tests and monthly long SMART tests on all drives. Initially this offsite machine we had locally while the data was copied, then when everything was configured and ready we moved it to an offsite location to protect from fire/theft/flood/torcanos etc.. The weeks worth, or more, of snapshots protect against a malware/ransom/accidental deletion etc... The nightly rsync then only copies files that are new or modified each day, deleting missing files, keeping a mirror copy of the main server in an undisclosed "secure" location. So on any given morning we could move the "backup" into production by changing the Name and IP (and physically transporting it to the main location) or by simply uploading a saved config from the main server and rebooting it. You could go a step further and have a third machine, and a fourth, fifth, sixth... in the chain, automatically creating as many backups as you need each night or 20 times per day if thats your level of need. One on each coast, one in a different country, etc.. The problem with this is expense as you need a machine and drives, fast internet, control of the firewall/routing, electricity at each location. If your files you are backing up are huge in size or quantity this all might be a problem too... We are only transferring a few hundred MB up to a GB each night of mission critical files and Sarahs ever evolving iTunes Library.. This is certainly secure enough for us, but YMMV. I could certainly see having a third machine in line just in case, maybe that is off at all other times except when receiving the backup. You might be able to get away with a bi-weekly or even monthly schedule on the third machine.

Let me know if I can help further.

 

[flashiling]

Let me know if I can help further.

you've been a massive help.
our backup is going to be roughly 1.5TB and we back it up often and delete old copies fast since we work with personal data and people who are in debt. Because of that we aren't allowed to store unencrypted/encrypted data for very long in case we get attacked by people with bad intentions, since some of the information we store is considered "hyper sensetive".
we've gotten gigabit to our datacentre which is away from the main building.
i've read up on something called 3-2-1 backup rule that i'm looking to implement with some encryption.
Problem is that noone in the office is experienced with encryption

 

[JohnDigital]

Freenas handles encryption, I know that. But I personally have never needed to use it. I've seen it in the manual before though and should be easy enough to implement.

 

[garm]

Sins there is liability involved and regulatory requirements I suggest you do not deploy a “home grown” system but call iX and discuss your needs.

 

[flashiling]

Sins there is liability involved and regulatory requirements I suggest you do not deploy a “home grown” system but call iX and discuss your needs.

we aren't building ouer own system i contacted a supermicro retailer in denmark and had him deliver some prices for me and my boss to look at.

 

[garm]

I didn’t say “server”, the “system” is your application as a whole, OS, hardware, workflow, policies and documentation.

 

[flashiling]

oh. my bad :)
yes i think we will end up call/message for some help if we can't seem to figure it out.
though i belive it will be our networking guy who will do the configurations, and he's got some experience