Help On TrueNAS Redundancy / Backup Strategy

[heatvent]

I have a TrueNAS server with 8 4tb WD NAS drives. Currently, I have my main pool (TANK) in a RadZ2 with 5 4TB drives and a second pool (BACKUP) using the other 3 drives in a RaidZ1. Wondering if this setup makes sense. BACKUP is a bit smaller and is used to replicate TANK. As of now, BACKUP is large enough to replicate TANK in full. TANK is about 10TB with less than 4TB used. BACKUP is 6TB with less than 4TB used. Few setups I can think of are:

1. Leave as is - This will work fine for now but I will need to increase the drive sizes is I fill up BACKUP. This the reason for the question because at some point something will likely need to change.

2. Two Identical Pools - Both TANK and BACKUP are in RAIDZ1 and TANK is replicated to backup. What I like about this is TANK/BACKUP are the same size. I still have redundancy where I don't have an issue unless 2 or more drives in each pool at the same time.

3. RAIDZ2 TANK Pool and Striped BACKUP Pool - TANK stays in RAIDZ2 with 5 drives and I use the other 3 drives striped for BACKUP. This gives about the same size in both. If a drive fails in BACKUP, I have to replace and still have redundancy in TANK.

I realize it somewhat boils down how many belts and suspenders you want to wear. But for an average home user (critical data mostly being digital photos), just looking for some thoughts as to whether this makes sense for an onsite backup (assuming any critical data is already backed up offsite).

Thanks!

 

[Constantin]

FWIW, I'd consider a air-gapped external backup solution instead. Keep all the drives in one enclosure and a single event can wipe them all out.

Instead, I'd consider a external solution with the option to carry the drives offsite as part of remote backup rotation strategy (esp. if you don't have a live connection to the remote NAS). Even if you have remote storage, I'd still keep an air-gapped local backup. Snapshots and so on may get compromised by some unforeseen bug / exploit. Anything live attached to the machine may similarly be cooked, so only something air-gapped will provide the redundancy you'd be looking for.

 

[heatvent]

I guess, in that case, I could offline the drives and eject them in the drive trays and put back them in occasionally to back up. Probably better than trying to rig up an additional piece of hardware. I don't really have an offsite spot that I go to frequently except work and probably should be leaving my personal drives / data at the office. In this scenario, I suppose just striping the drives is fine since they would be off most of the time? Something to think about.

 

[Constantin]

An encrypted drive at work is likely still more secure than a encrypted folder in the cloud. Usually at work, there is a minimum expectation of privacy, the drive can stay in a locker / office, and as long as it doesn't get attached to the local network, no one would even know about it. The drive is air-gapped and off-site, backups can be quick.

By contrast, stuff in the cloud is accessible 24/7, putting even more emphasis on the quality of the encryption than for a enclosure being stored at work or a friends house. But, cloud storage is far more accessible and convenient, allowing more frequent backups.

For me, there is a ideal medium where I'd combine off-site, air-gapped storage with online storage. This limits risks associated with ransomware as well as natural disasters.