97 lines
4.5 KiB
Markdown
97 lines
4.5 KiB
Markdown
# My Offsite Backup - March 2023
|
|
|
|
|
|
|
|
While I was on a business trip the other day, I thought about a scenario in which my home would burn down or get robbed. A simple but essential question emerged:
|
|
|
|
What could I recover?
|
|
|
|
I already saved backups in the cloud, but I figured that I could not recover my data from it without my private laptop (which I had not with me this time).
|
|
|
|
At this point, I knew I had to change some things to ensure that my important data was properly backed up.
|
|
|
|
# The goal
|
|
|
|
Having a disaster recovery strategy for my most important data that is easy to maintain.
|
|
|
|
The **offline backup** should be stored **offsite in a secure and trustworthy location**. The data must be saved on at least **two mediums** to **reduce the risk of data loss due to hardware failure**. The data must be **encrypted** to secure my data in case of theft. **The case** should be easily transported and protect the mediums against common risks like shock and water. The **frequency of the offsite backup** should be around every 1-2 weeks.
|
|
|
|
For more information, please visit my [backup guide](https://ittavern.com/backup-guide/).
|
|
|
|
One of the main things to consider is: **I must be able to recover everything with just this one offsite backup**.
|
|
|
|
# The data
|
|
|
|
I am currently aggregating a ton of data to a local server to make future backups easier. It is spread over multiple devices, which can be a pain in the ass.
|
|
|
|
For now **I only backup important data** which can be subdivided further into '**frequently**' and '**rarely**' used or changed.
|
|
|
|
Some **examples of frequently used data** would be: SSH & PGP keys, password & 2FA database, configuration files, notes, and so on.
|
|
|
|
Some **examples of rarely used data** would be family photos & videos, ebooks, documents, and so on.
|
|
|
|
At this point, the frequently used data is around **10GB**, and the rarely used data is around **90GB**. This will increase by a factor of two or three after I get everything sorted and stored in one place.
|
|
|
|
# The Strategy
|
|
|
|
I've decided to use a **rotational system** in which I have **two identical cases** with storage mediums for the backups. With this setup, I can do the backups at home and switch this case with the recently done backups with the offsite backup and rotate like this repeatedly. It is more expansive, but saves a lot of time, brings more comfort, and even adds more resilience.
|
|
|
|
I won't go into detail on what **location** I have chosen for my offsite backup, but I can say that I've found someone so kind as to store it for a couple of beers a month.
|
|
|
|
# The hardware
|
|
|
|
|
|
|
|
Case:
|
|
: waterproof and shock-resistant **case**
|
|
: **cable tie**, to keep case closed in case of a fall
|
|
: **seal** sticker with ID, makes sure that I know if the case was opened at the offsite location
|
|
|
|
Content:
|
|
: **1TB HDD** in an anti-static bag and silica dehumidifier bags
|
|
: **128GB USB Stick**
|
|
: **YubiKey** (MFA)
|
|
|
|
The seal sticker can be removed without any residues, and a re-applied seal looks like this:
|
|
|
|
|
|
|
|
#### Upcoming Improvements
|
|
|
|
- Swap USB stick with SSD + anti-static bag
|
|
- swap the current case with a fire-proof case
|
|
- add a recovery manual to the case
|
|
|
|
# The software
|
|
|
|
I am already using [borg](https://www.borgbackup.org/) for my cloud backups, so I've also decided to use it for my offsite backups. I can encrypt my data, recover everything or single files only, save space, and can automate many things.
|
|
|
|
I will write about it in a separate blog post and link it here as soon as I have everything set up correctly. It works for now, but it isn't pretty.
|
|
|
|
#### Upcoming Improvements
|
|
|
|
- automate all the things
|
|
- document the process
|
|
|
|
# The routine
|
|
|
|
|
|
|
|
So, there's currently no routine. I've printed a template where I document backups with the case number, seal ID, changes I've made, and so on.
|
|
|
|
Backups and tests are done manually. It takes some time, but I can make sure that everything works and I will change it in the future.
|
|
|
|
#### Upcoming Improvements
|
|
|
|
- combine routine with cloud backups
|
|
- create a better documentation
|
|
- check backups automatically
|
|
- check the health of the hardware
|
|
|
|
# Conclusion
|
|
|
|
This backup strategy is relatively new and not battle-tested, but at this point I am happy with it. I can tell you that I sleep better!
|
|
|
|
I am going to modify the strategy over time and give you all an update every couple of months.
|
|
|
|
---
|