Hi all,
I am currently reviewing my backup strategy, and I am not sure if it is OK or not. I also suspect myself to be over-thinking it. Would someone help me to review this strategy and challenge it?
Local setup
Not required: “high availability”. That's all for home use only. This includes valuable data for sure, but recovery can wait a few days if required.
Backup strategy:
Remarks / Questions:
Looking forward to read your comments!
I am currently reviewing my backup strategy, and I am not sure if it is OK or not. I also suspect myself to be over-thinking it. Would someone help me to review this strategy and challenge it?
Local setup
- Several “clients” to back-up: Windows, MacOS, iOS, Android. Both local and remote.
- DS920+ with 3*4Tb, Raid 5 configuration. “Production device”.
- External 4To USB disk, permanently plugged to the DS920+.
- DS115J for off-site backups (at my sister’s home), and for local Time Machine backups (sister’s Apple devices).
- Cold DS115 (but functional, could run if needed)
Threat | Mitigation strategy |
Theft | Kensington locks...well, better than nothing. |
Fire / Other destructive events | See backup strategy hereunder |
Disk failure (up to one) | RAID 5 configuration |
Client failure (PC, Mac, Android, iOS, …) | Using ABB, Time Machine, Moments |
Ransomware or other file corruption problem | See backup strategy hereunder |
Not required: “high availability”. That's all for home use only. This includes valuable data for sure, but recovery can wait a few days if required.
Backup strategy:
- Daily backups:
- Local and remote devices to DS920+ using ABB, TimeMachine and Moments. (Remark: not using Drive’s backup service for now. Should I?).
- DS920+ to external USB disk, using HB. Includes all folders and applications.
- Weekly backups:
- DS920+ to off-site DS115j with HB : all folders and applications.
- Off-site DS115j to local DS920+ with HB : sister's off-site Time Machine folder only.
Remarks / Questions:
- Most of my important documents are stored on Drive, using Team folders. It allows me to keep them synced between several devices. I consider them as safe thank's to the HB back-ups. Is that right?
- All backups are encrypted (in case of theft). Encryption keys are kept securely, including off-site (in case of fire or other destructive event).
- Biggest question mark for me is Ransomware mitigation: does the above-mentioned strategy protect me against that threat? I am not sure how they function, and Synology’s last video on that topic did not convince me completely. The question is: are HB-backups ransom-proof? Considering all my back-up devices are permanently hot (somehow connected to the internet), I am not sure to be fully protected. If a well designed ransomware would attack my DS920, couldn’t it spread to all my back-up disks and lock them too? How can I avoid that?
I understand Snapshots would be the way to go, but the older DSs are not able to handle them. I could consider a C2 subscription, but I would prefer not if that's possible. Is HB really ransom-proof?
Looking forward to read your comments!