The 3-2-1 Rule
The foundation of any backup strategy:
- 3 copies of your data
- 2 different storage media
- 1 copy offsite
This protects against hardware failure, ransomware, fire, theft, and most disasters.
Types of Backups
Full backup: Complete copy of everything. Large but simple to restore.
Incremental backup: Only changes since last backup. Fast and small, but restore requires all increments.
Snapshot: Point-in-time copy. Great for quick recovery, but not a replacement for offsite backups.
What to Back Up
- Databases: Daily dumps, WAL archiving for point-in-time recovery
- Configuration: Version control everything in Git
- User data: Critical - regular backups with long retention
- Application state: Depends on your architecture
Document what's backed up and what isn't.
Backup Tools
For files: restic or borg - deduplicated, encrypted backups.
For databases: Native tools (pg_dump, mysqldump) plus WAL archiving.
For VMs: Proxmox Backup Server, Veeam, or snapshot-based solutions.
For cloud: Built-in snapshots plus offsite copies.
Testing Your Backups
Test regularly - monthly at minimum:
1. Pick a random backup
2. Restore it to a test environment
3. Verify the data is complete and correct
4. Document the restore time
If you haven't tested a restore, assume your backups are broken.
Ransomware Protection
Ransomware targets backups. Protect them:
- Immutable backups: Cannot be modified or deleted
- Air-gapped copies: Physically disconnected storage
- Separate credentials: Backup system has its own auth
- Delayed deletion: Retention policies that outlast attacks