The Best Backup Strategy - Part 2 0f 3

In the previous blog, we have discussed the first part of the backup strategy. This part focused on the assessment stage. In part2, we will go one step further and explain how to plan your backup strategy.

Before we start, there are a couple of concepts I'd like you to keep in mind:

  1. The 3-2-1 backup approach - this approach states that you need to have a total of 3 copies of your backup, of which 2 are local and another 1 offsite. Note that a backup of a backup doesn't count as it's not from the original source and cannot be verified (if the original image was corrupted then its copy will be corrupted as well). For more information on this approach, check the link on the bottom of this article.
  2. CIA - Confidentiality, Integrity and Availability - this concept is taken from the security domain but still applies to our discussion. It means that your data needs to be Confidential by being accessible only to the entities you choose. Integrity means that your backups are not to be tempered with resulting in changes to the data. Lastly, the backups need to be Available for you if and when you need them. Think about this every time you make decisions about permissions, encryption, backup target and ownership.

So, what exactly is the difference between assessment and planning? 

Assessment is the theory part, while planning is the preparation for the actual backup strategy choosing specific products and solutions. In the planning stage, these will be the key areas:


There are many options when it comes to a backup software\solution and each one of them has advantages and disadvantages. Here, I will offer some of the solutions commonly used today by the industry, which are reliable, user-friendly and most importantly are working well (we personally work with them). Here you will need to choose the right product for you by doing some research and comparison. 

  • Veeam - this is probably the market leader. Veeam supports both physical and virtual backups. It fits a wide range of users, starting from a home user with its free "Veeam Agent for Microsoft Windows" and all the way up to an enterprise solution with monitoring and centralisation tools. Veeam will support image level backups with an option for a file level recovery. It will also support scheduling, backup automation and notifications. The recovery process will require the initial image created upon configuration.
  • Shadow Protect (SPX) - this solution is aimed more towards the SMB (small and medium-sized business) and higher. It requires a paid license and will support Physical and virtual host backup. This solution can be controlled centrally using "SPX Shadow Control" and monitored actively and remotely. For the best recovery, it's recommended you would create a recovery image, there is a process for this documented here.
  • Acronis  - another big player in the backup market. It offers solutions for a wide range of users, from home all the way to enterprise and service providers.  Acronis delivers easy, complete and affordable data protection across any environment—virtual, physical, cloud and mobile.
  • Duplicati - mainly built for an online backup so it might be useful for running your offsite backups. The software offers encryption, scheduling and more advanced functions. To configure advanced features it does require some knowledge but you can find lots of help online. Note that this is a free solution in its beta release. Always test recovery.
  • Apple Time Machine - for the Apple users, this function is built in and works quite well. Easy to set up and maintain. The functionality is basic but works quite well. This solution is aimed at the home user or small home office. 
  • VMware data protection -  vSphere Data Protection is a backup and recovery solution designed for vSphere environments. Powered by EMC Avamar, it provides agentless, image-level virtual-machine backups to disk. It also provides application-aware protection for business-critical Microsoft applications (such as Exchange, SQL Server and SharePoint) along with WAN-efficient, encrypted backup data replication. vSphere Data Protection is fully integrated with vCenter Server and vSphere Web Client. This solution is common in the large-scale - enterprise. 

Backup Target

Choosing your backup target is crucial. When performing a backup, you want to avoid a single point of failure. Storage becomes cheaper every day and it allows us, the end users, to have much more flexibility and capacity. Not long ago, some of those options used to be out of our reach due to high costs and high learning curve. The most common options for a backup target:

  • External USB drive - for a home user, this will still be the most common media. It's a simple, cheap plug and play device that does the job. The downside is that it offers no redundancy and the performance is limited so if you store really big backups, this might not be the right solution for you. Note that you can find many ragged options so if you take your backups with you, definitely use a ragged one. 
  • NAS (network attached storage) - this would be probably your best choice. This is kind of "one size fits all". A NAS can include one or more drives. If you decided to get a NAS, do yourself a favour and get at least 4 bay NAS, this way you can get redundancy in RAID 1 and 5 and eliminate a single point of failure. NAS will also have much better performance as there are more drives working at the same time, resulting in higher read and write speeds. Recent developments have also allowed the NAS to support SSD's and SSD cache modules to increase performance even further. Some NAS models can even act as servers allowing you to virtualise servers and other hosts. The most common to use would be QNAP and Synology. There are many comparisons online, we personally prefer QNAP.
  • Fireproof\waterproof Storage (ioSafe) - this company manufactures both USB drives and NAS appliances powered by Synology DSM. The main advantage is that this storage is water and fireproof. This would be a great secondary backup target as part of your DR(disaster recovery) strategy.
  • SAN - SAN operates on a fibre channel. Normally, SAN would aggregate a number of local storage devices into one and will be directly attached as a local storage (SCSI). This solution is used in large-enterprise scale companies due to implementation and maintenance costs.
  • Cloud - cloud storage is a very affordable and reliable storage. There are many options like AWS, Google Drive, Dropbox, Microsoft OneDrive, Azure and more. Use cloud storage as an offsite backup option. The performance will highly depend on your WAN connection so this solution performance may vary. When backing up to cloud always remember to encrypt your data to secure it as much as possible.
  • Tape drives - if you can, please avoid using these targets. The tape is still being used but for a home or SMB use, I would avoid going with this option. I know some people may argue otherwise but I personally avoid them unless there is a very specific reason to use them.

Type of backup

Choosing the type of your backup is a very important consideration. This depends on the available capacity you have, the rate of changes to your data and your future recovery strategy. Where possible, always enable the VSS (Volume Shadow Copy Service) to allow backing up files in use avoiding errors or locked files. Backup type breaks into 3 main categories:

1. Image level backup - is a barebone backup of your device used for recovery from scratch. This is a must for a proper business continuity plan. This includes the data and the settings. You can create hardware independent image if you want the option to recover to another hardware in the future. Make sure this option is available with your backup solution.

  • Full - includes all your data. It's not practical for everyday backup. It is mostly used as the first backup in the series.
  • Incremental - includes all the changes since the last backup. This option saves on space, but the recovery process becomes longer as it requires the full image plus each one of the incremental images to the required point in time.
  • Differential - this backup includes all the changes since the last full backup. It is a better option for fast recovery but requires more capacity to store the images.
  • Active Full - this is normally being done to assure the integrity of your backup series. This will run a full backup at designated points in time according to the schedule. This backup will not act as part of a series so incremental and differentials will not be affected by it. Note, this will require the same amount of capacity as a regular full backup.

2. File Level backup - this level of backup will be mostly used by home users or other specific cases where the operating system has a little importance. This will backup files only.

  • Full - includes a full set of all your files in your chosen source directory.
  • Changes only - will include all the files which were modified since the last backup. 

3. Settings level backups - this level will backup the system state and all related settings. Your personal data will stay untouched. This is normally a useful type of backup to do before wide system changes and firmware and software upgrades.

  • Snapshots - snapshots take the machine back in time to precisely how it was. They are the equivalent to taking an incremental image backup without being part of a chain of backups.
  • Restore-points - helps you restore your computer's system files to an earlier point in time. It's a way to undo system changes to your computer without affecting your personal files, such as email, documents, or photos. It's designed to take the system state back not to roll back the entire system.
  • System state - will backup system settings only.

4. Other backup types and solutions - there are specific backup types for a specific solution on which I will not extend in this blog. Some of them include: 

  • Database
  • Exchange
  • Sharepoint
  • Etc...


Backup Retention

Retention policy defines the timeframe of the option to recover your backups to. This can be set up to any timeframe as long as you have made the right calculation to sustain it in terms of capacity. There are two key factors you should take into account to estimate the required capacity. The first is what is the data change rate and the second is the length of the required retention.

To calculate your required estimated capacity, you can use the following tool.


Backup Permissions and other consideration

  • Always create a service user for backup purposes. Never give the backup full administrative rights to avoid security and other access issues.
  • Place your backup device when possible away from water and hot places. Storage devices can easily overheat.
  • Keep your encryption keys in a safe place. Do not lose them. Recovering encryption keys will be impossible. 


To be continued in part 3