As a system consultant I often implement solutions for customers in the SMB market.
Working for the SMB market is often more challenging than working for the enterprise market because of the limited financial budget/investment.
I always try to deliver a solution that is as good and secure as for customers of the enterprise market but of course with other and cheaper solutions .
Of course VEEAM is always being used as the software defined backup solution 😊.
For me personally the golden 3-2-1-1-0 rule is one of the most important things to keep in mind when creating a good backup solution for the customer.
More info about that you can read in one of my first posts : 3-2-1-1-0 Golden Backup Rule | Veeam Community Resource Hub
In this post (part 1 of 2 parts) I explain a bit more about implementing the second 1 in the rule – offline backup.
One of the solutions is using rotating USB disks.
This is specifically for backups of VMs and/or backups using agents of physical/cloud objects.
In part 2 I will go much deeper in the solution and explain how it works and what limitations you have to keep in mind.
As already mentioned, often has the customer in the SMB market a limited budget to invest in their backup solution.
That doesn’t mean that the data of this customer is less important than a customer of the enterprise market !!!
Absolutely not, for me as a consultant it’s much more challenging to have a good solution which is more or less secure, stable and good as a solution with a much bigger budget available.
For the offline backup copy I often choose to implement rotating USB disks.
First why?
It’s needed in case of a disaster when the primary backups are not available anymore or in case of ransomware (the primary backups are online and therefore encrypted and not usable anymore).
More in detail :
- The customer already uses 1 or more backup jobs to the primary repository (physical backup server with local storage as primary repository or virtual backup server with iSCSI LUN on a NAS is being used as a good solution)
- As a secondary repository often rotating USB disks are being used
- The USB disks are always 3.5inch 7.200 RPM drives with its own power-supply
- They have a capacity of at least the size of 1x full backup of all objects and 7x incremental backups of all objects and 10% or more reserve
So often we use disks of 8TB and bigger
- I often suggest the customer to invest in 10x disks
Why :
Ransomware can already being installed months ago but not activated in the environment and therefore being present in the backups
Indeed, you can use secure restore before effectively restoring the objects, but it can not always being detected/deleted by the anti-virus applications.
Often a restore of an object of months ago (before the ransomware was installed and so not being infected) can be a solution to this
I suggest to use 3x disks in a weekly rotating scheme
I suggest to use 6x disks in a monthly rotating scheme
I suggest to have 1x disk aside as a spare when a disk is failing to quickly replace it, to keep the current scheme
So, in practice :
Week 1 : disk 1 (weekly rotating)
Week 2 : disk 2 (weekly rotating)
Week 3 : disk 3 (weekly rotating)
Week 4 : disk 4 (monthly rotating)
Week 5 : disk 1 (weekly rotating)
Week 6 : disk 2 (weekly rotating)
Week 7 : disk 3( weekly rotating)
Week 8 : disk 5 (monthly rotating)
Week 9 : disk 1 (weekly rotating)
...
So, we rotate every week (recommended on the same day in the week – more easy to remember and other reasons – see part 2) the disk with a new one of the series.
So, we have on a weekly base a maximum loss of new data of a week, this for 3 weeks.
So, we have on a monthly base a maximum loss of new data of a month, this for 6 months.
Often a customer agrees with this maximum loss in case of a disaster/ransomware.
It’s not a perfect solution but mostly an acceptable solution and much better than often is already implemented and this with a limited financial investment.
Furthermore I suggest always to keep the disks away (except the current one) from the headquarters.
In this way you automatically fulfil also the first 1 in the golden rule – having an offsite backup copy.
At least the backup copy needs ALWAYS being encrypted, because of the removability and easy to get in the wrong hands!
As already mentioned I will go further in this subject in part 2 of this post (coming soon).
Hope you can use this information for customers of your segment.
Regards
Nico