My Offsite Backup - March 2023

CaffeineFueled

2023/03/13

mob-2303-setup-1.jpg

While I was on a business trip the other day, I thought about a scenario in which my home would burn down or get robbed. A simple but essential question emerged:

What could I recover?

I already saved backups in the cloud, but I figured that I could not recover my data from it without my private laptop (which I had not with me this time).

At this point, I knew I had to change some things to ensure that my important data was properly backed up.

The goal

Having a disaster recovery strategy for my most important data that is easy to maintain.

The offline backup should be stored offsite in a secure and trustworthy location. The data must be saved on at least two mediums to reduce the risk of data loss due to hardware failure. The data must be encrypted to secure my data in case of theft. The case should be easily transported and protect the mediums against common risks like shock and water. The frequency of the offsite backup should be around every 1-2 weeks.

For more information, please visit my backup guide.

One of the main things to consider is: I must be able to recover everything with just this one offsite backup.

The data

I am currently aggregating a ton of data to a local server to make future backups easier. It is spread over multiple devices, which can be a pain in the ass.

For now I only backup important data which can be subdivided further into ‘frequently’ and ‘rarely’ used or changed.

Some examples of frequently used data would be: SSH & PGP keys, password & 2FA database, configuration files, notes, and so on.

Some examples of rarely used data would be family photos & videos, ebooks, documents, and so on.

At this point, the frequently used data is around 10GB, and the rarely used data is around 90GB. This will increase by a factor of two or three after I get everything sorted and stored in one place.

The Strategy

I’ve decided to use a rotational system in which I have two identical cases with storage mediums for the backups. With this setup, I can do the backups at home and switch this case with the recently done backups with the offsite backup and rotate like this repeatedly. It is more expansive, but saves a lot of time, brings more comfort, and even adds more resilience.

I won’t go into detail on what location I have chosen for my offsite backup, but I can say that I’ve found someone so kind as to store it for a couple of beers a month.

The hardware

mob-2303-setup-1.jpg

Case:
waterproof and shock-resistant case
cable tie, to keep case closed in case of a fall
seal sticker with ID, makes sure that I know if the case was opened at the offsite location
Content:
1TB HDD in an anti-static bag and silica dehumidifier bags
128GB USB Stick
YubiKey (MFA)

The seal sticker can be removed without any residues, and a re-applied seal looks like this:

mob-2303-seal.jpg

Upcoming Improvements

The software

I am already using borg for my cloud backups, so I’ve also decided to use it for my offsite backups. I can encrypt my data, recover everything or single files only, save space, and can automate many things.

I will write about it in a separate blog post and link it here as soon as I have everything set up correctly. It works for now, but it isn’t pretty.

Upcoming Improvements

The routine

mob-2303-routine.jpg

So, there’s currently no routine. I’ve printed a template where I document backups with the case number, seal ID, changes I’ve made, and so on.

Backups and tests are done manually. It takes some time, but I can make sure that everything works and I will change it in the future.

Upcoming Improvements

Conclusion

This backup strategy is relatively new and not battle-tested, but at this point I am happy with it. I can tell you that I sleep better!

I am going to modify the strategy over time and give you all an update every couple of months.




Most recent Articles:
  • Dummy IP & MAC Addresses for Documentation & Sanitization
  • Deploying ISSO Commenting System for Static Content using Docker
  • Generate a Vanity v3 Hidden Service Onion Address with mkp224o
  • ssh-audit Primer - Audit your SSH Server
  • mtr - More Detailed Traceroute - Network Troubleshooting