If you don't have at least 2 copies of your backup does your backup even exist?
Cloud backup is great, I use it for my computers and servers every day so I know that my data is backed up to an offsite location in the event of a disaster or issue with any of these devices or services.
Having a backup stored in a single cloud storage solution is better than not having one but it's not full proof. There is still a single point of failure with your data backup.
I highly recommend replicating your data between multiple cloud providers. You could use the same provider with multiple regions but it kind of defeats the point in my opinion.
Why replicate your backup?
Let's assume worst case scenario. Your server has been compromised at root level. Your backups are configured to go into an S3 compatible bucket and s3cmd is configured on your server to send the backups into the bucket. This would mean root level access would allow access to s3cmd meaning your bucket could also be compromised. Data could easily be retrieved or even deleted with a simple command.
What's the solution?
Literally...backup your backups. Here is my preferred process which involves 2 scripts and 4 cloud providers...
For all devices, I send my daily backup into a Wasabi storage bucket. Then after it completes I have an rclone script that runs on a separate management server to copy any new data in that bucket over to Backblaze B2, Amazon AWS, and finally Azure Storage.
After all the scripts have run and the replications are complete I now have a fully replicated backup set across 4 different providers in completely different locations.
It's really simple to setup. All you need is s3cmd installed on your server that's sending the backup into Wasabi and another server (VPS from DigitalOcean) with rclone installed to replicate the data to the other cloud providers.
Note: using rclone will consume bandwidth on the server that runs the rclone script so please keep this in mind when planning your backup.
Assuming you already have your backup scripts configured with a zip/tar/tar.gz compressed backup archive ready to go into the cloud and s3cmd setup for Wasabi, simply sync it to Wasabi with the command below. Adjust the command accordingly to match your file.
s3cmd -r sync /backup/2019-09-26_Server6_backup.tar.gz s3://backup-bucket/db_backups/Server6
Now that you've uploaded the initial backup to Wasabi you can jump over to your management server and start to replicate the backup to other cloud providers (assuming you've already configured rclone for your chosen cloud providers) using the command below.
rclone copy wasabi:backup-bucket s3:backup-bucket rclone copy wasabi:backup-bucket b2:backup-bucket rclone copy wasabi:backup-bucket azure:backup-bucket
This command will look for any modified or new files and copy them over. Anything unchanged will be ignored. Once the script has complete successfully your data will exist on 4 different cloud provider storage platforms.
What are the costs?
The only fees you should encounter are storage fees. One of the main reasons I use Wasabi is because of their free egress transfers unlike the other providers (AWS, B2 and Azure) which only allow free ingress bandwidth at the moment. You will incur transfer fees if you download your data from any of the providers mentioned other than Wasabi.
Let's assume we are consuming 1TB of storage on each provider to work out some rough monthly fees.
| Provider | Cost per GB | Cost for 1TB | |--------------|----------------|-----------------| | Wasabi | $0.0059 | $5.99 | | Backblaze B2 | $0.005 | $5.12 | | Amazon S3 | $0.023 | $23.55 | | Azure | $0.0105 | $10.75 | |--------------|----------------|-----------------| | Totals: | $45.41 |
As you can see it's a fairly cheap solution considering you're technically storing 4TB of data!
- This only covers file and folder backups. If you are looking to backup system state, bare metal, etc then you should look at a cloud backup solution.
- Always encrypt your backups at the client side before sending them outside of your server.
- Never make your backup bucket public for any reason.
- Read up on each of the providers additional fees. E.g. Wasabi charges for deleting files if they have not been in the platform for 90 days which is perfect for this type of strategy.