The 3-2-1 Rule of Backups

At least 3 copies stored on 2 different media with at least 1 copy stored offsite

3 copies: Because there’s Murphy’s Law.  Because when you have that sinking feeling accompanying that accidental erase, the last thing you need is to find that your backup is corrupt.  Because backup archives can be complicated and their validation can be tricky.  If it’s important keep 3 copies.

2 media: Storing your backup on the same hard drive as your production data should not happen.  Make sure you don’t have a single point of failure.

1 copy offsite:  Larger environmental failures such as fires or flooding do happen.  Chances are your data is worth a lot more than the server that houses it.  Keep at last one copy offsite.

Here is an examples of how we meet the 3-2-1 rule with a customer:

  • Company A has two VMWare servers with direct attached storage.  They have one virtualized Exchange server and one virtualized file server
    • Veeam is used to replicate machines between the the two VMWare servers.
    • Radish Networks manages two VPS servers that are connected to Company A through a site-to-site VPN.  The two VPS servers are a file server and Exchange server.  The Exchange servers are part of a database availability group (DAG) and the file servers are part of a DFS replication group.  Radish Networks backs up their Exchange server and file server using VMWare image backups to their offsite server.
    • Radish Networks has provided a customer premises backup storage appliance to house archive data.  This appliance uses de-duplication to hold backup files created over a one year span.

Disaster recovery is maintained with a high degree of availability with the offsite DFS replica and offsite DAG member.  Veeam is used to replicate full machine images locally every 15 minutes which it can easily do on a gigabit network.  They have two VM hosts with distinct storage so they can have a 15 minute RPO and RTO should one of their VM hosts fail.  Archive backups are available at the customer premises thanks to our backup storage appliance.  In case you’re wondering, archive backups are for situations like, “I can’t find my spreadsheet which I only use once a year.  The last time I remember using it was eight months ago.”  The only way to protect from that situation is to have a backup from eight months ago which is where our dedup-ing backup appliances really shine.

I want to reiterate this just to make I’ve made the point clear:  Disaster recovery with offsite DFS/DAG, local server image backups with Veeam, and archive backups with a backup storage appliance.  Day-to-day file restores are pulled from the storage appliance or shadow copy.  If a VM host dies then the replicated machine is enabled on the other VM host.  If there is a large environment failure then the data is available from the offsite replicas.

PS: For those purists that say DFS and DAGs don’t count as backups; you’re right which is why we maintain an offsite backup for every VM we host.  Even if it’s your backup, it is primary data for us so we back it up.