Backup strategy - please critique/help a n00b

[jtd871]

So it's becoming more apparent that my family needs a backup strategy. Currently, we have several portable computers and a dino desktop around the house all connected via LAN/wireless to a small single-disk NAS (0.5TB Iomega Network Hard Drive). Nothing of any irreplaceable personal value is kept on a local machine, except for the wife's computer which is technically owned by her company as she works from home.

I am looking to upgrade to a newer NAS (Syno 2-bay) for both the speedier file transfer and for built-in redundancy. I am thinking about something like the following:

Disk 1 on the new NAS would be the working server drive and primary backup target for recovery images and backup of my wife's computer. Disk 2 would be a backup target for Disk 1 with versioning (Time Backup). Disk 2 would get backed up to an attached USB drive (for portability) and possibly a cloud service such as Glacier.

Anybody see any holes or red flags with this? I'd appreciate any suggestions to make this smoother or find out if this won't work before I make the purchases/commitment.

JTD

 

[stevech]

So it's becoming more apparent that my family needs a backup strategy. Currently, we have several portable computers and a dino desktop around the house all connected via LAN/wireless to a small single-disk NAS (0.5TB Iomega Network Hard Drive). Nothing of any irreplaceable personal value is kept on a local machine, except for the wife's computer which is technically owned by her company as she works from home.

I am looking to upgrade to a newer NAS (Syno 2-bay) for both the speedier file transfer and for built-in redundancy. I am thinking about something like the following:

Disk 1 on the new NAS would be the working server drive and primary backup target for recovery images and backup of my wife's computer. Disk 2 would be a backup target for Disk 1 with versioning (Time Backup). Disk 2 would get backed up to an attached USB drive (for portability) and possibly a cloud service such as Glacier.

Anybody see any holes or red flags with this? I'd appreciate any suggestions to make this smoother or find out if this won't work before I make the purchases/commitment.

JTD

Mine: Synology DS212 (of the day when I bought).
Non-RAID config. Non-SHR.
Drive 1, 2 are volume 1, 2. By intent. Separate file systems.
volume 1 has the shares.
volume 2 has no shares.
volume 1's important shares get time backup (synology utility) to volume 2, every few hours. Keep last 90 days of file versions (This has saved me many times).
Volume 1's important shares get auto-copied to USB3 daily. USB3 out of thieves' sight.

SD card gets VIP folder backup.

Discipline to NOT store good stuff on PCs.
Also use Centered Systems' SecondCopy on some PCs to auto-backup PC to NAS.
And SafeHouse Software encrypted virtual disk for financial and private data. Stored on NAS.

Opinion: on-line backup is too slow, too risky, not useful as backup. Is good for photo sharing.

 

[AcostaJA]

Backup are inteded for Peace of Mind, in this regard, your main action must be aimed at bare storage, so your NAS if a 2 disk unit must be configured as Raid 1, so Disk 0 and disk 1 are mirrors, dont see as Disk 1 is for... and disk 0 is for..., that approach is wrong, forget you have disk 1, disk 0, you only have one disk, a Raid 1 disk, so on this you must create volume to segreate by the kind of data and user.

Most NAS allow timely snapshot image backup to another NAS or an External Unit, this feature is interesting because you keep files deleted on previous vrsion of your storage so you can recover those missed stuff, until the external storae is full, then depending on rules you'll need another external backup or delete older snapshot to make room for newer.

USB3 is fair enough for an external backup, beware cheap USB3 enclosure are unstable, try choose one with UASP feature (no nas need UASP but is a warranty of mature chipset inside and very likely some new pc you will own to have it).

Cloud Backup not as unsafe as some think, of course is as safe as you can rely on a password, if you dont have a LAN MANAGER CULTURE regarding passswords and other network credentials, forget it.

 

[AcostaJA]

Another good Resource is Bitorrent Sync (aka BtSync), with it you can define a folder to be shared and synced among your PCs, Smartphones, Tablet, NAS, so every file is replicated along all the devices sharing this folder.

While still as beta, BtSync is stable enough to be cosidered as safe, and easy to deploy among PC, NAS, Smartphones etc (for deploy on a NAS I suggest you Synology since BtSync is available at SynoComunity repositories so is vry easy to install and update.

 

[AcostaJA]

My personal setup is:

2 Mac, one desktop one laptop, 2 smartphones (an HTC ONE, and a iPhone 4S) and an iPad (I'm single).

1 Nas (Synology DS414slim 4 bay 2.5" Raid6 -doubl disk redundancy).

My Nas act as Allwasys On Backup Unit thru BtSync, I have my Personal *Safe* Folder replicated among all my Pc and my NAS.

Not same with my Mobile Devices wich i use more as Client for my NAS (my personal *safe* folder is shared with my mobile devices but not synced), this because I dont need to carry all this stuff on my mobile devices, and I dont want another BTsync instance, bu I consider Ir.

Cloud Sotrage, I have 65GB at DropBox and same at GDrive, I store there encrypted vrsion of my high value files (which are also replicated at my NAS).

Already I dont deploy a timely snapshot iamge backup since this feature is Inherent to Apple TimeMachine my Desktop have one dedicated NAS-Grade HDD for this, so I dont Need it on my Nas.

 

[stevech]

Cloud Sotrage, I have 65GB at DropBox and same at GDrive, I store there encrypted vrsion of my high value files (which are also replicated at my NAS).

Do you encrypt the folders/files with software independent of the cloud service? So you are more certain that a disgruntled employee can't decrypted your data that they store?
SafeHouse Software - is what I use, for a virtual encrypted drive under my control. I backup to redundant media but don't upload even this to cloud services.

My stock broker, Fidelity, offers free storage. When I looked closely, they like others just front-end Amazon S3. No thanks on that.

 

[AcostaJA]

Do you encrypt the folders/files with software independent of the cloud service? So you are more certain that a disgruntled employee can't decrypted your data that they store?
SafeHouse Software - is what I use, for a virtual encrypted drive under my control. I backup to redundant media but don't upload even this to cloud services.

My stock broker, Fidelity, offers free storage. When I looked closely, they like others just front-end Amazon S3. No thanks on that.

Thrust is an relative question, while services like Dropbox and Gdrive fulfill with IEC standards who knows where the NSA has its hands on. (I don't worry about NSA but my competitors are another question).

On encryption I rely on TrueCrypt (prior abandonment).

 

[AcostaJA]

My stock broker, Fidelity, offers free storage. When I looked closely, they like others just front-end Amazon S3. No thanks on that.

About amazon s3, did you know you can encrypt the OS image running on Its pools ? Actually they offer encrypted storage (but you can do that by yourself), after analizing their especifications and procedures, seems reasonable safe to use S3 as cloud Storage, BTW at leas much safer than GDrive/Dropbox

 

[AcostaJA]

I forget some few 2Disk nas offer eSata, of couse privilegiate eSata over USB3 gor Backups due its SUPERIOR RELIABILITY (SPEED NOT IMPORTANT SINCE BOTH USB3 AND ESATA WILL NEVER SEE 1/4 OF IT BANDWIDTH CONSUMED BY SPINNER DRIVES).

But Since eSata is so stable,not few NAS users favor to use it for Later Storage Expansion, and still use USB3 for backups.

 

[stevech]

About amazon s3, did you know you can encrypt the OS image running on Its pools ? Actually they offer encrypted storage (but you can do that by yourself), after analizing their especifications and procedures, seems reasonable safe to use S3 as cloud Storage, BTW at leas much safer than GDrive/Dropbox

Per me, any service provider on the 'net, in the US and many other countries, keeps decryption means. They have to, in order to answer a court order. It's in the T&C's of the contract fine print.
That's where disgruntled employees and subcontractors go to do data theft or digital vandalism to harm reputations. It's happened this way to OpenDrive, Dropbox and others.

I feel enough at risk now with my banks and brokers systems.

 

[AcostaJA]

Per me, any service provider on the 'net, in the US and many other countries, keeps decryption means. They have to, in order to answer a court order. It's in the T&C's of the contract fine print.
That's where disgruntled employees and subcontractors go to do data theft or digital vandalism to harm reputations. It's happened this way to OpenDrive, Dropbox and others.

I feel enough at risk now with my banks and brokers systems.

Not as easy, while an backdoor for government held maybe plausible, nor always possible, cryptography it's an exact science, the only way to decode an symmetric key file encryption are brute force or social engineering, later much more effective.

Password, IEC only rule to keep it hash for verification enough, and depending the storage configuration maybe impossible to the hosting to decipher an encrypted volume, the particular case of Dropbox and Gdrive it's possible him could read any file, an manager sure can do it, but edit or inject content is another question since hashes changes and the time fingerprint changes also, w/o the owner intervention is very difficult (or mathematically impossible) to introduce content without evidence of intervention.

 

[stevech]

Not as easy, while an backdoor for government held maybe plausible, nor always possible, cryptography it's an exact science, the only way to decode an symmetric key file encryption are brute force or social engineering, later much more effective.

Password, IEC only rule to keep it hash for verification enough, and depending the storage configuration maybe impossible to the hosting to decipher an encrypted volume, the particular case of Dropbox and Gdrive it's possible him could read any file, an manager sure can do it, but edit or inject content is another question since hashes changes and the time fingerprint changes also, w/o the owner intervention is very difficult (or mathematically impossible) to introduce content without evidence of intervention.

You're over-complicating this. I'm merely saying that to prevent the service provider from being your risk, you need encrypt your data before transmission to the service, and do so without using their software.