Backup strategies
The rule
RAID is not a backup. Snapshots are not a backup unless they are independent and recoverable.
3-2-1 guideline
- 3 copies of data
- 2 different media / systems
- 1 offsite (or offline/immutable)
What to back up
- Critical app data (databases, uploads)
- Config (
/etc, infrastructure-as-code)
- Secrets (managed + recoverable; avoid plaintext copies)
- Logs (if required for audits/forensics)
Backup types
- Full: simplest restore, largest size
- Incremental: fastest daily backups, more complex restore chain
- Differential: middle ground
rsync for file-based backupsborg, restic for dedup + encryption- DB-native backups (pg_dump, xtrabackup, etc.)
Testing restores
Regularly test:
- restore time (RTO)
- acceptable data loss (RPO)
- integrity (checksums)