I keep hearing “3-2-1 is enough,” but most setups I see on forums are sloppy: one RAID array, one cloud sync, and the owner never tests restores. Is that actually safe for a home server with photo archives, VMs, and a few self-hosted services?
What I’m thinking as a practical, budget-forward plan: run ZFS on a low-power box with ECC RAM if possible for the main dataset, take frequent local snapshots, use restic or borg to do encrypted, deduplicated backups to a cloud (Backblaze B2 or S3-compatible) plus optionally rsync to a second cloud or an encrypted external drive stored offsite monthly. Automate snapshot pruning, run regular ‘restic check’ and do scheduled restore drills (restore at least one VM and a handful of random files once a quarter). Add a UPS and test boot-from-image restore for the whole server at least twice a year.
Can folks smarter than me point out the fatal flaws here, or suggest simpler alternatives that actually get people restoring successfully? Specifics I’d love: recommended small-hardware builds for a ZFS NAS on a budget, exact backup stacks (restic vs borg vs duplicati vs rclone), how often to verify, and a foolproof way to keep an offsite copy without paying two cloud providers.
I can say that is more than some companies do, yes you need 2 copies of import data in 2 locations. And test the backups work at least monthly.
Where I work we do the same sort of thing, incremental database backups hourly and then shipped to off site s3. A full database backup everyday day and shipped to off site s3, test restores every month to check it works - a full plus incremental.
This gets gets us past all the audits for ISO and cyber essentials and the NHS thing.