Plan Z



  • We are creating a Plan Z. We are taking 5 5-TB drives and are going to use them for annual, offsite, full backups. Each drive will be 1 year. I plan on putting in with them a set of instructions and a journal. We are going to be using Veeam Availability Suite. The drives will include necessary ISOs of VMware, Windows Server 2016, Veeam Availability Suite w/ licenses, and all necessary passwords and IP addresses. As January 1 passes, we'll take a full backup with a drive, note it on the log, and then store them all in a safety deposit box. Only members of management and IT will be aware of the backups, but only certain individuals can retrieve the information, if needed.

    Am I covering all of my bases? Am I missing anything? Is this best practice or should we be doing something else?



  • @nerdydad

    While this can and often does work, at only 25TB for a rolling 5 year plan, why not use a hosted storage provider? No hardware to purchase, often no ingress charge, and more full proof should the bank be robbed, catch on fire etc.



  • @dustinb3403 said in Plan Z:

    @nerdydad

    While this can and often does work, at only 25TB for a rolling 5 year plan, why not use a hosted storage provider? No hardware to purchase, often no ingress charge, and more full proof should the bank be robbed, catch on fire etc.

    We already have some cloud storage, but does not protect us from SMB-vulnerable cryptolocker-based malware, such as WannaCry. Therefore, if one was infected, then the whole entire system would be infected. With this, if we were infected, we would be able to wipe the slate clean and start all over with trusted data.

    Plus, safety deposit boxes are typically stored in safes, which are typically fireproof, EMP-proof, etc.



  • Simply following best practice for your backups would protect you from Ransonware though.

    Service accounts for just backups, detached backup storage, restricted access. Off site copies which are only editable by your service account.

    I understand the need, but I don't see how this approach is the most viable one. But yeah it can easily work, just more leg work on you/whomever.



  • I might put a pistol and about 100 rounds of ammo in that safe deposit box too... Maybe $5-10k in cash too. This sounds like end of the world backup scenario, be prepared.



  • @rojoloco said in Plan Z:

    I might put a pistol and about 100 rounds of ammo in that safe deposit box too... Maybe $5-10k in cash too. This sounds like end of the world backup scenario, be prepared.

    Plan Z could be named for one of 2 reasons.

    • Plan A, Plan B...Plan Z
    • Plan for the Zombie apocalypse

    However you want to see it.



  • @nerdydad said in Plan Z:

    @rojoloco said in Plan Z:

    I might put a pistol and about 100 rounds of ammo in that safe deposit box too... Maybe $5-10k in cash too. This sounds like end of the world backup scenario, be prepared.

    Plan Z could be named for one of 2 reasons.

    • Plan A, Plan B...Plan Z
    • Plan for the Zombie apocalypse

    However you want to see it.

    LOL - I don't think you're going to care much about your data in a Zapocalypse 😛



  • A Glacier vault policy is all you need to be absolutely safe that nothing can alter your data after the upload.

    Glacier is also more durable, usually less costly and… as a service. I'm a big fan of it for archival purpose.



  • Just an overlook: https://aws.amazon.com/it/blogs/aws/glacier-vault-lock/ .

    It should be cheaper than tapes or HDD for that range of data.