Want Offsite backup - how with NAS ?



  • Dear All,

    I am planning for Offsite backup. As of now we have onsite backup in the office on QNAP NAS box. Probably the Offsite backup copy will be in authorized person's house, so I will require to use Internet and I believe we can do it easily with some NAS box in market.

    Queries:

    1. Is that secure to use this type of connection ?( through internet) since there are dangerous virus like Cryptolock, so it could be dangerous if Offsite backup device is always connected. Need to protect offsite backup with any possible risks.
    2. Probably QNAP will have some easier solution for this offsite (not replication).
    3. Maybe once in week or month will be fine backups will be fine ?

    Thanks.



  • Few things of concern

    >authorized person's house

    You have to worry about the following items:

    • Connection speed
    • local security both digital and physical. You can't control what is on their network. Their personal computer could be come compromised,.. and therefore compromise your data. And what if someone breaks into the home, and steals it?

    >secure to use this type of connection

    It maybe possible to limit the connection to the offsite NAS by IP and routing. But you will need to have an static IP on both ends. A firewall rule to only allow a connection from the host to the offsite NAS by the IP only.

    >Maybe once in week or month

    Unlikely you can get by with a month. But you will need to infest some time in researching how much new data is generated in a week / month and how much the data changes in a week / month.

    You might look at generating a local shadow copy and using that to send to your offsite. But you need to look at how long the back will take, you don't want to run into operating hours and still be backing up.



  • First things first.... Welcome to the community!!



  • @openit said:

    1. Probably QNAP will have some easier solution for this offsite (not replication).

    QNAP under the hood uses rsync the same technology used by ever other major SMB NAS vendor (ReadyNAS, Synology, Buffalo, Thecus, anything UNIX based, etc.) and it is very powerful and standard for doing site to site replication like this. This is the industry standard and will be your best bet. And free, too. So really, just too good to not use.



  • @openit said:

    1. Maybe once in week or month will be fine backups will be fine ?

    If you are doing a sync instead of a backup (we can discuss that in a minute) you will likely want to do it daily if not hourly, because the more often you do it the less needs to go at any time. It depends on many things so we'd have to look at your bandwidth, delta creation processes, operating times, etc. Doing a sync just over a weekend is fine, but it is quite common to do something like this every fifteen minutes or so, too. So we will have to dig into your technical details to figure out what would be best here. But running on Friday evening and having all weekend for it to sync up is fine too.



  • @openit said:

    Dear All,

    1. Is that secure to use this type of connection ?( through internet) since there are dangerous virus like Cryptolock, so it could be dangerous if Offsite backup device is always connected. Need to protect offsite backup with any possible risks.

    The connection itself will use (by default) SSH which is extremely secure. The offsite sync is not at risk from Cryptolocker directly, it is not a mapped drive and cannot be attacked quite in that way. Not that there won't be threats against that someday, but today those technologies do not attack that vector in any way. The SSH connection itself isn't your point of risk, this is more secure than a normal VPN and simpler.

    You do have big Cryptolocker risks, but not where you are thinking.



  • The real fear of Cryptolocker in your setup is that your main backup device will get attacked either directly or indirectly. Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless. Indirectly by having your files get encrypted before getting backed up which you can protect against my having multiple versions of your backups.



  • @scottalanmiller said:

    Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless.

    You mean by the NAS ITSELF getting encrypted, as opoosed to individual files on it?



  • @BRRABill said:

    @scottalanmiller said:

    Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless.

    You mean by the NAS ITSELF getting encrypted, as opoosed to individual files on it?

    No, he is saying that if your backups get infected (encrypted by crypto), then that will cause the replicated backups to be lost, too.



  • @art_of_shred said:

    No, he is saying that if your backups get infected (encrypted by crypto), then that will cause the replicated backups to be lost, too.

    I think that's what he said would happen with INDIRECTLY.

    Which is why the DIRECTLY option confused me.



  • @BRRABill said:

    @scottalanmiller said:

    Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless.

    You mean by the NAS ITSELF getting encrypted, as opoosed to individual files on it?

    Yes, a NAS device can be infected directly. If you then sync that device, the device to which it syncs, while not infected, would be encrypted and useless.



  • @BRRABill said:

    @art_of_shred said:

    No, he is saying that if your backups get infected (encrypted by crypto), then that will cause the replicated backups to be lost, too.

    I think that's what he said would happen with INDIRECTLY.

    Which is why the DIRECTLY option confused me.

    The first NAS device would be direct, the second NAS device would be indirect.

    There is also the risk that the first device gets it indirectly, but less likely, but that heavily depends on how it is connected to the NAS.


  • Vendor

    @openit said:

    Dear All,

    I am planning for Offsite backup. As of now we have onsite backup in the office on QNAP NAS box. Probably the Offsite backup copy will be in authorized person's house, so I will require to use Internet and I believe we can do it easily with some NAS box in market.

    Queries:

    1. Is that secure to use this type of connection ?( through internet) since there are dangerous virus like Cryptolock, so it could be dangerous if Offsite backup device is always connected. Need to protect offsite backup with any possible risks.
    2. Probably QNAP will have some easier solution for this offsite (not replication).
    3. Maybe once in week or month will be fine backups will be fine ?

    Thanks.

    OK, so IMHO:

    1. That depends on the encryption of the solution used for backups. Looks like Veeam do can encrypt and certified to work with QNAP:
      https://www.qnap.com/i/en/business_solutions/con_show.php?op=showone&cid=17
      https://www.veeam.com/backup-files-encryption.html
    2. Why not replication? This looks like a good option for me for tons of reasons, but I`d like to check with you before sharing my thoughts.
    3. That actually depends on your RPO/RTO requirements. To put it simple: for what maximum period of time the data loss is acceptable for you?


  • Has this one reached a conclusion? Should we close it out?