Several years ago Scott gave me some solid advice on arrays & I thought it was worth checking in on what the people here do for incorporating ransomware protection into their backups when online backup services aren’t an option. In the last 3 months we’ve had two customers get hit by ransomware. This is my nightmare scenario & it’s time to spend some resources building a more comprehensive protection plan.
We have two servers. A production server that has 30TB / 30,000,000 files with 1 - 2 TB that rotates on / off weekly basis. This server also has a 30GB production SQL Database.
The second server is our internal company resources, a domain controller / DNS, SVN etc. It's on a VM.
I have a local backup plan - it’s not high tech & runs on a weekly basis. But we can survive any type of hardware failure. I have intentionally avoided daily / hourly backups due to ransomware concerns.
I don’t fully understand or trust incremental / incremental + block level backups. We do use them for local computers on remote services (Cloudberry + Backblaze) which is fine. But a local machine has a lot fewer changes than what I’m dealing with.
My understanding is the processing time of calculating differences is likely to be difficult for this size & this many files - as well as the restore. I like being able to look at / open / copy files.
From my limited research - I’ve come to four broad options that are something like
Large incremental backup array with an airgap only coming online for backups (Possibly manually done on a weekly basis). Phrases like “incremental backup decreases recovery reliability.” terrify me because I’ve been the brunt of “it should have worked but didn’t” in this exact scenario (although this was years ago).
I know that if the network doesn’t have authorization - ransomware shouldn’t be able to touch it - but I like 'can't' more than 'shouldn't' - (Tape Drives or smaller self contained arrays that have even less connection time to the network).
I’m also skeptical about the processing time for 30 mil small files. (Maybe I’m wrong about this?) This would have to include a software solution (Veeam, Cloudberry, HP StoreEasy has free Carbonite software)
$6-8K hardware / software ?
Tape drives
I’ve been trying to read on these. Some people have said IT moved away from them because they weren’t reliable, slow to retrieve individual files etc. This seems like it might be a workable solution but I need to know if it’s going to handle 30mil files on a weekly basis - & if not then it may be a dead end solution already.
$8K-12K hardware / software / tapes
4 Small(er) weekly backup arrays. Weekly rotating backup that involves physically connecting to the network, starting the backup & unplugging when done. Configuration would probably be 4 DL380 G8s + 48 used/refurbished HGST He8 drives in a small cabinet with a KVM & an actual person weekly backup task (only 1 computer would touch the network per week)
$8K hardware + software
Other solutions - OneBlox? I know people over at Spiceworks were big fans of OneBlox which seems to have morphed into StorageCraft. I think OneXafe is what I’d be looking at which seems to be a Hardware + Software in a box solution.
OneXafe $15K - $40K
My biggest concern is investing a substantial sum of money & time in a solution I’m sold that tries to do more complex things than I need (realtime protection, instant restore, cloud backup etc), requires a steeper learning curve & then winds up not working out when it’s needed the most.
I don’t mind spending what’s needed for a safe solution. But I bend towards simplicity as only 20% of my time is spent on infrastructure & I’d prefer to keep it that way. Given all this - in my shoes what direction would you look for backups that incorporate ransomware safety & why?