Want Offsite backup - how with NAS ?

scottalanmiller

@openit said:

2. Probably QNAP will have some easier solution for this offsite (not replication).

QNAP under the hood uses rsync the same technology used by ever other major SMB NAS vendor (ReadyNAS, Synology, Buffalo, Thecus, anything UNIX based, etc.) and it is very powerful and standard for doing site to site replication like this. This is the industry standard and will be your best bet. And free, too. So really, just too good to not use.

scottalanmiller

@openit said:

3. Maybe once in week or month will be fine backups will be fine ?

If you are doing a sync instead of a backup (we can discuss that in a minute) you will likely want to do it daily if not hourly, because the more often you do it the less needs to go at any time. It depends on many things so we'd have to look at your bandwidth, delta creation processes, operating times, etc. Doing a sync just over a weekend is fine, but it is quite common to do something like this every fifteen minutes or so, too. So we will have to dig into your technical details to figure out what would be best here. But running on Friday evening and having all weekend for it to sync up is fine too.

scottalanmiller

@openit said:

Dear All,

1. Is that secure to use this type of connection ?( through internet) since there are dangerous virus like Cryptolock, so it could be dangerous if Offsite backup device is always connected. Need to protect offsite backup with any possible risks.

The connection itself will use (by default) SSH which is extremely secure. The offsite sync is not at risk from Cryptolocker directly, it is not a mapped drive and cannot be attacked quite in that way. Not that there won't be threats against that someday, but today those technologies do not attack that vector in any way. The SSH connection itself isn't your point of risk, this is more secure than a normal VPN and simpler.

You do have big Cryptolocker risks, but not where you are thinking.

scottalanmiller

The real fear of Cryptolocker in your setup is that your main backup device will get attacked either directly or indirectly. Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless. Indirectly by having your files get encrypted before getting backed up which you can protect against my having multiple versions of your backups.

BRRABill

@scottalanmiller said:

Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless.

You mean by the NAS ITSELF getting encrypted, as opoosed to individual files on it?

art_of_shred

@BRRABill said:

@scottalanmiller said:

Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless.

You mean by the NAS ITSELF getting encrypted, as opoosed to individual files on it?

No, he is saying that if your backups get infected (encrypted by crypto), then that will cause the replicated backups to be lost, too.

BRRABill

@art_of_shred said:

No, he is saying that if your backups get infected (encrypted by crypto), then that will cause the replicated backups to be lost, too.

I think that's what he said would happen with INDIRECTLY.

Which is why the DIRECTLY option confused me.

scottalanmiller

@BRRABill said:

@scottalanmiller said:

Directly by being infected and your backups get encrypted. This will, in turn, sync to the offsite device making both useless.

You mean by the NAS ITSELF getting encrypted, as opoosed to individual files on it?

Yes, a NAS device can be infected directly. If you then sync that device, the device to which it syncs, while not infected, would be encrypted and useless.

scottalanmiller

@BRRABill said:

@art_of_shred said:

No, he is saying that if your backups get infected (encrypted by crypto), then that will cause the replicated backups to be lost, too.

I think that's what he said would happen with INDIRECTLY.

Which is why the DIRECTLY option confused me.

The first NAS device would be direct, the second NAS device would be indirect.

There is also the risk that the first device gets it indirectly, but less likely, but that heavily depends on how it is connected to the NAS.

original_anvil

@openit said:

Dear All,

I am planning for Offsite backup. As of now we have onsite backup in the office on QNAP NAS box. Probably the Offsite backup copy will be in authorized person's house, so I will require to use Internet and I believe we can do it easily with some NAS box in market.

Queries:

1. Is that secure to use this type of connection ?( through internet) since there are dangerous virus like Cryptolock, so it could be dangerous if Offsite backup device is always connected. Need to protect offsite backup with any possible risks.
2. Probably QNAP will have some easier solution for this offsite (not replication).
3. Maybe once in week or month will be fine backups will be fine ?

Thanks.

OK, so IMHO:

1. That depends on the encryption of the solution used for backups. Looks like Veeam do can encrypt and certified to work with QNAP:
   https://www.qnap.com/i/en/business_solutions/con_show.php?op=showone&cid=17
   https://www.veeam.com/backup-files-encryption.html
2. Why not replication? This looks like a good option for me for tons of reasons, but I`d like to check with you before sharing my thoughts.
3. That actually depends on your RPO/RTO requirements. To put it simple: for what maximum period of time the data loss is acceptable for you?

scottalanmiller

Has this one reached a conclusion? Should we close it out?