Backup Strategy
Your data is precious. I follow the industry-standard 3-2-1 backup rule.
What is 3-2-1?
- 3 copies of your data —
- on 2 different types of storage media —
- with 1 copy stored off-site.
Concretely, for Deep in the Sand that means:
| Copy | Where | Media |
|---|---|---|
| 1 (live) | On the servers themselves — running data on whatever drive the service uses (SSD or HDD depending on the workload) | Solid-state or spinning disk |
| 2 (local backup) | A separate hard drive — either a second disk in the same machine, or a disk on a different server — snapshotted nightly | Spinning disk |
| 3 (off-site) | Encrypted Restic repository on BorgBase | Cloud / off-site |
Off-site: Restic on BorgBase
BorgBase is a backup-only hosting provider. I use Restic (FOSS) to push encrypted snapshots there nightly.
Why BorgBase + Restic is a strong choice:
- End-to-end encryption. Backups are encrypted on my servers with a key BorgBase never sees. Even a full breach at BorgBase reveals nothing about your data.
- Append-only repositories. Even if my servers are compromised by ransomware, the attacker cannot delete or overwrite older backups — they can only add new ones. This is critical: it defeats ransomware attempts to "encrypt the backups too."
- Deduplication & compression keep storage costs low, so we can keep long retention (daily for 30 days, weekly for 12 weeks, monthly for 12 months).
- Off-site & off-network — natural disasters or hardware failure at the primary site cannot take out the off-site copy.
- Open formats — if BorgBase ever vanished, the same Restic repository works on any S3-compatible store.
Restore tests are run periodically; if you ever need an old version of a file, email admin(Q)deepinthesand(P)com.
Problem with this service? Message Ammo or email admin(Q)deepinthesand(P)com.