Skip to content
2 min read

3-2-1 backups & restore

Encrypted application-level backups, an off-site copy, and a runbook for the day it matters.

ReliableSecurePrivate

Context / need

The platform hosts data that does not belong to me: client websites in production, documents of a client firm, application data. A dying disk, an update gone wrong, a human mistake: the question is when it will happen. And on that day, having backups is not enough. You need to be able to restore.

Constraints

Options considered

Decision & why

3-2-1 strategy: several copies, on distinct media, one of them encrypted off-site. Each service gets its application-level backup (database dump, data, configuration) with automatic rotation: the footprint stays bounded and restore points spread over time.

And above all, a restore runbook: for each type of data, the exact procedure, in order, with the known pitfalls. Written cold, to be executed under pressure.

Where the rollout stands. The strategy runs today on the client case platform: local versions and an encrypted off-site copy. On the server side, generalization is in progress; together with timed restore tests, it makes up the Proven backups roadmap project.

Accepted tradeoff

Full restores are not yet tested regularly and with tooling: until they are, the recovery time remains an estimate (roadmap project). Application-level granularity also requires a bit of per-service maintenance, the price of readability.

Outcome

What the restore runbook contains

Without copying the document, which stays internal, its structure:

  • Per scenario. Loss of a service, corruption of a database, loss of the whole server: each scenario has its own procedure.
  • Explicit prerequisites: where the copies live, how to decrypt the off-site copy, which secrets are needed and where they live.
  • Recovery order: what to restore first (data, then services, then the edge) and how to verify each step before moving to the next.
  • Known pitfalls, noted from real restores and drills.