Backup
A backup is a safety copy of your data stored somewhere separate from the original. If your laptop’s hard drive dies, if ransomware encrypts your files, or if you accidentally delete something important, the backup lets you get it all back. The golden rule is the 3-2-1 rule: keep 3 copies of your data, on 2 different types of storage, with 1 copy stored off-site (a different physical location).
A backup is a duplicate copy of data created to enable recovery after data loss events. Backup strategy design considers recovery point objective (RPO: how much data loss is acceptable) and recovery time objective (RTO: how quickly must the system be restored).
Backup types:
| Type | Description | Speed | Storage | Restore |
|---|---|---|---|---|
| Full | Complete copy of all data | Slow | Large | Fast (self-contained) |
| Incremental | Only data changed since last backup (any type) | Fast | Small | Slow (requires full + all incrementals) |
| Differential | Data changed since last full backup | Medium | Medium | Medium (requires full + latest differential) |
| Snapshot | Point-in-time state capture (CoW, ZFS, LVM) | Instant | Minimal (grows over time) | Fast |
3-2-1 backup rule:
- 3 copies of data (original + 2 backups)
- 2 different storage media (local disk + cloud, NAS + tape)
- 1 off-site copy (cloud storage, remote server, safe deposit box)
Extended: 3-2-1-1-0: add 1 air-gapped/immutable copy (ransomware protection) and 0 errors (verify backup integrity regularly).
Key concepts:
- Deduplication: identify and store only unique data blocks across backups, dramatically reducing storage
- Encryption: encrypt backups at rest and in transit to protect sensitive data
- Retention policy: how long backups are kept (daily for 30 days, weekly for 12 weeks, monthly for 12 months)
- Immutable backups: write-once storage that cannot be modified or deleted (protects against ransomware deleting backups)
- Backup verification: regularly test restore procedures to confirm backups are usable
Backup strategies
# Incremental backup with restic (encrypted, deduplicated)
$ restic init --repo s3:s3.amazonaws.com/bytesnation-backups
$ restic backup /home/mokey/documents --tag daily
snapshot abc123 saved
Files: 1,234 new, 56 changed, 12,345 unmodified
Added: 45.2 MiB
# ZFS snapshot + send to remote backup
$ sudo zfs snapshot tank/data@daily-$(date +%Y%m%d)
$ sudo zfs send -i tank/data@yesterday tank/data@today | \
ssh backup-server sudo zfs receive backup/data
# Verify backup integrity
$ restic check --read-data
no errors were found
# List and restore from snapshots
$ restic snapshots
ID Time Host Tags
abc123 2026-04-15 03:00:00 web daily
def456 2026-04-14 03:00:00 web daily
$ restic restore abc123 --target /tmp/restore/ --include "/etc/nginx/"Backups are insurance for your data. The organizations that recover quickly from ransomware are the ones with tested, off-site, immutable backups. The ones that pay ransoms typically had no viable backups or discovered their backups were also encrypted. In homelab environments, Proxmox Backup Server paired with ZFS snapshots provides enterprise-grade backup for VMs and containers. Cloud providers offer managed backup services (AWS Backup, Azure Backup) with cross-region replication. The most common backup failure is not testing restores: backup jobs run successfully for months, but when a restore is needed, the data is corrupted or incomplete. Schedule regular restore tests. Tools like restic, Borg, and Duplicati provide encrypted, deduplicated, incremental backups to local or cloud storage.