Feature Request: Write and forget - Fire-Safe and collateral Water protection

[Poweruser]

Everyone knows: "Fire and Forget". We send our Data to a Storage and they will be kept there.... safe?

But...the Storage is near the production system, its all inside one House. Especially for SMBs.
What happens if a fire breaks out? It burns, everything burns! And if the firefighters are fast, everything is wet and watered. We can drop everything.
What i prefer is: B&R Fires & The Storage Forgets (later..).

So how?
Its easy to set up big storage systems, cloud systems, and waste much money for these solutions. Every Vendor loves it, and every Gov. loves Data Collections. Its like the Gold Rush.
Now what a small company likes: cheap, fast, safe and independent.
So we have a bad, slow connection like a 10 mbit internet connection where we can do (supported by IPSec) FTP(S) or SFTP or sth else..
What B&R should do is, writing the current storage files (VM Backup Files and everthing else) to these outpost. like uploading the files on my SFTP Server.
A machine which is somewhere, far away. maybe it could be AES-256 encrypted (optionally) so i wont care if its stored at an ISPs FTP.
the key is stored on some USB stick or printed out on PAPER. yes, paper, maybe with QR code, whatever.. think about BTC wallets..
okay now b&r has to make sure, that it uploads deltas, which makes it easier. but b&r can write new or append only. never delete or sth else.
if the remote host runs full its the problem of the remote host.
the remote host has a policy to delete files which are older than 1 month or has a policy to keep monday to friday for 2 weeks and then delete every second day a week and so on.
thats a remote job.

effor? hack it, break it, but never delete data which was backed up ago, except if i wont notice it for month..

good?
please vote or say why its not good?

[soncscy]

There is a lot to break down here...

and waste much money for these solutions.

How much is a running infrastructure worth to you? What is the actual business cost per hour of your infra being down? In the event of Ransomware attack, without working backups, what is your downtime estimate? How much data do you have to move up to the cloud or to off-site solutions?

This is the stuff that my Team and I ask ourselves every time we're confronted with our off-siting costs. If the cost of the down-time + the person-hours to restore to full functionality (not just get the server up, but get us to a stable position) > cost of off-site, it's worth the yearly cost.

What B&R should do is, writing the current storage files (VM Backup Files and everthing else) to these outpost. like uploading the files on my SFTP Server.

What's to stop you from offloading this elsewhere?

okay now b&r has to make sure, that it uploads deltas, which makes it easier. but b&r can write new or append only. never delete or sth else.
if the remote host runs full its the problem of the remote host.

So in the current build of Veeam, you limit yourself to a single Backup method and you also assume that the company hosting your data will be cooperative with your space needs. Because it's append only, you are basically limited to Forward Incremental, or you suffer the same fate that dedupe appliances like EMC and HPE suffer (huge backup files because of append-only filesystems)

So this method doubles the space, and by definition, doubles the cost, without really offering any protection against a rogue account encrypting data.

hack it, break it, but never delete data which was backed up ago,

Will believe it when I see it. Even if you somehow get a system set up that cannot delete files, any malware/ransomware that has rights to the account has rights to the password, and if they cannot hold the files hostage, they can declare a count-down to "delete/overwrite everything" if you don't pay. There are only so many bytes you need to overwrite until a backup becomes effectively unusable, or even worse, just roll the dice and randomly overwrite blocks to the point that it's a gamble on what is or is not recoverable.


I'm not just trying to pee on your parade here, but really this just sounds like an attempt to skirt the costs of data redundancy, which as best as I've seen in my IT career is the only mitigating measure against Ransomware. What they can't touch, they can't encrypt. Your solution is still accessible by the same accounts, and vulnerable to the same methods of restriction that any other backup is, except it's more costly for the user ultimately.

You can get an 8 TB drive from Newegg or your local equivalent for a fairly nominal amount of money. Cut the coffee budget if you have to, but it's doable with very modest accounts. Offline data redundancy is the right way to do this; software can always be compromised. It's never "if" it's compromised, it's "when".

I'll spend the 3 weeks arguing with our Finance department for an extra couple hundred $$$ as opposed to convoluted schemes.

[Poweruser]

Dont miss the important thing:
The Remote Server accepts append/new files only like SVN does.
Never delete, always rollback.