John Culleton wrote: > It is a fact that no drive has failed since I went on a three year > rotation. With a mirror copy of all critical files on the backup > drive at all times both drives will have to fail simultaneously to > cost me any significant amount of data.
Such mirroring is better than nothing, but IMO still not much use. - Someone could steal your machine; or - a new kernel with a bug affecting your disk controller could stomp all over your file systems and render them unrecoverable; or - a buggy or overzealous installer could reformat the wrong (or both) disks; or - the power supply could fail, frying both disks; or - the machine could be damaged by water/fire; or - a buggy process running as root could "clean up" a bit more than it intended ... etc. I wouldn't consider anything less than periodically mirroring to a physically separate disk that was not connected to the machine most of the time. Personally I just keep most of the data I actually care about and work on day to day under revision control on a server elsewhere, so it's not only backed up but can be recovered from accidental deletion etc. Bigger, less important stuff gets backed up to an external disk periodically. At work I have all the servers and important clients backing up to a single server with 5TB of storage. The backup server is stored outside the main building but still connected to the network with gigabit ethernet. I use a backup scheduler/manager (Bacula) that keeps proper full/diff/incremental backups and can roll history over so there are always at least two copies of every backup (from different points in time) on the backup server. All backups are encrypted in case of theft and keys are stored in multiple offsite locations. Additionally, the really important stuff gets encrypted and uploaded to a colocated server at an ISP elsewhere in the city. That's a backup scheme that's getting towards good enough, though still somewhat vulnerable to anything that takes out the whole site. -- Craig Ringer
