SqlBak Guide: Backup Storage Selection

SqlBak supports sending to 16 different storage types. In one job, you can specify multiple backup storage locations, and for each storage location, you can specify the duration of backup storage on it.

Do not put all your eggs in one basket

It’s not the best practice to specify only one storage location in a backup job. If something happens to the backups in storage, you will lose all backups at once.

Cybersecurity and Infrastructure Security Agency recommends using the 3-2-1 rule when choosing backup storage locations:

3. Keep 3 copies of any important file: 1 primary and 2 backups.
2. Keep the files on 2 different media types to protect against different types of hazards.
1. Store 1 copy offsite (e.g., outside your home or business facility).

This rule is still relevant, but it was formulated when cloud storage was not widely used. We recommend adding at least three destinations:

1. Local folder on the same server as the database. The storage time in the folder can be set to a minimum (e.g., one day). This backup is needed to quickly restore data in case of a database crash, close to the crash time.
2. Any cloud provider, such as Dropbox, Google Drive or One Drive, that uses OAuth authorization typically has high storage costs. Thus the backup storage duration can be limited, for example, to 30 days. The advantage of these backup storage providers is that they have a good and independent authorization system.
3. AWS S3, Azure Blob storage or Wasabi have the advantage of having specialized backup storage settings, specifically:
   • • The option to choose a low-cost storage class for long-term storage – backups can be stored for many years
     • The ability to set restrictions on file modifications and deletions – excellent protection against ransomware attack
   Azure Storage Configuration Recommendations

   Recommendations for long-term backup storage in Azure

   Redundancy: Geo-redundant storage.

   

   Access tier: Cool.

   

   Protection against deletion of backups from Azure storage

   Check the “Enable version-level immutability support” option.

   

   After creating the storage account, add a version-level immutability policy.

   

   Then lock the policy to prevent deletion while there is at least one file that falls under the rule.

   

   AWS S3 Storage Configuration Recommendations:

   Recommendations for long-term backup storage in AWS S3

   Recommended class for backup storage is specified in the destination settings. The most suitable is S3 Standard-IA.

   

   Protection against deletion of backups from AWS S3

   When creating a bucket, allow the “Object Lock” option.

   

   After creating a bucket, activate this option in the bucket settings, specifying a period of object blocking.

   

Emergency destination

The SqlBak destination can be marked as an “emergency destination.” If this option is enabled, SqlBak will use this destination only if there are errors copying the backup to the main storage (for example, if there is no more space in regular storage).

In 99% of cases, backups will not be sent to the emergency destination. As an emergency destination, you can specify a legacy server with SSH access, or a personal Google Drive (but then use the encryption option). This is a useful option that only requires time for setup from you.

About backup storages

Not all backup storages are equally good. We have been doing backups since 2008 and have noticed that some work faster, some more reliable, and some just cheaper. Unfortunately, the ideal destination was not found. All have their pros and cons.

Speed – How often users complain about insufficient destination performance speed.

Reliability – How often problems arise, leading to the inability to load the backup into storage.

Price – Approximate estimate of the cost of storage compared to other destinations.

Backup Specialization – Presence of settings that allow optimizing storage for storing backups (for example, protection from deletion).