Using LTO (Tape) Library for cold backup


We have some critical data that is being backed up to several TrueNASes. Each of TrueNASes in turn is sending their zfs snapshots to another server. So we have 2 backups of our data.

We want to be protected against possible encrypting ransomware so we want to have cold backups. As a form of cold backup we consider having LTO Library (something like LTO6 HP MSL2024) with WORM Cartridges, so in case we are attacked by encrypting ransomware, even fresh data on tapes is simple ready-only and immune to malicious encryption.

We want to store full ZFS snapshot once a month, and then daily diff snapshots. Having no experience with LTO Library (we know it’s pricey, considering bying used device for experiments), we’re wondering how it can be used with TrueNAS.

Do we need to write scripts to detect that active cartridge is full and then somehow pause/switch tape/resume process? Or this will be handled by library automatically?

If yes, maybe it’s better to have third-party backup management software like Veeam or Bacula?

How much data do you need to backup?

Choices would be:
Cold pool… can be taken offline after monthly backup
Tape… yes, most people use a 3rd party software app

Not really much. We have 7-8 Tb of data, daily diffs are 50-100 Gb.

We want to have cold daily backup, so consider storing daily diffs on tape.

About cold pool that will be taken offline - we considered this. There is a number of ransomware attacks now when attackers destroy even backup systems if they have some online period. So they should be permanently disconnected from all networks or be write-once . As far as we know, only physical solution for write once is tape now (or CD-Rs/BD-Rs but amount of disks will be huge and no automation).

So offline pool is our fallback choice . We will swap HDDs by physically removing them weekly or twice a month, data will be more stale and it will not be automated too.

We are planning a cloudbackup to Storj that might fit this bill… Electric Eel.

Yeah, got it. Cloud backup is really good, but for us it is forbidden by our rules (we must not store data on 3rd party services).

Maybe this helps

1 Like