Local backups or snapshots allow quick restore; replicate to another region or provider for DR. Use encryption in transit and at rest. Test restore from off-site periodically. Document RTO and RPO for each tier.
Local: fast restore
- Snapshots or local backup: On the same host or same DC, restore is fast (minutes). Use for accidental deletes, quick rollback, or point-in-time recovery within the same region.
- Frequency: Match RPO—e.g. hourly snapshots or continuous replication to a local replica. Balance cost and recovery granularity.
- Limitation: If the DC or region is lost (fire, flood, provider outage), local-only copies are lost too. You need off-site for disaster recovery.
Off-site: disaster recovery
- Replicate: Copy backups or snapshots to another region or another provider. Async replication is common; sync adds latency and cost. Ensure replication is monitored and tested.
- Encryption: Encrypt in transit (TLS) and at rest. If you use provider replication, ask where keys are held and who can access them. For compliance, you may need to hold keys yourself.
- RTO/RPO: Recovery Time Objective (how fast you must be back) and Recovery Point Objective (how much data loss is acceptable). Document for each tier (e.g. DB vs static assets). Design backup and replication to meet them.
Testing and operations
- Test restore: Regularly restore from off-site to a test environment. Catches broken replication, wrong credentials, or missing steps. Do not wait for a real disaster to find out.
- Runbooks: Document how to restore from local vs off-site; who approves DR declaration; and how to fail back. Update after changes to backup or infrastructure.
- Retention: Local and off-site retention may differ (e.g. 7 days local, 30 days off-site). Align with compliance and cost.
Summary
Local backups/snapshots enable quick restore; replicate to another region or provider for DR. Encrypt in transit and at rest. Test off-site restore periodically; document RTO and RPO for each tier.
