Develsoft Logo Develsoft
Home Software Projects Services Blog Contact Português
Backup: The Only Guarantee Against Digital Chaos (Windows and Linux) - Develsoft Blog
Develsoft Logo Develsoft
backup

Backup: The Only Guarantee Against Digital Chaos (Windows and Linux)

Rodrigo Lebre • Dec 1, 2025
Backup: The Only Guarantee Against Digital Chaos (Windows and Linux)

If your company's data disappeared today – encrypted by ransomware, corrupted by a silent disk failure, or deleted by a human error (the infamous accidental "rm -rf") – would you have a business tomorrow? This is not a rhetorical question; it is the fundamental question that defines corporate survival in the 2020s.

In a scenario where cybercrime has professionalized to the point where "Ransomware-as-a-Service" (RaaS) cartels exist and where the complexity of hybrid infrastructures multiplies failure points, backups are no longer a routine task for the IT intern. It has become the backbone of business continuity and the last line of defense in information security.

In this definitive article, we will dissect modern data protection strategies, deeply explore the crucial differences between file and database backups, and recommend the essential tool stack for Windows and Linux environments in 2025.

1. The Evolution of the Golden Rule: The 3-2-1-1-0 Protocol

For decades, the "3-2-1" rule was the gold standard. It dictated: keep 3 copies of your data, on 2 different media types, with 1 of them offsite. While still a solid foundation, it has become insufficient against modern threats. Today, sophisticated attackers not only encrypt your production data; they actively hunt for your backups to ensure you cannot recover without paying the ransom.

To combat this, the industry has adopted the 3-2-1-1-0 standard:

  • 3 Copies of Data: The original data (production) plus two independent backups. Statistically, the probability of three devices failing simultaneously is infinitesimal.
  • 2 Different Media: Do not store everything on the same storage or SAN. Combine local disk (fast for restore) with cloud or tape (LTO).
  • 1 Offsite Copy: A copy must be physically separate. If the building catches fire or floods, your data survives in another geographic location.
  • 1 Immutable Copy (Immutable/Offline): This is the critical addition. One copy of the data must be "WORM" (Write Once, Read Many). This means that for a defined period (e.g., 30 days), this data cannot be changed or deleted by anyone – not even an admin with compromised root credentials. It is the ultimate vaccine against Ransomware.
  • 0 Recovery Errors: A backup that hasn't been tested is not a backup; it's just hope. Automated verification of backup integrity (SureBackup, in Veeam lingo) is mandatory.

2. The Great Divide: Files vs. Databases

The most common – and most catastrophic – error I see in IT audits is treating all data the same. A Word file (.docx) and a database file (.mdf or /var/lib/mysql) are fundamentally different creatures and require opposite treatments.

The Challenge of Files (Unstructured Data)

System files, source code, images, and documents make up what we call unstructured data. The challenge here is not the complexity of the file itself, but the volume and identifying what has changed.

On a file server with 4 Terabytes and millions of small files, doing a Full Backup every night is unfeasible. We need smart Incremental Backup and Deduplication solutions.

  • On Windows: The operating system uses VSS (Volume Shadow Copy Service). Before copying the file, the backup requests a "snapshot" from Windows. Windows freezes disk writes for milliseconds, creates a static view of the system, and allows the backup software to copy files that are open and in use by the user without corrupting them.
  • On Linux: The "everything is a file" philosophy makes it easy, but also deceptive. Modern tools use cryptographic hashes to identify duplicate data blocks. If you have 100 copies of the same PDF in different folders, a modern backup software (like Borg) will store only one physical copy, saving massive amounts of space.

The Challenge of Databases (Structured Data)

Here lies the real danger. Databases like SQL Server, MySQL, PostgreSQL, or Oracle keep part of the data in RAM and part on disk. They are constantly writing transaction logs and updating indexes.

If you try to copy the database folder (Ctrl+C / Ctrl+V or cp -r) while the service is running, you will have a corrupted and useless backup. When you try to restore, the database will say the tables are inconsistent.

For databases, there are two safe strategies:

  1. Logical Dump: The software exports all data to a giant SQL text file (mysqldump, pg_dump). It is safe, portable, and excellent for small to medium databases, but can be slow to restore.
  2. Physical/Binary Backup: Specialized tools copy binary files from the disk consistently, integrating with the database engine to "flush" memory to disk at the right time. This allows advanced features like PITR (Point-in-Time Recovery): the ability to restore your database to the exact state it was in at 2:35:12 PM yesterday, right before someone deleted the Clients table.

3. Recommended Tools: The 2025 Arsenal

There is no "best tool," there is the right tool for your workload. Let's divide by environment.

Windows Ecosystem

For Microsoft environments, VSS integration is non-negotiable.

1. Veeam Backup & Replication (Enterprise Standard) Veeam has become the de facto standard for backing up virtual and physical servers.

  • Why use it: "Image-level" backup (copies the entire server, allowing restore to different hardware), granular restore (open an Exchange Server backup and extract just a specific email), and replication for DR.
  • Highlight: The Veeam Agent for Windows (has a free version) is robust enough to protect critical physical servers and developer workstations.

2. Macrium Reflect Despite recent licensing changes, it remains an exceptional tool for disk cloning and quick disaster recovery.

  • Killer Feature: ReDeploy, which allows restoring an image from an old Dell server to a new HP server, automatically injecting necessary storage/RAID drivers during boot.

3. SQL Server Maintenance Plans Don't underestimate the native tools. For SQL Server, Maintenance Plans within SSMS (SQL Server Management Studio) are the most reliable way to manage Full, Differential, and Transaction Log backups. Configure it to save .bak files to a local folder, and then use Veeam or another tool to move those files to the cloud.

The Open Source Supremacy on Linux

In the Linux world, the approach is modular. Forget heavy GUIs; here efficiency and automation via CLI reign supreme.

1. BorgBackup: Absolute Efficiency If I had to choose just one tool for Linux, it would be Borg.

  • How it works: It breaks files into encrypted "chunks". If you change 10MB in a 100GB file, Borg detects, compresses, encrypts, and sends only those new 10MB.
  • Security: Authenticated AES-256 encryption on the client. The destination server never sees your data, only encrypted blobs.
  • Use Case: Backup of file directories (/etc, /home, /var/www).

2. Restic: Modern Simplicity Restic is written in Go and distributed as a single binary, with no dependencies.

  • Differentiator: Native and direct support for cloud backends (S3, B2, Azure Blob, Google Cloud Storage, SFTP). You don't need drivers or strange mounts; Restic speaks the language of the cloud.
  • Ideal for: Sending backups directly from web servers to S3 Glacier or Backblaze B2.

3. Percona XtraBackup (The King of MySQL/MariaDB) For critical and large MySQL databases, mysqldump is too slow and locks tables. Percona XtraBackup performs "hot" physical backups (without stopping the database) and incremental backups. It is the tool big tech companies use to protect their MySQL clusters.

4. Rclone: The Universal Transport While not a backup tool per se (it lacks specific versioning logic), Rclone is the "Rsync for Cloud Storage." It connects your Linux to over 40 cloud providers.

  • Common Strategy: Use Borg or local Tar/Gzip to create the backup file, and use rclone sync to replicate that file to Google Drive, Dropbox, or S3.

4. Where to Store? The Offsite and Immutable Layer

Rule "1" of offsite copy is vital. It's no use having a state-of-the-art Synology NAS if it burns down along with the server in the same rack.

The market has massively shifted to Object Storage (S3 compatible) due to cost and immutability.

  • AWS S3 Glacier Deep Archive: The cheapest storage on the planet (about $1 per TB/month), but with a cost: retrieving data takes 12 to 48 hours. Perfect for that annual compliance backup you hope never to use.
  • Backblaze B2: The champion of cost-benefit for "warm" data. Extremely cheap and without the complex "egress" (download) fees of AWS.
  • Wasabi Hot Cloud Storage: Direct competitor offering "hot storage" performance (fast like S3 Standard) at archive prices, charging no egress fees.

The Key to Immutability (Object Lock): When configuring your bucket in S3 or Wasabi, enable Object Lock in Compliance mode. This ensures that every uploaded backup file receives a time "lock". If a hacker breaks into your server and tries to delete remote backups, the cloud will reject the command. It is your final insurance policy.

5. Conclusion: DR vs. Backup

To wrap up, a vital distinction: Backup is having the copy of the data. Disaster Recovery (DR) is having the ability to put the business back online in a timely manner.

Having 50TB of backup in the cloud is great. But if your internet is 100Mbps and it will take you 3 months to download everything (Download Time = Volume / Bandwidth), you don't have a DR plan; you have a dead archive.

  1. Review your policy today.
  2. Separate Files and Database strategies.
  3. Implement at least one immutable copy.
  4. And above all: Test the Restore. An untested backup is a business risk disguised as security.

Develsoft specializes in architecting critical infrastructure and resilient backup solutions. If your data is worth more than the cost of storage, it's time to professionalize your strategy.

← Back to Blog