The 3-2-1 Backup Strategy

The Rule and Why It Exists

The 3-2-1 backup strategy is the oldest and most widely cited data protection framework in IT. The rule is simple: keep 3 copies of your data, on 2 different types of storage, with 1 copy offsite. Photographer Peter Krogh coined the concept in his 2005 book The DAM Book, and two decades later it remains the baseline recommendation from every major storage vendor, the US-CERT, and the broader sysadmin community.

The logic behind each number addresses a different failure mode. Three copies means a single hardware failure doesn't touch your only backup. Two media types means a flaw affecting one storage technology (a firmware bug, a batch of bad drives, ransomware that encrypts mounted volumes) doesn't wipe everything simultaneously. One offsite copy means a house fire, flood, or theft doesn't take all three copies at once.

Three Copies Explained

The three copies include your live/working data. You don't need three separate backup jobs producing three independent archives. You need:

RAID is not a backup. This is worth repeating because the misconception persists. A 4-drive RAID-Z1 pool protects you from a single drive failure. It does nothing for accidental deletion, ransomware, filesystem corruption, or a power surge that fries the entire enclosure. RAID keeps your data available during hardware failures. Backups keep your data recoverable after everything else.

The same applies to Synology's SHR, Unraid's parity, and any other redundancy scheme. These are uptime features, not backup features.

Two Media Types

The original intent of "two different media" was literally different physical technologies: hard drives and tape, or hard drives and optical discs. For homelabbers today, a practical interpretation is two independent storage systems with different failure profiles.

What counts as "different" is more about failure isolation than physical technology. Two identical NAS boxes with separate filesystems, separate power circuits, and separate backup schedules satisfy the spirit of the rule better than one NAS with a USB drive dangling off the same UPS. A cloud backup paired with local NAS storage is an even cleaner separation since the two share zero infrastructure.

The threat model here is correlated failure. A ransomware attack that encrypts your NAS shares will also encrypt any backup volume mounted as a network drive. A firmware bug in your NAS OS could corrupt all pools managed by that instance. An electrical event could take out everything plugged into the same circuit. Your second media type should be immune to whatever kills the first.

The Offsite Copy

Offsite backup is the piece most homelabbers skip or defer. It's also the one that matters most when something truly catastrophic happens. Every option involves trade-offs between cost, recovery speed, and how much ongoing effort you're willing to invest.

Cloud Backup

For most homelabbers, cloud backup through a provider like Backblaze B2 ($6/TB/month) or Wasabi ($7/TB/month, no egress fees) is the lowest-friction offsite option. Tools like restic, rclone, or Duplicati can run nightly from your NAS and push encrypted, deduplicated snapshots to object storage. A typical 4TB dataset with daily incrementals costs $25-30/month on B2.

The catch is the initial upload. If you have 10TB of data and a 10 Mbps upload connection, that first full backup takes roughly 100 days. Some providers accept mailed drives for the initial seed (Backblaze does via their Fireball service). Plan accordingly.

Egress is the other consideration. B2 charges $0.01/GB for downloads, so restoring a full 10TB dataset costs about $100. Wasabi has no egress fees but requires a 90-day minimum storage commitment. Pick based on whether you're optimizing for steady-state cost or disaster recovery cost.

Remote NAS (Buddy Backup)

The "buddy backup" approach pairs two homelabbers who each host a backup target for the other. You put a small NAS or a single-drive enclosure at your friend's house, they put one at yours. ZFS send/receive, rsync over WireGuard, or Synology's Hyper Backup over a site-to-site VPN all work well for this. The data should be encrypted before it leaves your network since you don't control the physical security at the remote site.

This approach works best when both parties have symmetric upload speeds of at least 20 Mbps. On asymmetric connections (common with cable ISPs), the initial sync can take weeks.

Rotating External Drives

The simplest offsite strategy: buy two large external drives, keep one at home for local backups and one at your office or a family member's house. Swap them every week or two. The drive at home gets a fresh backup, the drive offsite holds last week's snapshot.

This costs about as much as two external drives with no ongoing subscription. The downside is discipline. The moment you stop swapping drives, your offsite copy starts aging. After a month without a swap, you're recovering month-old data in a disaster scenario. For irreplaceable data like family photos, that gap might be acceptable. For active project files, it might not.

Common Homelab Implementations

Here are three concrete setups at different budget levels. All satisfy the 3-2-1 rule.

Budget: Under $300

Primary storage is whatever you already have (a desktop PC, a small Synology, or a Raspberry Pi with a USB drive). Buy two external desktop drives in the 8-12TB range. One stays connected to your primary machine for nightly rsync or Time Machine backups. The other lives at your office or a family member's house and gets swapped monthly.

Total additional cost: two external drives. No subscriptions. The trade-off is manual effort and a potentially stale offsite copy.

Mid-Range: $500-1,000

Primary storage on a 4-bay NAS with NAS-rated drives in a redundant array (SHR-1, RAID-Z1, or Unraid with parity). Local backup via a USB-attached external drive running nightly incremental backups through your NAS OS's built-in backup tool (Hyper Backup, TrueNAS replication task, or rsync). Offsite via Backblaze B2 or Wasabi with encrypted daily snapshots.

This is the sweet spot for most homelabbers. The NAS handles scheduling automatically, the cloud backup runs unattended, and you only touch the external drive to verify it periodically.

Enthusiast: $1,000+

Primary storage on a multi-bay NAS or custom TrueNAS server with multiple vdevs. Local backup to a second NAS (or a DAS shelf) via ZFS send/receive or rsync, running on an independent power circuit. Offsite via either a remote NAS at a buddy's house over WireGuard, or a combination of cloud storage for critical data and periodic drive shipments for bulk archives.

At this tier, automate verification. A weekly cron job that checksums a random sample of backed-up files against the originals catches silent corruption before it propagates to all copies.

The 3-2-1-1-0 Extension

The original 3-2-1 rule predates ransomware as a mainstream threat. The extended version adds two more numbers:

The extra "1" addresses the ransomware scenario directly. If an attacker gains access to your NAS, they can encrypt everything the NAS can reach, including network-mounted backup targets and cloud sync folders that mirror changes in real time. An air-gapped backup (an external drive that's only connected during backup windows, then physically disconnected and stored) can't be touched by malware running on your network.

The "0" is arguably the most important number in the entire framework. A backup you've never restored from is an assumption, not a guarantee. Test restores don't have to be comprehensive every time. Pick a few files at random, restore them to a scratch directory, and verify they open correctly. Do this quarterly at minimum. For ZFS users, zpool scrub on your backup pool catches bitrot before it becomes unrecoverable.

Choosing Backup Hardware

Backup drives don't need the same specs as your primary NAS drives. They sit idle most of the time, spin up for a backup window, and go back to sleep. Here's what actually matters:

For local USB backups: an external desktop drive is the simplest option. The drive powers on when the backup runs and powers off when it's done. Capacity should match or exceed your primary dataset. If you're backing up a 16TB NAS pool, a single 18-20TB external gives you headroom for incremental snapshots.

For air-gapped backups: same as above, but buy two and rotate them. One stays connected for the current backup cycle, the other stays in a drawer (or offsite) as your recovery fallback. Label them clearly with the date of the last backup.

For a dedicated backup NAS: used enterprise drives are a strong fit here. Backup workloads are dominated by large sequential writes during the backup window, followed by long idle periods. The higher noise levels of enterprise drives are irrelevant for a device that might live in a garage or closet. Buying used datacenter pulls at a significant discount over retail NAS drives makes financial sense when the drives aren't your primary storage and you have redundancy in the backup pool itself.

For offsite drive rotation: external portable drives work for datasets under 5TB. Above that, external desktop drives offer better capacity per dollar and the 3.5" mechanisms tend to be more reliable for long-term storage than the 2.5" drives inside portables.

Mistakes to Avoid

Counting RAID as a backup. Already covered, but it bears repeating. RAID protects uptime. Backups protect data. They solve different problems.

Backing up to the same physical machine. A second ZFS dataset on the same pool, or a backup folder on a different partition of the same disk, is not a second copy. If the motherboard fries, the PSU surges, or the enclosure is stolen, all your "copies" go with it.

Cloud sync instead of cloud backup. Dropbox, Google Drive, and OneDrive sync changes in near-real-time. That means a ransomware encryption or accidental bulk delete propagates to the cloud copy within minutes. Cloud sync is a convenience feature. Cloud backup with versioning (like B2 with retention policies, or restic snapshots) is a protection feature. They're not interchangeable.

Never testing restores. The only way to know your backup works is to restore from it. A corrupted backup file, a misconfigured encryption key, or a backup job that silently stopped running three months ago are all invisible until you try to recover. Schedule a quarterly "fire drill" where you restore a random selection of files and verify them.

Encrypting backups and losing the key. Encrypting offsite and air-gapped backups is smart practice. Storing the encryption key only on the machine being backed up defeats the purpose. Keep a copy of your encryption keys in a password manager, printed in a safe, or in a separate secure location from the backups themselves.

Getting Started

If you currently have zero backups, don't try to build the perfect system on day one. Start with the cheapest step that gets you to 3-2-1:

Today: buy an external drive at least as large as your most important data. Plug it in, copy everything critical to it, and unplug it. You now have two copies on two devices. That alone puts you ahead of most people.

This week: set up an automated nightly backup from your primary machine or NAS to that external drive. rsync, Hyper Backup, Time Machine, whatever your platform supports natively. Automate it so it happens without your involvement.

This month: add the offsite piece. Sign up for Backblaze B2 or Wasabi, configure encrypted uploads with restic or rclone, and let the initial seed run. Or buy a second external drive and bring the first one to your office. Either way, you now have a copy that survives a house fire.

Then iterate. Swap in better drives, automate verification, add air-gapping. The perfect backup system doesn't exist, but an imperfect one that actually runs is infinitely better than a theoretical one you never built.