Backups & Storage

Backup plan builder

Score a home backup plan against 3-2-1, immutability, RPO/RTO, and ransomware-resistance — and get a concrete next-step list.

Use this when backups failed, you added a new computer or NAS, or you're not sure whether 'one drive plus the cloud' is enough — especially if you're protecting irreplaceable photos / documents / projects and need to know whether your destinations would actually survive a ransomware event.

How critical is the data?

Irreplaceable data size (TB)

Local destination

Offsite destination

Destination immutability

Last successful restore

Max acceptable data loss (RPO)

Max acceptable downtime (RTO)

Recent failure

High priority

Add the missing backup layer before tuning schedules.

3-2-1 coverage score: 25/100. Missing layer: offsite copy — close that first.

First checks

List what cannot be replaced: photos, documents, projects, passwords, device configs, and key exports.
Check the newest successful local backup timestamp and the newest successful offsite timestamp.
Confirm at least one copy survives loss of the home (different building, region, or provider).
Verify the destination is mutable from your normal source credentials (immutability is the only ransomware backstop).

Step-by-step troubleshooting

1
Make the irreplaceable list
Write down the top five things you cannot recreate: photos, documents, projects, password exports, device configs, work files.
Expected: The list tells you what must be covered before optional media or downloads.
Next: Check whether each item exists on the source, the local backup, and the offsite backup.
2
Close the missing copy gap
Add an offsite target — reputable cloud (B2/Storj/iDrive) or a second NAS at a different location.
Expected: A good plan has 3 copies, 2 different media, 1 offsite — and at least one immutable destination.
Next: Do not delete originals until both layers have completed at least one successful pass.
3
Run a restore proof
Restore one small file and one folder from each layer to a temporary path, then open them. Write down what was tested.
Expected: Successful restore proves credentials, destination paths, file format, and backup software are all usable end-to-end.
Next: Schedule the same spot check monthly (or after changing backup software / NAS firmware).

What your answers suggest

3-2-1: ✗ 3 copies · ✗ 2 media · ✗ 1 offsite.
Local layer: nas.
Offsite layer: missing — fire / theft / ransomware could take every copy.
Immutability: unknown — verify whether the destination has object-lock, versioning, or snapshot retention.
Last restore: never. A backup that has never restored is still only a hope.
Ransomware resistance: no.
Annual offsite cost: $0 — no offsite layer present.
RPO/RTO realism: ok (target RPO 24h, RTO 24h).
Recent failure raises priority — the schedule may already be broken.

Likely cause area

Local recovery path is in place.
Loss of the home (fire / theft / flood / ransomware) could take every copy.
Backup destination is mutable from the source credentials — a compromised source can encrypt the backup.
Restore success is unproven.

Safe actions

Add an offsite target (B2/Storj/iDrive for cloud, or a second NAS at a different location for second-NAS).
Run a restore spot-check: restore one folder from each layer to a scratch path and verify file integrity.
If the NAS is reachable from outside the home, use a VPN-style path (Tailscale / Cloudflare Tunnel) instead of port-forwarding the backup endpoint — see /guides/home-remote-access-tailscale-vs-cloudflare-tunnel for the decision matrix.

When to stop

Stop before deleting old backup sets manually — confirm independent copies first.
Stop if a drive clicks, disconnects, or asks to format when it contains the only copy.
Stop before reusing the same admin credentials on the source and the backup destination — that breaks the credential-separation rule.

Assumptions

Assumes personal/home data; not regulated workplace, legal retention, or compliance requirements.
Annual cost estimate uses consumer-tier rates (~$5/TB/month cloud, ~$75-105/year for amortized hardware). Real costs vary by provider and drive lifecycle.
RPO/RTO realism check assumes typical home internet (50-200 Mbps uplink). Symmetric gigabit or fiber will loosen these constraints.
Does not recommend deleting old backup sets without verifying independent copies first.

What should I check first?

List the irreplaceable data: photos, documents, projects, password exports, device configs, key files. Total size in TB.
Check the most recent successful local backup AND the most recent successful offsite backup — both timestamps matter.
Confirm at least one copy survives loss of the home (different building, region, or provider).
Verify whether the destination has immutability / object-lock / snapshot retention — that's the ransomware backstop.
Note the age of the last successful restore proof; backups without restores are still only hopes.

What is likely wrong?

Only one backup destination exists (no 3-2-1 separation).
Both copies live on the same media type (NAS + second NAS, or USB drive + USB rotation) — same-failure-mode risk.
The destination is fully mutable from the source credentials — a compromised NAS can encrypt the backup too.
The backup has never been tested with a real restore, or the last restore was more than a year ago.
RPO/RTO targets are tighter than the chosen destinations can deliver (e.g., 1-hour RPO with weekly USB rotation).

What is safe to try?

Add a local target first if missing — external SSD/HDD or NAS — for fast recovery.
Add an offsite target — cloud (B2 / Storj / iDrive / S3) or a second NAS at a different location.
Enable destination-side immutability: S3 object-lock for cloud, snapshot retention for ZFS / Btrfs, or write-once user accounts for second-NAS rsync.
Schedule a monthly automated restore-check job and route failure alerts to a notification channel you actually read.
If sourcing new drives, see /guides/hdd-shortage-2026-buying-recertified-drives for the 2026 vendor reputation matrix + smartctl/badblocks burn-in runbook.
If the offsite layer is a second NAS reachable from outside the home, use a VPN-style path (see /guides/home-remote-access-tailscale-vs-cloudflare-tunnel) instead of port-forwarding.

When should I stop?

A source or backup drive shows failure signs (clicking, disconnecting, asks to format).
Backup software reports corruption and this is the only copy.
You are about to delete old backup sets manually — confirm independent copies first.
You are about to reuse the same admin credentials on the source and the destination (breaks the credential-separation rule).

Source-backed checks

HomeTechOps turns official docs and conservative safety rules into a shorter runbook. These links are the source trail for the page direction.

Synology: Backup and data protectionUsed for 3-2-1 backup framing, offsite backup importance, and restore-focused backup planning.NIST: Data Integrity guidanceUsed for conservative ransomware/data-integrity assumptions around independent copies and recovery verification.

FAQ

Does a NAS count as offsite?

No. A NAS in the same home is local storage. It can be useful, but it does not protect against loss of the home (fire / theft / flood / ransomware).

What is the coverage score actually measuring?

It rewards the 3-2-1 structural legs (25 points each for local + offsite, 10 for two different media types) and the operational legs (20 for destination immutability, 20 for a restore proof in the last 3 months). 100 means the plan has 3-2-1 shape, an immutable destination, and a recent restore; under 50 means at least one major leg is missing.

Why does 'ransomware-resistant' care about immutability?

Most home ransomware events spread via the source machine's admin credentials. If the backup destination can be deleted or overwritten using those same credentials, a compromised source can encrypt the backup too. S3 object-lock, ZFS / Btrfs snapshot retention, or a destination user account with write-but-not-delete-old permissions break that pivot — the attacker can land but can't destroy older versions.

Is the annual cost estimate accurate?

It's a planning number, not a quote. Cloud cost assumes consumer-tier rates (~$5/TB/month at Backblaze B2 / Storj / iDrive — $60/TB/year). Second-NAS assumes ~$300 for a 4 TB drive amortized over 4 years plus ~$30/year electricity (~$105/year). USB rotation assumes two recertified 4 TB drives at ~$75 each over a 4-year cycle. Real costs vary by provider, drive lifecycle, and your local electricity rate — see /guides/home-server-power-budget-idle-watts for the power side.

Can a 1-hour RPO work over typical home internet?

Tight but not impossible — most home connections have 50-200 Mbps uplink (22-90 GB/h), so a 1-hour RPO is feasible for daily change rates under ~10-20 GB. It becomes infeasible if the offsite layer is USB rotation (you can't physically rotate every hour) or if daily change is large. The tool's RPO/RTO realism check flags this; for stricter RPO, plan either symmetric gigabit/fiber or a second-NAS replication path on the LAN.