Looking to create a secure offsite backup for a small business

[NASInitiate]

I'm new to the whole NAS setup, and I want to create a secure offsite backup in my home for a small business that is located in another part of the country. Here are the specifics that I want to accomplish:

 

1. Set up and configure an entirely new NAS connected to my home network that has a secure connection to a computer in another part of the country.

2. Automate a backup for two separate PCs that connect to my NAS that can be remotely accessed by me. 

3. Deploy a test network share to another user using my current configuration (simply an SSD connected to the USB port on my router which is shared by my local network)

4. Maintain a secure and reliable connection between the NAS and the PCs (looking for VPN suggestions or some type of secure point to point connection that doesn't have much exposure to the internet)

 

The clients are not tech literate, and I want to maintain a simple automated backup that is easy to troubleshoot and monitor that is simple to explain and maintain. I have never set up a NAS before and I am looking for suggestions.

 

I have a good idea of the type of hardware I want to purchase:

- Synology 2 bay Diskstation DS224+ (Diskless)

- (2) Seagate Ironwolf 4TB NAS Internal Hard Drives

- 2.5Gb network switch to connect to the NAS on my network

- Two simple SSDs for on site backup at the client's location

 

To begin with, I have a couple of questions. Both PC's are very small in size (~240Gb total space) and I would want to back up those two machines at the client's location with a couple of SSDs, and ideally those backups would have two unique folders (PC 1 and PC 2). I want a copy of PC 1 and PC 2 backing up automatically to the SSDs and tracking any changes made (the ideal model for this is Time Machine for Mac, I just want the backups to track changes so the backups do not balloon in size). Is there a way to connect the backup that is happening locally on the two PCs to a NAS that I am in control of? I want that backup every night around the same time to make a copy of all the data onto my NAS.

 

Is there a way to test a secure connection between a folder that I want to share to another PC not on my home network? What kind of software does Synology offer for this and is there any way to do a simple point-to-point connection of a shared folder via a personal VPN server to another user? For reference my network is capable of 960mbps download and upload, but the speed of the transfer is not an issue. I just want a secure offsite backup of two PCs connected to my NAS that happens every night at the same time that is simple to configure and easy to explain to a client. 

[Needfuldoer]

9 minutes ago, NASInitiate said:

I'm new to the whole NAS setup, and I want to create a secure offsite backup in my home for a small business

 

9 minutes ago, NASInitiate said:

I have never set up a NAS before

Danger, Will Robinson! This sounds like a bad idea. 

 

You absolutely do not want to store someone else's business data at your home! Not even if it's a sole proprietorship run by a blood relative. If customer payment data or tax data gets mixed into it, you could be liable if it gets broken into.

 

If it's something that can potentially be business-critical, it should be professionally hosted. I really think a business-oriented service provider like OneDrive or Dropbox is going to be a better solution. You can set it up for them and act like a managed services provider, but at least then the responsibility for hardware maintenance, data accessibility, and security won't be yours and yours alone.

[Electronics Wizardy]

This doesn't really seem like a great idea if you have no experience doing this. 

 

What OS are these systems? Do you need a image backup or just the files on the system. 

 

I'm a fan of using something like Veeam to manage this. I have a simmilar setup with a onsite backups, and then offsite copes and its all managed by veeam. 

 

I don't know why you have 2 ssds and 2 hdds. For backups HDDs are almost always fine for as setup like this. So I'd just get a few big HDDs here.

 

 

[NASInitiate]

35 minutes ago, Needfuldoer said:

 

Danger, Will Robinson! This sounds like a bad idea. 

 

You absolutely do not want to store someone else's business data at your home! Not even if it's a sole proprietorship run by a blood relative. If customer payment data or tax data gets mixed into it, you could be liable if it gets broken into.

 

If it's something that can potentially be business-critical, it should be professionally hosted. I really think a business-oriented service provider like OneDrive or Dropbox is going to be a better solution. You can set it up for them and act like a managed services provider, but at least then the responsibility for hardware maintenance, data accessibility, and security won't be yours and yours alone.

Thanks for the info! The client already has OneDrive for business set up with his PC, so I think we will go with that. However, in the event of a total system failure for the PC, would there ever be a situation in which an offsite backup would be a good idea?

[Needfuldoer]

4 minutes ago, NASInitiate said:

Thanks for the info! The client already has OneDrive for business set up with his PC, so I think we will go with that. However, in the event of a total system failure for the PC, would there ever be a situation in which an offsite backup would be a good idea?

An off-site backup, like OneDrive?  

[Eigenvektor]

28 minutes ago, NASInitiate said:

However, in the event of a total system failure for the PC, would there ever be a situation in which an offsite backup would be a good idea?

An on-site backup has the advantage that it is generally faster to back up and restore. An off-site backup has the advantage that it will continue to be available when bad stuff happens locally, like a robbery, or a flood/fire or anything else that could render the local backup unavailable or inoperable.

 

Ideally you want both. Look into the 3-2-1 backup strategy - 3 copies of the data, on 2 different mediums, 1 of them off-site.

 

You'll also want to encrypt the (off-site) backups and only the company who owns the data should have access to the encryption keys. This way the data should be safe even if whichever provider you ultimately go with ever has a data leak. Of course they'll also want backup copies of these encryption keys, e.g. one stored in a company safe, another stored in the owners home, one in a secure bank vault or similar.

 

~edit: last but not least you'll want to (regularly) ensure that the backups can actually be restored. A backup that you have no way of restoring is not a backup.