We are in the midst of an infrastructure overhaul, and we're now looking at backup solutions for our new servers. We will have a relatively simplistic server infrastructure consisting of 5 servers, 3 of which will need to be backed up on a regular basis. The intent of this question is not to stir up a heavy "backup procedure" debate, but rather to inquire as to the importance of making your backups in-accessible from the network.
Right now the procedure is our mail server gets backed up via tape, and our file server is backed up to 2 sets of external hard drives running RAID 1 in an enclosure. I alternate the drives each day, so we have 2 sets of backups and only one drive is plugged into the server at each time. Each week we take a full backup offsite for each server. With each of these servers, at any point in time we have a backup that is not connected to our network or computer that is, at max, a day old.
We are looking at employing a Drobo Elite 8 bay iSCSI unit that would be the central backup point for all of the backups. We'll still be taking backups offsite and I hope to be running regular offsite backups to our new satellite office. I know that it's not uncommon to backup to a NAS or a SAS, but recent events like the HB Gary attack (where backups were deleted) has me wondering how important it is to keep a copy of your data segregated from the network at all times.
I'm a relatively new Sys-admin, but I would greatly appreciate some insight on what would be considered best practices in this area. Any insight is appreciated.
