Backups
Your data is valuable. It's critically important that it be backed up constantly. Cheaper, more primitive hosting services, such as Ghost(Pro) only perform backups once every three hours and provide no mechanism at all for you to restore your website if you accidentally delete something. If you make a mistake, the original version will be permanently deleted. Our backup system offers continuous backups, the ability to restore your data and another level of backups which are stored off-site. It works on four levels.
If you host on a standard VPS you will have to do all backups manually. Conversely, if you use Ghost(Pro) you will only have backups every three hours, with manual off-site backups and no mechanim for restoring files which you lose through user error.
All your files are stored simultanously on two separate SSD drives on two separate servers. This means that both drives would have to fail at the same time before you lost any data. The system we use is Ceph: this is a storage system which works on our Kubernetes cluster to intelligently duplicate your files and distribute them intelligently.
This means that if one disk fails the file is not lost. Another disk is swapped in automatically and the worst that happens is a slight slow-down for a few seconds as the transition takes place. Typically disk failures are very rare, so this might only happ>en once every few years.
The second layer of backup is made on a completely separate set of disks. These are located on different servers in the same building. These files can be used to restore the entire system in case of a complete disaster.
This second level of backup uses the open-source applications Valero and Rustic. These two applications are designed to integrate with our Kubernetes cluster. Because they are a completely separate sub-system from the Ceph system described above, there is much less chance of a single error damaging both sets of backups.
However, it’s also possible that the entire data center could experience a disaster. Obviously the data center has auxiliary power; however, there is still the remote possibility that the entire building could catch on fire or be destroyed. To cover this scenario, a fourth backup is made in a completely different city. Finally, if you want to check the backups and/or setup your own backup system on-site, you have direct access to this off-site backup. This way, you can check that the backups are being performed properly, can access the data if you need to deploy your blog elsewhere. You can also perform local backups, if you feel this is necessary.