1. Blogs
  2. Saiful's blog
  3. My DSpace Backup Strategy Was a Ticking Time Bomb: A Professional Wake-Up Call

My DSpace Backup Strategy Was a Ticking Time Bomb: A Professional Wake-Up Call

Submitted by Saiful on

If you manage a DSpace repository, you understand its value. It is the digital heart of your institution, a curated collection of scholarship, research, and history. You spend countless hours configuring, theming, and ingesting content. But let me ask you a question that I failed to ask myself for too long: How confident are you in your backup and disaster recovery plan?

For years, I thought I was doing enough. My strategy seemed logical, it was automated, and it never failed. But I was dangerously wrong. My setup wasn't a safety net; it was a ticking time bomb waiting for the right disaster to expose its flaws.

This is the story of what I was doing wrong, what I learned, and how we built a truly resilient backup strategy for the DSpace repositories that we happen to manage.

 
The Strategy I Thought Was 'Good Enough'

On paper, my old strategy looked reasonable. I had identified the critical components of a DSpace installation and was backing them up.

What I backed up:
  1. Database: The PostgreSQL database containing all the metadata, user info, and collection structures.
  2. Assetstore: The directory containing all the bitstreams (the actual files like PDFs, images, etc.).
  3. Configuration: The entire [dspace]/config directory.
  4. SOLR Statistics: The [dspace]/solr/statistics core for usage data. Other SOLR cores can be easily rebuilt, hence don’t need to be backed up.
How I backed them up:
  • Database: A simple pg_dump script ran nightly via a cron job. I kept a rolling 7-10 days of these daily dumps and the script would automatically delete older ones. In some cases, I had kept archive of old backup up-to 30 days even.
  • Assetstore, Config, & SOLR: A nightly rsync command synchronized these directories, including the database backups, to a remote backup server.

It felt efficient and robust. But when I started asking the hard "what if" questions, the entire strategy began to unravel.


The Wake-Up Call: Uncovering the Hidden Risks

The flaws in my plan weren't in the execution, but in the methodology itself.

  • Scenario 1: The Mirrored Disaster. My rsync backup was just a mirror, not a historical archive. Any deletion on the live server would be replicated to the backup, wiping it out.
  • Scenario 2: The Delayed Discovery. My short 7-10 day rolling backups meant an error discovered after two weeks would be unrecoverable.
  • Scenario 3: The Archival Request. A request for a file from three months ago was impossible to fulfill.

My system protected against one specific type of failure, a complete server crash, but left the repository dangerously exposed to more common threats.

 
What Was Missing: Lessons from My Research

My "wake-up call" sent me down a research rabbit hole. I quickly identified what was fundamentally wrong with my approach and what I had misunderstood.

Lesson 1: Server Snapshots and RAID are Not Backups.

Many people confuse redundancy with backups.

  • RAID protects you from a hard drive failure, ensuring uptime. It does nothing to protect you from data corruption, malware, or accidental deletion.
  • Server Snapshots are great for quick rollbacks after a failed software update, but they are not true backups. They are often stored on the same infrastructure, and if the underlying storage fails, the snapshot is gone too. Crucially, a snapshot happily captures file corruption or a ransomware-encrypted filesystem.
Lesson 2: rsync is a Synchronization Tool, Not a Backup Tool.

This was my biggest mistake. rsync makes a destination look exactly like a source. It doesn't keep a history of changes. If a file is deleted from the source, rsync (with --delete) will delete it from the destination. This is the opposite of what a versioned backup system does.

Lesson 3: I Wasn't Following the 3-2-1 Rule.

The gold standard in data protection is the 3-2-1 backup strategy:

  • Keep at least 3 copies of your data.
  • Store the copies on 2 different types of media.
  • Keep 1 copy off-site.
Lesson 4: Off-Site Data Must Be Encrypted Before It Leaves

The 3-2-1 rule requires an off-site copy, but this creates a new challenge: data privacy. Sending unencrypted institutional data to a remote server, even one you control, is a major security risk. The solution is client-side encryption, where data is encrypted on the source server before transmission. This was another glaring hole in my rsync plan.

 

The Breakthrough: A New Way of Thinking About Backups

My biggest challenge remained: how could I afford to keep a deep, historical archive while also ensuring data privacy? The answer lay in a paradigm shift away from copying files and toward a smarter method built on two key technologies: de-duplication and client-side encryption.

De-duplication

Imagine, instead of copying whole files, your backup system breaks every file into tiny, unique "blocks" of data. Think of it like a central library of data blocks.

  • The first time you back up a 10MB PDF, it's broken into blocks, and all those unique blocks are stored in the library.
  • The next day, you back up the same unchanged PDF. The system recognizes all the blocks are already in the library. Instead of re-uploading them, it simply creates a new "card catalog" entry that points to the existing blocks. This second backup takes up virtually no new space.
  • A week later, you update a single image inside that PDF. When the next backup runs, only the few new blocks from that new image are added to the library. The rest of the file is just pointers to the old blocks.

Look at these demo videos to understand better. For developers, this concept might sound a lot like how Git manages code, but applied to any kind of data. This approach completely changes the economics of storing long-term backups and makes a deep, rich history not just possible, but easy.

Client-Side Encryption

Encryption addresses the fear of storing data on remote servers. A modern backup system should encrypt the data before it ever leaves your server. The remote storage provider, whether it's another server in a data center or a cloud provider, only receives a stream of unintelligible, encrypted data. They have no way to read it. You, and only you, hold the key.

This combination of efficient, versioned history and unbreakable security formed the foundation for the new solution I chose.

 

My New Solution: Adopting BorgBackup and Borgmatic

The great news was that I didn't have to turn to expensive, proprietary software to achieve this. The solution lay within the same open-source community spirit that gives us tools like rsync. I adopted BorgBackup, a modern, open-source backup tool that masterfully implements deduplication and client-side encryption. To make it easy to manage, I use its companion tool, Borgmatic, which automates the entire process through a simple configuration file.

My new framework, run by a single cron job, handles everything:

  • It encrypts all data client-side before it ever leaves the server.
  • It automatically creates a database dump before each backup run.
  • It archives the entire DSpace directory into a new, versioned, immutable snapshot.
  • It implements a deep retention policy (e.g., daily, weekly, and monthly).
  • It can easily be extended to keep yearly backups forever with needing almost no extra storage space.
  • It simultaneously writes backups to both a local repository (for fast recovery) and a remote off-site repository (for disaster recovery).

 

From Theory to Practice: A Resource for the Community

In the spirit of sharing and learning, I've put together a public GitHub repository. It contains a fully-annotated template of our borgmatic configuration, along with a step-by-step guide for installation and setup.

The implementation guide and templates are available on GitHub: https://github.com/semanticlib/dspace-backup

 

The Result: Professional Peace of Mind

The difference between the old and new systems is night and day, built on a foundation of professional responsibility.

✅ Guaranteed Data Privacy and Security: This is the most critical improvement. All data is encrypted before leaving the server. The remote storage provider has zero access to the contents, providing an essential layer of security and compliance. We hold the keys.

✅ True Point-in-Time Recovery: I can now confidently restore the repository to its state from last week or last quarter, moving beyond simple disaster recovery to providing true data lifecycle management.

✅ Verifiable Integrity: The system automatically checks the health of my backup archives. I'm not just hoping they will work when needed; I have verifiable proof that they are free from corruption.

✅ Sustainable Storage: Thanks to powerful de-duplication, this incredibly robust, versioned history takes up surprisingly little disk space.

 

What's Next: Continuous Improvement

A good system is never truly finished. Here are the next enhancements we have in pipeline:

  1. Proactive Failure Alerts: Configuring email notifications if an integrity check fails.
  2. Daily "Heartbeat" Reports: Setting up a daily or weekly email digest of backup logs to confirm success.
  3. Anomaly Monitoring: Logging the size and duration of each backup to spot anomalies that could be early warnings of a problem.
 
A Call for a Second Look

I encourage my fellow repository managers and DSpace administrators to take a moment and ask those same hard questions about your own backup strategies. Don't wait for a near-miss or a real disaster. The trust your institution and users place in you is built on the foundation of a preservation strategy that is not just "good enough," but truly resilient.

 

Author's Note: This post was written with the assistance of an AI language model to help refine language and structure. All core concepts, technical strategies, and personal experiences are my own.

Blog tags
DSpace
BorgBackup
LibraryTech