Introduction
Database backups are the last line of defense against data loss. Hardware fails, ransomware encrypts, developers run DELETE without WHERE, and natural disasters take out data centers. When any of these events occur, the quality of your backup strategy determines whether your organization survives or suffers catastrophic, unrecoverable data loss.
Yet most teams treat backups as an afterthought—a checkbox item configured once and never tested. A 2023 survey found that 60% of organizations that experienced data loss discovered their backups were incomplete, corrupted, or too old to be useful. Building a robust backup strategy requires understanding the tradeoffs between recovery point objectives (RPO), recovery time objectives (RTO), cost, and operational complexity. This guide covers the strategies, tools, and patterns needed to protect your data effectively.
Understanding Backup Strategies: Core Concepts
Recovery Objectives
Two metrics define your backup requirements:
Recovery Point Objective (RPO): The maximum acceptable data loss, measured in time. An RPO of 1 hour means you can afford to lose up to 1 hour of data. An RPO of 0 means you cannot lose any data.
Recovery Time Objective (RTO): The maximum acceptable time to restore service after a failure. An RTO of 4 hours means the database must be operational within 4 hours of failure.
These objectives drive your strategy:
| RPO | RTO | Strategy |
|---|---|---|
| 24 hours | 4 hours | Daily snapshots |
| 1 hour | 30 minutes | Hourly incremental backups + standby replica |
| Minutes | Minutes | Continuous replication + point-in-time recovery |
| 0 | Seconds | Synchronous replication + automatic failover |
Backup Types
Full backups: Complete copy of the database. Simple to restore but expensive in storage and time. A full backup of a 500GB database might take 2-4 hours and consume the same storage space. However, restoration is straightforward—you need only the single backup file.
Incremental backups: Only back up data changed since the last backup (full or incremental). Faster and smaller, but restoration requires the full backup plus all incremental backups in sequence. If you have a full backup from Sunday and incremental backups Monday through Thursday, restoring Thursday's state requires the full backup plus all four incremental files in order.
Differential backups: Back up all data changed since the last full backup. Faster restoration than incremental (only need full + latest differential) but larger backup sizes. By Thursday, a differential backup contains all changes since Sunday—larger than Monday's differential but simpler to restore.
Transaction log backups: Continuously back up the database's transaction log (WAL in PostgreSQL, binlog in MySQL, oplog in MongoDB). Enables point-in-time recovery with minimal RPO. This is the gold standard for databases requiring near-zero data loss.
The 3-2-1 Rule
The industry standard for backup storage:
- 3 copies of your data
- 2 different storage media (e.g., local disk + cloud)
- 1 copy offsite (different geographic region)
This protects against hardware failure (multiple copies), media failure (different storage types), and site disasters (offsite copy). Modern variations include the 3-2-1-1-0 rule: 3 copies, 2 media types, 1 offsite, 1 air-gapped (offline), and 0 errors after verification testing.
Architecture and Design Patterns
Backup Architecture Layers
Application → Database → [Transaction Log] → [WAL Archive]
→ [Incremental Backup]
→ [Full Backup]
→ [Offsite Copy]
Each layer provides a different recovery granularity:
- Transaction logs: Point-in-time recovery (seconds precision)
- Incremental backups: Recovery to specific backup points (hours)
- Full backups: Complete database restoration (days)
- Offsite copies: Disaster recovery (geographic redundancy)
Continuous Archiving Pattern
PostgreSQL's Write-Ahead Log (WAL) enables continuous archiving—a pattern where every database change is immediately archived to a separate location:
PostgreSQL → WAL segments → Archive (S3/GCS/local) → Standby server
This pattern achieves near-zero RPO because every committed transaction is archived within seconds.
Snapshot-Based Backup Pattern
Cloud providers offer snapshot-based backups that capture the entire storage volume at a point in time. These are implemented using copy-on-write mechanisms—only changed blocks are stored, making incremental snapshots efficient:
Volume Snapshot → Changed Block Tracking → Incremental Snapshot → Cross-Region Copy
AWS EBS snapshots, GCP Persistent Disk snapshots, and Azure Managed Disk snapshots all follow this pattern. The first snapshot is a full copy; subsequent snapshots store only the delta.
Backup Verification Pattern
Backups that aren't tested are not backups. The verification pattern involves:
- Regular automated restoration of backups to a test environment
- Running integrity checks on the restored data
- Comparing row counts and checksums against the source
- Alerting if verification fails
#!/bin/bash
# verify-backup.sh
BACKUP_FILE=$1
RESTORE_DB="verify_$(date +%s)"
# Restore backup
pg_restore -d $RESTORE_DB $BACKUP_FILE
# Verify row counts
SOURCE_COUNT=$(psql -t -c "SELECT count(*) FROM orders" production)
RESTORE_COUNT=$(psql -t -c "SELECT count(*) FROM orders" $RESTORE_DB)
if [ "$SOURCE_COUNT" != "$RESTORE_COUNT" ]; then
echo "ALERT: Row count mismatch! Source: $SOURCE_COUNT, Restored: $RESTORE_COUNT"
exit 1
fi
# Verify checksums
SOURCE_CHECKSUM=$(psql -t -c "SELECT md5(string_agg(row(t)::text, '')) FROM orders t" production)
RESTORE_CHECKSUM=$(psql -t -c "SELECT md5(string_agg(row(t)::text, '')) FROM orders t" $RESTORE_DB)
if [ "$SOURCE_CHECKSUM" != "$RESTORE_CHECKSUM" ]; then
echo "ALERT: Data checksum mismatch!"
exit 1
fi
# Cleanup
dropdb $RESTORE_DB
echo "Backup verification passed"
Step-by-Step Implementation
PostgreSQL Backup Strategy
Continuous WAL Archiving
WAL archiving is the foundation of PostgreSQL backup strategies. The Write-Ahead Log records every change made to the database before those changes are written to the data files. By archiving these WAL segments, you can replay any sequence of changes and recover to any point in time.
-- postgresql.conf
wal_level = replica -- Enable WAL archiving
archive_mode = on -- Turn on archiving
archive_command = 'aws s3 cp %p s3://my-backup-bucket/wal/%f'
max_wal_senders = 3 -- Allow streaming replication
wal_keep_size = '1GB' -- Retain WAL for replication
archive_timeout = 300 -- Force archive every 5 minutesThe archive_command runs every time a WAL segment (typically 16MB) is completed. For high-write databases, segments fill quickly, providing near-continuous archiving. The archive_timeout setting forces a segment switch even if the current segment isn't full, bounding your maximum data loss window.
Base Backup with pg_basebackup
A base backup creates a consistent snapshot of the entire database cluster. Combined with WAL archiving, this provides the foundation for point-in-time recovery:
# Create a compressed base backup
pg_basebackup -h localhost -D /backup/base -Ft -z -P --checkpoint=fast
# The --checkpoint=fast flag forces an immediate checkpoint,
# reducing the time the backup takes
# Upload to S3 with server-side encryption
aws s3 cp /backup/base/base.tar.gz \
s3://my-backup-bucket/base/$(date +%Y%m%d)/base.tar.gz \
--sse aws:kms --sse-key-id alias/backup-key
# Verify the backup was created successfully
pg_verifybackup /backup/base 2>/dev/null && echo "Backup verified" || echo "Backup verification failed"For large databases (multi-terabyte), consider using pg_basebackup with the -R flag to automatically create a standby configuration, enabling quick failover setup:
pg_basebackup -h primary.db.internal -D /backup/standby \
-Ft -z -P -R --checkpoint=fastPoint-in-Time Recovery (PITR)
PITR is the most powerful recovery technique for PostgreSQL. It allows you to restore your database to any specific moment—right before a destructive query, a bad migration, or a data corruption event:
# Step 1: Stop PostgreSQL
systemctl stop postgresql
# Step 2: Remove current data directory (DANGEROUS - ensure backups exist!)
rm -rf /var/lib/postgresql/16/main/*
# Step 3: Restore base backup
tar -xzf /backup/base/base.tar.gz -C /var/lib/postgresql/16/main/
# Step 4: Create recovery configuration
cat > /var/lib/postgresql/16/main/postgresql.auto.conf << 'EOF'
restore_command = 'aws s3 cp s3://my-backup-bucket/wal/%f %p'
recovery_target_time = '2024-01-15 14:30:00'
recovery_target_action = 'promote'
recovery_target_timeline = 'latest'
EOF
# Step 5: Create recovery signal file
touch /var/lib/postgresql/16/main/recovery.signal
# Step 6: Set correct ownership
chown -R postgres:postgres /var/lib/postgresql/16/main/
# Step 7: Start PostgreSQL (will enter recovery mode)
systemctl start postgresql
# Step 8: Monitor recovery progress
tail -f /var/log/postgresql/postgresql-16-main.logPostgreSQL replays WAL segments until it reaches the target time, then promotes the database to accept connections. The entire process is logged, allowing you to monitor progress.
MySQL Backup Strategy
Binary Log Backups
MySQL's binary log (binlog) serves a similar purpose to PostgreSQL's WAL. It records all data-modifying statements and is essential for point-in-time recovery and replication:
# my.cnf - Enable binary logging
[mysqld]
server-id = 1
log-bin = /var/log/mysql/mysql-bin
binlog_format = ROW # ROW format captures actual row changes
binlog_row_image = FULL # Log complete before/after images
expire_logs_days = 7 # Auto-purge old binlogs
max_binlog_size = 100M # Rotate binlog at 100MB
sync_binlog = 1 # Sync binlog to disk on every commitUsing ROW format binlog is critical for data integrity—it logs the actual row data changed, not just the SQL statement. This prevents issues with non-deterministic functions like NOW() or RAND() during replay.
Full Backup with mysqldump or XtraBackup
For small to medium databases, mysqldump provides logical backups:
# Full backup with mysqldump (consistent snapshot)
mysqldump --all-databases \
--single-transaction \
--routines \
--triggers \
--events \
--set-gtid-purged=ON \
--result-file=/backup/full_$(date +%Y%m%d).sql
# Compress the backup
gzip /backup/full_$(date +%Y%m%d).sqlFor large databases (100GB+), Percona XtraBackup provides physical backups that are orders of magnitude faster:
# Full backup with XtraBackup
xtrabackup --backup \
--target-dir=/backup/full \
--user=backup_user \
--password=secret
# Prepare the backup (apply logs for consistency)
xtrabackup --prepare --target-dir=/backup/full
# Incremental backup (only changed pages since last backup)
xtrabackup --backup \
--target-dir=/backup/inc1 \
--incremental-basedir=/backup/full \
--user=backup_userPoint-in-Time Recovery for MySQL
# Step 1: Restore full backup
mysql < /backup/full_20240115.sql
# Step 2: Apply binary logs up to specific time
mysqlbinlog --stop-datetime="2024-01-15 14:30:00" \
--database=myapp \
/var/log/mysql/mysql-bin.000001 \
/var/log/mysql/mysql-bin.000002 | mysql
# Step 3: Skip the problematic transaction (if known)
mysqlbinlog --start-position=1234 --stop-position=5678 \
/var/log/mysql/mysql-bin.000002 | mysqlMongoDB Backup Strategy
MongoDB offers several backup approaches depending on your deployment topology:
mongodump for Logical Backups
# Full logical backup
mongodump --uri="mongodb://localhost:27017" \
--out=/backup/full_$(date +%Y%m%d) \
--gzip \
--oplog
# The --oplog flag captures operations during the dump,
# ensuring a consistent point-in-time snapshot
# Restore with oplog replay
mongorestore --uri="mongodb://localhost:27017" \
--gzip \
--oplogReplay \
--oplogLimit="1705312200:1" \
/backup/full_20240115Filesystem Snapshots for Replica Sets
For large MongoDB deployments, filesystem snapshots provide faster backup/restore:
# Step 1: Lock writes on the secondary
mongo --eval "db.fsyncLock()"
# Step 2: Create LVM snapshot
lvcreate --size 10G --snapshot --name mongo_snap /dev/vg0/mongo_data
# Step 3: Unlock writes
mongo --eval "db.fsyncUnlock()"
# Step 4: Copy snapshot to backup storage
dd if=/dev/vg0/mongo_snap bs=4M | gzip > /backup/mongo_$(date +%Y%m%d).img.gz
# Step 5: Remove snapshot
lvremove -f /dev/vg0/mongo_snapAtlas Cloud Backups
MongoDB Atlas provides continuous backups with point-in-time recovery:
// Configure backup policy via Atlas API
const backupPolicy = {
"policies": [{
"id": "defaultPolicy",
"policyItems": [{
"frequencyInterval": 1,
"frequencyUnit": "hourly",
"retentionUnit": "days",
"retentionValue": 7
}, {
"frequencyInterval": 1,
"frequencyUnit": "daily",
"retentionUnit": "weeks",
"retentionValue": 4
}]
}],
"referenceHourOfDay": 2, // 2 AM
"referenceMinuteOfHour": 0,
"restoreWindowDays": 2
};Redis Backup Strategy
Redis uses RDB snapshots and AOF (Append-Only File) for persistence:
# redis.conf - Enable both RDB and AOF
save 900 1 # Save if at least 1 key changed in 900 seconds
save 300 10 # Save if at least 10 keys changed in 300 seconds
save 60 10000 # Save if at least 10000 keys changed in 60 seconds
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec # fsync every second (good balance of safety/speed)
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# Trigger manual backup
redis-cli BGSAVE # Background RDB save
redis-cli BGREWRITEAOF # Background AOF rewrite#!/bin/bash
# redis-backup.sh
REDIS_CLI="redis-cli"
BACKUP_DIR="/backup/redis"
S3_BUCKET="s3://my-backup-bucket/redis"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
# Trigger RDB snapshot
$REDIS_CLI BGSAVE
sleep 5 # Wait for background save
# Copy RDB file
cp /var/lib/redis/dump.rdb "$BACKUP_DIR/dump_${TIMESTAMP}.rdb"
# Upload to S3
aws s3 cp "$BACKUP_DIR/dump_${TIMESTAMP}.rdb" "$S3_BUCKET/"
# Cleanup old local backups (keep last 5)
ls -t "$BACKUP_DIR"/dump_*.rdb | tail -n +6 | xargs rm -f
echo "Redis backup completed: dump_${TIMESTAMP}.rdb"
Automated Backup Script
A production-grade backup script should handle full backups, incremental backups, verification, and retention:
#!/bin/bash
# backup.sh - Run via cron: 0 */6 * * * /opt/scripts/backup.sh
set -euo pipefail
DB_NAME="production"
BACKUP_DIR="/backup"
S3_BUCKET="s3://my-backup-bucket"
RETENTION_DAYS=30
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
SLACK_WEBHOOK="https://hooks.slack.com/services/xxx/yyy/zzz"
notify() {
local message="$1"
curl -s -X POST -H 'Content-type: application/json' \
--data "{\"text\": \"$message\"}" "$SLACK_WEBHOOK"
}
# Create full backup
echo "Starting backup of $DB_NAME at $TIMESTAMP"
START_TIME=$(date +%s)
pg_dump -Fc -Z9 $DB_NAME > "$BACKUP_DIR/${DB_NAME}_${TIMESTAMP}.dump"
BACKUP_SIZE=$(du -sh "$BACKUP_DIR/${DB_NAME}_${TIMESTAMP}.dump" | cut -f1)
echo "Backup size: $BACKUP_SIZE"
# Upload to S3 with server-side encryption
aws s3 cp "$BACKUP_DIR/${DB_NAME}_${TIMESTAMP}.dump" \
"$S3_BUCKET/daily/${DB_NAME}_${TIMESTAMP}.dump" \
--sse aws:kms
# Verify backup integrity
echo "Verifying backup..."
pg_restore --list "$BACKUP_DIR/${DB_NAME}_${TIMESTAMP}.dump" > /dev/null 2>&1
VERIFY_RESULT=$?
END_TIME=$(date +%s)
DURATION=$((END_TIME - START_TIME))
if [ $VERIFY_RESULT -eq 0 ]; then
notify "âś… Backup successful: ${DB_NAME}_${TIMESTAMP}.dump ($BACKUP_SIZE, ${DURATION}s)"
else
notify "❌ ALERT: Backup verification FAILED for ${DB_NAME}_${TIMESTAMP}.dump!"
exit 1
fi
# Cleanup old local backups
find $BACKUP_DIR -name "${DB_NAME}_*.dump" -mtime +$RETENTION_DAYS -delete
# Cleanup old S3 backups (using lifecycle policy is preferred)
# This is handled by S3 Lifecycle Configuration on the bucket
echo "Backup completed: ${DB_NAME}_${TIMESTAMP}.dump"
Cloud-Native Backup Solutions
AWS RDS Automated Backups
AWS RDS provides automated backups with point-in-time recovery:
import boto3
rds = boto3.client('rds')
# Create a manual snapshot
rds.create_db_snapshot(
DBInstanceIdentifier='production-db',
DBSnapshotIdentifier=f'production-manual-{datetime.now().strftime("%Y%m%d")}',
Tags=[
{'Key': 'Purpose', 'Value': 'Manual backup before migration'},
{'Key': 'Retention', 'Value': '90 days'}
]
)
# Restore to a specific point in time
rds.restore_db_instance_to_point_in_time(
SourceDBInstanceIdentifier='production-db',
TargetDBInstanceIdentifier='production-db-restored',
RestoreTime=datetime(2024, 1, 15, 14, 30, 0),
UseLatestRestorableTime=False,
DBSubnetGroupName='production-subnet-group',
MultiAZ=False,
PubliclyAccessible=False
)
# Copy snapshot to another region for disaster recovery
rds.copy_db_snapshot(
SourceDBSnapshotIdentifier='arn:aws:rds:us-east-1:123456789:snapshot:production-manual-20240115',
TargetDBSnapshotIdentifier='production-dr-20240115',
SourceRegion='us-east-1',
KmsKeyId='alias/rds-backup-key'
)Google Cloud SQL Backups
# Create an on-demand backup
gcloud sql backups create \
--instance=production-db \
--description="Pre-migration backup"
# List available backups
gcloud sql backups list --instance=production-db
# Restore from a specific backup
gcloud sql backups restore BACKUP_ID \
--restore-instance=production-db-restored \
--backup-instance=production-db
# Configure automated backups
gcloud sql instances patch production-db \
--backup-start-time=02:00 \
--enable-bin-log \
--retained-backups-count=30Terraform for Backup Infrastructure
# AWS RDS with automated backups
resource "aws_db_instance" "production" {
identifier = "production-db"
engine = "postgres"
engine_version = "16.1"
instance_class = "db.r6g.xlarge"
allocated_storage = 100
backup_retention_period = 30 # Keep backups for 30 days
backup_window = "03:00-04:00" # UTC
maintenance_window = "Mon:04:00-Mon:05:00"
# Enable encryption
storage_encrypted = true
kms_key_id = aws_kms_key.rds.arn
# Cross-region read replica for DR
replicate_source_db = null
tags = {
Environment = "production"
BackupPolicy = "30-day-retention"
}
}
# S3 bucket for backup storage with lifecycle
resource "aws_s3_bucket" "backups" {
bucket = "my-database-backups"
}
resource "aws_s3_bucket_lifecycle_configuration" "backup_lifecycle" {
bucket = aws_s3_bucket.backups.id
rule {
id = "transition-to-glacier"
status = "Enabled"
transition {
days = 30
storage_class = "GLACIER"
}
transition {
days = 90
storage_class = "DEEP_ARCHIVE"
}
expiration {
days = 365
}
}
}Disaster Recovery Planning
DR Strategies
| Strategy | Description | RPO | RTO | Cost |
|---|---|---|---|---|
| Backup & Restore | Restore from offsite backups | Hours | Hours-Days | Low |
| Pilot Light | Minimal infrastructure running in DR region | Minutes | Hours | Medium |
| Warm Standby | Scaled-down replica running in DR region | Seconds | Minutes | High |
| Multi-Active | Full capacity in multiple regions | 0 | 0 | Very High |
DR Runbook Template
# Database Disaster Recovery Runbook
## Scenario: Primary Region Failure
### Step 1: Assess the Situation (5 minutes)
- [ ] Confirm primary region is unreachable
- [ ] Check AWS/GCP status page for regional issues
- [ ] Notify incident commander and stakeholders
### Step 2: Initiate Failover (10 minutes)
- [ ] Verify DR replica is current (check replication lag)
- [ ] Promote DR replica to primary
- [ ] Update DNS to point to DR region
- [ ] Update application connection strings
### Step 3: Validate (15 minutes)
- [ ] Verify application connectivity
- [ ] Run smoke tests
- [ ] Check data integrity
- [ ] Monitor error rates
### Step 4: Communicate
- [ ] Update status page
- [ ] Notify customers of any data gaps
- [ ] Document timeline for post-mortemBackup Encryption and Security
Encryption at Rest
# PostgreSQL with encrypted backups using pg_dump + GPG
pg_dump -Fc production | \
gpg --batch --yes --passphrase-file /secure/passphrase.txt \
--symmetric --cipher-algo AES256 | \
aws s3 cp - s3://backups/encrypted/production_$(date +%Y%m%d).dump.gpg \
--sse aws:kms --sse-key-id alias/backup-key
# Restore encrypted backup
aws s3 cp s3://backups/encrypted/production_20240115.dump.gpg - | \
gpg --batch --yes --passphrase-file /secure/passphrase.txt --decrypt | \
pg_restore -d production_restoredEncryption Key Management
import boto3
from cryptography.fernet import Fernet
# Generate a data encryption key (DEK)
kms = boto3.client('kms')
response = kms.generate_data_key(
KeyId='alias/backup-key',
KeySpec='AES_256'
)
plaintext_key = response['Plaintext']
encrypted_key = response['CiphertextBlob']
# Use DEK to encrypt backup
fernet = Fernet(base64.urlsafe_b64encode(plaintext_key[:32]))
encrypted_backup = fernet.encrypt(backup_data)
# Store encrypted DEK alongside backup
# Later: decrypt DEK with KMS, then decrypt backup with DEKRetention Policies and Cost Management
S3 Lifecycle Configuration
{
"Rules": [
{
"ID": "BackupRetention",
"Status": "Enabled",
"Filter": {"Prefix": "daily/"},
"Transitions": [
{
"Days": 7,
"StorageClass": "STANDARD_IA"
},
{
"Days": 30,
"StorageClass": "GLACIER"
},
{
"Days": 365,
"StorageClass": "DEEP_ARCHIVE"
}
],
"Expiration": {
"Days": 2555
}
},
{
"ID": "WeeklyRetention",
"Status": "Enabled",
"Filter": {"Prefix": "weekly/"},
"Transitions": [
{
"Days": 30,
"StorageClass": "GLACIER"
}
],
"Expiration": {
"Days": 3650
}
}
]
}Cost Estimation
| Storage Class | Cost per GB/month | Retrieval Time | Use Case |
|---|---|---|---|
| S3 Standard | $0.023 | Instant | Recent backups (0-7 days) |
| S3 Standard-IA | $0.0125 | Instant | Weekly backups (7-30 days) |
| S3 Glacier | $0.004 | 1-5 minutes | Monthly backups (30-365 days) |
| S3 Glacier Deep Archive | $0.00099 | 12-48 hours | Compliance backups (1-7 years) |
Real-World Use Cases
E-Commerce Database Recovery
An e-commerce platform experienced a failed database migration that corrupted order data. Using WAL archiving, they recovered to the exact moment before the migration started (RPO: 0). The recovery took 22 minutes (RTO: 30 minutes), and no customer orders were lost. The key was having WAL archiving configured with archive_timeout = 60, ensuring no more than 60 seconds of WAL data was at risk.
Ransomware Recovery
A company's database server was encrypted by ransomware. The attacker deleted local backups but couldn't access the offsite S3 backups (which used separate credentials with MFA). The team restored from the previous night's offsite backup, accepting 6 hours of data loss (RPO: 6 hours). The recovery took 3 hours. This incident led them to implement air-gapped backups using AWS S3 Object Lock, making backups immutable for a configured retention period.
Accidental Deletion Recovery
A developer ran DELETE FROM users WHERE id > 1000 on production, intending to run it on staging. Using point-in-time recovery, the DBA recovered to the moment before the DELETE statement executed. The entire recovery took 8 minutes with zero data loss. The team subsequently implemented database connection safeguards—staging connections use a different port and require a confirmation prompt.
Multi-Region Failover
A SaaS company experienced a complete AWS us-east-1 outage. Their warm standby in us-west-2 was 12 seconds behind (async replication). They promoted the standby, updated DNS via Route 53 health checks (automatic failover), and were operational in 4 minutes. The 12-second data gap was acceptable given their RPO of 1 minute.
Performance Optimization
Parallel Backup and Restore
# PostgreSQL parallel restore (4 worker processes)
pg_restore -j 4 -d production /backup/latest.dump
# Parallel backup compression with pigz
pg_dump -Fc production | pigz -p 8 > /backup/production.dump.gz
# MySQL parallel backup with mydumper
mydumper --host localhost --user backup --password secret \
--database production --outputdir /backup/parallel \
--threads 8 --compress --build-empty-filesBackup Compression Comparison
| Method | Compression Ratio | Speed | CPU Usage | Best For |
|---|---|---|---|---|
| gzip (-6) | 70% reduction | Medium | Medium | General purpose |
| gzip (-9) | 72% reduction | Slow | High | Maximum compression |
| lz4 | 55% reduction | Very fast | Low | Speed-critical backups |
| zstd (-3) | 68% reduction | Fast | Medium | Best balance |
| zstd (-19) | 75% reduction | Slow | High | Archive storage |
| pigz (parallel gzip) | 70% reduction | Fast | High | Multi-core systems |
Streaming Backups for Large Databases
# Stream PostgreSQL backup directly to S3 (no local storage needed)
pg_dump -Fc production | \
aws s3 cp - s3://backups/production_$(date +%Y%m%d).dump \
--expected-size $(pg_dump -Fc --schema-only production | wc -c)
# Stream with compression
pg_dump -Fc production | zstd -3 | \
aws s3 cp - s3://backups/production_$(date +%Y%m%d).dump.zstCommon Pitfalls and Solutions
| Pitfall | Impact | Solution |
|---|---|---|
| Never testing restores | Discovering backups are corrupt during actual disaster | Automate monthly restore tests |
| Backups on same disk as database | Both lost on disk failure | Use separate storage (S3/GCS) with different credentials |
| No monitoring of backup jobs | Silent failures go unnoticed | Alert on backup failures and size anomalies |
| Retaining too many backups | Storage costs explode | Implement lifecycle policies with automated cleanup |
| Not archiving transaction logs | Cannot do point-in-time recovery | Enable continuous WAL/binlog archiving |
| Backing up during peak hours | Performance degradation | Schedule backups during low-traffic windows |
| No encryption | Data breach if backups are compromised | Encrypt at rest and in transit |
| Single region storage | Regional outage loses all backups | Cross-region replication with separate credentials |
| Ignoring backup size trends | Unexpected storage exhaustion | Monitor backup size growth and alert on anomalies |
Testing Strategies
#!/bin/bash
# test-backup.sh - Monthly automated backup test
set -euo pipefail
TEST_CONTAINER="test-restore-$(date +%s)"
BACKUP_FILE="$1"
# Spin up test database
docker run -d --name "$TEST_CONTAINER" \
-e POSTGRES_PASSWORD=test \
-e POSTGRES_DB=verify \
-p 15432:5432 \
postgres:16
# Wait for database to be ready
echo "Waiting for database to start..."
for i in $(seq 1 30); do
if docker exec "$TEST_CONTAINER" pg_isready -U postgres > /dev/null 2>&1; then
break
fi
sleep 1
done
# Restore backup
echo "Restoring backup..."
pg_restore -h localhost -p 15432 -U postgres -d verify "$BACKUP_FILE" 2>/dev/null
# Run verification queries
TABLES=$(psql -h localhost -p 15432 -U postgres -t -c \
"SELECT count(*) FROM information_schema.tables WHERE table_schema='public'" verify)
ROWS=$(psql -h localhost -p 15432 -U postgres -t -c \
"SELECT sum(n_live_tup) FROM pg_stat_user_tables" verify)
echo "Restored $TABLES tables with $ROWS total rows"
if [ "$TABLES" -gt 0 ] && [ "$ROWS" -gt 0 ]; then
echo "PASS: Backup restoration successful"
RESULT="PASS"
else
echo "FAIL: Backup restoration failed"
RESULT="FAIL"
fi
# Cleanup
docker stop "$TEST_CONTAINER" > /dev/null 2>&1
docker rm "$TEST_CONTAINER" > /dev/null 2>&1
# Log result
echo "$(date -Iseconds) | $RESULT | $BACKUP_FILE | Tables: $TABLES | Rows: $ROWS" >> /var/log/backup-tests.log
[ "$RESULT" = "PASS" ] || exit 1Comparison with Alternatives
| Strategy | RPO | RTO | Cost | Complexity | Use Case |
|---|---|---|---|---|---|
| Daily full backup | 24 hours | Hours | Low | Low | Development, non-critical |
| Full + incremental | Hours | 30-60 min | Medium | Medium | Standard production |
| WAL/binlog archiving | Seconds | Minutes | Medium | Medium | High-value production |
| Synchronous replication | 0 | Seconds | High | High | Financial, mission-critical |
| Cloud-managed (RDS/Cloud SQL) | Minutes | Minutes | Medium | Low | Managed workloads |
| Multi-region active-active | 0 | 0 | Very High | Very High | Global applications |
Future Outlook
Cloud-managed databases (AWS RDS, Google Cloud SQL, Azure Database) are making backup strategies simpler by automating backups, WAL archiving, and point-in-time recovery. However, understanding the underlying principles remains important—cloud backups can still be misconfigured, and multi-cloud strategies require cross-provider backup solutions.
The trend toward serverless databases (PlanetScale, Neon, Turso) introduces new backup paradigms. These platforms handle backups internally, but teams still need to understand RPO/RTO guarantees and test recovery procedures. PlanetScale's branching model, for example, allows instant database clones that serve as both development environments and backup mechanisms.
AI-driven backup optimization is emerging, with tools that analyze query patterns to optimize backup schedules, predict storage growth, and automatically adjust retention policies based on compliance requirements.
Conclusion
Database backups are only as good as your last successful restore test. The key takeaways:
- Define RPO and RTO first — These metrics drive every architectural decision
- WAL/binlog archiving is the gold standard — For PostgreSQL and MySQL, continuous log archiving achieves near-zero RPO
- Test restores, not just backups — Automate monthly restore verification with integrity checks
- Follow the 3-2-1 rule — 3 copies, 2 media types, 1 offsite, 1 air-gapped
- Automate everything — Manual processes are unreliable under stress
- Encrypt all backups — Use KMS-managed keys with separate credentials from production
- Monitor and alert — Track backup size, duration, and success rate; alert on anomalies
Start by defining your RPO and RTO for each database. Then implement the simplest strategy that meets those objectives. Test a full restore this week—if it fails or takes too long, you know what to fix before disaster strikes.