Docs / Backup & Recovery / Cross-Region Backup Replication

Cross-Region Backup Replication

By Admin · Mar 15, 2026 · Updated Apr 25, 2026 · 205 views · 4 min read

Cross-region backup replication ensures your data survives regional disasters — data center fires, network outages, or natural disasters. By replicating backups to geographically distant locations, you achieve true disaster recovery capability. This guide covers implementing cross-region replication with practical tools.

Architecture Overview

# Replication topology:
# Primary VPS (New York) → Backup VPS (Los Angeles) → Object Storage (EU)
#
# Each tier adds protection:
# Tier 1: Local backup on same VPS (hardware failure, human error)
# Tier 2: Remote VPS in different region (regional failure)
# Tier 3: Object storage in different continent (catastrophic failure)

# RPO targets by tier:
# Tier 1: 1 hour (frequent snapshots)
# Tier 2: 6 hours (periodic replication)
# Tier 3: 24 hours (daily sync)

Setting Up rclone for Multi-Region

# Configure multiple remote targets
rclone config

# Remote 1: Backup VPS via SFTP
[backup-vps-la]
type = sftp
host = backup-la.example.com
user = backup
key_file = /root/.ssh/backup_key

# Remote 2: Wasabi EU (Amsterdam)
[wasabi-eu]
type = s3
provider = Wasabi
access_key_id = YOUR_KEY
secret_access_key = YOUR_SECRET
region = eu-central-1
endpoint = s3.eu-central-1.wasabisys.com

# Remote 3: Backblaze B2
[b2-backup]
type = b2
account = YOUR_ACCOUNT_ID
key = YOUR_APPLICATION_KEY

Restic Multi-Destination Backup

#!/bin/bash
# /usr/local/bin/backup-all-regions.sh
set -e

export RESTIC_PASSWORD_FILE=/etc/restic/password
BACKUP_PATHS="/var/www /etc /home /opt/apps"
EXCLUDES="--exclude=*.log --exclude=node_modules --exclude=.cache"
DATE=$(date +%Y%m%d-%H%M%S)

# Dump databases first
/usr/local/bin/backup-databases.sh

# Tier 1: Local backup
echo "[$(date)] Starting local backup..."
restic -r /backup/local backup $BACKUP_PATHS $EXCLUDES
restic -r /backup/local forget --keep-hourly 24 --keep-daily 7 --prune

# Tier 2: Remote VPS (LA)
echo "[$(date)] Starting remote backup..."
restic -r sftp:backup@backup-la:/restic-repo backup $BACKUP_PATHS $EXCLUDES
restic -r sftp:backup@backup-la:/restic-repo forget --keep-daily 7 --keep-weekly 4 --prune

# Tier 3: Object Storage (EU) — daily only
HOUR=$(date +%H)
if [ "$HOUR" = "04" ]; then
    echo "[$(date)] Starting offsite backup..."
    restic -r s3:s3.eu-central-1.wasabisys.com/my-backups backup $BACKUP_PATHS $EXCLUDES
    restic -r s3:s3.eu-central-1.wasabisys.com/my-backups forget --keep-daily 30 --keep-monthly 12 --prune
fi

echo "[$(date)] All backups complete"

Bandwidth Management

# Limit bandwidth for remote replication to avoid impacting production
restic -r sftp:backup@remote:/repo backup \
    --limit-upload 50000 \     # 50 MB/s upload limit
    $BACKUP_PATHS

# Or use rclone bandwidth limiting
rclone sync /backup/local remote:backup/ --bwlimit 50M

# Schedule heavy replication during off-peak hours
# 0 2 * * * — 2 AM local time typically has lowest traffic

Verification

#!/bin/bash
# /usr/local/bin/verify-backups.sh
export RESTIC_PASSWORD_FILE=/etc/restic/password

REPOS=(
    "/backup/local"
    "sftp:backup@backup-la:/restic-repo"
    "s3:s3.eu-central-1.wasabisys.com/my-backups"
)

for repo in "${REPOS[@]}"; do
    echo "Checking: $repo"

    # Check data integrity
    restic -r "$repo" check --read-data-subset=5% 2>&1

    # Check latest snapshot age
    LATEST=$(restic -r "$repo" snapshots --latest 1 --json 2>/dev/null | jq -r ".[0].time // empty")
    if [ -z "$LATEST" ]; then
        echo "  ERROR: No snapshots found!"
        continue
    fi

    AGE_H=$(( ($(date +%s) - $(date -d "$LATEST" +%s)) / 3600 ))
    echo "  Latest snapshot: ${AGE_H}h ago"

    if [ "$AGE_H" -gt 48 ]; then
        echo "  WARNING: Backup is stale!"
    fi
done

Cost Optimization

# Storage costs for cross-region backup (typical 100GB dataset):
#
# Tier 1 (Local): $0 (included in VPS disk)
# Tier 2 (Remote VPS): ~$5/mo (100GB disk on budget VPS)
# Tier 3 (Wasabi): ~$0.60/mo (100GB × $5.99/TB, no egress fees)
# Tier 3 (B2): ~$0.50/mo (100GB × $5/TB, first 1GB egress free)
#
# Total: ~$6/mo for enterprise-grade disaster recovery
#
# With deduplication, actual storage is typically 30-50% of raw data

Disaster Recovery Procedure

# If primary region is down:
# 1. Provision new VPS in available region
# 2. Install restic
# 3. Restore from nearest available backup tier

# From remote VPS (Tier 2):
restic -r sftp:backup@backup-la:/restic-repo restore latest --target /

# From object storage (Tier 3):
restic -r s3:s3.eu-central-1.wasabisys.com/my-backups restore latest --target /

# 4. Update DNS to point to new server
# 5. Verify all services are running
# 6. Re-establish backup replication from new primary

Summary

Cross-region backup replication provides the highest level of data protection available. Using restic for encrypted, deduplicated backups across local, remote VPS, and object storage tiers, you achieve comprehensive disaster recovery at minimal cost. The key is automation (cron-driven backups), verification (regular integrity checks), and testing (quarterly restore drills). For most VPS workloads, the entire cross-region strategy costs under $10/month while protecting against every failure scenario from disk failure to regional disaster.

Was this article helpful?

Related Articles