ISPConfig. Nextcloud. Guacamole HIPAA. encrypted backups? lots of fun!

I'm setting up a server for a customer centos 7, perfect server setup. I've installed nextcloud.
this is a HIPAA environment. nextcloud is HIPAA compliant (according to their website) as long as end-to-end encryption is invoked. but I also need to have a backup solution to backup the data (from the encrypted folders so hopefully no point in re-encrypting! .
any good reliable backup solutions that I can integrate with ISPConfig? make it as simple to maintain as possible? one backup will be living in a bank vault.

Also - they have a sonicwall and have dual wan connections. I want to make sure they have a failover situtation, so that static ip 1 from ISP 1 if it fails they can still access system via the static ip from the second provider. how does this work in ISPConfig? how painful is this to implement?

I will probably want ispprotect running - its been strongly suggested to have 'commercial' anti-virus etc. is ISPPROTECT qualifying you think? or is there anything more effective that might be preferable?

Also I'm looking at guacamole for rdp/ssh/vnc server. now, rdp is NOT hipaa compliant unless you also run a vpn. customer needs to remote desktop to some of the office computers! guacamole involves installing tomcat, and would want it installed on an alternate ip as of course apache is handling port 80/443.
any other software superior you think?

and I will need some ISPConfig time after we are all done to have florian check my work! want his stamp of approval. anyone else inside ISPCONFIG have much HIPAA experience? Want to make sure we are doing this all correctly and am more than willing to pay for help

any thoughts? suggestions? comments? complaints (wow THAT is stupid!!)? welcome
cdb.