Basically what it says in the title: do you pull your backups a backup-manager host, or push them from each machine individually?
My initial inclination is to do it all from one machine, with one unprivileged user and a single cron file. That means, though, that there needs to be a remote user on each machine with g+r to everything, in order for ssh+rsync to do its thing.
Or, would it be simpler for each server to manage its own backups, probably as root, which means not having to change group permissions or identity?
I do push only, as I’m using cloud-based object storage, so I know the destination is online 24/7. I do encrypt them before uploading, so couldn’t care less about privacy or security. Only availability, but if one uses multiple different cheap storage providers and replicates the backups, it doesn’t matter either.
It’s also easier and more secure to automate push if you don’t fully own the destination.