- Sun 28 March 2021
- useful mac software
- Gaige B. Paulsen
- #server admin
As we approach another World Backup Day, I figured it was time for me to revise my 2013 backup article for a more up-to-date view of what my backup situation is and what I am currently recommending.
My basic backup strategy, as outlined in the previous article, hasn't changed significantly; however the tools, services, and locations have. There's now general acceptance now of the 3-2-1 backup strategy, which is:
- 3 copies of your data (1 live, 2 backups)
- 2 different backup media/packages
- 1 copy offsite
For the most part, I think that provides a good minimum basis; although I have been adhering to that only as a minimum, and in particular I've been recommending an extra, physically distant offsite location.
This year's post is big enough, it needs a TOC:
- Software and Services
- In Conclusion
- Afterward: Previous software suggestions
With some reasonable bandwidth now widely available for most people who are using computers, an offsite backup that is up-to-date should be considered table stakes.
Reiterating my advice from 7 years ago: a minimum of two physically distinct locations is a must: one at home/on-site for ease of access, and at least one kept remote. My last article suggested a safe deposit box, but I'm going to recommend against that unless you don't have sufficient online access to systems physically diverse from your location. Frankly, there's just too high of a likelihood that you won't remember to update it. I suggest that the second copy be an online service, so that you can make sure it is always available for you.
Again, I would suggest at least 2 locations. They should be far enough apart that they're unlikely to suffer the same fate in the event of a disaster. If you are using an online service for the second backup, try to find one that keeps two distinct copies of your data (I'll describe one way to do that below).
Software and Services
Last time, I described myself of being a big fan of paid-for backup software. Although I'd agree with that in general still, I'll note that of the 5 packages that I called out last time, there have been some changes.
Here are some specific suggestions:
Time Machine is Apple's built-in backup software for many versions of macOS, and is the only program that stayed on this list since the last time. It provides version storage as well is very simple administration, and can be used easily with an externally connected hard drive. Of course, it's not very useful for off-site backup. However, for local backup it is easy to set up and easy to restore data from.
Arq backup is a server-agnostic client-based offsite backup package. They provide a software package that can use many different systems for storage, including BackBlaze's B2, Amazon's S3 and Glacier, Dropbox, Google Cloud and Drive, Microsoft OneDrive or SharePoint, external and network drives, and just about any S3-compatible storage service (think minio, Wasabi and others).
Personally, we're using Arq to back up to a pair of minio servers that we run: one on each coast. We encrypt with complex keys at the client before the backups are sent to the cloud, so we're confident that we're safe from prying eyes.
Arq's been around since 2009 and has been providing similar capabilities that whole time. In the case of Arq, you are purchasing a software package (with updates if you in maintenance) and you will need to provide separately for your storage. Some might find that fiddly and a disadvantage.
For those wondering, there were some hiccups at the start of Arq v6 (first new release since v5) and I felt that the author responded well to them. Lots of criticism, as is the way of it in this day and age. His response was to buckle down and accelerate the release of v7, which came out earlier this year, with a tuned-up new Mac-native interface (one of the issues with v6 was the Electron interface). I had no trouble with either v6 or v7, but I'm happy to be on v7 now and have had good luck with backup and restore.
Carbon Copy Cloner
Carbon Copy Cloner is a package that clones Mac hard drives (and SSDs, really any storage). They have been around a long time (since 2002) and shown steady progress of solid software improvement. Even with the challenging changes over the last few years for the Mac, the folks at Bombich Software have managed to engineer their way around the new Apple choices with aplomb and have won their way back to being my preferred disk cloning software. When I need to make a bootable (or just carry-able) copy of an existing drive, I turn to Carbon Copy Cloner.
I'm a big proponent of Bacula for server backups. It requires a bit of an investment up-front to figure out your backup plans and you need to be willing to put in the time to understand the options and configuraiton. But, if you're looking for something for servers, I would suggest checking my articles on Bacula:
BackBlaze came onto the scene a number of years back and was initially an also-ran behind CrashPlan and Carbonite at the time. My, how things have changed. They're not perfect (note some recent Facebook-related unforced errors on their web site), but they reportedly provide a reliable service and charge reasonable prices. I've never been a customer of theirs for backup, but I have used their S3-compatible storage system (B2) for offsite storage and found them to be reasonable. They have the option of letting you self-key, which means they won't be able to tell what you are backing up.
This is not an option. You need encryption. If you have enough operational fortitude to keep your own keys, you should do that (as opposed to having them escrowed by a backup provider).
It's especially important when keeping data off-site to make sure that data is encrypted using strong encryption and with keys that are only available to you. This is possible with some services like CrashPlan and BackBlaze, and with the new entrant above, Arq. Any data which is intentionally taken off-site should be stored in some encrypted form. Keep in mind that if you designate your own keys, you are going to have to safely store these keys in a manner that they will not be lost by whatever event causes your data to be lost. My suggestion is store a copy of your keys in a safe deposit box. There are electronic methods of storing this, but why mess around? If your biggest concern is losing the data, then keep those keys unencrypted in the safe deposit box. If your biggest concern is somebody getting your data, then keep the keys encrypted in the safe deposit box. With that said, in the case of a real disaster (one you don't survive), determine how you want those keys to convey to your heirs and assigns.
This year I wanted to add a separate item for photos (and video, for that matter). Most people have a large amount of their data wrapped up in photos and videos these days. You should treat this data basically as you should all valuable data and have backups, in multiple locations, and with multiple methods.
Many of you may be using Google Photos or Apple Photos to store and manage your photos. That's fair enough, but those services do little to prevent from accidental (or malicious) destruction of photo data.
If you're using Apple Photos to manage photos, you should consider having a single machine with sufficient disk space to be designated for full-resolution backups. The process is pretty simple:
- Log in to your AppleID on that machine (in your own account if it's a shared computer)
- Start Photos
- Choose Photos > Preferences and select the iCloud tab.
- Under here, make sure the Download Originals to this Mac is checked
- Back up your user account (or the location of the Photos library if you've moded it) as you would any other valuable data
If you're using a DSLR and RAW or very high resolution photography, you should consider backing up that data one more time. I usually have a staging area for photos while I'm on a trip (when we could take trips) and that tends to stay around quite a bit longer than it theoretically needs to. It's a second set of suspenders beyond the belt and suspenders that I'm already wearing.
It doesn't really matter as much how you decide to back up your data, it just matters that you do back up your data. If there's something that you care about, back it up. If you care about the data being secure, encrypted it. If for some reason you believe you care about the data and you don't care about being secure, think again.
Afterward: Previous software suggestions
I figured some of you may be interested in knowing the fate of recommended products gone by. Since you may have followed my advice and chosen one or more of these, I'll sum up the current thinking on each.
I'd been a strong proponent of CrashPlan in the last article, and in some ways, I still like it. The client, although "native", is still poorly designed, but data integrity and speed are still fine. What's changed is the business model. When I wrote this, you could still get a personal subscription; now there are only "small business" and "Enterprise" subscriptions, and outside of the "Enterprise" version, you're being pushed toward using their backup service. That's fine, insofar as it goes, but at this point, I think there are better players, like BackBlaze (above) for personal backup at this point.
SuperDuper! is a package that clones hard drives on the Mac from one device to another. Over the years I have switched back and forth between Carbon Copy Cloner and SuperDuper! Recently, the folks at Shirt Pocket software have been slower to adapt to Apple's changes and I'm currently in a Carbon Copy Cloner phase, and that's what I recommend.
The company announced they were going out of business; the product was later purchased by OWC. Maybe OWC will do something with it in the years to come, but I no longer advise its use. If you're looking for something for servers, I would suggest checking the section above on Bacula.
Historically (in the old days), I used Retrospect, which went down hill significantly when the Dantz was acquired by EMC. The software product was spun back out into Retrospect, Inc. in November of 2011, and the word is that it has improved markedly since then. I gave it a try again once, but have not used it in production, nor have I tried recent versions.