Backing Up Your Backups
PublishedWhat are we backing up?
Like anyone who cares about the data that is on their computer, I keep backups. Local backups are a part of the solution but they’re not a complete solution. For a complete solution you need off-site backups as well. How to do that with macOS Time Machine?
To start, I keep an external drive that has the backups of my laptop on it. It also has another couple terabytes of additional archived data that I don’t want to keep on my laptop. I regularly back up my laptop to this external drive.
A single backup copy, however, is not a robust backup solution. After my neighbor’s home burned down I started keeping a second copy of my backup disk in a fire safe. When I moved to Seattle and realized that an earthquake or volcano might theoretically wipe out my home including the fire safe so I also started keeping another copy in the cloud. But I don’t want to store my data unencrypted in the cloud so how to keep these cloud backups safe and secure?
I actually only have two files that need to be replicated to the cloud. That’s right: two. My backup disk is actually unencrypted but on it there is an encrypted sparse bundle image of my laptop’s Time Machine backups and there is also an encrypted sparse bundle image for of other archived data. (Actually, since they’re both sparse bundle images those two “files” are really two directories containing approximately 223,000 files, but whatever.)
How does one make a copy of the disk?
So what I need to do first is make a copy of the first backup disk to keep in my fire safe. This is easy: rsync. With both the original backup disk and the secondary backup disk connected to my laptop, I open up Terminal and run this command:
cd /Volumes/original
rsync -rlptgoDzhOHi --stats --numeric-ids --delete-during \
*.sparsebundle /Volumes/secondary
So that’s easy enough. It copies the sparse bundle images from one disk to another. I run the rsync and I’ve got my backup for the fire safe. The cloud backups are a little bit more complicated.
What are the cloud backup options?
After researching a number of the backup options — Amazon S3, Amazon Glacier, DropBox, etc. — they just really weren’t feasible on cost. Using S3, for example, to back up 2TB of data would cost me about $45 a month, plus the cost of the data transfer and that starts to push $600 a year. Glacier is nearly impossible to use. DropBox doesn’t let you store more than 2TB per month on their less expensive professional plan and the option that lets you store unlimited data costs $60 per month or $720 per year.
But I did find an option that lets you store unlimited data and doesn’t cost an arm and a leg: Backblaze B2 Cloud Storage. My 2TB is costing me $10 per month and there is no cost to transfer the data to their system and no cost to restore the data from their system. (And when I ran the upload from my office the only limitation on upload performance was my laptop’s 1Gbps network interface. I was able to push three to four hundred gigabytes every hour.)
How do you use Backblaze?
Because I’m such a fan of rsync it turns out that there is a similar option for backing up to the cloud: rclone. After I set up my storage space on Backblaze I created an access key for my laptop and configured rclone with it’s incredibly simple “config” command and now I just run this command:
rclone --transfers 32 --progress sync \
/Volumes/storage/compy.sparsebundle/ \
b2-lockaby:lockaby/compy.sparsebundle/
“b2-lockaby” is the rclone nickname for my Backblaze bucket. Unfortunately, wildcards for matching files doesn’t work so I have to run this command twice: once for each “file” that I am backing up. Still, it’s trivial.
But there are a few catches to get to this point. First, my backup disks are ALL unencrypted but I require that I only store my data encrypted. That’s why my sparse bundles are encrypted. So when I connect my unencrypted disk I have to then open and mount my encrypted sparse bundles before I can use the data. When I do the rsync and the rclone I unmount the encrypted sparse bundles. For the sparse bundle image full of random data it’s easy to see how to set this up and how this works. But for the Time Machine backup this isn’t as obvious.
How do you encrypt Time Machine backups?
If you’re using macOS and you want to back up your hard disk you have two options.
The first option is to connect an external disk to the computer and back up to that. If you tell macOS to encrypt the backup it will convert the disk to a FileVault disk. We don’t want to do this.
The second option is to connect your computer to a network disk such as one attached to an AirPort Express or AirPort Extreme. If you use this second option and you tell it to encrypt your backups then macOS will create an encrypted sparse bundle image on the network disk. This is what we want because we can copy that encrypted sparse bundle to the cloud.
But Apple, in its shortsighted wisdom, has discontinued the AirPort line. As a result, being able to run a network backup seems like something that is going to cease being supported in the not-too-distant future. So I decided that directly attached Time Machine backups were going to be the future for me. I obviously don’t want to convert my external disk to FileVault because then I won’t have encrypted sparse bundles that I can upload to the cloud.
The solution is actually pretty easy but not well documented. First, create an encrypted sparse bundle image on your external disk. Once it is created, mount it. Then issue this command in Terminal:
sudo tmutil setdestination /Volumes/{mounted-disk-image}
Now you’ll see Time Machine try to back up to that mounted image. When you finish doing your backup through Time Machine, unmount the image, rsync
the sparse bundle files to your second backup disk and rclone
the sparse bundle files to the cloud.