Archive for August, 2007

Remote backup

Sunday, August 26th, 2007

Remote backup services are proliferating these days, with offerings from Google (Shared Storage 250 GB for $500 per year), Apple (iDisk 30GB for $99.95 per year), Amazon and others. A recent Macintouch report described a mediation service called fubario that allows friends to offer secure backup for each other’s files.

This got me thinking about my own off-site backup requirements. I’ve used Retrospect from Dantz since 1989, for backing up our network. Retrospect does incremental backups, scanning each volume on the network and then comparing the files with what has already been backed up. Changed files are written onto the backup set and cataloged, so you can roll back to any version of a file, which is sometimes handy. But there is no option for writing only the differences, so Retrospect backup sets grow in size, necessitating more and more drives. Over the last two decades my media have changed from floppy to EZquest-135 removable drives to DAT DDS-3 to external firewire drives. But no matter, I always need more backup media.

My current backup set is about one terabyte spanning four 250GB firewire drives. Much of the data is readily replaceable, like the OS files that I have on CD. (Retrospect will supposedly do a bare metal restore, though I don’t trust that claim). Some more data is redundant due to a poor choice of mailbox storage (I selected mbox instead of maildir), and Retrospect backs up the entire file each day, even though only the only today’s mail is new. I will eventually fix this, but even with after excluding the redundant and replaceable data, there are a few hundred gigabytes of valuable data within the backup set

I’ve always maintained a separate offsite backup set in case of fire, which I would hand carry from office to home. But now, my office is at home, so I need a new remote storage location. I could carry the drives at a friend’s house, but this doesn’t offer much in the way of geographic diversity, and the backup would not necessarily be accessible, if they were on vacation for example. So I’ve started to look around for a backup solution.

My first thought was to buy a NAS drive that I could install at my parent’s house. The basic requirements would include:

  • mirroring using rsync
  • RAID-1 storage of at least 250GB
  • encryption on the wire and the drive
  • reasonable cost

There are a couple of nice NAS products on the market, but they don’t meet my basic requirements for remote backup:

  • the Infrant ReadNAS NV+ is a beautiful albeit expensive design, with hot-swap RAID, but while it has rsyncd running, you can’t rsync via secure shell. So I would need some kind of VPN. And I’m not sure whether it supports encrypted partitions.
  • The Buffalo LinkStation is closer to my price target, but includes neither rsyncd nor ssh for remote mirroring.

Of course there are internet backup services, but they are way too expensive:

  • evault doesn’t provide any pricing, so they’ve got to be too expensive.
  • ibackup costs $1000 per year for 100GB, far more than I want to pay, and probably less storage than I need.
  • FirstBackup is $25 per GB per year, even more expensive than iBackup.

Renting a real or virtualized server is also expensive, since they include far more than I need:

On the other hand a good amount of storage is economically available with a web hosting account. For example 1& offers a 250GB business web hosting package with ssh access for on $9.99 per month. But I would have to encrypt before synchronizing, since the web volume would not be encrypted, and then I would not be able to use rsync for mirroring.

The last approach is to build the NAS appliance myself. Briefly, it would involve:

  • a small form factor case, with motherboard and two disk drives
  • a barebones linux installation including sshd, rsyncd, dmcrypt, and md-raid.

Of course there are a few tricks with such a scheme. I would expect it to attach to a DHCP connection, so it would need some kind of DynamicDNS client so I could locate it for mirroring. I would really like this to be just a pluggable unit, but the broadband router will probably need port forwarding to send ssh port 22 to my appliance.

I could definitely assemble this for a few hundred dollars, so stay tuned.