You’ve almost certainly read many other blog posts stressing the importance of backups by now. Hopefully, you’ve also heard of the 3-2-1 backup strategy. In this post I’m going to describe how I implement that strategy, i.e., how I backup my computer, my external hard drives, and my Synology NAS.

The 3-2-1 Strategy

As a quick refresher, a 3-2-1 strategy essentially means that you have at least one local backup and at least one offsite backup, e.g., in the cloud. Thereby, you’ll have at least three copies of your data. At least two of these copies are stored locally (but on different devices) and at least one additional copy is stored offsite, e.g., at the office or in the cloud.

The original data is of course the first copy. If it’s data on your computer, copy it to an external hard drive. If it’s data on an external hard drive, copy it to a second external hard drive. This is what’s meant with two local copies. They have to be on two different devices which aren’t permanently connected though. If a lightning strikes your house and destroys your computer, it’s of no use if your backup drive was physically connected with the computer and got destroyed together with the original data. You need an external hard drive you can unplug, even if there’s plenty space in your tower for multiple internal hard drives. It is not sufficient to back up your data on one internal hard drive to the other internal drive. In addition to the risk of complete data loss by lightning, you would nevertheless lose all your data if you fall victim to Ransomware, despite having made a second copy. Configuring your hard drives as a RAID is also insufficient. A RAID is not a backup. While a RAID protects you against disk failure of individual disks, it does not prevent you against data loss due to accidentally deleting files, power outtakes or power spikes, viruses, or Ransomware. As a countermeasure against electronic causes such as power outtakes or power spikes, I recommend using an Uninterruptible Power Supply (UPS) like a Back-UPS Pro by APC.

The third copy in the cloud protects you against data loss caused by more serious events like if your house burned down, burglars robbed your apartment and took everything, some broken waterpipe flooded your home, or in cases of any other natural disaster such as an earthquake. If there’s a fire in your home, you shouldn’t need to decide between saving your life or saving your family photos.

That third copy is the trickiest. Up until recently, it simply was neither practical nor affordable to upload hundreds of gigabytes to the cloud. Although one could have argued that it might have been feasible to upload only those 128 GB or 256 GB stored on your internal SSD to the cloud, it certainly wasn’t sensible to backup replaceable data like your music or movie collection let alone an entire NAS holding terabytes of data to the cloud. However, my NAS is exactly where my most precious data such as irreplaceable family photos lives. With cloud storage becoming more and more affordable though, I hope I could convice you to back up at least the data on your laptop to the cloud. Nowaways, there’s Wi-Fi everywhere and if you’re out and about a lot, you don’t necessarily want to carry an external hard drive with you all the time and everywhere you go.

Online Backups

I backup all my devices to Backblaze B2. Using Dropbox or Google Drive, I would have to pay a flat fee of ten bucks a month for 1 TB worth of storage space, regardless whether I filled that 1 TB to the brim or used just a tiny fraction of it. With Backblaze B2 I pay only for what I actually use. This is much cheaper. Backblaze B2 costs 5 USD per TB a month or, in other words, $0.005 per GB a month. So if you wanted to back up, e.g., 2.4 TB, you would pay $12 a month, but if you use only, e.g., 172 GB, you’ll pay just $0.86 a month. On their pricing page, they have a cost calculator where you can see what you’d have to pay for your specific data usage. They are really transparent in that regard.

Backblaze B2 is similar to other services such as Amazon Glacier or Google Nearline but without the extremely complex pricing models or hidden fees. Maybe you’re still sceptical … I certainly was at first. I feared that my bills would shoot through the roof because I missed some detail or didn’t understand something well enough; that some day I would be presented a massive bill I couldn’t afford. I can see why you would feel that way. With similar services, you even have to pay to upload your data to their servers to begin with, then you’ll have to pay for all sorts of API calls, for retrieving your data, and—of course—the actual monthly storage costs. To be completely honest, it was such a hassle to deal with such services that I didn’t even bother to set them up. With Backblaze B2, however, there are no hidden fees. You don’t pay for the initial upload or something like that, just for the storage itself.

To back up my Synology to Backblaze, I use Synology’s own Hyper Backup software.¹ To backup my computer, I use the fantastic Arq (a great alternative would be Duplicacy). Both applications encrypt my data locally, i.e., before my data enters the cloud which is critical for privacy.

However, since internet speeds are relatively slow and because you’re of course not connected to the internet all the time, you’re also going to need an offline backup. Online backups should serve only as your last resort—in case both of your local copies got destroyed—since it can cost money (depending on your chosen cloud storage provider) to restore the backup. With Backblaze B2, however, you can restore/download 1 GB of data for free each day, so if you need to restore just one or two text files you accidentally deleted, it doesn’t cost anything. But should you really mess up or accidentally delete more than 1 GB, you’ll rather want to retrieve it from an offline backup which is not only faster but also cheaper.

How to Use Arq

Here’s how you set up a cloud service in Arq and here’s how you add Backblaze B2 specifically.

Backing Up External Disks Using Arq

What’s really cool about Arq is that you can even backup entire external hard drives, not just your home folder, by adding the external disk as “folder”. This way you can back up regular old external disks either to the cloud or to your NAS. Let’s assume you don’t have a NAS, only one single large external disk where you store all your vacation photos et cetera; since that disk is not in any sort of RAID configuration, all your photos would be irretrievably gone in case your disk fails. Now, you could of course simply copy your photos manually every now and then to another external disk like in the old days, but manual work is arduous. Furthermore, if you start culling your photos, then you have to delete those deleted images on the other drive too; so it’s also extremely easy for your backup to become out of sync and out of date.

How I use this feature: when I return from a vacation, I usually have a lot of photos to cull and edit. I could move them to my NAS right away, but editing images over the network is slow and the internal SSD of my MacBook is too small to house them all. So I temporarily store the photos on an external disk until I have edited them and can move to their proper place on the NAS. However, on that external disk my images are not protected against disk failure or accidental deletions so I upload a backup of that SSD to the NAS. Since this is meant only as a temporary solution and the images are to be moved to the NAS as soon as possible, you don’t necessarily need to backup the external disk to the cloud. In order to avoid uploading a backup of a backup to the cloud when the NAS does its own backup, you can exclude the backup of the external disk on the NAS in Hyper Backup to prevent increasing your storage costs. As soon as the finished images have arrived at their proper place on the NAS, they will of course from then on be included in the backup of the NAS to the cloud. After you’ve made sure that you did not delete photos you didn’t want to delete, you can also remove the temporary backup from the NAS (or keep it for a while, the storage space on your NAS is free, after all, in contrast to the cloud).

Offline Backups

If you’re on a Mac, you’ll probably immediately think of TimeMachine. TimeMachine is the pre-installed software for doing backups that comes with every Mac. However, I use it only for an optional additional local backup. I wouldn’t use it for my only local backup.

Why I Don’t Use TimeMachine

While TimeMachine is certainly better than nothing and easy enough for the non tech-savvy user to use, it’s still crappy. More often than not, backups will get corrupted. Especially if you’re closing your MacBook in the middle of a backup process or when backing up to a network device other than a (discontinued) Apple Time Capsule, e.g., a NAS. Although TimeMachine regularly checks backups for corruption, it simply does not work reliably. TimeMachine would keep telling you everything was fine while your backup became unusable in the meantime. You would only notice that your backup is useless after the data loss has already occured. Your backup simply would fail to restore your lost files. This is the worst scenario imaginable and exactly the kind of situation you like to avoid by using backups. That’s why I don’t use TimeMachine.

Instead, I use Arq. Arq can back up not only to the cloud but also to external hard drives or a NAS. So, for one, I use Arq to back up my laptop to the cloud, but I also use it to make another backup on an external hard drive. This way I don’t have to always bring the external disk when I’m heading to a coffee shop or the library for a work session; but if I do accidentally delete a large file, I don’t have to pay or wait to restore it from the cloud backup.

So whenever I’m at my desk, I plug a portable 2.5" external hard drive into my MacBook and leave it attached the entire day. Every hour, Arq performs a versioned backup and automatically mounts/unmounts the disk in between. This way my backup will hopefully not be affected in case I ever fall victim to Ransomware. And should Ransomware someday figure out how to afflict external drives too, I’d still have my online backup in the cloud.

Bootable Offline Backup

Arq is a wonderful piece of software, but I don’t stop here. Imagine you’re working on this really important project and tomorrow is the deadline. Suddenly, your hard drive fails. That’s annoying, but thankfully you’ve made a backup just 30 minutes ago, so it’s not that big a problem. But it still takes hours or even days for a new hard drive to arrive, to install it and to restore the backup until you can continue where you were disrupted—not an option when the deadline is tomorrow.

That’s why I keep an additional, complementary backup that is bootable. You just restart your MacBook and boot from the external backup disk instead of your defect internal hard drive. It will be a bit slower than working on the internal drive, but at least you can continue to work. You can carry on right away, bridge the time until the new drive arrives and meet your deadline.

I compared two options to create such a bootable backup: SuperDuper and Carbon Copy Cloner (a third option would be ChronoSync, but I didn’t take a close look into it). I use Carbon Copy Cloner. They are both very similar, except for one crucial but often neglected difference. Many people will tell you they are essentially the same (they’re not) and it wouldn’t matter which one you use (it does). The most important difference is that Carbon Copy Cloner copies the Recovery HD partition of your Mac whereas SuperDuper doesn’t.

SuperDuper vs. Carbon Copy Cloner

In which case is that important? Assume you’re using SuperDuper and one day you get a new Mac. You don’t want to set up everything from scratch again so you restore your new Mac from your backup (that’s why you made one) and it’s as if you never switched computers at all! A few years later, you want to upgrade to a newer Mac again so you want to wipe your computer before you put it on eBay. Thus you restart your Mac, press ⌘R to boot into Recovery HD and install a fresh copy of macOS that is not connected with your Apple ID … but wait a second, there is no Recovery HD anymore, since you did your backups with SuperDuper instead of Carbon Copy Cloner. This means you cannot use ⌘R anymore to reinstall macOS. Now you need to create a bootable USB stick (do you know how to do that?) and install macOS from the USB stick instead of going the easy route via the Recovery HD. Another scenario could be that you still have one of the older Macs where you can still change the hard drive yourself and want to replace it after a disk failure or because you need a bigger one. So use Carbon Copy Cloner rather than SuperDuper to include the Recovery HD into your backup.

Using Carbon Copy Cloner

The special thing about Carbon Copy Cloner is that the backups it creates are bootable automatically. You don’t need to decide whether you want to create a bootable backup or just regular backup. Just plug in an external hard drive, select your internal disk as source and your external disk as destination, click the “Clone” button and you’re set. Any backup created this way can be used to boot from. To restore a backup to your new replacement drive, simply boot from the backup, and this time select your internal disk as destination and the external disk as source.

To recap: the backups created by Carbon Copy Cloner are bootable but not versioned. It only creates snapshots of the current state. So, for instance, if you accidentally deleted an important file two hours ago and Carbon Copy Cloner has already created a new backup in the meantime, but it’s only now that you realize your mistakes, then the file is gone. That’s why you also use Arq. With Arq, you create versioned but not bootable backups.

Because booting from an external hard drive can be pretty slow due to the limiting speed of the USB interface, especially if it’s a HDD, I recommend using a SSD for your bootable backups with Carbon Copy Cloner. You’ll thank me later when your internal disk fails the day before a deadline and you depend on that bootable but sluggish backup to finish your job.

Enable Encryption on Bootable Backup

One thing you must know regarding Carbon Copy Cloner: if you’re doing backups to an external hard drive, they will live there totally unencrypted—even if FileVault is enabled in macOS. The reason is that macOS decrypts all your files on-the-fly on the OS level so that user applications can read them. So Carbon Copy Cloner simply copies unencrypted files from your internal hard drive to your external drive (as would any other application) which will remain unencrypted there. To solve this problem, you need to boot from your external drive once (by restarting your Mac, keeping the option key ⌥ pressed and then select your backup), then activate File Vault under System Preferences > Security for your external hardrive too.

Alternatively, you could also enable FileVault via the command line:

sudo fdesetup enable

You can immediately reboot into your regular system and continue your work. From now on, your backup will keep encrypting itself until it’s finished, as long as your hard drive is physically connected to your MacBook. You don’t need to be booted into your backup for it to do that.

If you wouldn’t follow this last step, a thief could steal your portable hard drive and would have an exact but unencrypted copy of your Mac, even though you have encryption activated on your MacBook and the thief couldn’t read the MacBook’s content if he’d stolen it instead. This circumvents the whole effort of encrypting your MacBook because all a thief needs to do is snatch your hard drive in an inattentive moment and then he can access all your or your client’s data without ever needing your password, fingerprint or any other security phrase.

Final Words

I hope you found this article helpful. If so, please feel free to share it or link to this page 😊 If you feel that this article could use some more accompanying screenshots or if you have any remaining questions, please do ask them in the comment section below.