You’ve almost certainly come across many other blog posts about the importance of backups by now, so I’m going to assume you’re familiar with the 3-2-1 backup strategy. It means that you should have at least three copies of your data. Locally, you have your original data on your main computer plus a copy on a different device, e.g. an external hard drive. Additionally, you keep another copy which lives in the cloud. Remember that the external hard drive shouldn’t be connected to your computer when it’s not needed to prevent losing two copies at the same time in case your house gets struck by lightning, you experience a power spike or fall victim to Ransomware. In this post I am going to describe how I backup my computer (a MacBook Pro) as well as my Synology NAS which holds Terrabytes of irreplaceable data. To prevent data loss due to power outtakes or power spikes, I recommend using an Uninterruptible Power Supply (UPS) like this one.
Some years ago I’ve used Backblaze for my online backups. They make it really simple to backup your computer. However, since their encryption is effectively useless I do not recommend them any longer.1 Also, they do not allow you to backup network shares such as a NAS. I wanted to backup my NAS too, since that’s the place where all my photos live (not on the SSD in my MacBook).
Nowadays I backup both my MacBook Pro and my NAS to Amazon Drive (formerly known as Amazon Cloud Drive). For that purpose, I use Arq to backup my MacBook Pro and Synology’s HyperBackup to backup my NAS. Arq creates a backup of your hard drive, encrypts it locally, i.e. before my data enters the cloud, and then uploads it to the cloud account of your choice.
I opted for Amazon Drive, because Amazon Drive is the only cloud provicer which offers unlimited storage space for a consumer friendly price. All its competitors, including Dropbox, Google Drive and Microsoft OneDrive, either offer 1 TB storage space at max or are unreasonably expensive in case you need more. Unlimited storage space allows me to backup my entire NAS to the cloud, not just my MacBook. My NAS currently consists of three 3 TB harddrives which are configured as SHR (Synology Hybrid RAID). Thus my NAS is able to hold 6 TB of data. Even though I have yet to fill those 6 TB of data, I like that Amazon doesn’t cap me as my data grows.
In Germany, where I live, Amazon Drive is availabe only since July 2016. Before that date I used Dropbox Pro to back up my MacBook Pro. But because Dropbox Pro allows only 1 TB I could never do a cloud backup of the entire data on my Synology and could only hope that my apartment wouldn’t burn down.2 Beside of that restriction, here are some other reasons why I stopped using Dropbox for good.
However, since internet speeds in Germany are slow anyway (especially upload speeds), you can do the math and calculate how much time it takes to actually backup such an amount as 6 TB. I can count myself lucky that I have one of the faster connections availabe in Germany, 120 Mbit/s down and 6 Mbit/s up. To initially backup 6 TB, it would take 6,291,456 MB ÷ 0.75 MB/s = 8388608 s = 97 days of my NAS running 24/7.
In case you neither own a NAS nor need Amazon’s unlimited storage space but simply want to backup your MacBook to the cloud, I would recommend you to try Google Nearline. If you only need to backup a 128 GB or even a 512 GB harddrive, Nearline is the cheapest option of all. My problem with all the other providers like Dropbox or Google Drive is that even if I’m not using all the space they’re offering me but only a small portion of it, I’m still paying for the entire 1 TB of storage space. Thus I’m almost certainly paying money for nothing using these services. With Google Nearline I only pay for what I actually use. And at $0.01 per GB it’s incredibly cheap (see their pricing). Backing up an entire 256 GB harddrive would only cost me $2.56 a month instead of the usual $9.99. There’s also Amazon Glacier—Nearline’s direct competitor—but I find it’s pricing model extremely complex and too much a hassle to deal with.
Because internet speeds are comparatively slow—and you’re not always connected to the internet, of course—you also need an offline backup.
Why I Don’t Use TimeMachine
Apple’s macOS has TimeMachine built in. While TimeMachine is certainly better than nothing and easy enough to use for the non tech-savvy user, it is still crappy. More often than not backups will get corrupted. Especially if you’re closing your MacBook in the middle of a backup process or when backing up to a network device other than an Apple Time Capsule (e.g. a Synology NAS). Although TimeMachine regularly checks backups for corruption, it simply does not work. TimeMachine would keep telling you everything was fine while your backup became unusable in the meantime. You will only notice that after the data loss already occured, because your backup will fail to restore your lost files. That’s why I don’t use TimeMachine at all.
Bootable Offline Backup
So what do I use then? There are two options: SuperDuper and Carbon Copy Cloner. I use Carbon Copy Cloner. They both are very similar, except for one crucial but often neglected difference. Many people will tell you they are essentially the same (they’re not) and it wouldn’t matter which one you use (it does). The most important difference is that Carbon Copy Cloner copies the Recovery HD partition of your Mac whereas SuperDuper doesn’t.
In which case is that important? Assume you’re using SuperDuper and one day you get a new Mac. You don’t want to set up everything from scratch again so you restore your new Mac from your backup (that’s why you made one) and it’s as if you never switched computers at all! A few years later, you want to upgrade to a newer Mac again so you want to wipe your computer before you put it on eBay. Thus you restart your Mac, press ⌘R to boot into Recovery HD and install a fresh copy of macOS that is not connected with your Apple ID… but wait a second, there is no Recovery HD anymore, since you did your backups with SuperDuper instead of Carbon Copy Cloner. This means you cannot use ⌘R anymore to reinstall macOS. Now you need to create a bootable USB stick (do you know how to do that?) and install macOS from the USB stick instead of going the easy route via the Recovery HD. Another scenario could be that you still have one of the older Macs where you can still change the harddrive yourself and want to replace it after a disk failure or because you need a bigger one. So use Carbon Copy Cloner rather than SuperDuper to include the Recovery HD into your backup.
Whenever I’m getting work done and not just watching movies, I have a portable 2,5” external harddrive (Western Digital My Passport Ultra) plugged into my MacBook and leave it attached the entire day. Every hour Carbon Copy Cloner will perform a backup and automatically mount/unmount the disk in between. In case I ever fall victim to Ransomware, at least my backup wouldn’t be affected that way—and if Ransomware someday figures out how to afflict external drives, I’d still have my online backup in the cloud. The special thing about the backups Carbon Copy Cloner creates is that they are also bootable (this happens automatically, you don’t have to take care for that). This means you can boot your MacBook Pro directly from your harddrive. Assume you have an important deadline tomorrow. You’re working on a presentation or homework assignment, it’s already 1 AM and boom your harddrive fails. Thank god you did a backup 30 minuntes ago. But it takes hours or even days to buy/order a new harddrive, install it in your MacBook and replace the old one, then restore the backup etc. You’re never going to make your deadline tomorrow! Well, with bootable backups you will. Just plug in your backup disk, restart your MacBook and boot from the external disk instead of your defect internal harddrive. It will be slower than booting from the internal drive (due to the USB interface speed) but at least you can carry on right away and don’t need to first buy a new drive.
One thing you must know: if you’re doing backups to an external harddrive, they will live there totally unencrypted—even if FileVault is enabled in macOS. The reason is that macOS decrypts all your files on-the-fly on the OS level so that user applications can read them. So Carbon Copy Cloner simply copies unencrypted files from your internal harddrive to your external drive (as would any other application) which will remain unencrypted there. To solve this problem, you need to boot from your external drive once (by restarting your Mac, keeping the option key ⌥ pressed and then select your backup), then activate File Vault under
System Preferences > Security for your external hardrive too.
Alternatively, you can enable FileVault via the command line:
sudo fdesetup enable
You can immediately reboot into your regular system and continue your work. From now on, your backup will keep encrypting itself until it’s finished, as long as your harddrive is physically connected to your MacBook. You don’t need to be booted into your backup for it to do that. If you wouldn’t follow this last step, a thief could steal your portable harddrive and would have an exact but unencrypted copy of your Mac, even though you have encryption activated on your MacBook and the thief couldn’t read the MacBook’s content if he’d stolen it instead. This circumvents the whole effort of encrypting your MacBook because all a thief needs to do is snatch your harddrive in an inattentive moment and then he can access all your or your client’s data without ever needing your password, fingerprint or any other security phrase.
I hope this is useful for you and that I explained everything well and clearly. If so, feel free to share or link to this page If you feel that this article could use some accompanying screenshots or if you have any remaining questions, please do ask them in the comment section below. I’ll get back to you as soon as I can.
They store your private key on on their servers. Your password is used to encrypt and decrypt this not-so-private key on their servers. Your data gets decrypted on their servers before they send it to you over a SSL connection. They even admit that themselves if you read over all the marketing talk. So not only does someone other than me have access to my private key (first big security fail), there are moments where both my private key and my data are stored totally unencrypted on their servers. Also, what happens when I change my Backblaze password. Certainly my private key has to be decrypted with my old password and then re-encrypted with my new password … another moment where my fucking PRIVATE KEY lies totally unencrypted on someone else’s computer—but hey, it’s only my most sensitive data I’m trusting them with … ↩
There would have been other options of course. Neither of them came into question however. I’m still a college student and too poor to buy a second Backup-Synology to put at my parents’ place. To utilize Backblaze I would have needed an iSCSI Initiator which don’t work well under macOS. With a lot of work I could have set up Crashplan on my Synology, but I never bothered because it’s so ressource-hungry and written in Java. At $0.01 per GB, backing up my NAS with Amazon Glacier was also too expensive for me, since that would have cost me $10 a month per 1 TB. ↩