You’ve almost certainly come across many other blog posts about the importance of backups by now, so I’m going to assume you’re familiar with the 3-2-1 backup strategy. It means that you should have at least three copies of your data. Locally, you have your original data on your main computer plus a copy on a different device, e.g. an external hard drive. Additionally, you keep another copy which lives in the cloud. Remember that the external hard drive shouldn’t be connected to your computer when it’s not needed to prevent losing two copies at the same time in case your house gets struck by lightning, you experience a power spike or fall victim to Ransomware. In this post I am going to describe how I backup my computer (a MacBook Pro) as well as my Synology NAS which holds Terrabytes of irreplaceable data. To prevent data loss due to power outtakes or power spikes, I recommend using an Uninterruptible Power Supply (UPS) like this one.
Some years ago I’ve used Backblaze for my online backups. They make it really simple to backup your computer. However, since their encryption is effectively useless I do not recommend them any longer.1 Also, they do not allow you to backup network shares such as a NAS. I wanted to backup my NAS too, since that’s the place where all my photos live (not on the SSD in my MacBook).
Nowadays I backup both my MacBook Pro and my NAS to Amazon Drive (formerly known as Amazon Cloud Drive). For that purpose, I use Arq to backup my MacBook Pro and Synology’s HyperBackup to backup my NAS. Arq creates a backup of your hard drive, encrypts it locally, i.e. before my data enters the cloud, and then uploads it to the cloud account of your choice.
I opted for Amazon Drive, because Amazon Drive is the only cloud provicer which offers unlimited storage space for a consumer friendly price. All its competitors, including Dropbox, Google Drive and Microsoft OneDrive, either offer 1 TB storage space at max or are unreasonably expensive in case you need more. Unlimited storage space allows me to backup my entire NAS to the cloud, not just my MacBook. My NAS currently consists of three 3 TB harddrives which are configured as SHR (Synology Hybrid RAID). Thus my NAS is able to hold 6 TB of data. Even though I have yet to fill those 6 TB of data, I like that Amazon doesn’t cap me as my data grows.
In Germany, where I live, Amazon Drive is availabe only since July 2016. Before that date I used Dropbox Pro to back up my MacBook Pro. But because Dropbox Pro allows only 1 TB I could never do a cloud backup of the entire data on my Synology and could only hope that my apartment wouldn’t burn down.2 Beside of that restriction, here are some other reasons why I stopped using Dropbox for good.
However, since internet speeds in Germany are slow anyway (especially upload speeds), you can do the math and calculate how much time it takes to actually backup such an amount as 6 TB. I can count myself lucky that I have one of the faster connections availabe in Germany, 120 Mbit/s down and 6 Mbit/s up. To initially backup 6 TB, it would take 6,291,456 MB ÷ 0.75 MB/s = 8388608 s = 97 days of my NAS running 24/7.
In case you neither own a NAS nor need Amazon’s unlimited storage space but simply want to backup your MacBook to the cloud, I would recommend you to try Google Nearline. If you only need to backup a 128 GB or even a 512 GB harddrive, Nearline is the cheapest option of all. My problem with all the other providers like Dropbox or Google Drive is that even if I’m not using all the space they’re offering me but only a small portion of it, I’m still paying for the entire 1 TB of storage space. Thus I’m almost certainly paying money for nothing using these services. With Google Nearline I only pay for what I actually use. And at $0.01 per GB it’s incredibly cheap (see their pricing). Backing up an entire 256 GB harddrive would only cost me $2.56 a month instead of the usual $9.99. There’s also Amazon Glacier—Nearline’s direct competitor—but I find it’s pricing model extremely complex and too much a hassle to deal with.
(Bootable) Offline Backup
Because internet speeds are comparatively slow—and you’re not always connected to the internet, of course—you also need an offline backup. Apple’s macOS has TimeMachine built in. While TimeMachine is certainly better than nothing and easy enough to use for the non tech-savvy user, it is still crappy. More often than not backups will get corrupted. Especially if you’re closing your MacBook in the middle of a backup process or when backing up to a network device other than an Apple Time Capsule (e.g. a Synology NAS). Although TimeMachine regularly checks backups for corruption, it simply does not work. TimeMachine would keep telling you everything was fine while your backup became unusable in the meantime. You will only notice that after the data loss already occured, because your backup will fail to restore your lost files. That’s why I don’t use TimeMachine at all.
So what do I use then? There are two options: SuperDuper and Carbon Copy Cloner. I use Carbon Copy Cloner. They both are very similar, except for one tiny little difference. That’s why everyone thinks they are essentially the same and it wouldn’t matter which one you use. In my opinion however, there’s a difference. Carbon Copy Cloner copies the Recovery HD partition of your Mac, SuperDuper doesn’t.
In which case is that important? Assume you’re using SuperDuper and one day your harddisk fails. No problem, you’ve got a backup. You order a fresh new drive, install it in your Mac and restore the backup. Everything’s fine. A few months later you decide to sell your Mac. You want to wipe your system and do a clean install. Thus you reboot your Mac, press ⌘R to boot into Recovery HD and install a copy of macOS that is not connected with your Apple ID… wait a second, there is no Recovery HD anymore, since you did your backups with SuperDuper instead of Carbon Copy Cloner. This means you cannot use ⌘R anymore to reinstall macOS. Now you need to create a bootable USB stick (do you know how to do that?), install macOS from the USB stick instead of from the Recovery HD—and in case you don’t want to reinstall macOS because you want to sell your device but because your harddrive actually failed for the second time, you first need to borrow a working MacBook from a friend, co-worker, etc before you can even create the bootable USB stick, since your own Mac isn’t working anymore… or you use Carbon Copy Cloner in the first place to copy the Recovery HD, too.
Whenever I’m getting work done and not just using my Mac to watch some movies, I plug in a portable 2,5” external harddrive (Western Digital My Passport Ultra) and leave it physically attached to my MacBook the entire day. Carbon Copy Cloner will perform a backup every hour and automatically mounts/unmounts the external harddrive in between, so that I cannot fall victim to Ransomware destroying my offline backup, too (I still had my online backup in that case though). The special thing about the backups Carbon Copy Cloner creates is that they are also bootable (this also happens automatically, you don’t have to take care for that). This means you can boot your MacBook Pro directly from your harddrive. Assume you have an important deadline tomorrow. You’re working on a presentation or homework assignment, it’s already 1 AM and boom your harddrive fails. Thank god you did a backup 30 minuntes ago. But it takes hours or even days to buy/order a new harddrive, install it in your MacBook and replace the old one, then restore the backup etc. You’re never going to make your deadline tomorrow! Well, with bootable backups you will. Just plug in your backup disk, restart your MacBook and boot from the external disk instead of your defect internal harddrive. It will be slower than booting from the internal drive (due to the USB interface speed) but at least you can carry on right away and don’t need to first buy a new drive.
Only thing you should remember: if you’re doing backups to an external harddrive, they will live there totally unencrypted—even if you’ve enabled FileVault in macOS! The reason is that macOS decrypts all your files on-the-fly on the OS level so that user applications can read them. So Carbon Copy Cloner simply copies unencrypted files from your internal harddrive to your external drive (as would any other application) which will remain unencrypted there. To solve this problem, you need to boot from your external drive once (by restarting your Mac, keeping the option key ⌥ pressed and then select your backup), then activate File Vault under
System Preferences > Security for your external hardrive, too. You can immediately reboot into your regular system and continue your work. From now on, your backup will keep encrypting itself until it’s finished, as long as your harddrive is physically connected to your MacBook. You don’t need to be booted into your backup for it to do that. If you wouldn’t follow this last step, a thief could steal your portable harddrive and would have an exact but unencrypted copy of your Mac, even though you have encryption activated on your MacBook and the thief couldn’t read the MacBook’s content if he’d stolen it instead. This circumvents the whole effort of encrypting your MacBook because all a thief needs to do is snatch your harddrive in an inattentive moment and then he can access all your or your client’s data without ever needing your password, fingerprint or any other security phrase.
I hope this is useful for you and that I explained everything well and clearly. If so, feel free to share or link to this page If you feel that this article could use some accompanying screenshots or if you have any remaining questions, please do ask them in the comment section below. I’ll get back to you as soon as I can.
They store your private key on on their servers. Your password is used to encrypt and decrypt your private key on their servers. Your data is decrypted on their servers before it is sent to you over a SSL connection. Read more. Also, what happens if you change your Backblaze password? Do they decrypt your private key with your old password and then re-encrypt it with your new password, which would mean that—for a tiny moment—your private key lies totally unencrypted on their servers? ↩
There would have been other options of course. Neither of them came into question however. I’m still a college student and too poor to buy a second Backup-Synology to put at my parents’ place. To utilize Backblaze I would have needed an iSCSI Initiator which don’t work well under macOS. With a lot of work I could have set up Crashplan on my Synology, but I never bothered because it’s so ressource-hungry and written in Java. At $0.01 per GB, backing up my NAS with Amazon Glacier was also too expensive for me, since that would have cost me $10 a month per 1 TB. ↩