Affordable Secure Backup
Whether you are an IT professional or a computer novice, choosing the right backup system to use at work or home is a difficult, and frankly uninspiring use of time, and one which almost always results in making undesirable compromises. There always seem to be far too many options and the good solutions come with a price tag that almost matches the cost of the system they were designed to support. A good backup system should satisfy, at least, the following requirements:
- It should be affordable.
- Operation should be reasonably well automated.
- It should be easy to restore to one of several points in time.
- There should be some redundancy.
- It should be simple to store some backups offsite.
- Media should be encrypted for security.
The system described here uses an affordable drive enclosure to host two of three disk drives in a scheme that gives both disk mirroring and offsite storage all for a very affordable price of, roughly, £260. Of the three disk drives, two stay in the enclosure and the third is kept offsite and periodically exchanged with one of the two in the enclosure. Each disk drive is mounted in a drive tray (a one-off operation which requires nothing more than the use of a Philips screwdriver) which allows it to be easily inserted and removed from the enclosure. The enclosure is connected to a USB port on a computer and looks, to the computer, like a single large disk. I use 1TB capacity disks which allows me to securely store approximately 1,000 GB of data which is a lot even for a small business.
The drive enclosure is populated with two of the three SATA disk drives and attached to a computer (Mac, Windows or Unix) through a USB connection. A DIP switch configuration on the rear of the enclosure can be used to choose from a number of different configurations allowing the two drives to appear as either one big drive, two independent drives or a single drive using RAID 1 mirroring for increased protection against disk failure. This backup scheme uses the latter configuration, RAID 1, which employs disk mirroring in which the enclosure maintains an exact copy of its first disk on the second disk so that if either disk fails the remaining disk can continue operation without loss of data. If a failure occurs, the failed drive can be replace with a good drive and the system will automatically mirror the data to the new drive without any downtime. From the computer, the enclosure appears as a single USB (external) drive.
The second disk can be removed at any point and replaced with another which will be automatically mirrored with the contents of the first disk. The process of mirroring a 1TB disk takes about 3 or 4 hours but during this period the drive can be used normally. A green LED above a drive indicates that it is functioning normally, a flashing amber LED indicates that the drive is in the process of being mirrored and a red LED is indicative of a hardware fault with the drive.
Backup software on the computer populates the USB drive as it would any externally attached drive. I use the excellent SyncBackPro for Windows to pull files in from other machines on the network and write it to the drive but any archiving software could be used as appropriate for the platform.
Some operating systems provide a mechanism for maintaining historical copies of your files within the file system. Windows does this with what it calls Previous Versions, and on Mac OS X similar functionality can be achieved by using Time Machine. Both these mechanisms enable fuller use of the storage space on the drive by keeping old versions of all files, even files that have been deleted since the last backup, for as long as space remains on the backup disk. Once the disk fills up these systems will automatically begin to prune back the oldest versions of files, keeping only as many old files as the disk can hold. Both of these mechanisms, Previous Versions and TimeMachine, will allow you to view the files in any backed up folder on your system as they were at several points in the past, typically at daily or more frequent intervals.
Redundancy and Offsite Storage
The enclosure keeps two drives in sync automatically so that should one of the drives in the enclosure fail the other one will continue providing read and write functionality without any interruption of service. This gives one form of redundancy, but by swapping the mirrored disk with a spare one on a regular, say daily, basis you get to maintain as many backup copies of your complete data as you feel comfortable with. It is easy to manage a small pool of spare disks which can be used in rotation. If we then keep one or more of these disks at a different location to the enclosure we have an offsite backup.
Very cheap USB caddies can be purchased which will hold a single SATA disk drive. These can be used in an emergency to mount any of the disks on a computer if the enclosure fails or if you need to access the data that is on one of the drives from a different computer or location.
If securing the content of your backup data is important then the free open source TrueCrypt is an excellent tool. TrueCrypt provides on-the-fly encryption of an entire disk which means that data is encrypted or decrypted just before it is saved or loaded from the disk. The operation works transparently, encrypting the entire disk volume without any user intervention. Data is copied to or read from the encrypted disk exactly as it would be to or from an unencrypted disk. No data can be read from the disk until the correct password has been provided so if one of your disks is lost or stolen you can be confident that its contents will remain safe. The documentation on the TrueCrypt web site provides a step by step guide to installing and using TrueCrypt to protect a USB drive.
The decision to encrypt is an optional one and can be delayed until a later date. TrueCrypt software is such a good tool that I would recommend experimenting with it even if you don’t decide to use it to encrypt your backups. One of the modes of operation of TrueCrypt allows you to create an encrypted file on your normal file system which can then be mounted by TrueCrypt as a drive (or volume) on your computer. To the computer this looks like a normal external disk but has the advantage that all of the files that you write to the disk are securely encrypted and cannot be read without providing the correct password. TrueCrypt is software that I would be prepared to pay quite a lot of money for but it is open source and free.
The system I describe here costs roughly £260 (including the backup media) and provides 1TB of always available RAID and offsite backed storage – this makes it a very competitively priced solution for a small business or home worker.
I purchased the enclosure and extra drive trays from Dabs.com but the enclosure is also available from Amazon. The hard drives can be purchased from anywhere but should all be of the same capacity – Good 1TB drives can currently be found for about £60. The individual component costs for the whole system were:
|1 x USB Dual Removable SATA RAID External Hard Drive Enclosure||£70|
|1 x Extra Hot Swap Hard Drive Tray||£10|
|3 x 1TB Internal SATA Disk Drives||£60 each|
|TrueCrypt Open Source Disk Encryption Software||£free|
With a total component cost of about £260, the benefits of this disk-based system over our old tape based solution are enormous not just in price but in flexibility and features. In short, it is a solution that I would recommend.