What will happen when you lose that data?
- Many ways to lose
- The most secure
- The longer explanation on laptops
- NAS Options
- External Cloud vendors
Many ways to lose
There are many ways your files can die or disappear:
- You destroy a file by replacing the new version with an old version
Your laptop gets lost, stolen, or damaged beyond repair
- Fire or theft or drive failure destroys your backup devices at home
- Your cloud backup vendor goes out of business or charges too much
- Your cloud backup vendor loses your files (despite redunancies)
The most secure
DR;TL Use several techniques for peace of mind with data on your laptops:
For a complete backup (including operating system files), use a portable USB drive. This is the lowest cost option and enables you to get back running quickly. PROTIP: Do backups before you leave and do not carry the drive with your laptop.
- If you have a Apple MacBook, use Time Machine with a portable drive
- If you have a Windows machine, it’s best to get a 3rd-party software
- Many companies do not allow use of external USB drives, so consider using a NAS.
- Do full backups to a local network attached storage (NAS) device via wi-fi every night (or whenever you sleep), and public network access is shut down
- Mirror the hard disk automatically on the local NAS.
- Setup automatic incremental backups to a network backup service (during lunch).
There are reasons for each:
- Local backups to a USB are useful to restore completely in less than an hour
- Attached storage devices backup off your machine via wifi without you having to plug anything in
- All drives fail eventually
- Backups to a cloud protects your data from disasters at your home
There is a weakness to each as well:
- Backups can take up a lot of room on your computer. And it’s a hassle to remember to plug in the USB drive.
- NAS drives cost $150 and up.
- Mirrored drives cost double that.
- Assume that anything in a cloud will eventually be available to everyone. Strong encryption helps, but do not guarantee privacy.
PROTIP: Schedule time ahead to make sure you have a fresh backup before you leave home, in case your laptop is lost, stolen, or damaged while on the road.
The longer explanation on laptops
Most of us already have some type of cloud backups:
We don’t need to keep installers on the Downloads folder if we use Ansible to download the latest versions for installation. I have a separate tutorial just on this.
Those who only use iTunes can get their music from Apple’s iCloud. Note the cost of $50/year.
Gmail and Hotmail users have their emails at Google and Microsoft would need a program
Those who have an Amazon Prime account can currently store an unlimited number of pictures on the Amazon Cloud for free. It takes several seconds for you to drag-and-drop to upload each file on your browser. But you can rearrange and rename files.
Those who write programming code or books now:
- Commit small changes of code into a local git repository within each project folder
- Commit your locally tested code up on GitHub.com or equivalent
PROTIP: Being able to get back to various back versions of data is important because a virus or mistake can destroy files you don’t notice until months later.
If you buy a USB hard drive you plug into your laptop USB plug, you can drag-and-drop specific files to it. But you’ll need to manually save file names with different names in order to get back to back versions of Documents and Movies.
DVDs and storage
Burning DVDs disks provide the most long-term stable storage. BLAH: But each DVD is limited to 4 Gigabytes of data. Removable USB hard drives are now several thousand gigabytes (terrabytes), which are needed for those working with movies.
BLAH: With newer MacBooks, you’ll need to buy a DVD drive (about $150). However, if you buy a black Samsung DVD drive, you’ll be able to play Blueray disks on your laptop.
There are hidden files we don’t see on Finder that are required to create a complete backup that we can use to fully restore a laptop.
https://github.com/n8gray/Backup-Bouncer tests whether backup media on MacOS contain file metadata used by Finder.
Apple Time Machine
The Time Machine software that comes with Apple MacOS is one of its best features. It has the ability to completely rebuild on a new laptop from a backup backup drive because it automatically saves the hidden files we don’t normally see on Finder.
When we plug in a USB drive for it to use, we can click “Backup Now” or let it start backup automatically, in a “set-it-and-forget-it” mechanism.
It does incremental backups of just changes every hour for a day, every day for a month, and every week until the backup disk is full.
If it doesn’t have enough disk space, it will save a smaller number of previous versions.
There are number of other cloud offerings available.
Time Machine is not available on Windows machines. Windows 7’s Shadow Copy Service is lacking because it won’t help you when your disk crashes since it doesn’t also backup hidden system files.
So other programs need to be installed on Windows.
The Acornis backup program makes incremental backups of just the changes, but it doesn’t provide fall-back to different versions of the same file at different points in time. Also, Acronis is especially difficult to deal with due to their policy of hassling customers by not allowing software download after a short time, then providing no phone support.
This is also the case with programs to access cloud storage such as Dropbox and Amazon Cloud, which both keep a copy of files on your local machine.
Apple offers their Time Capsule device that contains a hard drive – a Network Attached Storage device (NAT) – that uses the network (wi-fi) to do backups automatically, without anyone having to plug in a USB portable hard drive.
But machines cannot be powered down because it runs automatically on a schedule such as once an hour or once a night.
Some are available with two disk drives which mirror each other for redundancy in case one of the drives break down.
Social media backup
iDrive.com does incremental backups of photos from Facebook and Instagram, even on their 5GB free plan.
Seagate’s NAS software is its ability to extract your photos and text from Facebook, Twitter, and your other social media accounts.
BTW, currently there is no easy-to-install program to extract emails from Gmail, Hotmail, and other free cloud email services.
Mobile device backup
iDrive backs up photos and other files on mobile devices.
This is a good option to reduce use of expensive cellular bandwidth usage.
Hard Drive Failure Rate
There are more industrial vendors and devices:
- Synology DSN
- QNAP QTS
- WD MyCloud EX2
- Seagate Home NAS
The focus of this article is on consumer models.
Backblaze analyzed thousands of hard drives and found:
- Seagate had the highest failure rate for 1 TB drives (14% is hugh!)
- But lower failures on 4 TB drives (3% per year)
- Western Digital had lower failure rates than Seagate on all size drives
- Hitachi drives had the lowest failure rate (below 1%) on all size drives
3% a year is still a rather risky. Would you accept 14 out of 100 failures from your toilet or microwave oven?
Thus, do both.
Price of NAS
BestBuy sells both Western Digital My Cloud and Seagate NAS. Amazingly, Amazon had the same price.
$158 for the 4 TB.
PROTIP: The devices make noise when operating, so have them all in a room away from where you want to sleep quietly. A sound-proof room where you watch loud movies?
The initial backup requires special handling since neither of the NAS device manufacturers allow its USB port to obtain files from your laptop (like a USB portable drive). Its USB port is to plug in an additional USB portable drive.
PROTIP: Make the initial backup set by plugging in the RG-45 network cable into your laptop. MacBooks would require an additional adapter.
Both have a mobile app for iOS and Android that works on the common local wi-fi network.
PROTIP: You’ll need to keep your laptop running at night for this to happen
Both have DNLA capability to play back videos to a TV also having DLNA feature.
Western Digital My Cloud
A 5 minute non-technical overview by a cheerleader:
WARNING: My Cloud connects to a wi-fi hub, so the backup device needs to be near the hub. That may be OK since you’ll want both plugged into a UPS to protect from electrical sags.
WD has its My Cloud mobile app for iOS and Android that works on the common local wi-fi network.
Download client software from setup.wd2go.com
Complaints about this on Amazon and elsewhere include:
- It consistently ‘goes away’ and I have to unplug and plug it back in.
- You can ONLY backup on the Home/local network not on a connected device over the internet.
- Different users (laptops) share files via dragging to a common Public folder.
Links to videos and write-ups:
- Lon Seidman: https://www.youtube.com/watch?v=078xdmH1DiM
- Geek with Glasses: https://www.youtube.com/watch?v=vdYhb54jmGI
Seagate Personal Cloud NAS
Each laptop requires a different user account. Folders cannot be shared, even by the administrator.
Seagate is faster than WD MyCloud.
Folders marked public are visible to all on the wi-fi, but not from the internet without a password.
The most frequent backup time is once per hour. No “backup now”.
You can pull in from the internet files from social media websites such as Facebook, Twitter.
The iTunes player doesn’t work. You have to use Seagate’s program.
Links to videos and write-ups:
- Lon Seidman: https://www.youtube.com/watch?v=RcgTG9VrBJs
External Cloud vendors
Not all cloud storage vendors have geo-reduntant storage, which means they store data in two geographically separate locations.
A search on the internet for “cloud backup” will yield several sites compare various options, but it’s clear which vendor the site is rooting for, usually to collect a referral income. So use such sites only for ideas to differentiate the options, not to base your decision.
TheWireCutter.com provides a great list of features before recommending Crashplan (from Code42), which costs $150 per year for families, $60 a year for individuals) for “unlimited” storage. This price is about $12 a month, which is about what many generic cloud vendors charge.
However, its desktop app has the unique option of peer-to-peer backups as well. It works on Windows, but its Mac edition does not offer versioning.
CrashPlan can backup the NAS drive, which makes a mirror unnecessary. This is a key selling point.
CrashPlan’s client is written in Java for cross-platform support. But it installs its own version of the JRE, so you won’t have to hassle with installation. However, you’ll want to shut down apps when it runs.
Carbonite does not currently offer Macs equivalent features as Windows.
ArqBackup.com (@arqbackup) charges $49.99 one time for their program which stores data in your account on the various generic cloud vendors (Amazon Cloud Drive, Amazon Web Services (S3 or Glacier), Google Drive, Google Cloud Storage (including “Nearline”), Dropbox, Microsoft OneDrive, GreenQloud, DreamObjects from Dreamhost.com, etc.).
This approach enables you to take advantage of free offers such as unlimited picture storage on Amazon Cloud Drive for Amazon Prime users.
The company points users to an open-source restore software which requires use of a command-line interface for those comfortable with crafting a command such as:
$ arq_restore restore 32D9D7A2-3B3E-4BE7-B85B-0605AF24F570 password 7C554E65-4324-4B81-9675-4D6EA686B0DD 10000 aws AKIAIPXLWYHBMEO22ZNQ QMqT0cdSuHs6eCanSVGr/odThlgoBqYfiWuOsOGI akiaiyuk3n3tme6l4hfa.com.haystacksoftware.arq
Immutable Snapshots of Cloud Servers
What are needed are not just backups, but Snapshots which add to backup data versioning and other metadata, usually taken more frequently than once a day.
Snapshots capture the state of and location of files and blocks that make up files at a specific time to which a customer can roll back. More than just a record of state, metadata includes deleted data, parent copies, and so on, which all need to be retained.
Backup suppliers have added encrypted, mechanisms that lock snapshots from being moved or mounted externally, and multifactor authentication (MFA) to access them.
The time spent by attackers inside systems – “dwell time” – averages 11 days according to Sophos and 24 days according to Mandiant. During this period, they will be carrying out reconnaissance, moving laterally between different parts of the network, gathering credentials, identifying sensitive and lucrative data, exfiltrating data, and so on.
Cohesity SpanFS snapshots are retained in an immutable state and never made accessible to be mounted by an external system. Ransomware cannot affect the immutable snapshot. Cohesity provides an air-gap in which customers can replicate data to an external cloud (see also its recent Fort Knox plan), another physical location or tape. Multifactor authentication is used to control access to protected copies.
IBM’s Safeguarded Copy is available in its all-flash storage arrays. It automatically creates immutable snapshots that are isolated and cannot be accessed or altered by unauthorised users. Safeguarded Copy keeps up to 15,000 immutable point-in-time copies that cannot be written to or read by an application and can’t be mapped to a host. Safeguarded Copy can be integrated with IBM Security QRadar, which monitors activities and looks for signs that an attack may be in progress.
Panzura.com is a hybrid cloud or cloud gateway-focused operation. Its CloudFS recognizes altered file data and any resulting encrypted files are written to the object store as new data. If a file is encrypted by ransomware, users can recover to the state prior to infection by reference to the clean existing data with snapshots.
Pure Storage puts immutable snapshots in SafeMode, with Protection Groups that provide configurable snapshot policies covering frequency of snapshots, retention policy and ability to send snapshots to other destinations for recovery. Intruders can’t set retention periods to zero or eradicate snapshots. Retention can be increased, but can’t be decreased unless two authorised contacts with PINs contact Pure Support.
Rubrik can perform “impact Analysis” to identify what data was encrypted and sensitive data that may have been exposed, with multifactor authentication access to protected data.
Here are the videos I found on YouTube:
https://www.youtube.com/watch?v=JGcmw86oyR4 from CNET. Text version
rverless-authentication-boilerplate Kinda still get you what you pay for
Western Digital is $3 more
https://joeontech.net/books/backing-up-your-mac/ $10 ebook Backing up Your Mac