Encrypted Snapshotted Remote Backup

I just read about Colin Percival's idea for an encrypted snapshotted remote backup service.

Please read his post for more information. Colin would like to know if you would find such a service useful. He appreciates any feedback you send, and since he reads this blog he will see comments posted here. Thank you.


Anonymous said…

I'd definitely be interested in this for some small business clients of mine that are looking to purchase backup systems. I'd use it myself. By the way, I know you're a FreeBSD guy, but you might want to take a look at Sun's X4500 (aka Thumper) for storing the data. 24TB in one box!
Anonymous said…
Is he familiar with BoxBackup? http://www.fluffy.co.uk/boxbackup/ is an open source tool to have versioned remote incremental encrypted backup tool.
Anonymous said…
For Windows users, a service from Mozy.com, is doing encrypted off-site backups. I use it personally and think is great. I even paid the annual fee for the full 30GB service.

If I they had a Linux client, I would use it as well.
Anonymous said…
I thought I was the only one who ever thought of this and then I found duplicity.


It is also in the ports collection as sysutils/duplicity.

-Corey Smith
Anonymous said…
Thanks to all the people who have offered suggestions; and thanks, Richard, for directing people to my post. Unfortunately none of the suggestions offered are adequate to my needs; see http://www.daemonology.net/blog/2006-09-14-more-about-backup.html for details.
Anonymous said…
If you are narrowly focusing on FreeBSD, you are likely to find a niche that you can satisfy technically, but I would question its commercial viability. IronMountain bought the LiveVault service a few years back and have thrown resources towards it. PC coverage starts at $15/mo for unlimited data storage. Server provides the ability to backup open files and databases on Linux, Solaris and MS servers.


Anonymous said…
None of the existing backup solutions seem to fit the criteria that Colin has set. So yes, I'd love to see this implemented.

I was running rdiff-backup (the non-encrypted version of duplicity) for a while but was scared off by the use of Python "pickle" format data files. Too often I ended up trashing the entire backup archive containing snapshots going back in time and starting again with a full backup.

I am in complete agreement with Tim Bray that the backup solution must use no proprietary (or undocumented) formats. In other words, use tar and bzip2 unless there is a really good reason not to.

My current solution is a set of scripts to tar and bzip, followed by manual intervention (bad I know) to encrypt using GnuPG and upload to Amazon S3. I would very much like to see a cross-platform and well-maintained script to do this automatically.

BTW Amazon S3 is by far and away the best off-site backup destination for me. Thanks to S3 I'll never have to deal with crappy unreliable tapes ever again.
Anonymous said…
"If you are narrowly focusing on FreeBSD, you are likely to find a niche that you can satisfy technically, but I would question its commercial viability."

I think this is why the project should be open source (BSD licensed). Folks make money off supporting open source version control, security monitoring, operating systems (in NAS various embedded devices etc.) and other network infrastructure type apps despite the existence of commercial equivalents. Mostly becaseu some orgs *must* host their own stuff. There's no reason why someone like Colin couldn't offer the service *and* sell his skills to the highest bidder.

The question is can he code up this cool application in his spare time? Maybe if some financial collaborators could come up with sufficient money to support him for a long enough time while he worked on it we could make the "encrypted backup" equivalent of apache available to the world.
RonnieTanner said…
there is another online backup product called disksave.. it works with MacOS and can backup mysql databases to an encrypted file set on a remote server. You can then restore any files you want from anywhere as long as you have the encrypting key


Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4