How to Set Up Subscription-Free Offsite Backup
Now that large hard drives, including the massive new 14TB models, are available to everyone, it makes sense to think about how they can be used to create your own personal offsite backup system without paying the monthly fees required by cloud storage providers. Since cloud storage can easily cost $100 per terabyte per year, someone with a 10TB library of photos, videos, movies, and music could wind up spending $1,000 per year to rent space they could buy for a few hundred dollars. Depending on how you feel about the security and reliability of your cloud provider, you might also like the additional control of this solution. As simple as the idea sounds, it turns out to be a bit tricky to implement. After playing with a variety of potential solutions over the last year or two, I’ve finally come up with some options that fit the bill.
A Peer-to-Peer Architecture for Offsite Backup
The basic idea is simple. You and a friend, or at least someone willing to give you space on their site, each have a system with plenty of storage. You can sync whatever you want to their site, and vice versa. Essentially each end serves as a cloud backup for the other. The systems can be PCs, servers, or NAS units, but for best results need to be running all the time, or at least on a regular basis. For software, I’ve come down strongly on the side of file-based synchronization. Trying to perform a traditional backup of terabytes over the public internet with medium-speed ISPs at either end has proven nearly impossible in my experiments. That doesn’t mean you shouldn’t include your system backups in what you sync, but only as part of syncing your total data store.
Securing Your Offsite Backups
Some Software Options
I really like Goodsync for intelligent sync across both LAN and WAN. It has performed flawlessly in keeping my key files up to date between my desktops, laptops, and office NAS. If you can justify keeping a PC running often enough to make it work, it’s an excellent option. It also supports client-side encryption. Unfortunately, while there is a Goodsync server for the Synology NAS units I’m using for this experiment, there isn’t a client. So it doesn’t support a pure NAS<->NAS solution.
Every NAS vendor provides a set of their own backup and sync utilities. In Synology’s case, the one that supports sync to another NAS with client-side encryption is Cloud Sync. I’ve been using it very successfully to back my library up to Amazon Drive for over a year. It also supports WebDAV, and Synology offers a WebDAV server. You can set up multiple tasks between each client and server, and choose whether they’re encrypted. In my case, I didn’t bother encrypting our purchased media (music and movies), only our more sensitive documents. Like most sync packages, you can decide to have the server keep everything (a backstop in case you accidentally delete something on your side, but one that takes more space) or to synchronize deletions.
Turning on client-side encryption did throw me for a curve initially, but Synology support helped me figure out that I needed to specify the remote path in the WebDAV connection URL for it to allow me to put a password on a particular sync connection. Once I did that, it worked just as well as the un-encrypted sync.
For the true DIY-er, there are various free utilities that build on basic FTP and rsync to create solutions for copying data and can be combined with additional utilities that add encryption. Duplicity is one interesting option, but I haven’t tried to set up a system using it personally.
Setting Up Your Systems
Assuming you’re setting this backup solution up with someone who also wants to store files with you in exchange, you’ll need to provide each other access of some kind. One of the coolest things about Resilio is that you can literally just share the encrypted key for a folder with someone else and they can pull an encrypted copy off your machine — that you can later recover with the read-write key — without them having any other type of access. They don’t even need a user account. For a more typical solution like WebDAV, each of you will need to have a user account on the other system, with permission to run the app and store data. Depending on what else you have on that system, and how concerned you are about anyone getting at it, it might be worth investing in a small NAS dedicated to this task.
Running Across the Internet
Getting everything working on a local network is a great first step, but it’ll take some additional tweaking to run across the public internet. For starters, unless you have an account with a static IP, you’ll probably need to use DDNS to allow DNS to find the external IP of your home network dynamically. Synology has its own DDNS service built into its NAS units, so we simply turned it on and registered names for both devices.
Next, you need to use port forwarding to get requests to your network to your NAS at each end. Typically, your NAS can try to do this through uPNP, or you can enter the rules manually. Some sync solutions may not require this step or may attempt to do it for you, but you’ll want to verify using a website like portcheckers.com that you can actually get to your NAS from the internet. If you can’t, you may also need to add a rule to your firewall (most likely running on your router, unless you have a separate box). Once the two NAS units can talk to each other, then they should be able to sync just like they did when you tested them on your LAN.
Beware the Bandwidth Cap Monster
One of the single worst developments in the ISP industry over the last year or two has been the adoption of bandwidth caps for broadband customers. Comcast has placed a cap of 1TB/month on its Home users. If you do the math on how much data you can send and receive if you have a NAS syncing 24×7, it’s a lot more than that. Fortunately, most tools allow you to set speed limits that can keep you under the cap. They also allow you to set schedules, in case your offsite location is a friend’s house and they don’t want disk drives chattering all night.
Seeding Your Drives
When I first started experimenting with offsite backups I quickly ran afoul of Comcast’s really-annoying 1TB monthly bandwidth cap for residential broadband subscribers. When uploading to Amazon Drive my only option was to use a different ISP or throttle the upload if we didn’t want to pay a couple hundred dollars per month in overage charges (we wound up using a combination of both tactics to avoid the fee). This time, for our P2P experiment, we had the luxury of seeding one of the NAS units before moving it to its new home. Going the other way was a little trickier, as it isn’t always simple to move drives between different NAS units while preserving the data.
You Built It, You Own It
Remember that in exchange for not paying a monthly fee, you now own the maintenance of your off-site backup solution. You’ll want to check in to make sure it is doing what it is supposed to, that the devices on both sides are getting needed security updates, and of course note any issues with the hard drives you’re using. One thing that became clear to me researching this article is that there are a lot of ways to tackle this issue, and we’ve only touched on and experimented with a few. So please do let us know what you’ve tried, and how it worked for you.