Hi. I use Dupcliati (and love it!) to store backups in Azure storage accounts (blob containers). I would like to make use of the remote file locking feature/support which was recently added to Duplicati - especially to protect against potential ransomware attacks.
I read the Duplicati docs about remote file locking ( Using remote file locking | Duplicati ) and also the Azure docks about immutability support ( Overview of immutable storage for blob data - Azure Storage | Microsoft Learn ). It’s not 100% clear to me how this works. I have the following questions:
- Are there prerequisites for Azure storage accounts and/or Azure blob containers which I need to meet/check before I can/should enable remote file locking in Duplicati? Or can I just set the destination options in Duplicati and am good to go? Especially I am wondering whether or not I need to enable “blob versioning” for the storage account and/or whether or not I need to enable “Container-level or version-level immutability support” in Azure beforehand.
- I understand that Duplicati builds blocks of data (files with a configurable size) with changed data and stores these kind of files in the destinations. Along with these I assume that there need to be a kind of index. Further I assume that this index needs to be updated for every backup job run. If the target would make the files in a container immutable for x days, how could Duplicati update the blocks and the index? If the index would be maintained on the machine (not on the target) would making the files in the target immutable be sufficient to protect the backup data against ransomware attacks?
More hints:
- The “Important Storage Considerations” section in Using remote file locking | Duplicati is pretty vague. It’s not 100% clear what applies to which provider. It’s also not 100% clear what are just considerations and whether there are hard prerequisites. Maybe it could be improved to show concrete considerations and/or prerequisites per provider (instead of saying “… and others”).
- The Duplicati CLI docs are not up-to-date with the latest version. The remote file locking commands are missing.
- Depending on the answers, maybe also the above questions could be made more clear in the Duplicati docs.