What are the most secure options for backup?

In my situation, it doesn’t really matter how long the backup/restore operation will take. The most important thing for me is to keep my data safe. Duplicity has a lot of options both for backup and for restore, so how do I make it the best way?

I have about 2 terabytes of data(some random .doc, .pdf, .jpg, etc - no databases) and about 300-1500 megabytes are changed every day.

Safe from what? What are the threats?

The answer depends entirely on that.

I’m afraid of backup elements corruption/loss. Duplicati does everything I need, but the way it stores backups looks scary.

Do you want your backup to be in native format? (In other words, the backup data looks exactly like the source data.) If so, Duplicati won’t be the right tool.

The reason the backup files look different is because all data is run through a deduplication engine, gets compressed, and then optionally encrypted. What this gets you is efficient storage of multiple backup versions. What you lose is the files aren’t stored in native format, and you must go through the restore process to get back the original files.

If you’re still open to using Duplicati, might I suggest what I did when I was new to it: configure a small back up job on your most important data and use it for a while so you get comfortable with it.

Considering Duplicati is technically in beta and also has some not so good code issues, on top of trying to backup 2TB this way, personally I wouldn’t use it in that situation.

2TB, if all of that is going to change often then compressing and storing all of that is going to take much longer.

But if you basically store much of that and it never changes then you can backup all that doesn’t change another way that doesn’t include compressing it all (when much of it might even already be compressed anyway) and then backup with Duplicati what’s left if its say 100GB or whatever.

The 300-1500MB per day isn’t a problem. But, I wouldn’t personally rely on Duplicati for anything near 2TB full backup with the flaws it has at this time.

The other thing is networking speed especially for 2TB is going to be slower than other options unless you have equipment that does. At 2TB, I’d be looking for the fastest speed as that’s far too much data to redo a backup a few times per year which is a safety thing to do. You can get portable drives today that can push 1-2GB/sec in write speed on the right hardware which can blow past 10Gbit switches.

@number02, you may want to take a look at this correlated post. It has amazing information provided by @ts678.

1 Like

I devoted the last two months for similar considerations and searching for the best backup program for me.
So I will briefly share my end conclusions.

Duplicity has disadvantages that threw him for me from my list:

Vorta (GUI for Borg) can mount the pointed backup as an ordinary folder for browsing

I am exactly the same opinion.
I have a fondness for Duplicati and I will watch it, but until I stabilize its code, I can not use it :frowning:
Here, an additional topic: Is Duplicati 2 ready for production?
The thread is old, but at some point jumps to newer times.

I am sorry that I will not describe everything in detail and all the tests, but I miss time for this :frowning:
Short:
With about ten programs I chose two and now I will test in parallel for a few months: Vorta + Kopia.io
For me important features: deduplication + encryption + authentication + compression + Mounting FUSE + GUI
Tests carried out on 6TB data
Additional resources: https://github.com/restic/others
Duplicati will look at and waited for a stable code.

1 Like

A good operating rule of thumb: Duplicati is fantastic for client side options. Duplicati provides almost no options for server side security. That’s left up to the creativity of the user.

As for me, I’ve found I have more problems overwriting my own data than deleting files. So I need to ensure I can always rollback. I ended up having the server side utilize a Linux ZFS file system and a script that made sure to run snapshots only at times Duplicati isn’t running. It took me a few hours to get it set up right, but I’ve been very happy with it since. An attacker could wipe my local computer, then use the password Duplicati stores to access the remote end, then wipe the Duplicati files on remote end as well. Despite all this, the ZFS snapshots on the server cannot be removed and my backups can be restored. The downside is that it takes a bit of ZFS knowledge to pull all this off.

1 Like

I use the same approach with my Synology NAS - filesystem snapshots (but in my case it’s btrfs instead of ZFS). An attacker would have to gain admin access to my NAS in order to manually delete the snapshots.

Edit to add: Also I sync the backups to S3, and am currently experimenting with a lifecycle policy that migrates objects to deep archive. Also have versioning enabled on the S3 bucket so that I can retain deleted items for X number of days. I hope I’m covered!

1 Like

I used this feature to protect the repository on the server and it takes a few clicks:

I also have backup on Synology (except remote outside the house):