Time Machine Backups For The Moderately Paranoid

I have recently reworked by computer backup strategy to ensure a high degree of reliability by backing my Mac laptop to two drives in two locations using Time Machine. These backups are encrypted as well to allow me to store them in non-ultra-secure locations while not increasing my exposure to identity theft or snooping. While not a trivial process, it is one that is quite approachable with a little effort and a guiding purpose.

As a tribute to This American Life, I present you with an essay in three acts. In Act One we’ll see my older backup system and how it saved me, yet left me wanting more; Act Two discusses a philosophy of backups appropriate for the moderately paranoid; and in Act Three we’ll go step-by-step through the process of implementing that philosophy.

Act One: A Complex Old (But Successful) Backup System

For the past four years or so I’ve been successfully running automated backups of my Mac laptop using rdiff-backup to send incremental backups over the network to a Linux file-server. These backups occurred every day at 12:30 and every night at 2am when there was a fast-enough network connection. This solution was a bit complex to set up — I wrote my own scripts for testing network connection speed so that it wouldn’t start backing up over dial-up or other slow connections — but it did the job of ensuring that I always had a good copy of my data.

In late 2007 Apple released OS X 10.5 (Leopard) with its built-in Time Machine backup system. As I am a bit paranoid about my data, I set up Time Machine to back up to a 150GB external Firewire drive. Since the external drive was smaller than my laptop’s drive I was only able to back up my user directory, not the whole system. The rdiff-backup system kept running in the background as well.

Fast-forward to June 2009 and my current laptop hard drive has died and gone to meet its maker: Apple (via AppleCare). Incidentally I got a great repair with the display (dead pixels), keyboard, aluminum chassis (deformed), and battery (swelling) all replaced in addition to the faulty drive. Almost a new computer! Now time to restore my data.

Since I didn’t have a full-system Time Machine backup, I couldn’t use the one-click-restore option to get my system back so my recovery process was:

1. Do a fresh install of OS X
2. Restore my user account from my Time Machine backup
3. Restore my applications and other system utilities from my rdiff-backup backups

While this process worked out and I wasn’t in danger of loosing any important data, I did end up wasting an entire weekend getting the whole system back up to snuff, copying over pieces I missed, reinstalling plugins, etc. I wished that I had a full-system Time Machine backup that would have allowed the single-click method to restore my machine. Once I got the laptop back up and running I decided it was time to set up a more robust backup solution that would be easier to restore from and provide a similar or greater amount of protection.

Act Two: A Backup Philosophy For The Moderately Paranoid

If you aren’t doing backups of your computer, please do! Even going the most basic route and plugging in a single external drive and choosing it to be used by Time Machine is an immense improvement over not having any backups. In the past 10 years I’ve had 6 hard drives die on me, making them (and batteries) the most likely parts of a modern computer to fail. Backups are critically important to keeping you safe when those failures happen. Time Machine and other similar programs incrementally back up your data every few hours so that only the files that have recently changed need to be transferred to the backup drive. This allows you to use backup drives that are only a bit bigger than your primary drive as well as to view differences in files over time. Incremental backups are pretty neat and much faster and more space-efficient than duplicating the entire drive every once and a while. Faster and more efficient also mean that there is less penalty (in time and cost) for doing backups, so they happen more frequently, making it much more likely that you have a recent backup when your computer suddenly goes on the fritz.

Unfortunately, there are a few situations that a single backup drive won’t help with:

• Lightning strikes while your backup drive is plugged into your computer, frying both the computer and the backup drive
• Your house burns down, gets hit by a tornado, or is robbed and both the laptop and the drive are gone

The best way to prevent these and similar situations is to have backups stored in a place where your laptop is not. While you can do this by sending your data over the internet to a remote file-server, current DSL upload speeds aren’t fast enough to make this a sure-thing. Another option is to keep an external drive where your computer is not, the catch however is that an external drive needs to be where your computer is in order to get data. My solution to this problem: two backup drives, one in my desk at work, one at home. Since my laptop is either with (or without) me at home, with me at work, or with me somewhere else I always have a copy of my data in a location remote to my laptop.

Though I trust my office-mates, leaving a drive in my desk unattended does open up another possibility of data theft by intruders and a corresponding increase in exposure to it being misused for identity theft. I’m pretty good at using encrypted disk-images to keep my tax documents and similar things safe, but I’d rather not have some else rifling through the rest of my digital life. While it requires a few work-arounds to set up initially, Time Machine will back up to an encrypted disk-image on a USB/Firewire drive, giving you a backup that nothing except your laptop can access without entering your password.

To recap, the primary tenets of this philosophy are:

1. Make backups!
2. Make multiple backups and keep them in different physical locations to mitigate against catastrophies
3. Encrypt your backups to keep prying eyes away when you can’t fully prevent physical access to them by others

A note to the fully paranoid: The safety of your data can be significantly increased (at a significant expense and hassle) by also backing up to a third drive, then periodically rotating one of your backup drives into a safe-deposit box in your bank. Periodically mailing a drive to a friend or family member far away is another option.

Act Three: Step By Step Into Mutiple Encrypted Time Machine Backups

Without further ado, here is how to set this up.

1. Purchase or acquire two USB or Firewire external hard-drives, preferably larger than the drive you want to back up. They may not need to be identical, but mine are. I purchased two Cirago 320GB USB drives since they were cheap ($66 each), big enough, and don’t require a wall-wart for power.
2. Time Machine won’t let you choose a disk image directly as a backup destination, but it does create images for backing up to network drives. We have to jump through a few hoops to get an encrypted image created and onto our external drive. (based on these instructions)
   1. Open the Terminal and run the following command to allow Time Machine to back up to non-TimeCapsule(TM) network drives:
      defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
   2. Connect to another computer over the network in Finder using “Go” –> “Connect to Server”. I happened to just connect to my desktop at work, but it can be any computer. We won’t be actually backing up there, just getting Time Machine to initialize it’s backup image.
   3. Open the Time Machine preferences and choose to back up to the network drive you just connected to. Time Machine will do a lot of “Preparing for Backup”; once it starts transferring data, just stop the backup.
   4. Time Machine will have created a disk image on your network drive in which it was beginning to back up to. This disk image will be called something like “ComputerName_01a8b93325acf.sparsebundle”. Copy that disk image onto your external hard drive and delete it from the network drive.

   You are now done with the network drive.

3. The disk image is not encrypted yet, so we must do that. Open the Terminal and cd to your external drive (where the disk image should be, the disk image itself shouldn’t be mounted), copy the disk image to a temporary name, encrypt it, then delete the temporary version:

   cd /Volumes/BackupDrive/
   cp ComputerName_01a8b93325acf.sparsebundle ComputerName_01a8b93325acf.sparsebundle-temp
   hdiutil convert -format UDSB -o ComputerName_01a8b93325acf.sparsebundle  -encryption AES-256 ComputerName_01a8b93325acf.sparsebundle-temp
   rm ComputerName_01a8b93325acf.sparsebundle-temp
   

4. You should now have your external drive with the encrypted disk image on it. Now you need to make sure that the System keychain has the password for the encrypted image so that it can back up automatically without prompting you for a password every 10 minutes. Mount the disk image, enter your password, and check the “Save Password in Keychange” box. Then, open the Keychain Access utility and search for ‘sparsebundle’. Right-click on the keychain item and paste it into the “System” keychain.
5. Unmount the disk image.
6. Open Time Machine Preferences and select your external drive as the backup destination. Time Machine is smart enough to use the encrypted image if it sees it because of the disk image name and possibly other file metadata. Time Machine should mount the disk image without prompting for a password and back up to it. This will take a long time.

At this point you should now have Time Machine automatically backing up to an encrypted disk image on one external disk. You can test that the disk image is encrypted by trying to mount it on another machine. It should require a password.

Time Machine keeps its last-backup-position information on the backup drive itself and will happily back up incrementally from the point it left off on that drive no matter how many other drives you back up to in between. Unfortunately the default behavior of the Time Machine preferences requires you to open the preferences and select the new backup drive every time you want to switch. To get around this and have both drives work automatically whenever they are plugged in we need to make the second drive a clone of the first one. That way, Time Machine won’t be able to tell them apart and will back up to whichever one is plugged in.

To clone the drive, plug in both drives and use Disk Utility’s ‘Restore’ tab to restore from the drive with the backup image to your empty second drive. Once the drive is cloned, either one plugged in individually should be automatically used by Time Machine for backups.

Caveats:

• Some people have run into an issue when backing up to disk-images on a network share where the disk fills up and rather than just deleting the oldest few backups, all but the latest backup versions are deleted. It is unknown whether or not this will happen with disk images on USB/Firewire drives.
• While I can browse the backup disk image and see all of the incremental backup versions, this history is not browsable through the Time Machine history-browser user-interface.

References and more help:

• Mac OS X Hints – 10.5: Ease Time Machine networked backups
• Mac OS X Hints – Encrypting Time Machine Backup?