Replacing CrashPlan
I’ve been using CrashPlan for some time now. At least a year or so I think.
I’ve enjoyed using the product, but I found with using Dropbox+Boxcryptor as my primary data store, I’m not really taking full advantage of its capabilities. I don’t want to be paying unnecessarily for a service, so I decided to look around for alternatives.
Then I remembered about Amazon Glacier. When it came out I was pleasantly surprised at the pricing ($0.01/GB) but at the time there weren’t any ways to consume the service unless you wrote one yourself. I do remember some tools cropped up pretty quickly, but it was still early days.
Looking around, FastGlacier kept appearing at the top of my searches. So I decided to try that. Thankfully it’s free for personal use.
Archiving Data
Glacier is only for archived data. It’s designed for upload-and-forget storage. You should only be downloading what’s up there if you’ve lost all local copies and you really need it.
As a result it’s perfect for storing Multimedia and System Backups. I was using CrashPlan to store all of my Music, Photos and Videos but it didn’t really work for storing Machine Backups. CrashPlan revolves around keeping a copy of your data in the cloud, not for archiving data. What this means is if you stop backing up a certain directory to CrashPlan, they’ll delete it off the server.
I’m now pushing the following archives up to my Glacier Vault:
- All my Music
- All my Photos
- All my Personal Videos
- Bare-Metal Recovery Backups of my Workstations and Servers
- The entire contents of my Dropbox Folder
This works out to be around 400GB of data. At $0.012/GB I’ll have to pay a whopping $4.20 per month. That’s almost nothing, and it’s significantly cheaper than the CrashPlan family subscription.
There are constraints in using Glacier that Amazon has put in place, like fees for accessing your data within 90 days of uploading it. This is just to discourage people using it like S3. I don’t anticipate needing to download what I’ve put up there any time soon.
Protecting my Data
One of the primary reasons I chose to use CrashPlan is that they allow usage of your own Encryption Keys to protect the data. Effectively, they offer a zero-knowledge backup service. Fantastic for peace-of-mind.
With FastGlacier, I was happy to see there’s the option to do the same:
I found in practice it doesn’t work well with large files. I tried to upload a 100GB file and it got stuck on “calculating hashes” for over a day. A 3GB file worked fine though.
I instead opted to use 7zip to compress the files I want to archive and encrypt it with AES-256. I also get a little more confidence in using the encryption in an open-source application versus closed-source FastGlacier. I’m all for closed-source software (we do need to make money, after all), but I don’t like when the crypto component isn’t open, and in particular the key generation process.
Data Protection Plan
Here’s a snippet from my backup design diagram. I’ve redacted a few things, to not give away too much about my home network, but it should still make sense:
As you can see, I’ve ensured that everything going into the cloud is encrypted before leaving my machine. I try to encrypt what I can locally, but sometimes it’s impractical and not worth my time. Yes, the vendors love to proclaim that they’re using “Military-Grade” encryption for our data (which is almost always just AES), but it’s safest to maintain control over your data at all times.