New on LowEndTalk? Please Register and read our Community Rules.
best trusted storage for backup?
Hello,
I am planning to backup critical data and save it where a provider who can deserve a trust, not a summer project provider or new provider.
The important for me is privacy for my data and stability.
Current options is AWS? or dedicated server?
The amount of storage is around 3-4TB as maximum.
list what do you think?
Thanks in advance.
Comments
In this day and age, you can't trust anything or anyone. Just plan accordingly. If the data is critical, encrypt it before it leaves your premise. Have redundant back ups. I use BB2 and a couple of storage VPS from different providers.
@jbuggie You are correct! You can't trust anyone. But at a least a trusted company better than a 16 years teen adult who run a provider, or a single man provider who can see your whole files all over the night
Already I will consider encryption of the data before uploading. I think about duplicity with gpg key? what do you think? any better solution's ?
I said this in the past, I will say it again, no matter how bored we get, there's always better contents on the internet vs going through random peoples backup/files.
I'm currently using 1Fichier for backup. Pretty reliable and amazingly cheap, if basic backup and storage is what you need. They are, however, not like S3 or B2 which provide many APIs and functions.
I think @Ympker is more familiar with these backup storage providers.
Prove it! (With screenshots to illustrate examples...
)
You can't beat gsuite business if you have over 1.8TB.
8 Eur flat fee per month(single gsuite business ac) lets you upload 4TB easy.
As I understand almost everyone use the crypt module with Rclone for e2e.
https://rclone.org/crypt/
@vimalware seconded. 25TB of backups and counting (hourly backups, going back 6 months).
I also use it for build artifact storage. Especially useful for kernel packages & disk images (77TB and counting).
I have 5 accounts so that I'm not technically breaking any ToS rules.
hetzner,ovh
I prefer borg back up to a storage VPS, followed by rclone to bb2 and a another storage VPS. Wireguard is used to link all VPS. Encryption is built into borg and rclone.
Even if the VPS host is trust worthy and not likely to go through my junk, there is a pretty good possibility that he'll get hacked and the hacker could get to my junk.
Never run a VPS without full disk encryption. Never upload something unencrypted unless you want it public.
I use gsuite, 8tb from hosthatch,1.8tb from wishosting and office365 subscription. Rlcone encrypts everything I have on hetzner ex62 and does daily encrypted sync to all these 3 places. Heard wasabi and b2 is also cheaper but I have already have enough storage servers before I run out of space. I also got some univ gsuite network share for 10$ which I might loose anyday but still the backups are encrypted.
Seems like an extreme way to go, it's not like you are going to be using a lot of processing power.
VPS with loads of storage, obviously not in the same datacentre as other servers, but preferably not super far away to reduce latency when you are syncing large amounts of data.
I use Hetzner SX62 4 x 10 TB Finland
best backup server
Cost?
Thanks for the mention!
1Fichier would definitely be an affordable, solid pickpick
It also comes with some nice API functions, althoufh others have played more with that than I did.
Also used Borg for a long time and even built a service to manage and monitor many Borg repos:
https://www.borgbase.com
All my other client servers are just backed up there. It's encrypted, compressed, deduplicated and append-only.
Long-term cold storage backups go to B2 or S3 Glacier.
How is the uplod and download speed on 1fichier from DE.
1Fichier was also 6-7 MB/s for me (currently not subbed anymore since I switched to Koofr for now)
1Fichier servers are in France. Have a speedtest yourself: https://1fichier.com/network.html
Ups, you asked about 1Fichier
Anyway, here's also some feedback about Koofr for those interested:
It's hosted on Hetzner so for me (Germany) it's pretty fast. When I upload on the web interface with my 25 Mbit/s upload line it's pretty fast usually. I don't monitor the upload speed often though, since it has a Sync folder like GDrive on my PC and just syncs in the background. I upload 500MBish Videos from OBS ever so often. Also quite swiftly.
Download has also been fast. My Powerline LAN here on 1st floor reaches about 60-70 Mbit/s on Speedtest usually. Download from Koofr showed some 7,8 MB/s when I downloaded a 1.5GB file. Quite happy
Copies from GDrive to Koofr from their Dashboard also work pretty fast.
No ketchup, just sauce?
If your backup habit allows it, consider the smallest safe deposit box at your bank (usually under $100 annually) in which you can put at least four 3,5" hard drives. You may be able to fit 3-4 terabytes worth of BluRay disks in it.
Instead of looking for a single provider, you might also want to consider to just go forward with a „trust nobody“-methodology:
This ensures that your backups:
This way you don‘t even need to trust any provider. However, it might be a bit more expensive than more optimistic solutions.
What is a functional way to encrypt an entire VPS?
Also, if not technically impossible is it practical? What I mean is - a little bit of performance hamper is fine but not the system becoming downright abysmal.
Purpose is -- let's say I want to use the VPS for VPN, Seedbox, my own NextCloud, BitWarden server. But if someone else gets access to the disk where that VPN is it's just random data for them (even if that someone is the VPS provider).
Is there a way to do that? Something like how Mac's FileVault works.
Yes of course. Just install OS with the debian/netbooot installer iso(called alternate installer on Ubuntu) to setup 'encrypted LVM' (this will be among the listed partitioning options; it creates a LUKS Volume on physical disk and makes an LVM group 'ON-TOP'; logical ext4, swap partitions etc can created on the LVM logical volumes; the defaults it creates should be OK)
Ubuntu 20.04 may not fully support the debian installer. Although a link to it exists in my bookmarks.
@Devil
If you took out the 10 "very"'s from your signature, it probably wouldn't take up 4 lines on mobile.
Nothing is perfectly secure except a dedi. Technically it is possible for the [email protected] to find your luks keys in ram, but I wouldn't call it a feasible task exactly for 99.9%
try G-suite
It's actually pretty straight-forward to extract the LUKS master key from VPS memory dump...just a little time consuming. Therefore, it a host/hacker is determined, a fully encrypted VPS could be cracked. It's less likely to be accessed than the plain VPSes with OS pre-installed by the host.
FWIW, Ubuntu/debian/arch and likes do not create fully encrypted installations. With the typical LVM over LUKS config, the /boot partition is usually plain ext3/4. In this case, it's easier to just inject a trojan into the initrd img to gain access.
I guess dedicated server/fully encrypted would be a step up in protection. Is it still hack-able by someone with physical access? Probably
It's mostly about the data hygiene when you leave the provider or deadpool/disk swap happens.
You can go with cloud storage they provide most trusted backup solution.
if you want some portable solution then go with
"Seagate Backup Plus Seagate" is one of the most trusted names in the data storage industry and it does not disappoint with its Backup Plus portable hard drive. Unlike most portable external hard drives, which generally cap out at about 4TB, the Seagate can hold up to 5TB at any given time
Is there a limitation of bandwidth or number of cuncurrent sessions at some point?
Thanks to both.
Hetzner storage box? I've got a 2tb one their I've had for ages and the only problem I've ever had is I occasionally hit the 10 connection limit (normally when I'm trying to upload loads of stuff from my laptop using segmented uploads
Also b2 cloud storage is pretty cheap (per gb) and also replicated their new buckets are s3 compatible as well.... so in theory any s3 compatible all should work with them
Chip