Secure Offsite Backup

 

Encrypted Filesystem Options

 

The open filesystem and access methods at rsync.net make any number of encryption schemes possible - here are some that we especially like:

 

rsync.net Windows Backup Agent

The rsync.net Windows Backup Agent has an option to encrypt, in place, all of your remotely stored file.

This method is described in our advanced usage documentation for the Backup Agent.

The files that are stored at rsync.net using this option will be encrypted using the AES 256 bit encryption option of the Zip compression tool.

 

Duplicity

Duplicity is an rsync-like tool that takes the unencrypted files on your local end and transmits them to us, while performing a GPG encryption transformation on them. The data remains unencrypted on your end, and is encrypted on our end. Further, because it uses librsync, the transfers are very fast, efficient "changes only" uploads (a la rsync).

 

Encrypted Containers

The second solution consists of creating a file-backed (volume backed) filesystem on your system, and periodically unmounting it and rsyncing it to us. Simple as that.

So, if you are using Windows or Linux, you just download the excellent (and free) tool TrueCrypt and create a volume (which consists of a single large file) of equal (or smaller) size of your rsync.net account. Then you just use that as a local mount point, either running items directly off of it, or just mirroring content to it, and then once a day or week or month, you unmount that filesystem and rsync that one single X GB file to us.

Or if you use Mac OSX, you can just use the built-in disk utility to create a encrypted disk image. Again, the suggested usage is to use the disk image normally, and periodically unmount it and rsync it to your rsync.net filesystem.

 

Summary

Because both "image" methods (truecrypt and OSX disk image) use btree indexes, they _can_ be efficiently "rsunc" to us in a changes-only-transfer kind of way, even though they are just big files of random data.

The advantage of duplicity is that it is extremely simple and easy to setup and use, whereas the encrypted image method is a little more complicated, and you need to remember to unmount them to transfer, etc.

But the advantage of the encrypted disk images is that now your files can be encrypted on your local end as well, which is very nice.

Finally, it should be noted that any encryption protocol that you successfully use on a local disk will work properly targeted to your rsync.net storage. Encrypting single files with GPG, creating other disk images, etc. - you have the freedom and flexibility of using whatever tools you choose.

We will, of course, provide full support for whichever method (or combination of methods) you choose.