|
Efficient Remote Backup of Encrypted Disk Images
Many OSX users create encrypted disk images with the OSX Disk Utility. These encrypted filesystems, when unmounted, exist simply as large, single files. Uploading a large, multi-gigabyte encrypted disk image on a regular (daily) basis would be impractical. Luckily, the internal structure of an encrypted OSX Disk Image allows it to be efficiently transferred with the rsync tool. This means that the long, initial upload of the file need only occur once. All subsequent backups will occur with only the changes in your local disk image being sent, even though the disk image is encrypted. This means that with no additional software or configuration, you can perform powerful, efficient, encrypted backups of OSX Disk Images.
Creating the Disk Image
First, open your Applications folder, then open your Utilities folder, and double-click on the "Disk Utility" program. Make sure none of the items in the left-hand pane of the application are highlighted. Just click once in the white space area of the left-hand pane to make sure. Click on the "New Image" icon in the top border of the application. In the resulting dialog box, enter a descriptive name for the disk image in the "Save As" field - anything is fine. In the "Where" field, choose a directory where the disk image should be saved. Documents, or Desktop may be good choices Volume Name is the name of the mounted volume as it will appear in the Finder when the disk image is mounted for use. Again, anything is fine here. Volume size should be large enough for the work you need to do, but not gratuitously large, as the initial backup may take a very long time. Volume Format should be set to "Mac OS Extended (Journaled)" which is the default choice. For Encryption, choose "256-bit AES Encryption". For Partitions, choose "No partition map". For Image Format, choose "read/write disk image". Now click the "Create" button to create the new disk image. You will be asked to enter, and confirm, a new password for this disk image. This is different from your Users password and your Admin password - this password is unique to this particular encrypted disk image.
Using the Encrypted Disk Image
The newly created disk image is a .dmg file, and behaves just as a normal .dmg disk image does. When you double-click the .dmg file to open it, you will be prompted for the password that you assigned to it. Simply drag and drop items to and from the disk image, and when you are finished with it, and would like to safeguard its contents by closing and re-encrypting it, simply drag the mounted disk image to the trash, or click the small eject button next to the mounted image in the Finder.
Backing Up the Encrypted Disk Image Offsite
The main goal of this HOWTO is to show how the disk image can be uploaded once, in its entirety (possibly taking a long time, since it is a very large file) and then later re-uploaded using the rsync tool, taking only a fraction of the time the original upload took. All uploads of encrypted disk images should have these command line arguments in place:
/usr/bin/rsync -avc --inplace --progress \ The additional '-c' switch instructs rsync NOT to skip files just because they are the same size and have the same date. Your disk image will always be the exact same size. The --inplace argument instructs rsync not to upload the new file as a temporary file first, and then replace the old file with the new one. This default behavior is problematic with these very large files because 2x the size of the image might be larger than your rsync.net filesystem. Instead, the --inplace argument instructs rsync to update the file "in place". NOTE: There is some risk to the --inplace argument - if you update your remote image file, but disconnect early, or otherwise break the transfer, the remote file will be in a broken state until you complete a good transfer. Finally, the --progress argument is simply a nice indicator to watch the progress of a very long transfer, which the initial transfer will most likely be.
Please see the entire Macintosh Integration Guide for details of other access methods.
|