Philosophy It is great to have a hardware/software raid, or a tape/dvd archiving solution, but if you don't - a server might be a better approach. The client/server approach is more flexible in means of backup frequency and restore availability.
Online backup systems usualy archive only current versions of files.
This is not Boxbackup cas, since it overcomes this by archiving older and even deleted versions of files if the repository has sufficient space. The space of each repository can be soft and hard limited at the server side. Boxbackup supports multiple platforms, namely BSD, linux, solaris, darwin and windows (client only). Features
Boxbackup has a very security oriented design. The communication between client and server is encrypted using TLS with certificate authentication. Besides that, each client has a separate repository encrypted using AES with own private key. This gives you the capability to backup unrelated sites without any privilege separation issues. Boxbackup uses it's own rsync like algorithm to move only changed parts of files to the backup repository. It is capable of analyzing even large files (>2GB) without performance issues One of my favorite features is that it can operate in backup mode that the authors call lazy. You can also make classical incremental backups, called snapshots, through a client command run as a cron job. The lazy mode makes use of client daemon that scans through files looking for changes. This way you can expect the changes to arrive into the repository within a couple of minutes. If you worry about resource utilization (I did), the daemon is designed to work in the background with very low overhead. Restores are made through a client utility that lets you browse the backup repository and selectively restore files or directories. Installation and configuration: The installation process is quite straightforward. More pain is included in the configuration part, but it's definitely worth the effort. The installation has a common part for both client and server and then a separate configuration. tar -xzf boxbackup-0.10.tgz cd boxbackup-0.10 ./configure make Now depending if you are installing a server or a client you launch: make install-backup-server or make install-backup-client The make install script will put all the binaries into /usr/local/bin folder. Common loggin part is to put local6.info /var/log/box local5.info /var/log/raid in the /etc/syslogd.conf file and restarting syslogd: killall -HUP syslogd Server configuration: Boxbackup comes with a couple of userland scripts that allow you to do the certificates work and configuration. First we need to create a basic configuration file using raidfile-config utility: /usr/local/bin/raidfile-config /etc/box 2048 /raid/0.0 /raid/0.1 /raid/0.2 This creates a raidfile.conf file in the /etc/box directory with block size of 2kb and 3 userland raid directories. If you do not wish to use the userland raid function put only 1 directory parameter. This is also our case as I will use /backup directory as the sole repository, disabling the user raid: /usr/local/bin/raidfile-config /etc/box 2048 /backup Next step is to create a user boxbackup server daemon will run as: useradd -d /dev/null -s /dev/null _bbstored and give it permission to the repository directory: chown _bbstored /raid/0.0 and afterwards create the main configuration file: /usr/local/bin/bbstored-config /etc/box hostname _bbstored The first parameter is configuration directory, the second hostname of the server and third boxbackup daemon user. Be careful about the hostname parameter, since this is used within ssl certificate CN, so it should be a valid hostname or ip address. This command will create "ca" directory in the current working dir and ssl server certificate signing request and key stored in /etc/box/bbstored/ . When working with bbstored-certs utility you will allways have to have cwd in the directory where the ca directory is located. Now some permission issues: chown -R _bbstored /etc/box/bbstored chmod -R go-rwx /etc/box/bbstored Root certificates: Create a boxbackup certification authority used to sign the certificates: /usr/local/bin/bbstored-certs ca init Now create the server certificate and private key: /usr/local/bin/bbstored-certs ca sign-server /etc/box/bbstored/hostname-csr.pem cp ca/servers/hostname-cert.pem /etc/box/bbstored/ cp ca/roots/clientCA.pem /etc/box/bbstored You can review the configuration in the /etc/box/bbstored.conf . That's it for the server side. You can launch the daemon by issuing: /usr/local/bin/bbstored Client configuration: We ended the common part by issuing the make install-backup-client command and adding the syslogd boxbackup options. Now we need to run the client configuration script: /usr/local/bin/bbackupd-config /etc/box lazy 1 hostname /var/bbackupd /home The parameters are: configuration directory, backup mode (lazy/snapshot), account id (must be unique and the same on client and server side), backup server hostname, boxbackup temporary files directory and a list of directories to be backed up. You can alter these in the /etc/box/bbackupd.conf later. Apart from creating the configuration file, the tool also created a private key and certificate signing request as well as AES key file in the /etc/box/bbackupd. You should allways backup the FileEncKeys.raw to a secure location as this file is needed to access the AES encrypted repository. Now we need to sign the client csr at the backup server. In order to do that copy the 1-csr.pem file to the server and issue: /usr/local/bin/bbstored-certs ca sign 1-csr.pem Now move the ca/clients/1-cert.pem and ca/roots/serverCA.pem back to the client, in the /etc/box/bbackupd directory. Next you need to create appropriate account at the server side so that the bbstored daemon will now about the backup client: /usr/local/bin/bbstoreaccounts create 1 0 4096M 4505M The parameters are account number (1), raid set (0 if the userland raid is disabled), soft and hard limits. The soft and hard limit for the account will limit the account to a certain amount of space used. If the soft limit is reached, the bbstored will stop creating versions of files and backing up deleted files. If the hard limit is reached, the server will not accept any more files until the repository is cleaned or the limits are changed. Now everything should be ready to launch the client daemon by running: /usr/local/bin/bbackupd
The backup process will start immediately. First you should monitor the /var/log/box files on both sides to find out if the client and server are doing what they should. If you want to see what got in the server repository issue the /usr/local/bin/bbackupquery Especially usefull are ls -d (list deleted files) and ls -o (list old versions) options. Help is included, so do not hesitate and type help as soon as you connect to the store. This utility lets you browse and restore files from the repository. It uses the FileEncKeys.raw in the /etc/box/bbackupd directory to decrypt the repository. If you wish to add more clients, just repeat the common installation part and client configuration steps. Do not forget to backup the AES key files and the unique account numbering. Happy restores!!! | 
