There's some info available on how to use Apple's TimeMachine backup facility writing to network devices. Also you'd find information on how to set up encryption for the backup image.
I used the steps provided below (for Leopard that is) to have TimeMachine backup my hard drive including a FileVault encrypted home directory in such a way that the backup (including the contents of the home folder) can be browsed using the `galaxy' timeMachine frontend. The backup is contained in an AES-256 encrypted sparsebundle, so the data contained in it is similarly safe as in the encrypted FileVault folder on my hard drive.
1. Create a sparsebundle to be copied to your network
drive. Important is to do this on your local hard drive, say in
/tmp/, otherwise the creation will fail.
hdiutil create -size 250g -library SPUD -nospotlight -encryption
AES-256 -fs 'HFS+J' -type SPARSEBUNDLE -volname "Backup
of MACHINENAME" -verbose
MACHINENAME_001e521fb852.sparsebundle
Hereby replace MACHINENAME with the name of your computer. This
would be everything before the first dot in the output of uname
-n. The number appearing in the file name of the sparsebundle
is the Mac address of your ethernet adapter. You obtain it with
ifconfig en0| grep ether | sed -es/://g
During the creation of the sparsebundle you'll be asked for a password. Choose something safe and write it down for later. When you need to restore files from your backup, you'll need this password, without it your backup will be useless.
2. Copy the sparsebundle to your network share:
cp -r
/tmp/MACHINENAME_001e521fb852.sparsebundle
/Volumes/NetworkDrive
3. Mount the newly created image and have Keychain remember your
password:
open
/Volumes/NetworkDrive/MACHINENAME_001e521fb852.sparsebundle
Then unmount again.
4. In Keychain Access copy and paste the entry for the sparsebundle to your system keychain. If you needed a password to mount /Volumes/NetworkDrive it might be useful to do the same with those credentials as well. Important: Modify both entries such that they have unlimited access without you having to enter a your Keychain password. This way TimeMachine can work while you are logged out. Probably you can restrict acces to just TimeMachine and its helper applications, but I haven't tried this.
5. Enable non-supported TimeMachine drives:
defaults
write com.apple.systempreferences TMShowUnsupportedNetworkVolumes
1
6. In the TimeMachine Preferences tell TM to not exclude your
mounted home directory from backups, but to not backup
/Users/YOURNAME/IMAGEFILE. This way you will be able to
browse your personal files using the `galaxy' frontend. Then point
TimeMachine to your Network Share (/Volumes/NetworkDrive)
and let it do the initial Backup. From there things should work
smoothly. You could track that TimeMachine is backing up to the right
location by issuing repeatedly df -h on the command
line.
Note that while your backup is encrypted, the password for the backup image is —at least in the currently proposed configuration— possible open to attack on your computer. Ideally you would make sure that you'd be the only person who can access your computer by additional security measures, e.g. by following some suggestions in Corsaire's white paper on securing Mac OS X Leopard.
2 comments:
Comments are moderated to prevent abuse and may not be made public immediately.