BorgBackup is advanced backup software with compression and encryption that provides space-saving storage, data encryption and defragmentation.
BorgBackup (abbreviated: Borg) is an upgrade backup software. Optionally supports compression and encryption. Borg’s main goal is to provide an efficient and secure way to back up data. The data optimization technique used will make Borg suitable for daily backups, as only changes are saved. For a similar approach, but with a single compiled binary, some people recommend Restic or Kopia.
Some of the key features of Borg are:
Space saving memory
Deduplication is a process that eliminates redundant copies of data and significantly reduces storage capacity requirements. It can be run in the background to remove duplicates while writing data to the storage system and/or after writing data to disk. Because the client runs in a dedicated efficiency domain separate from the read/write domain, it has minimal impact on performance. It runs in the background regardless of the current application or data acquisition method (NAS or SAN).
Upgrade gains are retained during data migration: when replicating to a recovery site, backing up to a secure location, or moving between on-premises devices, hybrid cloud, and/or public cloud.
To reduce the number of bytes stored, an optimization based on content-defined blocking is used: each file is divided into a series of blocks of variable length, and only blocks that have never been seen before are added to the storage.
A block is considered a duplicate if its id_hash value is the same. Used as a cryptographically strong hash function or MAC id_hash, for example (hmac-)sha256. All blocks in the same repository are considered for upgrade, whether they come from different machines, previous backups, the same backup, or even from one and the same file. Compared to other optimization approaches, this method does not depend on:
- file/directory names remain the same: therefore, it is possible to move your hardware between machines sharing the repository without killing the upgrade;
- Complete files or timestamps remain the same: if a large file changes a little, only a few new blocks need to be stored – this is important for virtual machines or raw disks;
- The absolute position of the data fragment in the file: data can be moved and still be found by the upgrade algorithm.
Borg can store data on any remote host accessible by SSH. If Borg is installed on a remote host, significant performance gains can be achieved compared to using a network file system (sshfs, nfs, …).
Backups that can be mounted as a file system
Backup archives can be mounted as user-space file systems for easy interactive browsing of backups and restores (for example, using a regular file manager).
- performance-critical code (slicing, compression, encryption) is implemented in C/Cython;
- local caching of file/heap indexing data;
- fast detection of unchanged files.
All data can be protected by AES 256-bit encryption, data integrity and authenticity are checked using HMAC-SHA256. The data are client-side numbers.
As an option, borg can actively mix file or block sizes, for example, to make fingerprinting attacks more difficult.
All data can be optionally compressed:
- lz4 (super fast, low compression);
- zstd (wide range from high speed and low compression to high compression and low speed);
- zlib (average speed and compression);
- lzma (low speed, high compression).
The team responsible offers single-file binaries that don’t require any installation. They can simply be run on these platforms:
- Mac OS X
- OpenBSD and NetBSD (doesn’t support any xattrs/ACLs or binaries yet)
- Cygwin (experimental, no binaries yet)
- Windows 10 Linux Subsystem (Experimental)
Restic or Kopia for a similar approach, but as a single compiled binary
Restic is a fast, efficient and secure backup software. It supports all three major operating systems (Linux, macOS, Windows) and several minor systems (FreeBSD, OpenBSD). It has been designed keeping in mind the following principles. Backing up data with Restic can only be limited by network or hard drive bandwidth.
Restoring backups only transfers the necessary data to the files to restore, so the process is fast. Restic makes it easy to check that all data is recoverable.
Kopia is also a fast and secure open source backup/restore tool. It allows you to create encrypted backups of data in the cloud, on a networked server or on remote storage locally on the machine. The copy does not describe the entire machine. Rather, it allows you to backup/restore all files/directories deemed important or critical. With Kopia, users have complete control over where to store their data.
Kopia has both a CLI (Command Line Interface) version and a GUI (Graphical User Interface) version, making it ideal for both advanced and casual users. Encryption is built into Kopia’s DNA, and it is impossible to create a backup without using encryption. Kopia lets you choose between two state-of-the-art encryption algorithms, AES-256 and ChaCha20. Copy encrypts both the contents and the names of the backed up files or folders.
Data is encrypted using keys derived from a 256-bit master key stored in a repository. The master key is encrypted using a password. This means that anyone who does not know the password cannot access the backed up files and will not know what files or folders are in the items stored in the repository.
Kopia provides backups with zero-knowledge end-to-end encryption. If you forget your password, you cannot recover your files: there is no way to recover a forgotten password because only you know it. (However, if you’re still logged into the repository that stores your snapshots, you can change your password), Kopia officials say.
How do you feel about the topic?
What backup tools or techniques do you use?
What do you think of BorgBackup?
According to Venafi, 81% of companies have experienced a cloud-related security incident in the past 12 months, with 45% experiencing at least four incidents.
Organizations are changing their approach to backup to address cloud risks, with 98% now using BaaS and DRaaS infrastructure to protect data.