Observations after testing Crashplan.
The Crashplan test-setup has not been able to connect for a while. As a result these notes are partially from memory and could not be revisited. The user interface is confusing, buttons are placed far away from the context they operate in. There are buttons that fold out UI elements when you click on the buttons, but not a lot of extra information appears. It would have been better if more information is grouped together under fewer buttons. The Linux and Windows versions have inconsistent user interfaces. At some point my test setup suddenly stopped connecting. I tried several command-line actions; either recommended or not recommended. It didn't help. The restore-screen has a nice filter for finding the file that you want. There are confusing problems with files that were recently removed. It looks like it does not let you restore a file if it does not realise yet that the file has recently been changed or restored. Or perhaps it is related to the files being in the trashcan? For reasons that are unclear it takes several completed backups before a 4GB file is actually backed-up. The restore-list would show a 0 byte file during that time.
Observations after testing Duplicati.
It supports transfer over SSH which is great. I love tried and true technology. Unfortunately I have not been able to restore any files. The restore-screen requires a lot of clicking. It keeps giving warnings, even if you are not interested. There are very detailed descriptions of how Duplicati handles copying locked files. Even so, it is unclear to me how successful it tends to be in backing up locked files. Note that when you want to use SFTP, you should select 'SSH-based' rather than 'FTP-based'. This is because FTP and SFTP are not the same thing, and SFTP makes use of an SSH connection. Make sure to check the box 'Ignore file modification timestamp when making incremental backups'. Otherwise, Duplicati will only use a very simplistic measure of determining whether to make a backup (the file modification timestamp) which will fail when you get a file with an older timestamp than the one known to Duplicati. This can easily happen if you get the latest version of the file from a different computer (or a service running on a different computer, such as a mail service). A discussion of that can be found here: https://code.google.com/p/duplicati/issues/detail?id=911
Observations after testing BackupPc
BackupPc appears to perform the base required functions as expected. Files are being backed-up and they are restorable. Additional positive features are that the files are stored in such a manner that hey appear to be manually restorable with ease. The server-side configuration of the clients is finicky. It can take several tries to find the correct format of listing the client address. Once this is done there is no hassle. BackupPc can mail reports, but I have not tried this. The downside, for my use case, is that I have not been able to think of an easy way to notify the client that a backup is running or has finished.
Conclusion
As it stands, I am not satisfied that I have found a workable solution. Currently I am considering to use the backup utilities supplied with the Windows OS. These work over SMB shares. Initially this was not seen as an option because this is not CryptoLocker-safe. To try to hack on such safety one might make a server-side copy of the share at regular intervals. Mirroring would be a mistake; the crypto-locked files will also be mirrored. Considering this, a simple mirror would provide no utility against CryptoLocker-like malware. To be more robust, the server-side backup of the backup target will have to contain versions of several moments in time. This will require additional storage space. The amount of required storage space can be reduced by using deduplication. This backup-of-a-backup (with deduplication) could perhaps be provided by the previously mentioned BackupPc. Unfortunately, SMB sharing has also let me down; the shares are often not reconnected on startup. Instead we find the notice that 'the network name cannot be found'. This is curious, because a ping using that network name is successful. After disconnecting and reconnecting
In this scheme, the clients would use the user-friendly Windows-native backup tools to backup to the share. These will be versioned backups. Let us call this the client backup collection. The server would make this process robust against malware by storing several versions of the client backup collection in a location that cannot be visited by clients. If the client becomes infested with malware that attacks their files, the client backup collection will most likely also be attacked. If we have infested clients, assuming that we are looking at a small network consisting of around ten devices, a single operator could take the following steps: First: - Stop all network connectivity. - Inspect the devices to see which require further care. Easier said than done. The follwing actions could be performed in parralel: - Re-load/re-install the client OS. Make sure not to attach an invested device to a vulnerable network or device. It seems wise to keep the newly cleaned devices disconnected for now. - On the server, bring the client backup collection back to the latest state before infection. Once it is concluded that all devices are clear: - Reconnect them - Restore their files using the OS-provided tools. Depending on network performance this may have to be performed in more than one batch.