I need to backup my NAS to a remote and secure location, and because I am a Azure AZ-103 associate, I have decided to store my data on a Azure storage account. I will use Duplicati, a free backup software written in C# with the following features:
- Native AES-256 encryption.
- Wide variety of storage backends: Azure, S3, GCS, FTP, SSH, Onedrive...
- Works well on Windows, Linux, FreeBSD.
- Works on a headless server with a WebUI.
Storage account offers 3 tier storage with different pricing: hot, cool, archive. If you choose a hot tier, access is less charged, but storage is more expensive. This is the opposite for cool and archive, storage is cheap but access is expensive. Archive is the most interesting tier for backups but it has many constraints, such as the need to pick every object inside the container to move them. So I will use cool right now.
Create a Resource group and a Storage account
First you need to create a Resource group. Go to the Resource groups blade then click +Add. Take a look at Ready: Recommended naming and tagging conventions if you don't know how to name it. Select a region (does not really matters now).
Now you need to create a Storage account. Go to the Storage accounts blade then click +Add.
- Subscription: your subscription.
- Resource group: the one you just created
- Storage account name: must be unique accross Azure and as many limitations, so I recommend using a short name + random id.
- Location: Select the location of your choice (choose a close one with an interesting pricing, see Azure Calculator)
- Account kind: StorageV2
- Replication: LRS
- Access tier: cool
Now open you new Storage account and go to the Containers blade then click +Container. This time the name is private and does not need to be unique. Make sure the Public level access is set to Private (no anonymous access).
Go to the Access keys blade and retrieve the value of key1 or key2. These key are private and should not be shared with anyone because they basically give full access to the storage account and the data inside.
Go into the Web UI then + Add backup > Configure a new backup.
Enter a name, a description and a very strong encryption passphrase. Do not lose it, personally I use Keepass + Syncthing to manage my passwords.
Select "Azure blob" for Storage type and set your credentials.
Click Test connection to make sure Duplicati can reach your Azure container.
Select the files you want to backup.
Schedule your backup. For me, monthly is enough.
Duplicati will not copy your files one by one but use "volumes". To select the size of each block, read this documentation. Smaller means more transactions but better de duplication. Bigger means less transactions but less optimized de duplication. If you have the bandwith, go for higher chunks. 1 Gbyte seems to be a good value for me. More is not good because it takes too much resources.
You can also set the retention, for me it's 6 months.
Et voila, just run your backup now!
Cost and Metrics
My Storage Account:
- Location: North Europe
- Performance/Access tier: Standard/Cool
- Replication: Locally-redundant storage (LRS)
- Account kind: StorageV2 (general purpose v2)
- Data source: ~650 GB
- Schedule: @Monthly
- Volume size: 1 GB
Used capacity (512 GiB) :
Ingress and Egress (Last executions: 2020/10/10 and 2020/10/14):
Transactions (Last executions: 2020/10/10 and 2020/10/14):
I admit I'm not sure sure why I see transactions when there is no backups. I assume it's Azure stuff.
Monthly billing is always around €5 which is not cheap but affordable. If you need more than 1TB of storage, it might be a good idea to take a look at Google One (Drive) or Dropbox.