Using the cloud as backup location
I self-host a lot of things and make it a point to ensure my home network reliably works without the Internet as much as possible. However, the cloud also has its benefits, and backups can be a good example.
Building a backup strategy includes applying the 3-2-1 strategy: you want three copies of your data, on two different media, one of which is in a different geographic location. The cloud easily provides an independent location: by essence, somebody else’s computer is not located in your home.
Privacy concerns can be managed: if you encrypt your backups before they leave your computer, and assuming you’re using reasonably, getting access to your data from the cloud side is highly likely to require more effort than what any regular is willing to put in.
In my case, I consider restic
to fit this description, and have been using it for quite a while now.
Mama I’m coming home 🎶
Over the past few years, I have been using Backblaze B2 to store my encrypted cloud backups.
They’re cheap, reliable, and offer an S3 interface that’s easily integrated with restic
and other stuff.
However, they’re US-based. The recent shenanigans with a certain orange-faced man made got me thinking, and this interview from Quentin Adam (Clever Cloud) convinced me. When EU-based solutions are available, they should be used. We’ll never see the European solutions grow if, as the collective entity of EU IT hobbyists, we don’t use them more to bring in value and feedback.
It was time to find an economically sustinable solution.
Defining my needs
Space
The first thing to find out is how much space do I need, as some hosts have non-linear cost models for storage space. I back up configuration files and music, and not a lot of multimedia files, so I don’t anticipate high needs. My B2 bills were always very low.
A quick look at my Backblaze B2 dashboard confirmed this: I currently use a little over 100 GB.
Considering I’m also moving away some other stuff from managed services, I might need a little more. Let’s settle for a target of 200 GB.
Features
To qualify a new storage provider, I need a requirements list.
- Mandatory
- EU-based company
- S3 protocol with multiple buckets
- Desirable
- Low-carbon/renewable energy source
Look at me, creating specs at every opportunity I get. I guess I really am a System Engineer at heart 😅
Choosing a new provider
I used this list to identify possible service providers. On first glance, the candidates in the next table appeared to meet the mandatory requirements. Note some prices are higher in this table than on the websites because I added 21% VAT whenever it was made clear the VAT was excluded.
Company | Home country | Cost model |
---|---|---|
Cleura | Sweden | .02 €/GB, ingress/egress costs unclear |
Cyso | Netherlands | .011 €/GB, ingress free, egress .067 €/GB, .067 €/10k ops |
Gcore | Luxembourg | .04 €/GB, ingress/egress unlcear, .03€/10k ops |
Hetzner | Germany | 6.04€/1TB ~ .006€/GB stored & 1TB egress, ingress/ops free |
IONOS | Germany | .008 €/GB, free ingress/egress/most ops, .0016 €/GB data scan, .00056 €/GB data return |
Leaf Cloud | Netherlands | .024 €/GB, ingress/egress unclear |
OVH | France | .008 €/GB, free ingress/ops, .012 €/GB egress |
SafeSpring | Sweden | 44.50 €/1TB ~ .04 €/GB, free ingress/egress |
Scaleway | France | .015 €/GB, free ingress/ops, 75 GB egress free |
StackIt | Germany | .03 €.GB, ingress/egress unclear |
UpCloud | Finland | 5 €/250 GB ~ .25€/GB, free ingress/egress |
ExoScale | Switzerland | .019 €/GB, .02 €/GB egress, free ingress |
Hetzner and SafeSpring a disqualified, at least for the moment. They offer competitive prices, especially Hetzner, but I won’t need to backup 1 TB in the cloud in the foreseeable future.
That leaves us with four major contenders:
- OVH: .008 €/GB, free ingress/ops, .012 €/GB egress
- IONOS: .008 €/GB, free ingress/egress/most ops, .0016 €/GB data scan, .00056 €/GB data return
- Cyso: .011 €/GB, ingress free, egress .067 €/GB, .067 €/10k ops
- Scaleway: .015 €/GB, free ingress/ops, 75 GB egress free
I want to backup stuff from my home network as well as my VPS hosted in Germany by OVH. Strictly applying the independent location principle, that excludes OVH and Germany (The primary backup location of my VPS is OVH Object Storage in France). IONOS Cloud products are restricted for sale to commercial users.
Alright, let’s give Cyso a shot. I’m not entirely sure I fully understand the pricing structure but, ultimately, after a few months I can compare it with the flat price of Scaleway and move on if needed.
Moving backups to Cyso
Creating a Cyso account and binding it to a credit card for billing was pretty simple. Buckets (called Containers by Cyso) can be created in their Amsterdam (ams) location, so my provider and location difference goals are met, yay!
S3 credentials first need to be created. For a personal account, these are global to all buckets of the account. This won’t create issues for this use case:
- I only intend to use this account for backup-related buckets.
- Each backup source uses an individual encryption key that is not exposed online, so even if one machine gets compromised and the credentials are leaked, the contents of the other buckets still has a layer of security.
Whenever possible, I use the restic wrapper I developed, restic-PyBM, so moving from Backblaze to Cyso is simply a matter of creating buckets and adapting config files for most of my infrastructure.
restic_binary_location: /opt/restic
repos:
server:
...
server2:
location: s3:https://core.fuga.cloud:8080/... <-- S3 URL from the container's details
key:
password: ... <-- Your repo passphrase
keyID: ... <-- S3 access ID from the area (ams/fra) where you created the bucket
applicationKey: .... <-- S3 secret from the area (ams/fra) where you created the bucket
...
includes:
...
The migration was smooth and with no issues to be reported. One more step towards bringing my data and my money back in Europe!