August 29, 2008

Automatic backup for sporadically connected clients with Box Backup

Author: Cory Buford

If you're a frequent business traveler who keeps important company files on your laptop, using a centralized management solution to back up files automatically during a fixed time interval won't work. Instead, consider Box Backup, which backs up files from a laptop directly to a backup server over an encrypted link.

Box Backup doesn't rely on server-initiated backups. Whenever laptops, or other clients, connect to the backup server, the backup can start immediately. You are assured that the files are secure, because Box Backup uses Secure Sockets Layer (SSL) to encrypt data straight to the backup server's disks. In addition to the usual snapshot type of backup, Box Backup also lets you make a continuous backup for every change in files while connected to the server. Best of all, Box Backup is free.

The latest version is 0.11rc2, and the last stable release is 0.10, from 2006. Version 0.10 produces an error when it encounters files of 2GB or greater in size. However, if you won't be backing up files larger than 2GB, the developers recommend that you use version 0.10, because it's the most stable release.

You can continuously back up your data for every change as you would with rsync. However, unlike rsync, you do not need to create scripts to do the job. Box Backup also has a built-in Redundant Array of Inexpensive Disks (RAID) feature that can distribute the backup data on multiple disks or volumes. It works on numerous platforms, including OpenBSD, Linux, Windows (client only), FreeBSD, Solaris, NetBSD, and Darwin.

Although both versions are considered to be stable, the developer says that even the 0.11rc2 release is not yet feature-complete. For instance, errors produced by Box Backup are not that clear and some are not yet documented. The developers are planning to implement marked versions of the store to emulate backing up onto sets of tapes in a controlled manner, which will make restoration of older versions easier.

Starting Box Backup

Installation of Box Backup from source is straightforward, and there are prebuilt binary packages for Debian, Gentoo, and FreeBSD. Go to the project site a complete guide to installation and configuration, including download links.

Before you compile Box Backup, make sure that libssl-dev for SSL and libzlib-dev for Z compression are available on your system. The GNU readline library (libreadline5-dev) and the Berkeley database (libdb4.5-dev) are not necessary but can be helpful as well. Box Backup offers most commands in the CLI, and the GNU readline library provides line editing capabilities, letting you bind keys to easily edit commands (for example, Ctrl-r searches the command history). The Berkeley database stores internal data structures on the disk so, if it is available, the Box Backup Service Daemon (BBSD) will not have to build the data structure from scratch each time each remote machine restarts. In essence, Berkeley database gives Box Backup the ability to store data structures on the disk and retrieve and reference them even after restart, reducing processing time for Box Backup.

After you decompress the downloaded Box Backup package into a folder, use the command ./configure --enable-gnu-readline, then compile.

Two different packages are compiled: one for the server and one for the client. Upon compilation, a folder named "parcel" is created; under that folder are the server and client folders. Under the server folder, execute the ./install-backup-server command to install the server component. In the client folder, execute the command ./install-backup-client to install the client. You only need to install the server component on the backup server, but you may install the client on any system that is to be backed up. Also, note that the same compilation procedures are used when installing the client package, so make sure the necessary libraries are available on each client before installing the client component -- unless you plan to run the client on a Windows machine.

Configuring the server

For Box Backup to work, you must configure both the server and the client components properly. Let's start with the server side. First, add a user to manage the Box Backup server. For security reasons, an ordinary user will suffice; you can use the useradd bbackup command, in which bbackup is the username. Next, create a directory to hold the backup data. It can be at any location, as long as it has enough disk space to hold the data you plan to keep there. For example, create the directory /srv/store, then use the chown command to change ownership of that directory to the user that you just created.

After creating the user and the backup directory, you can generate configuration files for the Box Backup server using scripts that are created during the compilation. If you need the RAID feature of Box Backup you can use the raidfile-config script to generate the RAID configuration. Running the script without any parameters displays how the script is used and the options that are available. For example, for the command raidfile-config /etc/bbackup 8192 /srv/store, /etc/bbackup is the location where the configuration file will be stored, while 8192 is the block size that the RAID configuration will use. Next, generate the configuration for the backup server by running the bbstored-config script. One important parameter of this script is the hostname of the server. Make sure that the hostname can be resolved properly; if it can't, the script won't work. For example, I used bbstored-config /etc/bbackup bbackup to generate the file. Since the configuration file is stored in /etc/bbackup, it is better that you change ownership and allow only bbackup to access that directory.

Box Backup uses SSL for communication, so you also need to generate and sign a certificate. The bbstored-certs script, which you can find in the configuration directory (/etc/bbackup), generates and signs a server certificate. I used the following commands:

# bbstored-certs ca init
# bbstored-certs ca sign-server bbstored/

Note that bbstore/ is created during the generation of the server configuration using bbsstored-config. Finally, you can start the server daemon with the bbstored /etc/bbackup/bbstored.conf command, which you can also find under the configuration directory.

Configuring the client

Once the server is up and running, you need to configure the client side. Box Backup has two modes of backup: snapshot and lazy. Similar to other backup software, snapshot mode takes a snapshot of the data and transfers it to the server. Lazy mode is more dynamic and flexible, and is the recommended mode. In lazy mode, the client continuously transfers data to the server. Since transferring or copying a file that is being used sometimes causes corruption of the transferred file, Box Backup has a time interval in which it checks each file in a given directory to see if there is a change within that time interval. Files that are not changed during that interval will be transferred, while those that have changes will not. This ensures that a file is not being used while backing up.

Just as you did on the server side, you generate a configuration file using the bbackupd-config script, which you can find in the client folder that was created during compilation (boxbackup-0.10-backup-client-linux-gnu). Options include the mode (snapshot or lazy), the account number (1000 in the example here), the hostname of the server (, the temporary backup storage (/var/bbackupd), and the directory to back up (/root/Desktop/files). The command looks like this: bbackupd-config /etc/bbackup lazy 1000 /var/bbackupd /root/Desktop/files.

The configuration is stored in /etc/bbackup, and you can start the client using the command bbackup /etc/bbackup/bbackupd.conf. You can edit bbackupd.conf before you start the client if you want to change the parameters, such as the directories to be backed up or the files to be excluded. To control the service, use the bbackupctl command along with such parameters as terminate (to stop the service), load (to reload the configuration), and sync (forces backup operation, but is only available in Snapshot mode).

Creating an account on the server

You must create a unique account for each client that will back up files to the server in order to transfer them via SSL/TLS. A unique SSL key is generated for each client and stored in its respective client account. To create the client account on the server, use bbstoreaccounts. Specify the account number (1000, in the example here), a soft limit (1024MB storage quota), a hard limit (1500MB quota allowance), and whether RAID will be used (indicated by 0 or 1). For example, I used the command bbstoreaccounts -c /etc/bbackup/bbstored.conf create 1000 0 1024M 1500M.

Now you need to transfer the SSL key generated during the client configuration to the server, using commands like those below. If you forget any step in this process, or if you copy the necessary files to the wrong directory, the server and client daemons will malfunction. The directions on the Box Backup wiki should help you transfer the keys correctly.

(inside /etc/bbackup) scp bbackup/1000-csr.pem - Client side
cp /tmp/1001-csr.pem /etc/bbackup/ca/clients - Server side
(inside /etc/bbackup) bbstored-certs ca sign ca/clients/1000-csr.pem - Server side
(inside /etc/bbackup) cp ca/roots/serverCa.pem /tmp - Server side
(inside /etc/bbackup) cp ca/clients/1000-cert.pem /tmp - Server side
scp{serverCA,1000-cert}.pem - Client side
(inside /tmp) cp {serverCA,1000-cert}.pem /etc/bbackup/bbackupd - Client side

To verify and restore files, use the bbackupquery command on the client side. You can run it in interactive mode or batch; use the compare parameter to verify the files, and use the restore parameter to restore a complete file directory. For the restore command, you must specify the original directory that was backed up and the directory in which you will restore the files on the client side. To avoid data corruption or erasure, make sure the client backup daemon, bbackupd, is not running on the client side while you restore.


With Box Backup, you can securely back up your laptop, or even a desktop, when you're unavailable to do so yourself. With the lazy mode backup, just plug your station into the network and Box Backup will handle the rest. It supports major Linux platforms, even includes Windows as a client, and gives system administrators the ability to back up data from mobile users easily.

While the command-line interface commands may be simple, the SSL key management can be complicated for many end users. And, unfortunately, the release rate for stable versions of Box Backup is somewhat slow. I'm satisfied with the last stable release, but issues like the 2GB file size error limit the tool's flexibility and usage in production environments. While this and other issues have been resolved in the latest version (0.11rc2), it is still in a development stage, so you cannot rely on it in production.

For future versions, I'd like to see a backup test/simulation integrated into a Web-based management interface. A GUI interface front end called Boxi is already available and can help configure some options in Box Backup. However, it is developed by a third party, is not a complete GUI management solution, and its development is quite slow. Also, since the backup statistics of Box Backup show only the total size uploaded/backup files, total size in the server, and the encoded size, improved backup log/report statistics that include specific information, such as number of backup files (from the client), total file size (from the client), and total number of files and size (on the server) would be very useful.

However, I still recommend Box Backup for backing up most mobile systems.


  • Backup & Data Recovery
  • Enterprise Applications
  • Reviews