Originally published at: The Role of Bootable Duplicates in a Modern Backup Strategy - TidBITS
macOS 11 Big Sur has thrown a cryptographically signed monkey wrench into the inner workings of backup apps that make bootable duplicates. There are now workarounds, and Apple promises to fix the necessary underlying tool, but Adam Engst suggests that we need to rethink the role bootable duplicates play in a modern backup strategy.
Originally published at: The Role of Bootable Duplicates in a Modern Backup Strategy - TidBITS
I have been using SuperDuper! for years and CCC more recently. SD! has basically given up. CCC can still make bootable backups in Big Sur (Intel) - but you can’t update it. I just want a snapshot and don’t care about incremental updates, so I am still using CCC for my MBP16 and iMac Pro. Erasing the target drive and starting over only takes about 12 minutes on the MBP16 backing up to a Samsung SSD. That is no problem. It takes three hours on my iMac Pro - but again I don’t mind as this can be scheduled. (I only make bootable backups before system updates.) I understand that CCC is going to change into a data only backup as the developer thinks it is too risky to rely on Apple and ASR. I’m running Time Machine on the iMac Pro but not the MBP16 - backing up with TM to a NAS turned out to be slow and unreliable. I’ll miss the ease and flexibility of making bootable backups.
This is inaccurate.
Note the use of clauses like “currently” or “the future of … is unclear”.
Lots more good information on the topic here.
Bootable backups, at least for me, are pretty much pointless these days. Recently the SSD on my Mac mini died, and even though I had a bootable backup, it wasn’t all that useful. Since my most important files were on either OneDrive or iCloud drive, and since I don’t have a second machine, I just worked on my phone/iPad while Apple replaced the SSD.
When the machine came back, I restored my data through Migration assistant. This caused a whole myriad of small but irritating issues, especially with Office/work software and my Python environment. Long story short, it would have probably been just as fast to start fresh, download a few apps, and let everything sync from iCloud/OneDrive/whatever.
That being said, this is just my experience based on how I use my computer these days - which is to say it’s basically a $1500 web browser.
IMHO the most annoying thing about this switch to non-bootable clones or data-only clones is that we are once and for all leaving being this great Mac idea that you could boot any Mac (assuming it’s not too new for the boot system) from any clone. It’s incredibly convenient to be able to boot one Mac from another Mac’s partition or a clone of it.
To those who use this regularly, it must be a bit maddening to see Apple take something that “just works" for two decades and trash it.
Now is that functionality irreplaceable? Probably not. And it’s true that Apple had long ago already sent up flares to warn us about this.
Nevertheless, it was just one of those Mac things that gave us a glimpse of why fundamentally a Mac was just a much more sophisticated environment than what the masses were using.
I agree, it’s a slick feature. But I’d rather just sign into my iCloud account on a new machine and have it sync everything. More accurately, when my parents buy a new computer and they call me for help, I’d rather show them how to type in their iCloud password instead of explaining how to restore from a bootable backup. It’s worked well in iOS land, generally speaking I think
I read that blog in January. Unfortunately, SD! no longer will make even an initial Big Sur bootable backup. CCC can. What the future holds in store is not known, and both SD! and CCC may end up as data (only) backup applications - that’s where CCC is going and the developer has said so (a “better TM”). SD! (Dave) hasn’t been as specific about the future. I really liked SD! and as I said have used it for years (I even bought a second license to say thanks) but gave up in 2020 - CCC was more flexible and significantly faster in performing the backups. I sympathize with both developers - it is dangerous to rely on Apple (ASR) even if Apples fixes it so that it can make system volume only backups and work with M1 systems. For those who really want a bootable backup you can run asr from the command line but that’s a bit too complex for me.
The more I think about this article, the more I think I disagree with these benefits:
Quick recovery: The primary reason for having an up-to-date bootable duplicate is so you can get back to work as quickly as possible should your internal drive fail. Simply reboot your Mac with the Option key down at startup, select the bootable duplicate, and continue with your work. If your Mac were to die entirely, you could use the clone with another Mac you own or borrow, or a replacement that you can purchase and return within 14 days.
I agree that in some cases this is convenient. But I’d guess that most people with work iso critical that a drive failure causes them to go and borrow another computer, and then boot that borrowed computer with an exact replica of their system are likely working off an external drive or RAID or something like that. I’m sure there are some situations where this is not true, but it seems like more and more an an edge case lately. Maybe it saves some time reconfiguring app settings on a borrowed system.
Secondary backup: Any good backup strategy has multiple backup destinations, preferably created using different software. If you consider your primary backup to be Time Machine, for instance, having a bootable duplicate made with another app and stored on a separate drive protects against both potential programming errors in Time Machine and physical or logical corruption of its drive. It’s best not to put all your eggs—or backups—in one basket.
I suppose, but a single disk is a single disk, even if it’s bootable. If my single backup drive fails, the fact that it was bootable didn’t do me much good.
Faster migration: I’ll admit I have no data here, but if I needed to use Apple’s Setup Assistant or Migration Assistant to migrate to a new drive or Mac, I’d prefer to use my bootable duplicate over my Time Machine backup. With Time Machine, the migration will have to figure out what the newest version of every file is, whereas the bootable duplicate is, by definition, an exact clone.
No idea if it’s faster, but Migration Assistant works with non-bootable backups (like the data volume in Big Sur.)
I think there’s a place for bootable backups, but I’m not convinced that they speedup recovery (in most cases), are any better as a secondary backup than their non-bootable counterparts. Do they speed up migrations? No idea, but if so it’s probably marginal
And that’s exactly the point of the article. Those used to be the benefits, but in the modern world, I don’t think they’re nearly as useful as they used to.
My point here is that if you had one drive for Time Machine, pointing your duplicate at another drive gave you hardware and software diversity. The likelihood is that the Time Machine and duplicate drives won’t both fail at the same time (and if they do because of fire or theft, that’s what offsite or Internet backups are for).
Thanks, @ace. Like many others, I’m sure, the only thing left that’s delaying my move to Big Sur is this bootable backup thing. I’ve been noodling on the issue for a while, and I think you’ve landed about where I would have landed eventually. I don’t like leaving bootable backups behind, but when I survey the way I store my data today and the availability of secondary devices, I conclude that it’s time to adjust my plan for recovering from disaster and move on.
FWIW, the only times I’ve needed my backups (due to a catastrophic drive failure) was many years ago. The backup I restored from was not bootable (it was a VXA tape backup made with Retrospect).
I booted the system from my emergency recovery partition (I had previously created a second partition with a minimal Mac OS X installation that contained the OS, Retrospect, Disk Warrior and little else) and used Retrospect to restore my system and data partitions. (I also had a bootable DVD for use in case both hard drives died at once, but I never needed to use it.)
A bootable backup is basically a shortcut around this. Instead of having an emergency recovery partition containing your backup-restore utility, it’s all combined together: boot the backup and then clone it back to the computer. It is unlikely that I would try to actually work from such a system (although I could if necessary).
Apple almost replaces this need by letting the Recovery partition restore a system from a Time Machine backup. Unfortunately, with Big Sur making it difficult (and on M1 systems, impossible) to restore the entire system from any other kind of backup, that really limits the usefulness of having a backup of the system volume(s).
Thanks for this thoughtful and thought-provoking article.
Personally, that would be at most third on the list. When I went from El Capitan to Mojave, I was dismayed at the speed hit, and I would be worried about a repeat from my new starting point. Also, I have seen the Big Sur interface, and my opinion is that Apple has stumbled. Mail, in particular, is two steps backward, and that’s not counting the problems with lost messages that some have reported. A bootable backup might be nice (I hope not!), but the speed and interface issues are something that I would need to live with every time I use the Mac.
I have a MacBook Air that I used to take with me to work every day for handling personal stuff (email, web, reading during lunch, etc.) while in the office. Sort of like an iPad, but useful. (Kidding!) I back that one up to Time Machine only.
I installed Big Sur on that a while ago, and I haven’t noticed any issues. I can find the messages I need to find in Mail, and the Mail interface seems pretty much the same to me. And no noticeable difference in responsiveness overall, at least in what I do most often, which is writing and reading.
I’m not crazy about the new look. The darkening of the menu bar, combined with the lightening/grayening(?) of the toolbar, makes even the frontmost window look like it’s in the background. It took a while before I stopped clicking on windows just to be sure they really were frontmost.
I agree with Simon–“IMHO the most annoying thing about this switch to non-bootable clones or data-only clones is that we are once and for all leaving being this great Mac idea that you could boot any Mac (assuming it’s not too new for the boot system) from any clone. It’s incredibly convenient to be able to boot one Mac from another Mac’s partition or a clone of it.”
Now, having said that, I don’t like the idea of not being able to boot from an external drive…period.
Mac user for more than 30 years and many times I have had to boot from that back up to keep going.
I also have not moved on from mojave for this very reason. We all know that the internal drive, or something connected to it, is going to go at some point.
I’d like to point out something else. For those of us that live outside the hi speed internet zones, like in more rural areas (I live in NH) backing up to iCloud or any other online service would literally take me weeks to accomplish.
We don’t all live in the big shiny urban areas where 5G is the norm. I can’t even get cable TV where I live. Being able to back up to a HD is essential for many of us.
Having said that, I think I would be OK with CCC doing a data back up. I guess I could live with reinstalling a new system and having to reset my stuff, though I don’t look forward to it.
I would ask this: How many GBs would just a SYSTEM back up require? perhaps that could be down in the cloud, even for me, with the bulk of the data back up to local hard drive.
That just might work for me.
I tend to agree with this, and appreciate how someone else has expressed it in a better way that I could.
Personally, I switched from SuperDuper to try Carbon Copy Cloner, which is good. And now use Get Backup Pro, which is part of Setapp. If I’m going to use a new interface and try software, I may as well try something I’m already paying for.
Maybe one of the criteria for choosing a backup strategy, is making sure that at least one backup is Migration Assistant compatible, for quick-ish restoration onto the same computer or new computer. Time Machine/Capsule (preferably with ethernet cable for speed) and cloning would fit this.
Clone(s), may be useful after a clean install, as copying individual files off a local drive may be easier.
All the rational arguments made here, and all the good ideas/workarounds/insteads notwithstanding, my bottom line is:
Bootable clones is a great thing, being able to boot off an external drive is extremely important, being able to create a partition on the internal drive and boot from it (which is important to be able to make TechTool Pro’s eDrive on it) is a great help.
The fact that Apple has made these things - these uniquely Mac-specific features - impossible is a huge mistake, a very unfortunate, disappointing and ill-advised step backwards. Whatever benefits Big Sur and Apple silicon supposedly offer are not justified at the cost of these functions. IMO Apple blew it. They need to realize this and correct it - all of it. One of the most irritating facts about all this is that neither Big Sur nor Apple silicon has so far shown any marked improvement over the past for most users or most scenarios. If this changes over time, I may change my mind about the ill-advised trade-offs, but in the meantime, I’m simply PO’d. And I’m pretty sure I’m not alone.
The great thing about bootable backups is that I could fly to Chicago, borrow or something a Mac, start it up from my clone and I was just working! Then leave, and nothing to clean up on my friend’s mac. Then on to Salt Lake City, and ditto. No need to schlep the computer. That has been very important overseas when carrying a Mac on the street, even in a backpack or whatever, risks losing the computer to theft. As you say, a perfectly good idea, like the mag-safe connectors, dropped for no good reason. I hope Dave at SD! can figure out a work-around or that (gasp) Apple works with the developer to make it possible again. (The sound of me not holding my breath.)
That’s not how Apple sees this. They see it as a feature. It’s for security. While I agree that bootable backups are nice, they are a huge security hole.
Now we can argue about that tradeoff – since it’s a security hole that requires physical access it’s not one that bothers me – but Apple obviously has different priorities.
What percentage of Mac users make bootable backups? 1% .1% .001%? I bet it’s pretty small and half of them read TidBITS.
I wouldn’t hold your breath about this changing. (Though it would be nice if Apple could provide their own tool for creating bootable backups in a secure way.)
My 2020 Intel Macs lets me prevent booting from an external drive if indeed I’m worried about that “huge security hole”. But by offering this as a firmware option (that is default set to off) without removing the fundamental capability for everybody else—some of which perhaps don’t share my judgement about how “huge” that security hole is—both camps could be satisfied. Now, only one gets to have it their way. I’m not surprised if only one side sees that as a win.
Excellent article and questions/solutions!
I come from the Oldskool of having an active, weekly, silent clone to an spinner (on internal bus, for speed) along with no longer supported TM Airport (modded for 4TB). You.Can.Not.Have.Enough.Backed up. I even considered buying a cloud sub to carbonite/code42/AWS container or other service but none are one-stop-one-deal. Having a bootable clone (if daily), allows you to fumble with some update and screw the pooch, and boot back to last time, phew.
I wonder, if you have a T-bolt mac enabled, can CCC clone to that mac partition so you have a daily driver ready, that is only tethered via Tbolt 3 cable? Is that doable?
I just ordered a T7 drive to use for cloning macs as I also migrate (just incase). But I also wonder, we are coming to full circle in that, its all in the cloud. Terminal/server will be i-device to login, run your desktop on a display with gig connection. Local is for emergencies only (like power outtage).
I think we need to get internet access as a regulated utility!