The Complete Guide to Setting Up Encrypted External Drives with Automated Backups

A beginner-friendly guide to protecting your data and never losing your files again

Why I Needed More Storage

I run a home server that hosts various applications, including a photo management system called Immich. Over time, my photo library grew to 125GB, and my main SSD (Solid State Drive) was starting to fill up. I had 518GB free out of 914GB total, but I knew I needed a better long-term solution.

More importantly, I had no backup system. If my server's drive failed, I would lose years of photos and important data. This is a scary situation that many people find themselves in!

Research Phase: Choosing the Right Storage Solution

The Options I Considered

When looking for external storage, I had several choices:

1. Pre-built NAS (Network Attached Storage) Systems

• Examples: Synology DiskStation, QNAP devices

• Pros: Easy to set up, nice web interface, built-in backup software

• Cons: Expensive ($300-800 for the enclosure alone, not including drives)

2. Individual External Hard Drives

• Examples: Seagate Expansion, WD Elements

• Pros: Cheap, plug-and-play, portable

• Cons: No redundancy, slower than internal drives

3. Building a RAID Array

• Using multiple drives together for speed or redundancy

• Pros: Can survive drive failures, faster performance

• Cons: Complex setup, requires special hardware or software

4. My Choice: Two Separate External Drives

• One for active storage, one for nightly backups

• Pros: Simple, affordable, reliable, independent redundancy

• Cons: Manual setup required, takes more physical space

Cost Comparison

Here's what I researched for 24TB of usable storage:

I chose two 24TB external hard drives because:

• I got them on sale for about $300 each ($600 total)

• They're USB 3.0 so they work with any computer

• I can have truly independent backups (if one drive fails, the other still works)

• No complex RAID setup needed

• Easy to upgrade in the future

Understanding RAID: Why I Didn't Use It

RAID (Redundant Array of Independent Disks) is a way to combine multiple hard drives. There are different types:

RAID 0 (Striping):

• Splits data across both drives for faster performance

• Problem: If ONE drive fails, you lose EVERYTHING

• Think of it like writing half a book on one notebook and half on another - lose one notebook and the book is unreadable

RAID 1 (Mirroring):

• Copies everything to both drives automatically

• If one fails, you still have the other

• Problem: You only get the capacity of one drive (two 24TB drives = 24TB usable)

• This costs the same as my solution but gives me half the storage

RAID 5/6:

• Requires 3+ drives, spreads data and parity across all drives

• Can survive one or two drive failures

• Problem: Complex, requires special hardware, expensive

Why I Chose Simple Backups Instead:

• I get 24TB for active storage + 24TB for backups = full use of both drives

• If my storage drive fails, I still have the backup drive

• If my backup drive fails, I still have the storage drive

• Simpler to understand and maintain

• No special RAID hardware needed

What I Bought

2x Seagate Expansion 24TB External Hard Drives

Specifications:

• Capacity: 24TB each

• Interface: USB 3.0

• Speed: 7200 RPM

• Transfer Rate: Up to 140 MB/s read

• Form Factor: 3.5-inch desktop drive

• Price: ~$300 each

These are desktop drives (not portable), meaning they:

• Need external power (wall plug)

• Are bigger and heavier

• But use higher-quality 7200 RPM drives inside

• More reliable for 24/7 operation than portable drives

The Setup Process: Step by Step

Phase 1: Hardware Connection

I connected both drives to my Linux server via USB. The system automatically detected them as /dev/sda and /dev/sdb (the way Linux names storage devices).

Important Note: The device names (sda, sdb) can change between reboots depending on which drive is detected first. That's why we use UUIDs (Universally Unique Identifiers) - permanent IDs that never change - to identify drives reliably.

Phase 2: Encryption Setup

This was the most important step. I wanted my data encrypted so that if someone steals the drives, they can't access my photos and files.

The Encryption Process:

1. Created partitions on each drive

   • A partition is like dividing a hard drive into sections

   • I used one big partition per drive (using all 24TB)

2. Encrypted with LUKS (Linux Unified Key Setup)

   • LUKS is the standard Linux encryption system

   • It scrambles all data so only someone with the password can read it

   • Uses strong encryption (AES-256) that would take billions of years to crack

3. Set up encryption for both drives:

4. Created keyfiles so I don't have to type three passwords on every boot

   • My system drive needs a password (typed once at startup)

   • The keyfile is stored on the encrypted system drive

   • Once the system unlocks, it uses the keyfile to automatically unlock the external drives

   • Result: I type one password, all three drives unlock!

Security Benefits:

• If someone steals the external drives, they're useless without the password

• All data is protected at rest (when the drives are off or disconnected)

• Even if someone removes a drive while running, they can't read the data without the encryption key

Phase 3: File System and Mounting

After encryption, I needed to format the drives and tell the system where to access them.

1. Formatted with ext4 filesystem

• ext4 is the standard Linux filesystem

• Reliable, fast, and handles large files well

• Supports files up to 16TB each (plenty for videos!)

2. Created mount points:

• /mnt/storage - where the storage drive appears in my system

• /mnt/backup - where the backup drive appears

3. Configured automatic mounting

• Added entries to /etc/fstab (the file that controls what mounts at boot)

• Added entries to /etc/crypttab (the file that controls encryption unlocking)

• Now the drives automatically unlock and mount every time I boot the server

Phase 4: Moving Data

I had 125GB of photos in my Immich application stored on my SSD. Time to move them!

The Process:

1. Stopped the Immich services (so nothing was accessing the files)

2. Used rsync to copy all data to the new storage drive

   • rsync is a tool that copies files efficiently

   • It preserves all permissions, timestamps, and file attributes

   • Took about 10-15 minutes to copy 125GB

3. Created a symbolic link (symlink)

   • A symlink is like a shortcut in Windows

   • The application thinks files are still in the original location

   • But they're actually on the external drive

   • This means I didn't have to reconfigure Immich at all!

4. Started Immich again and verified everything worked

5. Deleted the old copy from the SSD, freeing up 125GB

Result: My SSD went from 518GB free to 641GB free, and all my photos are now on the spacious external drive!

Phase 5: Automated Backup System

This is where the magic happens. Every night at 2 AM, my server automatically backs up everything.

The Backup Script:

I created a simple bash script that runs automatically:

#!/bin/bash
# Backup from storage to backup drive
SOURCE="/mnt/storage/"
DEST="/mnt/backup/"
LOGFILE="/var/log/seagate-backup.log"

echo "=== Backup started at $(date) ===" >> "$LOGFILE"

# Use rsync to sync all files
rsync -av --delete "$SOURCE" "$DEST" >> "$LOGFILE" 2>&1

if [ $? -eq 0 ]; then
    echo "✓ Backup completed successfully at $(date)" >> "$LOGFILE"
else
    echo "✗ Backup FAILED at $(date)" >> "$LOGFILE"
fi

What this script does:

• Copies everything from storage drive to backup drive

• Uses --delete flag to remove files from backup that were deleted from storage

• Keeps a log of every backup with timestamps

• Reports success or failure

Scheduled with Cron:

• Cron is Linux's built-in task scheduler

• I added one line to the system's crontab: 0 2 * * * /usr/local/bin/backup-seagate.sh

• This means: "At 0 minutes, 2 hours, every day of month, every month, every day of week, run the backup script"

• The server does this automatically - I never have to remember!

Backup Features:

• Incremental: Only copies files that changed (fast after first backup)

• Exact mirror: Backup drive is an exact copy of storage drive

• Logged: I can check /var/log/seagate-backup.log to see backup history

• Automatic: Runs every night without me doing anything

The 3-2-1 Backup Rule

Security experts recommend the 3-2-1 backup strategy:

• 3 copies of your data (original + 2 backups)

• 2 different types of storage media (SSD + HDD, or local + cloud)

• 1 copy off-site (at a different physical location)

My current setup:

• ✅ 3 copies: Original on storage drive, nightly backup on backup drive, and photos still on my phone

• ✅ 2 different media: Data on HDD, system on SSD

• 1 off-site

What I Learned

Storage Math

• Raw capacity: 24TB per drive

• Formatted capacity: ~21.8TB usable (formatting overhead)

• Why the difference?

  • Manufacturers use decimal (1TB = 1,000,000,000,000 bytes)

  • Computers use binary (1TB = 1,099,511,627,776 bytes)

  • File system overhead (ext4 reserves space for metadata)

Performance

• USB 3.0 speed: Up to 5 Gbps theoretical (640 MB/s)

• Drive speed: 7200 RPM = ~140 MB/s actual read speed

• Bottleneck: The drive's mechanical speed, not USB

• First backup: Took ~2 hours to copy 125GB

• Nightly backups: Take ~5 minutes (only changed files)

Reliability Considerations

Hard Drive Lifespan:

• Consumer drives: ~3-5 years of continuous use

• Enterprise drives: ~5-7 years

• My drives are desktop-class, expecting ~4-5 years

Monitoring Drive Health:

• I installed smartmontools to monitor drive health

• Checks temperature, error rates, power-on hours

• Will warn me if drives start failing

Redundancy Benefits:

• If storage drive fails: I have the backup drive (lose at most one day of photos)

• If backup drive fails: I still have storage drive (can replace backup drive)

• Much better than having no backup at all!

Cost Breakdown

Cost per terabyte: $600 ÷ 24TB = $25/TB

Compare this to:

• Cloud storage: $6-10/TB/month (Backblaze, Google Drive)

• NAS system: $35-40/TB (including enclosure)

• Portable external drives: $30-35/TB

My solution is very cost-effective for large amounts of data!

Lessons for Others

Do This If You:

• Have lots of data you can't afford to lose (photos, videos, documents)

• Want a simple, reliable backup solution

• Are comfortable with basic Linux commands

• Want your data encrypted for security

• Need lots of storage for a reasonable price

Consider Alternatives If You:

• Want a plug-and-play solution with no setup (buy a NAS)

• Need to access files from multiple computers on your network (NAS is better)

• Have less than 1TB of data (cloud backup might be simpler)

• Want RAID performance benefits (need RAID hardware)

Key Takeaways

1. Always have backups! The question isn't "if" a drive will fail, but "when"

2. Encryption is important - protects your data if drives are stolen

3. Automation is your friend - you'll forget to backup manually

4. Test your backups - verify you can actually restore files

5. Monitor drive health - catch problems before total failure

6. Simple solutions work - don't need complex RAID for home use

Final Results

Before:

• 125GB of photos on SSD (at risk if drive fails)

• No backup system

• Running out of space for future photos

• 518GB free on SSD

After:

• 125GB of photos on encrypted 24TB storage drive

• Nightly automated backups to second encrypted drive

• Room to grow to 24TB of photos/data

• 641GB free on SSD (freed up 123GB)

• Peace of mind knowing my data is safe!

Security Note

Throughout this project, I was careful to:

• Use strong encryption passwords

• Store encryption keys securely on the encrypted system drive

• Never share passwords or keys

• Keep the physical drives in a secure location

• Use LUKS encryption (industry-standard, audited security)

Your data is valuable - protect it!

Glossary of Terms

This guide documents my journey from researching storage solutions to implementing a secure, automated backup system. The total project took about 4 hours of active work spread over a day, plus research time. The result is a robust storage system that will protect my data for years to come.

Last updated: November 2025