Admittedly this is non-"standard" practice, but every disk/drive i own (or have ever owned since the early 90's) is partitioned. The externals have at least one bootable system, and my internal HDs have at least two.
This is similar to what I do. On every computer that I've ever had that had two internal drives, they were both bootable. When I started using computers with only one internal drive, I started partitioning it into two bootable partitions. Let's call them "Normal" and "Alternate". I partition a same-size external drive the same way, into "Normal2" and "Alternate2". Normally, that external disk is unmounted and powered off, and I'm booted off of "Normal". Time Machine is backing up to a separate external drive.
When I want to back up, the procedure is:
- Power up the external.
- Use a copy of SuperDuper on Normal to clone Alternate to Alternate2.
- Boot off of Alternate (which, incidentally, has Time Machine turned off).
- Use a copy of SuperDuper on Alternate to clone Normal to Normal2.
- Unmount and turn off the drive containing Normal2/Alternate2.
- Run Software Update to bring Alternate up to date.
- Update anything else on Alternate that needs updating. (This is quick. Alternate is a nearly-virgin standard OS X install. The only extras are SuperDuper and Xcode.)
- Boot off of Normal, logging into the admin account
- (Optionally, turn off Time Machine here, if the following steps are expected to be lengthy.)
- Run Software Update to bring Normal up to date.
- Update anything else that has updates
- (Turn Time Machine back on if I turned it off above.)
- Log out of the admin account, and back into my normal user account.
Things to notice:
- I never use SuperDuper to clone the volume I'm booted from.
- The external backup drive is unmounted and turned off during all software updates, to guard against updaters grabbing the wrong disk.
- I get a full current backup of everything before it gets updated. If an update botches things, I can back out by restoring from the backup.
- The last TM snapshot before I start, and the first after I'm done, also give me full before/after versions to restore from. I don't let TM back up a partially updated system.
- The internal drive (where I work), SuperDuper's external, and TM's external, are three separate drives. Two backups onto the same drive are really only one backup. (There are other externals, for a backup of my TM backup, and offsite backups, but that's another topic.)
This part of the discussion is mostly about *full* clone operations. Once that has much been achieved successfully, all the "incremental" updates (which both SD and CCC offer) are safe enough in my opinion.
Why would you think that? Any backup of a running system is risky. The "increment" would be mostly my user files, which are the files I care most about.
That all goes for Time Machine too i suppose. I was just wondering to myself how they design those programs to run while users are busy renaming, re-saving, and/or moving stuff around in realtime... while the backup is still underway.
I wrote a very lengthy post on this topic. TM knows it's backing up a running system, knows its risky, and goes to great lengths to mitigate the downside. I won't repeat the whole thing, but the highlights are:
- It keeps multiple backups. If one is bad, there are others.
- It uses the FSEventLog mechanism to locate changed files very quickly, reducing typical backup times from several tens of minutes to several tens of seconds. The list of changed files includes even the files that change while it's building the list.
- It always does two backups, back to back. The second backup catches all the files that changed during the copy phase of the first backup. The second backup typically takes only a second or two, so it's an almost-simultaneous snapshot of all files everywhere.
- It has intelligence about which files can be safely backed up while they're being changed. (It knows disk images cannot be backed up while they're mounted read/write; it knows how to get a valid copy of an SQLite database even if it's being updated.)
- It accepts advice from applications about what can't be backed up. For example, iPhoto tells TM not to back up it's photo library while iPhoto is running.
- Lion has a feature called File Coordination that lets any application safely copy a document being edited by another application. The editing application needs to support File Coordination, of course, but Finder and Mail both invoke it. I can only imaging that TM on Lion will invoke it too, but I haven't verified this yet.
- It uses the FSEventStream mechanism to detect files that are changing while being copied. It knows such copies are not to be trusted, and won't keep them.
- For files that cannot be backed up this time around, it keeps the version from the previous backup, preferring stale data to corrupted data.
- When, despite precautions, it doesn't trust the backup it just made, it discards it (with an error alert). There'll be another attempt in an hour, or the user can do a Backup Now. Either way, such errors are transient, and the next backup will probably succeed.
