diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/BackupFactory.php b/src/opnsense/mvc/app/library/OPNsense/Backup/BackupFactory.php
new file mode 100644
index 000000000..8d3ffddcc
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/BackupFactory.php
@@ -0,0 +1,81 @@
+<?php
+/**
+*    Copyright (C) 2018 Deciso B.V.
+*
+*    All rights reserved.
+*
+*    Redistribution and use in source and binary forms, with or without
+*    modification, are permitted provided that the following conditions are met:
+*
+*    1. Redistributions of source code must retain the above copyright notice,
+*       this list of conditions and the following disclaimer.
+*
+*    2. Redistributions in binary form must reproduce the above copyright
+*       notice, this list of conditions and the following disclaimer in the
+*       documentation and/or other materials provided with the distribution.
+*
+*    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+*    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+*    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+*    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+*    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+*    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+*    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+*    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+*    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+*    POSSIBILITY OF SUCH DAMAGE.
+*
+*/
+
+namespace OPNsense\Backup;
+
+/**
+* Class BackupFactory
+* @package OPNsense\Backup
+*/
+class BackupFactory
+{
+
+    /**
+     * list installed backup providers
+     * @return array
+     */
+    public function listProviders()
+    {
+        $providers = array();
+        foreach (glob(__DIR__."/*.php") as $filename) {
+            $pathParts = explode('/', $filename);
+            $vendor = $pathParts[count($pathParts)-3];
+            $module = $pathParts[count($pathParts)-2];
+            $classname = explode('.php', $pathParts[count($pathParts)-1])[0];
+            try {
+                $reflClass = new \ReflectionClass("{$vendor}\\{$module}\\{$classname}");
+                if ($reflClass->implementsInterface('OPNsense\\Backup\\IBackupProvider')
+                        && !$reflClass->isInterface()) {
+                    $providers[$classname] = array(
+                        "class" => "{$vendor}\\{$module}\\{$classname}",
+                        "handle" => $reflClass->newInstance()
+                    );
+                }
+            } catch (\ReflectionException $e) {
+                null; // skip when unable to parse
+            }
+        }
+        return $providers;
+    }
+
+    /**
+     * return a specific provider by class name (without namespace)
+     * @param string $className without namespace
+     * @return mixed|null
+     */
+    public function getProvider($className)
+    {
+        $providers = $this->listProviders();
+        if (!empty($providers[$className])) {
+            return $providers[$className];
+        } else {
+            return null;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php b/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
new file mode 100644
index 000000000..046cb69fd
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ *    Copyright (C) 2018 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Backup;
+
+
+/**
+ * Backup stub file, contains shared logic for all backup strategies
+ * @package OPNsense\Backup
+ */
+abstract class Base
+{
+    /**
+     * encrypt+encode base64
+     * @param string $data to encrypt
+     * @param string $pass passphrase to use
+     * @return string base64 encoded crypted data
+     */
+    public function encrypt($data, $pass)
+    {
+        $file = tempnam(sys_get_temp_dir(), 'php-encrypt');
+        @unlink($file);
+
+        file_put_contents("{$file}.dec", $data);
+        exec(sprintf('/usr/local/bin/openssl enc -e -aes-256-cbc -in %s -out %s -k %s',
+            escapeshellarg("{$file}.dec"), escapeshellarg("{$file}.enc"), escapeshellarg($pass)
+        ));
+        @unlink("{$file}.dec");
+
+        if (file_exists("{$file}.enc")) {
+            $result = file_get_contents("{$file}.enc");
+            @unlink("{$file}.enc");
+            return base64_encode($result);
+        } else {
+            log_error('Failed to encrypt/decrypt data!');
+            return null;
+        }
+    }
+
+    /**
+     * decrypt base64 encoded data
+     * @param string $data to decrypt
+     * @param string $pass passphrase to use
+     * @return string data
+     */
+    public function decrypt($data, $pass)
+    {
+        $file = tempnam(sys_get_temp_dir(), 'php-encrypt');
+        @unlink($file);
+
+        file_put_contents("{$file}.dec", base64_decode($data));
+        exec(sprintf('/usr/local/bin/openssl enc -d -aes-256-cbc -in %s -out %s -k %s',
+            escapeshellarg("{$file}.dec"), escapeshellarg("{$file}.enc"), escapeshellarg($pass)
+        ));
+        @unlink("{$file}.dec");
+
+        if (file_exists("{$file}.enc")) {
+            $result = file_get_contents("{$file}.enc");
+            @unlink("{$file}.enc");
+            return $result;
+        } else {
+            log_error('Failed to encrypt/decrypt data!');
+            return null;
+        }
+    }
+}
diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php b/src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php
new file mode 100644
index 000000000..4af2c8dc0
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php
@@ -0,0 +1,225 @@
+<?php
+/**
+ *    Copyright (C) 2018 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Backup;
+use OPNsense\Core\Config;
+
+
+/**
+ * Class google drive backup
+ * @package OPNsense\Backup
+ */
+class Gdrive extends Base implements IBackupProvider
+{
+
+    /**
+     * get required (user interface) fields for backup connector
+     * @return array configuration fields, types and description
+     */
+    public function getConfigurationFields()
+    {
+        $fields = array();
+
+        $fields[] = array(
+            "name" => "GDriveEnabled",
+            "type" => "checkbox",
+            "label" => gettext("Enable")
+        );
+        $fields[] = array(
+            "name" => "GDriveEmail",
+            "type" => "text",
+            "label" => gettext("Email Address")
+        );
+        $fields[] = array(
+            "name" => "GDriveP12file",
+            "type" => "file",
+            "label" => gettext("P12 key (not loaded)")
+        );
+        $fields[] = array(
+            "name" => "GDriveFolderID",
+            "type" => "text",
+            "label" => gettext("Folder ID")
+        );
+        $fields[] = array(
+            "name" => "GDrivePrefixHostname",
+            "type" => "text",
+            "label" => gettext("Prefix hostname to backupfile")
+        );
+        $fields[] = array(
+            "name" => "GDriveBackupCount",
+            "type" => "text",
+            "label" => gettext("Backup Count")
+        );
+        $fields[] = array(
+            "name" => "GDrivePassword",
+            "type" => "password",
+            "label" => gettext("Password")
+        );
+        $fields[] = array(
+            "name" => "GDrivePasswordConfirm",
+            "type" => "password",
+            "label" => gettext("Confirm")
+        );
+
+        return $fields;
+    }
+
+    /**
+     * backup provider name
+     * @return string user friendly name
+     */
+    public function getName()
+    {
+        return gettext("Google Drive");
+    }
+
+    /**
+     * validate and set configuration
+     * @param array $conf configuration array
+     * @return array of validation errors
+     */
+    public function setConfiguration($conf)
+    {
+        // TODO: Implement setConfiguration() method.
+    }
+
+    /**
+     * @return array filelist
+     */
+    public function backup()
+    {
+        $cnf = Config::getInstance();
+        if ($cnf->isValid()) {
+            $config = $cnf->object();
+            if (isset($config->system->remotebackup) && isset($config->system->remotebackup->GDriveEnabled)
+                    && !empty($config->system->remotebackup->GDriveEnabled)) {
+                if (!empty($config->system->remotebackup->GDrivePrefixHostname)) {
+                    $fileprefix = (string)$config->system->hostname . "." . (string)$config->system->domain . "-";
+                } else {
+                    $fileprefix = "config-";
+                }
+                try {
+                    $client = new Google\API\Drive();
+                    $client->login($config->system->remotebackup->GDriveEmail->__toString(),
+                        $config->system->remotebackup->GDriveP12key->__toString());
+                } catch (Exception $e) {
+                    log_error("error connecting to Google Drive");
+                    return array();
+                }
+
+                // backup source data to local strings (plain/encrypted)
+                $confdata = file_get_contents('/conf/config.xml');
+                $confdata_enc = chunk_split(
+                    $this->encrypt($confdata, $config->system->remotebackup->GDrivePassword->__toString())
+                );
+
+                // read filelist ({prefix}*.xml)
+                try {
+                    $files = $client->listFiles($config->system->remotebackup->GDriveFolderID->__toString());
+                } catch (Exception $e) {
+                    log_error("error while fetching filelist from Google Drive");
+                    return array();
+                }
+
+                $configfiles = array();
+                foreach ($files as $file) {
+                    if (fnmatch("{$fileprefix}*.xml", $file['title'])) {
+                        $configfiles[$file['title']] = $file;
+                    }
+                }
+                krsort($configfiles);
+
+
+                // backup new file if changed (or if first in backup)
+                $target_filename = $fileprefix . time() . ".xml";
+                if (count($configfiles) > 1) {
+                    // compare last backup with current, only save new
+                    try {
+                        $bck_data_enc = $client->download($configfiles[array_keys($configfiles)[0]]);
+                        $bck_data = $this->decrypt($bck_data_enc,
+                            $config->system->remotebackup->GDrivePassword->__toString());
+                        if ($bck_data == $confdata) {
+                            $target_filename = null;
+                        }
+                    } catch (Exception $e) {
+                        log_error("unable to download " . $configfiles[array_keys($configfiles)[0]]->description . " from Google Drive (" . $e . ")");
+                    }
+                }
+                if (!is_null($target_filename)) {
+                    log_error("backup configuration as " . $target_filename);
+                    try {
+                        $configfiles[$target_filename] = $client->upload($config->system->remotebackup->GDriveFolderID->__toString(), $target_filename, $confdata_enc);
+                    } catch (Exception $e) {
+                        log_error("unable to upload " . $target_filename . " to Google Drive (" . $e . ")");
+                        return array();
+                    }
+
+                    krsort($configfiles);
+                }
+
+                // cleanup old files
+                if (isset($config->system->remotebackup->GDriveBackupCount) && is_numeric($config->system->remotebackup->GDriveBackupCount->__toString())) {
+                    $fcount = 0;
+                    foreach ($configfiles as $filename => $file) {
+                        if ($fcount >= $config->system->remotebackup->GDriveBackupCount->__toString()) {
+                            log_error("remove " . $filename . " from Google Drive");
+                            try {
+                                $client->delete($file);
+                            } catch (Google_Service_Exception $e) {
+                                log_error("unable to remove " . $filename . " from Google Drive");
+                            }
+                        }
+                        $fcount++;
+                    }
+                }
+
+                // return filelist
+                return $configfiles;
+            }
+        }
+
+        // not configured / issue, return empty list
+        return array();
+    }
+
+    /**
+     * Is this provider enabled
+     * @return boolean enabled status
+     */
+    public function isEnabled()
+    {
+        $cnf = Config::getInstance();
+        if ($cnf->isValid()) {
+            $config =$cnf->object();
+            return isset($config->system->remotebackup) && isset($config->system->remotebackup->GDriveEnabled)
+                && !empty($config->system->remotebackup->GDriveEnabled);
+        }
+        return false;
+    }
+}
\ No newline at end of file
diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php b/src/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php
new file mode 100644
index 000000000..68bf7a214
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ *    Copyright (C) 2018 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Backup;
+
+/**
+ * Interface for backup connectors
+ * @package OPNsense\Backup
+ */
+interface IBackupProvider
+{
+    /**
+     * get required (user interface) fields for backup connector, ideally these should be stored in a model
+     * but for backwards compatibility reasons we delegate the decision what to use to the backup class.
+     * @return array configuration fields, types and description
+     */
+    public function getConfigurationFields();
+
+    /**
+     * validate and set configuration
+     * @param array $conf configuration array
+     * @return array of validation errors
+     */
+    public function setConfiguration($conf);
+
+    /**
+     * backup provider name
+     * @return string user friendly name
+     */
+    public function getName();
+
+    /**
+     * Perform actual backup
+     * @return array filelist
+     */
+    public function backup();
+
+    /**
+     * Is this provider enabled
+     * @return boolean enabled status
+     */
+    public function isEnabled();
+}