|
|
rsw@jfet.org
blogroll
|
|
|
can you back it up? no, no, that box... back it up
After a hard drive crash scare on proton (my colo machine) earlier this week (no data lost, fortunately!), I decided it was time to get serious about regular backups.
I did a bit of research and initially settled on Bacula, but because of licensing issues the Debian packages do not link to OpenSSL. This means that I can't encrypt even the handshaking, let alone the data transfer, between client (proton) and backup server (positron).
After a little more searching, I found BoxBackup, a solution geared towards backing up across a WAN. It uses SSL/TLS authentication: the server has a signing key and clients must generate keys and then have them signed with the server key before they can connect. On top of that, each client has another key it uses to encrypt the data it stores on the backup server so that it's transmitted and stored securely, and clients can be sure that their data is secure even from the backup server's admins.
Setup was a breeze (somewhat simpler than Bacula, though neither is particularly difficult), and while the initial 1.6Gb of data was somewhat unpleasant to transfer over my DSL connection, I expect that the incremental change data should not unduly load my network connection.
Now go set up your backup server already.
[ permalink | 2 comments ]
writebacks
jim wrote
In my experience the most important thing about backups is how simple it is to restore. I once had a great system set up using DAR to do incremental cataloged backups, plus my own tools for storing them redundantly on CD. But then I needed to restore a file, and ended up spending a long time trying to boot into some system capable of compiling and running some particular version of DAR to extract my data. Not fun. Nowadays my plan is just a LVM snapshot followed by creating a .tar.gz, which is trivial to extract on any system.
I mean, come on, this is just crazy: http://www.bacula.org/en/dev-manual/bacula-applications.png
Box backup seems better, although it's still got similar bootstrapping problems (restoring seems to involve first reinstalling Linux to the point where you can install the binaries and set up /etc/box...)
Riad wrote
the difficulty depends...
...on whether the client or server crashes. If I lose positron's boot drive (which acts as the server), then it's not trivial to get back to the point where I can restore stuff (though it is doable with a livecd with a small headache).
If I lose proton, no problem at all---I can masquerade as proton to positron from another machine (e.g., positron) as long as I keep a backup copy of /etc/box readily available (actually, all you _really_ need is the secret key that was uesd to encrypt the data (if you lose that you're just fucked), but then there is a little work to swap client keys out so the server actually lets you log in).
Also, because I'm lazy I am only actually backing up the "important" stuff on positron (/etc), not the whole boot drive (though I should really partimage the boot drive and keep that around to make it really easy to get back on my feet as quickly as possible).
post a comment:
|
|