1 |
On Mon, 1 Jul 2013 05:29:58 -0700, Grant wrote: |
2 |
|
3 |
> > It's a lot more work and doesn't cover everything. One of the |
4 |
> > advantages of a pull system like BackupPC is that the only work |
5 |
> > needed on the client is adding the backuppc user's key to authorized |
6 |
> > keys. Everything else is done by the server. If the server cannot |
7 |
> > contact the client, or the connection is broken mid-backup, it tries |
8 |
> > again. It also gives a single point of configuration. If you want to |
9 |
> > change the backup plan fr all machines, you make one change on one |
10 |
> > computer. |
11 |
> |
12 |
> If you have a crazy number of machines to back up, I could see |
13 |
> sacrificing some security for convenience. Still I would think you |
14 |
> could use something like puppet to have the best of both worlds. I |
15 |
> have 5 machines and I think I can get it down to 3. |
16 |
|
17 |
There is no sacrifice, you are running rsync as root on the client |
18 |
either way. Alternatively, you could run rsyncd on the client, which |
19 |
avoids the need for the server to be able to run an SSH session. |
20 |
|
21 |
> > It works well, save work and minimises disk space usage, especially |
22 |
> > with multiple similar clients. Preventing infiltration is simple as |
23 |
> > you don't need to open it to the Internet at all, the backup server |
24 |
> > can be completely stealthed and still do its job. |
25 |
> |
26 |
> Obviously the backup server has to be able to make outbound |
27 |
> connections in order to pull so I think you're saying it could drop |
28 |
> inbound connections, but then how could you talk to it? Do you mean a |
29 |
> local backup server? |
30 |
|
31 |
Yes, you talk to the server over the LAN, or a VPN. There need be no way |
32 |
of connecting to it from outside of your LAN. |
33 |
|
34 |
|
35 |
-- |
36 |
Neil Bothwick |
37 |
|
38 |
There's a fine line between fishing and standing on the shore looking |
39 |
like an idiot. |