1 |
>> You're welcome. A pull system does rely on the server being secure, which |
2 |
>> is why I don't use it for offsite backups to the cloud :-O |
3 |
> |
4 |
> Wouldn't a push/pull combination be a good compromise? |
5 |
> |
6 |
> The remote servers push their backups to their own location on a staging |
7 |
> server. |
8 |
> The backup-storage server then pulls the backups from there. |
9 |
> |
10 |
> The staging can then be a VM with the real backups being moved onto |
11 |
> host-storage where the VM has no access to. |
12 |
> |
13 |
> This way, when the staging is compromised, only the latest backup can be |
14 |
> accessed. |
15 |
> When the remote server is compromised, only the latest backup can |
16 |
> potentially be overwritten. |
17 |
> But, the actual backups can not be accessed as the host will not have any |
18 |
> outgoing connectivity and when the backups are being pulled, the VM will |
19 |
> be stopped to allow access to the disk containing the backups. |
20 |
> |
21 |
> Following would be the steps: |
22 |
> 1) remote server(s) push backup to the VM |
23 |
> 2) host shuts down VM |
24 |
> 3) host mounts backup-store of VM locally |
25 |
> 4) host takes a backup of the "backup-store" |
26 |
> 5) host starts VM |
27 |
> |
28 |
> By using LVM snapshots, the downtime of the VM can be significantly reduced. |
29 |
> Additionally, the VM OS and software can be restored from a known-good |
30 |
> copy prior to each restart and the VM can be configured to only be running |
31 |
> during the backup-window of the remote systems. This would then |
32 |
> significantly reduce the window of opportunity for any security breach |
33 |
> attempts. |
34 |
|
35 |
I think I follow. :) Do you think that would be better than having |
36 |
the clients push to the backup server via rsync, then having the |
37 |
backup server update an rdiff-backup repository that the clients have |
38 |
no access to, then having another system pull from the backup server's |
39 |
rsynced data and create its own rdiff-backup repository? To me that |
40 |
seems like it would have the right combination of security, |
41 |
redundancy, and simplicity. |
42 |
|
43 |
- Grant |