Backup solution suggestions

Jeremy Chadwick koitsu at FreeBSD.org
Tue Jan 15 04:44:06 PST 2008


On Tue, Jan 15, 2008 at 12:40:02PM +0100, Vladimir Botka wrote:
> Dne Tue, 15 Jan 2008 10:52:56 +0100
> Johan Ström <johan at stromnet.se> napsal(a):
> 
> > Hello
> > 
> > I'm looking to invest in some new hardware for backup. probably some  
> > kind of NAS (a 4-disk 1U NAS or something in that size). The thing
> > is that I won't be the only one with access to this box, thus I
> > would like to secure my data.
> > What I would like is encryption both for the transfer to the box,
> > and encrypted on disk. The data on disk should not be readable by
> > anyone but me (ie the other user(s) of the box should not be able to
> > read it, at least not without a big effort).
> > 
> > So, I'm wondering what the best solution might be.. Tar'balling all  
> > my stuff and encrypt it with GPG or something and just dump it there  
> > with NFS would be the easiest solution, but maybe not the best. I've  
> > been thinking about running a GELI image on my box, and store that
> > on the NAS over NFS.. would that be doable/secure/stable?
> > Another idea would be to go with some regular 1U box running some  
> > FBSD, doing scp to the box and geli local on the box but that would  
> > require me to have the encryption keys on that box (which would be  
> > shared so thus no good idea).
> > 
> > Any other ideas? Being able to rsync to the backup storage instead
> > of just sending big encrypted tarballs would be very nice (and I
> > guess that would be possible with geli version)
> > 
> > Maybe not the perfect list for this, but it is somewhat freebsd  
> > specific and I'm sure some other ppl on the list have had simliar  
> > situations :)
> > 
> > --
> > Johan Ström
> > Stromnet
> > johan at stromnet.se
> > http://www.stromnet.se/
> > 
> 
> Hello,
> 
> As of the encryption on the transfer I use security/sfs to mount remote
> directory for backup and then rsync in the local.

I thought SFS looked pretty neat until I saw this in the documentation:

  Finally, you must export all the local-directorys in your sfsrwsd_config
  to localhost via NFS version 3.

See my mail to Johan, as it documents a known "issue" with
nfsd/mountd/portmap on FreeBSD (re: binding to INADDR_ANY and using
dynamically-allocated port numbers).  This circles back to my "if you
HAVE to use NFS, do so on a dedicated network which has no public
access" statement.

-- 
| Jeremy Chadwick                                    jdc at parodius.com |
| Parodius Networking                           http://www.parodius.com/ |
| UNIX Systems Administrator                      Mountain View, CA, USA |
| Making life hard for others since 1977.                  PGP: 4BD6C0CB |



More information about the freebsd-stable mailing list