Backup solution suggestions
Jeremy Chadwick
koitsu at FreeBSD.org
Tue Jan 15 04:44:06 PST 2008
On Tue, Jan 15, 2008 at 12:40:02PM +0100, Vladimir Botka wrote:
> Dne Tue, 15 Jan 2008 10:52:56 +0100
> Johan Ström <johan at stromnet.se> napsal(a):
>
> > Hello
> >
> > I'm looking to invest in some new hardware for backup. probably some
> > kind of NAS (a 4-disk 1U NAS or something in that size). The thing
> > is that I won't be the only one with access to this box, thus I
> > would like to secure my data.
> > What I would like is encryption both for the transfer to the box,
> > and encrypted on disk. The data on disk should not be readable by
> > anyone but me (ie the other user(s) of the box should not be able to
> > read it, at least not without a big effort).
> >
> > So, I'm wondering what the best solution might be.. Tar'balling all
> > my stuff and encrypt it with GPG or something and just dump it there
> > with NFS would be the easiest solution, but maybe not the best. I've
> > been thinking about running a GELI image on my box, and store that
> > on the NAS over NFS.. would that be doable/secure/stable?
> > Another idea would be to go with some regular 1U box running some
> > FBSD, doing scp to the box and geli local on the box but that would
> > require me to have the encryption keys on that box (which would be
> > shared so thus no good idea).
> >
> > Any other ideas? Being able to rsync to the backup storage instead
> > of just sending big encrypted tarballs would be very nice (and I
> > guess that would be possible with geli version)
> >
> > Maybe not the perfect list for this, but it is somewhat freebsd
> > specific and I'm sure some other ppl on the list have had simliar
> > situations :)
> >
> > --
> > Johan Ström
> > Stromnet
> > johan at stromnet.se
> > http://www.stromnet.se/
> >
>
> Hello,
>
> As of the encryption on the transfer I use security/sfs to mount remote
> directory for backup and then rsync in the local.
I thought SFS looked pretty neat until I saw this in the documentation:
Finally, you must export all the local-directorys in your sfsrwsd_config
to localhost via NFS version 3.
See my mail to Johan, as it documents a known "issue" with
nfsd/mountd/portmap on FreeBSD (re: binding to INADDR_ANY and using
dynamically-allocated port numbers). This circles back to my "if you
HAVE to use NFS, do so on a dedicated network which has no public
access" statement.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-stable
mailing list