Backup solution suggestions
Toomas Aas
toomas.aas at raad.tartu.ee
Wed Jan 16 10:03:06 PST 2008
Johan Ström wrote:
> My main problem with existing solutions is this "gap" of encryption on
> the backup server side. I dont want it to be readable outside of my box
> (without encryption keys ofcourse), so as soon as I send it of from my
> box I want it to be encrypted over the link, and down on the disk. Not
> decrypted on the remote box, to then be encrypted again (with keys
> available on that box) and then stored to disk. That would allow any
> users of that box (yes sure you can have file permissions but lets
> assume someone else have root access there) to read my files.
>
> Simple Example:
>
> I create regular tarball (gziped maybee) with some files i want to
> backup, Then i encrypt this file with ie gpg. Then i send of this file
> using some unspecified network protocol to the storage server.
> Encrypted all the way, from my end to the remote disk..
> The downside is that it is a static file.. not a "dynamic filesystem",
> nothing I can mount and have easy access to individual files from.
> *Thats* what I'm looking for.
As a long-time user of Amanda and regular lurker on their mailing list,
I've noticed that latest versions of Amanda have encryption capabilities.
They seem to fit your needs in that encryption can be performed entirely
on the backup client ("your box") side if one opts to set things up that way.
I haven't used encryption with Amanda myself so this is just what I've
heard on the list and read from the wiki just now:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
As for the ease of restore, it's not quite *that* easy, i.e. you can't
just transparently mount the backup as a filesystem and copy files from
there. Amanda has a command-line-ftp-like recovery interface, where you
can specify which files/subdirectories and from which date you want
recovered. It's been easy enough for me.
--
Toomas Aas
... Boy, that lightning came a little clo-********!!*******NO CARRIER
More information about the freebsd-stable
mailing list