Web lists-archives.com

Re: Guide(s?) to backup philosophies




On 03/17/2017 03:31 AM, Dan Purgert wrote:
David Christensen wrote:
On 03/13/2017 05:38 AM, Dan Purgert wrote:
Currently, the system here is

 - every PC has a cronjob backing up $HOME to a central "server" (read -
   repurposed PC with decent WD drives), just an rsync script that runs
   daily.

Don't forget security:

1.  With a "push" arrangement (e.g. each workstation backs up itself to
the server) -- if a workstation gets compromised, the backups are at risk.

2.  With a "pull" arrangement (e.g. the server backs up all the
workstations) -- if a workstation gets compromised, the backups should
be safe (and might have clues about the intrusion).  Additionally, the
backup server can be completely firewalled (e.g. no open ports).

I should clarify that:

    "The backup server can be firewalled with no incoming ports and
    outgoing ports limited to SSH and other required ports".


I still need to figure out the "other required outgoing ports". Suggestions and comments are welcome.


Since the PCs are laptops, they're not always here, so I was never able
to figure out how to get pull to work with the condition that we were on
vacation (or the laptops were otherwise "not home").

Though, yeah, the stuff that's statically here (desktop, server, etc.)
are rsync-by-pull.

I haven't dealt with the "roaming laptop on the Internet" use-case yet, but I do have a desire to solve it. My idea has been, and remains, for the backup server to poll for a "job file" on the laptop, and to execute it when found (once; idempotent). This implies a network connection between the backup server and the laptop. OpenVPN is a technology that might be able to facilitate this.


David