running reliable services

Pierre Abbat phma at
Sat Apr 5 21:04:48 PDT 2014

On Saturday, April 05, 2014 17:24:33 Matthew Dillon wrote:
> My recommendation for a backup scheme is to have a dedicated on-site backup
> box and an off-site backup box.  Use a daily cpdup or rdist from the
> various machines to the local on-site backup box, and then mirror-stream
> from the on-site backup box to the off-site backup box.  Keep as many days
> worth of snapshots as possible on the on-site and off-site boxes.
> For security reasons the rdist or cpdup operations should be initiated from
> the on-site backup box to access the various machines.  That is, the
> various servers should not have root access via ssh to the on-site backup
> box.  The onsite backup box needs to be the most secure box.

Why cpdup or rdist, rather than rsync?

Wouldn't it make more sense to mirror-stream from the web/mail/whatever server 
to the on-site backup (initiated by the on-site backup) so that it will always 
be up to date, and rsyncing the on-site to the off-site backup?

> Another way of doing it which reduces exposure to the on-site backup box is
> for the on-site backup box to NFS-mount all the servers and use something
> like cpdup locally for daily backups.
> I generally wouldn't recommend a mirror-stream from the servers to the
> on-site backup box as that limits your OS and filesystem choices for the
> servers.  Whereas cpdup/rdist with or without NFS mounts is far more
> flexible.
> You generally do NOT want to give users direct access (even via NFS mount)
> to the backup boxes.

Should the local backup box even have a publicly visible IP address? (I don't 
yet know if the local customers will have public IPv4 addresses.)

La sal en el mar es más que en la sangre.
Le sel dans la mer est plus que dans le sang.

More information about the Users mailing list