running reliable services

[Pierre Abbat]

On Saturday, April 05, 2014 17:24:33 Matthew Dillon wrote:
> My recommendation for a backup scheme is to have a dedicated on-site backup
> box and an off-site backup box.  Use a daily cpdup or rdist from the
> various machines to the local on-site backup box, and then mirror-stream
> from the on-site backup box to the off-site backup box.  Keep as many days
> worth of snapshots as possible on the on-site and off-site boxes.
> 
> For security reasons the rdist or cpdup operations should be initiated from
> the on-site backup box to access the various machines.  That is, the
> various servers should not have root access via ssh to the on-site backup
> box.  The onsite backup box needs to be the most secure box.

Why cpdup or rdist, rather than rsync?

Wouldn't it make more sense to mirror-stream from the web/mail/whatever server 
to the on-site backup (initiated by the on-site backup) so that it will always 
be up to date, and rsyncing the on-site to the off-site backup?

> Another way of doing it which reduces exposure to the on-site backup box is
> for the on-site backup box to NFS-mount all the servers and use something
> like cpdup locally for daily backups.
> 
> I generally wouldn't recommend a mirror-stream from the servers to the
> on-site backup box as that limits your OS and filesystem choices for the
> servers.  Whereas cpdup/rdist with or without NFS mounts is far more
> flexible.
> 
> You generally do NOT want to give users direct access (even via NFS mount)
> to the backup boxes.

Should the local backup box even have a publicly visible IP address? (I don't 
yet know if the local customers will have public IPv4 addresses.)

Pierre
-- 
La sal en el mar es más que en la sangre.
Le sel dans la mer est plus que dans le sang.