Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Raid5 box & backup
- Date: Sun, 25 May 2008 18:47:01 +0900
- From: bruno raoult <bruno@example.com>
- Subject: Re: [tlug] Raid5 box & backup
- References: <48389DF4.4050200@raoult.com> <20080525040521.GK4030@lucky.cynic.net>
- User-agent: Thunderbird 2.0.0.14 (X11/20080502)
Thanks Curt, Curt Sampson wrote: > The first thing you need to ask yourself is, is this for the purposes > of back-up, or do you need to use either or both (local and remote) of > these as file systems. Normally, these filesystems should never be accessed remotely (except of course in case of failure). Even if there were a need of access, it would be mainly to rebuild the original disk. But to answer more exactly to your question: Yes, the remote access is necessary as a file system, before the rebuilt, which could take weeks... > If it's just for backup, you should probably do what we do at Starling: > give everyone their own machine with an appropriately encrypted disk, > use a backup script that encrypts the data (we use PGP) before it leaves > the box and sends it to the local backup server, and then just rsync the > local and remote servers. Good idea, but my plan was to use the disk "as-is", on a day to day basis. Using it as a "encrypted buffer" before replication is not really the target... > Failing that, for filesystem access probably the most reasonable way > to deal with it is to use one of the drivers that exports what's > essentially a raw set of blocks across the network, such as iSCSI or > ATA-over-ethernet, and have your personal host place an encrypted > file system on that. But then you have to deal with the issue of > replicating it, which can probably be done with rsync if you replicate > unidirectionally, but likely can't be done at all bidirectionally. If replication is based on files/directories (instead of filesystem), I think the direction does not matter any more, does it? > You also want to figure out what level of security you really need here. > As usual when rolling your own system, it's easy to mess up and be a lot > more inscecure than you'd hoped. If you don't want folks in France to > have access to you data because, say, you're intending to keep client > data on there and you'd be facing civil or criminal liability should > something happen, you'll want to get your system reviewed by an expert. Hummm... Security is mandatory, obviously. I could have all my passwords somewhere in a file for instance. But I don't need more security than I have today (my important files are encrypted - I just want a whole tree to go the same way, without special intervention to access it). Regards, Bruno.
Attachment:
signature.asc
Description: OpenPGP digital signature
- References:
- [tlug] Raid5 box & backup
- From: bruno raoult
- Re: [tlug] Raid5 box & backup
- From: Curt Sampson
- [tlug] Raid5 box & backup
- Prev by Date: Re: [tlug] Raid5 box & backup
- Next by Date: Re: [tlug] Raid5 box & backup
- Previous by thread: Re: [tlug] Raid5 box & backup
- Next by thread: Re: [tlug] Raid5 box & backup
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |