Re: [tlug] Raid5 box & backup

[bruno raoult <bruno@example.com>]

Hi Edmund (I hope this is your firstname, sorry if it not the case!)

Edmund Edgar wrote:
> By default these things are running a Linux kernel with plenty of the
> standard tools (SSH, rsync, etc), but they're locked down to stop you
> getting in. They're setup to let you use them over Samba, and have a GUI
> you're supposed to use to administer them. It might just be possible to do
> what you need without hacking it - I'm imagining something like this:
> 
> [...]

My plan was more to completely change the file system and share
protocol. I use Linux, my wife MacOS, and the remote computers are MacOS
also. If there is a chance to avoid any Windows dependency, that would
be perfect. But, as you say, this means some hacks that I should
probably try to avoid...
As you know these boxes, do you think an ext3 filesystem is something
possible without too much issues?

> - Use the TeraStation's built-in backup system to sync the two boxes. IIRC
> they have a built-in method to sync themselves to another Terastation.
> (Under the hood I think they're using rsync over SSH). I think it would be
> possible to split the disk array into two and tell the TeraStation to sync
> half in one direction (Tokyo->Brittany) and the other in the other direction
> (Brittany->Tokyo).

This is the idea, but I would prefer a known replication system instead
of the built-in one (for instance, I would like to change one of the
arrays one day, which could be a different brand).

> - Security-wise it's a bit troubling to put these things on the open
> internet (since they're effectively just Linux boxes, and people are
> succeeding in hacking into them even without messing with the hardware).
> This isn't quite as bad as it might be as your data should (I think) not be
> decryptable even if the boxes do get hacked. But someone could still delete
> the data at both ends, or do other nefarious things having used the
> TeraStation to get into your network. The obvious thing would be to firewall
> the boxes off so that they can only see each other, but that may also be
> hard if you're dealing with dynamic IP addresses.

Good point, but this should be fine. As I don't need real-time
replication, I can imagine some ways to exchange the addresses on a
daily basis for instance.

> Of course, all kinds of things are possible if you hack the box, which might
> be easy but might also turn out to be hard if the firmware version you end
> up with hasn't yet been cracked by some helpful person. (After looking into
> this I decided not to risk bricking my client's TeraStation by messing with
> the firmware - although I might take another look and see if Buffalo used
> Debian to generate their SSH keys...)

I think I would like to "hack" (ie: having it working independently for
the backup). It means at least crontabs working, even during my
holidays, when my computers are sleeping.

> Hope that helps.

It did, for sure! Thanks again for your answer.

Bruno.

Attachment: signature.asc
Description: OpenPGP digital signature