[ale] Bacula backup gathering?

Jim Kinney jkinney at jimkinney.us
Tue Feb 16 12:36:13 EST 2016 

I'm not 100% certain but I think bacula can do a pull with encrypted
storage.
My understanding is the manager says "back it up now" and the fd (file
daemon) proceeds to check what needs to be updated by comparing
modified dates with the last backup time.
Now the FD uses it's key to encrypt the file to be backed up and sends
the encrypted stream  to the SD plus the metadata to Dir for parking on
media and database.
There's also the way to simply encrypt all files at the storage end but
that way the receiving SD can "see" the file content.
On Tue, 2016-02-16 at 11:52 -0500, Derek Atkins wrote:
> Hi,
> 
> On Tue, February 16, 2016 11:01 am, DJ-Pfulio wrote:
> > On 02/16/2016 10:23 AM, Derek Atkins wrote:
> > > DJ-Pfulio <djpfulio at jdpfu.com> writes:
> > > 
> > > > Best, easier, how-to:
> > > > https://www.kirya.net/articles/backups-using-rdiff-backup/ Use
> > > > the
> > > > "pull" method for greater security.
> > > 
> > > Only concern with rdiff-backup is the inability to encrypt the
> > > backups
> > > (Data at Rest encryption).
> > > 
> > 
> > Excellent point.  encfs solves it.  Small tools that do one job
> > well?
> > Sure, it
> > is another step and some people don't like more steps. Nothing
> > wrong with
> > that
> > at all, provided it all works correctly.
> 
> Well, it does mean it's no longer a "pull" method; I would need to
> convert
> this to a "push" model in order to "push" the backup through
> encfs.  I
> suppose I could do this by having a dedicated backup server that is
> different than the backup storage.  It could use something like NFS
> (wth
> encfs layered over it) to the storage server, and then it could
> rdiff-backup "pull" from the target servers and store it into the
> encfs/NFS storage.
> 
> Considering my storage server is FreeNAS, I dont think I can use it
> as the
> rdiff-backup pull server.
> 
> I wonder how much RAM/CPU would be required for this?  I wonder if I
> could
> use a low-power ARM board?
> 
> > I thought that most enterprise tape drives had HW encryption built
> > in?
> 
> I'm not using tape, myself, so this is mostly irrelevant.
> 
> > We're all looking for "the best" backup tool for our personal
> > values of
> > "the
> > best." The search continues?
> 
> Yep.  It does.
> 
> -derek
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160216/7cc9d526/attachment.html>

More information about the Ale mailing list