On Mon, 1 Jul 2013 05:29:58 -0700, Grant wrote: > > It's a lot more work and doesn't cover everything. One of the > > advantages of a pull system like BackupPC is that the only work > > needed on the client is adding the backuppc user's key to authorized > > keys. Everything else is done by the server. If the server cannot > > contact the client, or the connection is broken mid-backup, it tries > > again. It also gives a single point of configuration. If you want to > > change the backup plan fr all machines, you make one change on one > > computer. > > If you have a crazy number of machines to back up, I could see > sacrificing some security for convenience. Still I would think you > could use something like puppet to have the best of both worlds. I > have 5 machines and I think I can get it down to 3.
There is no sacrifice, you are running rsync as root on the client either way. Alternatively, you could run rsyncd on the client, which avoids the need for the server to be able to run an SSH session. > > It works well, save work and minimises disk space usage, especially > > with multiple similar clients. Preventing infiltration is simple as > > you don't need to open it to the Internet at all, the backup server > > can be completely stealthed and still do its job. > > Obviously the backup server has to be able to make outbound > connections in order to pull so I think you're saying it could drop > inbound connections, but then how could you talk to it? Do you mean a > local backup server? Yes, you talk to the server over the LAN, or a VPN. There need be no way of connecting to it from outside of your LAN. -- Neil Bothwick There's a fine line between fishing and standing on the shore looking like an idiot.
signature.asc
Description: PGP signature
