On Sunday 2018-03-11 20:58:05 Maurizio Caloro wrote:
> Hello together
> Please i have here a little problem, i need to Backup one machine that 
> are outside from me internal Network.
> this machine are in the internet, and i don't know what are the best
> way  to run this Backup-task.
> i think for the application Bacula are this a easy thing, but what are 
> here the best way one SSH connection
> to this server are enought?, and are Secure? i have also read that
> exist  the to do any connection with TLS
> but for only one machine i see the configuration are hough.
> iam realy happy to discuss this here to become the right way, for setup 
> this backuptaskè
> thanks and beste regards

There are several ways this could be done.
- bacula-dir connects to the client and bacula-sd and after that
  bacula-sd connects to the bacula-fd on the serve that needs to
  backed up.
  Something like this (from the Dealing with Firewalls doc. section):
    DIR     -> SD:9103
    DIR     -> FD:9102
    FD      -> SD:9103
- Bacula 7.0.x brought new feature "SD Calls Client".
  In that case bacula-sd would connect to the client instead and might
  be of interest to you
- There is also a way initiate backup from the client side in which
  case bacula-dir and bacula-sd would the same socket. I am not sure
  about that statement because I didn't test it. Also, I don't think
  this feature is available in community version of Bacula.

Whatever path you chose it very important to protect it using TLS
and that parts is very complex. You would need to create and use
these certificates:
# bacula-dir.conf:
        - Director: server certificate
        - Storage: client certificate
        - Client: client certificate
# bacula-sd.conf
        - Storage: server certificate
        - Director: server certificate
# bacula-fd.conf
        - Director: server certificate
        - FileDaemon: client certificate
# bconsole.conf
        - Director: client certificate

I would encourage you to use TLS although it's painfully slow and
complex process. That's even more important because your packets
will have to go through the internet.

Apart from bacula, you might chose to create a tunnel between the
backup and client server. In that case you could opt to use openvpn,
ipsec or even ssh but I would turn to those only as a temporary solution.


Josip Deanovic

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Bacula-users mailing list

Reply via email to