On Sunday 2018-03-11 20:58:05 Maurizio Caloro wrote: > Hello together > > Please i have here a little problem, i need to Backup one machine that > are outside from me internal Network. > this machine are in the internet, and i don't know what are the best > way to run this Backup-task. > > i think for the application Bacula are this a easy thing, but what are > here the best way one SSH connection > to this server are enought?, and are Secure? i have also read that > exist the to do any connection with TLS > but for only one machine i see the configuration are hough. > > iam realy happy to discuss this here to become the right way, for setup > this backuptaskè > > thanks and beste regards
There are several ways this could be done. - bacula-dir connects to the client and bacula-sd and after that bacula-sd connects to the bacula-fd on the serve that needs to backed up. Something like this (from the Dealing with Firewalls doc. section): DIR -> SD:9103 DIR -> FD:9102 FD -> SD:9103 - Bacula 7.0.x brought new feature "SD Calls Client". In that case bacula-sd would connect to the client instead and might be of interest to you - There is also a way initiate backup from the client side in which case bacula-dir and bacula-sd would the same socket. I am not sure about that statement because I didn't test it. Also, I don't think this feature is available in community version of Bacula. Whatever path you chose it very important to protect it using TLS and that parts is very complex. You would need to create and use these certificates: # bacula-dir.conf: - Director: server certificate - Storage: client certificate - Client: client certificate # bacula-sd.conf - Storage: server certificate - Director: server certificate # bacula-fd.conf - Director: server certificate - FileDaemon: client certificate # bconsole.conf - Director: client certificate I would encourage you to use TLS although it's painfully slow and complex process. That's even more important because your packets will have to go through the internet. Apart from bacula, you might chose to create a tunnel between the backup and client server. In that case you could opt to use openvpn, ipsec or even ssh but I would turn to those only as a temporary solution. Regards! -- Josip Deanovic ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users