In case of multi-location setup you need to think about ways of limiting
access and connection direction.
I have a "reverse" setup - I needed passive clients so I can initiate
connections from director/sd _to_ fd. You might need the opposite, as I
see, so it's pretty standard.
There is _always_ a risk when you're putting something open to the
internet so if you want to limit your exposure, think about filtering
the traffic on the network/OS level (limiting access to bareos ports
only to specific addreses) and of course you can always think about
setting up a VPN between your locations.
On 24.09.2021 09:25, Florian Panzer - PLUSTECH GmbH wrote:
We're runnig this setup (public director + client initiated fd
connections) with overall success.
No problems so far - apart from the usual* ;)
I'm sure nobody will gurarantee that there are no security flaws -
there most like are.
*) bareos-dir crashing on typo in config followed by reload
*) bareos-dir crashing because it's tuesday
Florian Panzer
-----------------------------------
PLUSTECH GmbH
Jäckstraße 35
96052 Bamberg
Telefon: +49 951 299 09 716
https://plustech.de/
Geschäftsführung: Florian Panzer
Amtsgericht Bamberg - HRB 9680
-----------------------------------
Am 24.09.21 um 02:51 schrieb Alexandre Denault:
Hi,
I’m working on a somewhat complicated Bareos setup and it would be
must simpler/easier to host the Bareos Director over the Internet.
Combined with Active Storage and File clients, it would simplify my
multisite setup greatly.
That said, is the Bareos Director robust enough to be hosted over the
Intenet? Is it secure? I would assure that any client without a
private key recognized by the Director would not be able to interact
with it.
Thanks,
Alex
--
You received this message because you are subscribed to the Google
Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/bareos-users/08188095-4800-413c-88b7-ccc66bc57bacn%40googlegroups.com
<https://groups.google.com/d/msgid/bareos-users/08188095-4800-413c-88b7-ccc66bc57bacn%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/bareos-users/4847a7d9-edf1-fb2e-be89-57b73be58bbc%40plustech.de
<https://groups.google.com/d/msgid/bareos-users/4847a7d9-edf1-fb2e-be89-57b73be58bbc%40plustech.de?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/bareos-users/02211794-f8b3-6c7e-17fc-28e38f377bb4%40gmail.com.
