> On May 23, 2017, at 6:53 AM, Chris Ferebee <[email protected]> wrote: > > Hi all, > > znapzend is wonderful for snapshots and backups. > > However, for backups of internet-facing zones, I would prefer a "pull" rather > than "push" configuration, such that the backup host initiates the connection > to the live host, rather than the other way around. That way, the backup host > can sit securely behind a NAT firewall, and the live host doesn’t need to > have ssh keys etc. giving access to the backup host.
There are, literally, hundreds of ZFS send/receive wrappers and agents running around the internet. The vast majority are push model, but as you note, the pull model is superior for scale and is much easier to write. Why? Because at the end of the day the send/receive is a one-liner. But to make it work with all of the possible exceptions, you end up with hundreds of lines of code. Since most of the failure modes occur on the receiving side, it becomes quite tedious to build a viable push model. For the pull model, you can deal with the local issues prior to calling send/receive making it much easier to manage. zetaback is one such implementation. https://github.com/omniti-labs/zetaback <https://github.com/omniti-labs/zetaback> — richard > > This just seems more secure on general principles considering ransomware and > other threats. > > I don’t see how to implement something along these lines easily with > znapzend. Is there an alternative that would support this type of > configuration? > > Chris > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
