On Saturday, April 05, 2014 17:24:33 Matthew Dillon wrote: > My recommendation for a backup scheme is to have a dedicated on-site backup > box and an off-site backup box. Use a daily cpdup or rdist from the > various machines to the local on-site backup box, and then mirror-stream > from the on-site backup box to the off-site backup box. Keep as many days > worth of snapshots as possible on the on-site and off-site boxes. > > For security reasons the rdist or cpdup operations should be initiated from > the on-site backup box to access the various machines. That is, the > various servers should not have root access via ssh to the on-site backup > box. The onsite backup box needs to be the most secure box.
Why cpdup or rdist, rather than rsync? Wouldn't it make more sense to mirror-stream from the web/mail/whatever server to the on-site backup (initiated by the on-site backup) so that it will always be up to date, and rsyncing the on-site to the off-site backup? > Another way of doing it which reduces exposure to the on-site backup box is > for the on-site backup box to NFS-mount all the servers and use something > like cpdup locally for daily backups. > > I generally wouldn't recommend a mirror-stream from the servers to the > on-site backup box as that limits your OS and filesystem choices for the > servers. Whereas cpdup/rdist with or without NFS mounts is far more > flexible. > > You generally do NOT want to give users direct access (even via NFS mount) > to the backup boxes. Should the local backup box even have a publicly visible IP address? (I don't yet know if the local customers will have public IPv4 addresses.) Pierre -- La sal en el mar es más que en la sangre. Le sel dans la mer est plus que dans le sang.
