[Box Backup] Backup the backup
Tue, 31 Oct 2006 20:42:55 +0000
On 31 Oct 2006, at 20:12, Chris Wilson wrote:
> Hi Simon,
>>> If I've understood the archives right the solution is to rsync
>>> over the whole structure from the primary machine to an
>>> secondary/backup machine and _when_ the primary dies copy
>>> everything to a new machine, install box backup and restore the
>>> keys. Check and fix the accounts (if we have rsynced when
>>> someone is doing their backup for an example) and we're all set.
>>> Have I missed something?
> I think that's right.
>>> I am in need of a solution where I can have one primary
>>> backupserver located at the companys LAN for fast backups. But
>>> then I need to transfer that the primarybackup to an secondary
>>> backupserver which also is functional (i.e. clients can backup
>>> to both the secondary and primary backupservers).
> I would be careful about the last part, "clients can backup to both
> the secondary and primary backupservers." If you mean that clients
> could switch to using the secondary server using the same key, and
> make successful backups, then it is possible, as long as you:
> * maintain unique account numbers across all servers;
> * merge the accounts.txt files on the secondary server; and
> * use the same CA to sign each server's key (and the secondary).
> The last part is a little insecure. Any of your customers could set
> up an impostor for another company's server, but they'd still have
> to persuade clients at the other company to connect to their server
> instead of yours.
Are you sure? Clients and servers use different CAs, so you can't use
a client cert to pretend to be a server. I don't see how two servers
makes any difference anyway.
>>> And no, overwritten backups is not an issue. My clients don't to
>>> their backups more than once a week at tops, most do it once a
>>> month. And from the primary backupserver I am rsyncing over
>>> everything each night. And I _always_ restore from secondary
> Unless client A (which normally backs up to server B) backs up to
> the secondary server S one day, and then rsync from B overwrites
> the newly backed-up data on S.
Cached data on the client could be a problem. It's not necessarily
going to detect it's using a different server.
>>> Since I have a few companies to setup this on how do you suggest
>>> using keys? I mean, sure I *could* use the same key for
>>> everything. but that's not secure *at all*.
> I would configure the keys as above. All clients with unique keys,
> all servers with unique keys, all signed by the same CA.
No. Same CA pair, as created by the bbstore-certs utility.
>>> If I were to use seperate keys I would need to use one bbstored
>>> for each company/key, right?
The authentication model is designed to have many clients using the
same server, and each client is completely independent. So you can
quite happily give out accounts on the same server to people, and
they won't be able to log in to any other account than that which
their certificate permits.