[Box Backup] Backup the backup

Ben Summers boxbackup@fluffy.co.uk
Tue, 31 Oct 2006 20:42:55 +0000 

On 31 Oct 2006, at 20:12, Chris Wilson wrote:

> Hi Simon,
>
>>>  If I've understood the archives right the solution is to rsync  
>>> over  the whole structure from the primary machine to an  
>>> secondary/backup  machine and _when_ the primary dies copy  
>>> everything to a new machine,  install box backup and restore the  
>>> keys. Check and fix the accounts  (if we have rsynced when  
>>> someone is doing their backup for an example)  and we're all set.  
>>> Have I missed something?
>
> I think that's right.
>
>>>  I am in need of a solution where I can have one primary  
>>> backupserver  located at the companys LAN for fast backups. But  
>>> then I need to  transfer that the primarybackup to an secondary  
>>> backupserver which  also is functional (i.e. clients can backup  
>>> to both the secondary and  primary backupservers).
>
> I would be careful about the last part, "clients can backup to both  
> the secondary and primary backupservers." If you mean that clients  
> could switch to using the secondary server using the same key, and  
> make successful backups, then it is possible, as long as you:
>
> * maintain unique account numbers across all servers;
> * merge the accounts.txt files on the secondary server; and
> * use the same CA to sign each server's key (and the secondary).
>
> The last part is a little insecure. Any of your customers could set  
> up an impostor for another company's server, but they'd still have  
> to persuade clients at the other company to connect to their server  
> instead of yours.

Are you sure? Clients and servers use different CAs, so you can't use  
a client cert to pretend to be a server. I don't see how two servers  
makes any difference anyway.


>
>>>  And no, overwritten backups is not an issue. My clients don't to  
>>> their  backups more than once a week at tops, most do it once a  
>>> month. And  from the primary backupserver I am rsyncing over  
>>> everything each  night. And I _always_ restore from secondary  
>>> backup.
>
> Unless client A (which normally backs up to server B) backs up to  
> the secondary server S one day, and then rsync from B overwrites  
> the newly backed-up data on S.

Cached data on the client could be a problem. It's not necessarily  
going to detect it's using a different server.

>
>>>  Since I have a few companies to setup this on how do you suggest  
>>> using  keys? I mean, sure I *could* use the same key for  
>>> everything. but  that's not secure *at all*.
>
> I would configure the keys as above. All clients with unique keys,  
> all servers with unique keys, all signed by the same CA.

No. Same CA pair, as created by the bbstore-certs utility.

>
>>>  If I were to use seperate keys I would need to use one bbstored  
>>> for  each company/key, right?

The authentication model is designed to have many clients using the  
same server, and each client is completely independent. So you can  
quite happily give out accounts on the same server to people, and  
they won't be able to log in to any other account than that which  
their certificate permits.

Ben