Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Who uses amanda?

2003-03-12 10:01:45
Subject: Re: Who uses amanda?
From: Greg Troxel <gdt AT ir.bbn DOT com>
To: "Dr. David Kirkby" <davek AT medphys.ucl.ac DOT uk>
Date: 12 Mar 2003 08:22:34 -0500 
For your home machine, amanda still makes sense.  It can schedule
full dumps of partitions over multiple nights, etc. and do the
bookkeeping of what is on what tape.  I know several people that run
amanda at home.

My department has ~30 employees.  We run 2 amanda setups onto DDS3 and
1 onto DDS2, and back up around 130 GB total (one has 93 GB of that).
They are not separate because one couldn't handle it, but for
administrative reasons I don't want to go into.  Absent the
administrative reasons, we'd probably have everything on one setup and
I'm confident it would work fine.

The servers are desktop PCs running NetBSD with SCSI cards and DDS3
tape drives.  A no longer loved sparc 20 with NetBSD is a decent
choice for smaller setups; there is one such setup at MIT backing up
about 6 machines.  For 100 people you probably want DLT, and maybe a
changer.  (Assume 400 GB, divide by perhaps 10 for a tape cycle with
30 tapes and full dumps every 10 runs, and an 80 GB native tape should
be fine for a while.  Remember that you need to buy 2 to have a
backup...)  I've seen what commercial backup support is like, and the
free support or some sysadmin time in your organization is probably as
good a bet.  My experience is that support people learn amanda faster
than commercial backups, and between self help and mailinglist both
have fewer problems and solve them faster than commercial backup
software.

Many others on the list run bigger setups, including with tape
changers.  Your size of 100 users is not 'large' in terms of existing
amanda practice.

Points to consider when choosing a backup system:

Amanda puts backups on tape in a way that can be read with standard
tools (dd, gunzip, restore, tar) by anybody with basic sysadmin clue.
You do not need amanda or proprietary tools.  Ask how bits can be
gotten back with any prospective system.  Ask if there is license
managment software that must work to get bits back.

Amanda self-schedules full dumps to fit.  The administrative burden is
_very_ low.  I am a researcher not a sysadmin, and run a 36 GB total
setup.  Most days I spend 1 minute glancing at the report, typing 'mt
offline' and putting in the next tape.  Even with this, I am confident
that all the bits are on tape if the report has no exception items.

I have seen a commercial system for MS Windows completely fail to
achieve its mission when indices were only on RAID sets and not on
tape (multiple disk failures occurred).  Amanda puts the bits on tape,
and you can read them back with any other computer and a tape drive,
even if you don't have the indices.  You may have to scan 20 tapes,
but that's a good situation to be in after a catastrophic failure,
really.

The importance of backups should lead to a regular program of randomly
selected test restores to do QA.  We have had a 100% success rate for
getting bits back when we needed them (several times since 1995 or so,
both disk failure and mistaken rm).  Our real only issue was a tape
drive that wrote bits wrong, and we read the entire tape back once a
week with amverify to ensure that the tape drive works.  I consider
amanda as reliable as anything commercial, and really even more so.

to be fair:

Amanda's big weakness is in making multiple tapes for offsite storage.
This can be done by various ways discussed on the list, none of which
are particularly pretty.  One is just to do a tape-tape copy after the
dump, and ship one of them offsite.  I gather than some commercial
programs have explicit support for this.

The other downside is that amanda doesn't have integrated Oracle
support, etc.  If you have postgres and do pg_dump to a file, that
seems to work fine.

Amanda security is a bit weak.  Kerberos is not really supported, even
though the code is sort of there.  The 'bsd style' authentication is
bogus (IP address check).  But although I say this, every commercial
package I've examined in detail has been worse.

Good questions to ask are whether there is strong authentication and
confidentiality of the data stream, both authenticating the server to
the client to authorize the request to send the bits (most important),
and the client to the server to ensure that the right bits are on
tape.  And, the bits should be encrypted in transit.  Amanda/kerberos
can do this, and I'm running it, but it's not trivial.  One could use
IPsec, too, although that may require minor wizardry.

        Greg Troxel <gdt AT ir.bbn DOT com>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Who uses amanda?, Matt Hyclak
Next by Date:  Re: dump largee than tape, Konrad Dienst
Previous by Thread:  Re: Who uses amanda?, Matt Hyclak
Next by Thread:  Re: Who uses amanda?, Gerhard den Hollander
Indexes:  [Date] [Thread] [Top] [All Lists]