Re: [Bacula-users] client/server passwords

I made two tests yesterday. Full backup with TLS and without.

No TLS
Compression: LZO
Time: 07:56:38
Size: 653.04 GB
Files: 11,288,747
Speed: 23.38 MB/s
Compression: 0.21

TLS
Compression: LZO
Time: 09:31:08
Size: 653.04 GB
Files: 11,288,747
Speed: 19.51 MB/s
Compression: 0.21

Why difference is so big ~ 1,5 hours? Is it normal with tls enabled?

On Thu, May 7, 2015 at 10:14 AM, Craig Shiroma <shiroma.craig.2 AT gmail DOT com> wrote:

Thanks Bill! I appreciate the help and information. Looks like I have some reading to do.

-craig

On Wed, May 6, 2015 at 3:07 PM, Bill Arlofski <waa-bacula AT revpol DOT com> wrote:
On 05/05/2015 10:18 PM, Craig Shiroma wrote:
> Hi Romeo,
>
> Thanks! Just so I understand correctly...
> The bacula-fd running on the clients communicate with the bacula server using
> the password in client's bacula-fd.conf. This authentication on the "wire" is
> actually encrypted. Is this correct?
>
> -craig

Hi Craig,

Keep in mind that all of the actual backup data and other communications is
unencrypted unless TLS between daemons is configured in Bacula: DIR->SD,
DIR->FD, FD->SD, bconsole->DIR, (and SD->FD in the case of SD calls Client)

One simple method to encrypt communications between daemons is to use an
excellent open-source tool called "stunnel" (documented in the Bacula misc.pdf
manual)

Depending on your requirements, stunnel, a VPN (IPsec, OpenVPN or other), ssh
tunnels, or a full-blown TLS deployment are all possible options to secure
Bacula's daemon<-->daemon communications.

Some are more complex and time consuming to implement than others, but may be
more (verifiably) secure, so these considerations need to be a part of the
requirements discussion. :)

Bill

--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/
-- Not responsible for anything below this line --

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users