Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: beep! (encryption, multiplexing...)

2005-12-29 19:26:11
Subject: Re: beep! (encryption, multiplexing...)
From: Kevin Till <kevin.till AT zmanda DOT com>
To: paul.bijnens AT xplanation DOT com
Date: Thu, 29 Dec 2005 16:18:09 -0800 
Paddy Sreenivasan wrote:

On 12/29/05, Paul Bijnens <paul.bijnens AT xplanation DOT com> wrote:


Just because it's almost newyear, and I have seen The Light...
(or was that just an illusion?)

Some thoughts about the new proposed features, concerning:

- multiplexing the data streams, error stream, index stream, over
  one TCP connection (this would make passing firewalls and NAT
  so much easier and safer)



Yes. Multiplexing the data streams/error stream/index stream over one
connection is a good idea.  Kevin Till has done some investigation in
this area. I hope he will comment on this.


Hi Paul,
yes, multuplexing is a good idea. It not only makes amanda-firewall setup easier but also improves transport security with the stream based tcp protocol. I plan to first cleanup the port assignment issue. Currently, amanda will use *any* open port if port in the TCPPORTRANGE, UDPPORTRANGE is not available. I will look into the TCP multiplexing next. 



- encrypting the data stream between client and server (just being
  discussed in a separate thread on -users, hence CC there too)

Doesn't SSH support in 2.5.0 address this issue?



- stronger/alternative authentication (is that server really The One?
  Currently needing kerberos I believe, which most people do not
  even have!)

See above.
I agree with Paddy that ssh provides transport encryption and authentication. The only caveat is that the amanda binary needs to be installed at the same location in the server as well as in the client since server is running: 
/path/ssh -l <CLIENT_LOGIN> client.zmanda.com $libexecdir/amandad
to start the backup process.

Thanks!

--Kevin





What would people find of implementing BXXP as alternative
for the new generation Amanda server/client protocols?



2.5.0b1 has client/server communication abstracted out as an API called
secure API (http://wiki.zmanda.com/index.php/Secure_API). We should look at
enhancing this API instead of creating new API.

Paddy


See:  http://beepcore.org/

Disclaimer:

- I have just played around a little with the Net::BEEP::Lite
perl module, which does not even do the multiplexing, but the
C-implementation seems to be more complete (still labelled beta though
and no activity noted in the last 2 years).

- AFAIK there are not yet many REAL applications using the protocol.
Many other interesting projects seem dead too.
The C-library that is alive is:  http://vortex.aspl.es/
but even that one is far from finished.

Even if it isn't good enough, we can find idea's there too :-)


--
Thank you!
Kevin Till

Amanda documentation: http://wiki.zmanda.com
Amanda forums:        http://forums.zmanda.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: vtapes and runtapes > 1, Gene Heskett
Next by Date:  R: Illegal slot?, Montagni, Giovanni
Previous by Thread:  Re: beep! (encryption, multiplexing...), Todd Kover
Next by Thread:  Re: beep! (encryption, multiplexing...), Matt Hyclak
Indexes:  [Date] [Thread] [Top] [All Lists]