Re: [Bacula-users] Bacula to the Cloud

Am 02.03.2010 22:56, schrieb Peter Zenge:

Hello, 2 year Bacula user but first-time poster. I’m currently dumping about 1.6TB to LTO2 tapes every week and I’m looking to migrate to a new storage medium.

The obvious answer, I think, is a direct-attached disk array (which I would be able to put in a remote gigabit-attached datacenter before too long). However, I’m wondering if anyone is currently doing large (or what seem to me to be large) backups to the cloud in some way? Assuming I have a gigabit connection to the Internet from my datacenter, I’m wondering how feasible it would be to either use something like Amazon S3 with s3fs (I’m guessing way too much overhead to be efficient), or a bacula-SD implementation on an EC2 node, using Elastic Block Store (EBS) as “local” disk, and VPN (Amazon VPC) between my datacenter and the SD.

Substitute your favorite cloud provider for Amazon above; I don’t use any right now so not tied to any particular provider. It just seems like Amazon has all the necessary pieces today.

To do this, and keep customers comfortable with the idea of data in the cloud, we would need to encrypt, so I’m also wondering if it would be possible for the SD to encrypt the backup volume, rather than the FD encrypt the data before sending it to SD (which is what we do now)? Easier to manage if we just handled encryption in one place for all clients.

I would love to hear what other people are either doing with Bacula and the cloud, or why you have decided not to.

Thanks

Peter Zenge

Pzenge .at. ilinc .dot. com

Sending unencrypted data to the SD for encryption would be OK for doing tape based backups where you do not want to lose the tapes. I would suggest not sending your unencrypted backup data to someone else and trusting the receiving system to encrypt it before someone reads it from RAM.

Depending on your needs it might be OK to do that, but AFAIK bacula does not support this mode (yet?). AFAIK you have the options of transport encryption (for the connection and data between the systems) and data encryption (for the data leaving the system, with the receiving SD not having the key to do a restore by itself).

I personally use transport and data encryption for saving data to offsite SDs in "untrusted", meaning not directly accessible, datacenters. If this takes too much CPU time for the 2x encryption you *MIGHT* want to try data encryption with transport encryption but dropping the transport encryption after authentication.. i am not sure about this though, since metadata can be read from the encrypted data and control structures are sent via this line i would also not suggest doing this.

Using data encryption with bacula, imho especially with windows, is a pain because of all the certificate management, but for me it is a requirement.

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users