Am 20.11.2010 um 19:30 schrieb MrBilly:
> I have the job of setting up a replacement fileserver which will
> hold very sensitive data. I intend using CentOS, with encrypted /
> tmp, /swap and /home (where all the files will be stored). Bacula
> will be used for backups, backing up onto LTO-3 tapes. In order to
> maintain security of data, I'd like to use encrypted backups. That
> way if any storage media whatsoever leave the office the data is
> still safe.
>
> My question is: in the event of a catastrophic failure, can an
> encrypted backup be used to restore to an identical bare server? I
> will have the relevant keyfiles backed-up in a safe, and depending
> on size I will keep paper copies securely as well. In a worst-case
> scenario, would I be able to build a new server identical to the old
> by following my own documentation, restore the keyfiles, and then
> restore from exisiting encrypted backup tapes?
In case that your client system or files of that (separated from
dir,sd) should be restored.
Then i would boot that system from an live system/cd and setup a fd-
client and install the keys.
This would be enough to restore your client files.
In case your backup infrastructure crash - then be prepared to that by
having a copy of your configuration
and (like i do) a copy of your database. I use to dump the content to
a file and safe this periodically.
For that i added to the job of the catalog backup a second script that
do that stuff.
RunBeforeJob = "/usr/libexec/bacula/make_catalog_backup.pl Katalog"
# This deletes the copy of the catalog
RunAfterJob = "/usr/libexec/bacula/delete_catalog_backup"
RunAfterJob = "/usr/libexec/bacula/my_bacula_catalog_backup_to_file"
i personally have prepared an live system the could be booted for bare
metal situation ...
> Ideally I'd like to be able to get things up and running quicker by
> using the bare metal restore functionality of bacula, using a
> bootstrap file stored on a CD, but I understand from previous posts
> that encrypted tapes can't be restored this way.
the decryption is done on client (fd) side ... i am not sure but
extracting files this way would work
because the metadata is accessible but the content would still be
encrypted.
> Can anyone point me in the right direction here? The bare-metal
> restore seems to be the only stumbling block in my plan.
>
> Thanks in advance...
Regards
PM
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|