Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Restoring Entire System from Encrypted Backup

2010-11-22 10:44:18
Subject: Re: [Bacula-users] Restoring Entire System from Encrypted Backup
From: Paulo Martinez <martinezino AT googlemail DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 22 Nov 2010 16:41:03 +0100 
Am 20.11.2010 um 19:30 schrieb MrBilly:
> I have the job of setting up a replacement fileserver which will  
> hold very sensitive data.  I intend using CentOS, with encrypted / 
> tmp, /swap and /home (where all the files will be stored).  Bacula  
> will be used for backups, backing up onto LTO-3 tapes.  In order to  
> maintain security of data, I'd like to use encrypted backups.  That  
> way if any storage media whatsoever leave the office the data is  
> still safe.
>
> My question is: in the event of a catastrophic failure, can an  
> encrypted backup be used to restore to an identical bare server?  I  
> will have the relevant keyfiles backed-up in a safe, and depending  
> on size I will keep paper copies securely as well.  In a worst-case  
> scenario, would I be able to build a new server identical to the old  
> by following my own documentation, restore the keyfiles, and then  
> restore from exisiting encrypted backup tapes?

In case that your client system or files of that (separated from  
dir,sd) should be restored.
Then i would boot that system from an live system/cd and setup a fd- 
client and install the keys.

This would be enough to restore your client files.

In case your backup infrastructure crash - then be prepared to that by  
having a copy of your configuration
and (like i do) a copy of your database. I use to dump the content to  
a file and safe this periodically.
For that i added to the job of the catalog backup a second script that  
do that stuff.

   RunBeforeJob = "/usr/libexec/bacula/make_catalog_backup.pl Katalog"
   # This deletes the copy of the catalog
   RunAfterJob  = "/usr/libexec/bacula/delete_catalog_backup"
   RunAfterJob  = "/usr/libexec/bacula/my_bacula_catalog_backup_to_file"

i personally have prepared an live system the could be booted for bare  
metal situation ...


> Ideally I'd like to be able to get things up and running quicker by  
> using the bare metal restore functionality of bacula, using a  
> bootstrap file stored on a CD, but I understand from previous posts  
> that encrypted tapes can't be restored this way.

the decryption is done on client (fd) side ... i am not sure but  
extracting files this way would work
because the metadata is accessible but the content would still be  
encrypted.

> Can anyone point me in the right direction here?  The bare-metal  
> restore seems to be the only stumbling block in my plan.
>
> Thanks in advance...


Regards

PM





------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Autoloader waiting for Tape from Pool which is already loaded., John Drescher
Next by Date:  Re: [Bacula-users] hfsplussupport enabled and data encryption produces "Signature is invalid" errors, Paulo Martinez
Previous by Thread:  [Bacula-users] Restoring Entire System from Encrypted Backup, MrBilly
Next by Thread:  [Bacula-users] Autoloader waiting for Tape from Pool which is already loaded., bhjfax
Indexes:  [Date] [Thread] [Top] [All Lists]