[opensuse] Re: Timestamping [ Was : Converting file system]
G.T.Smith wrote:
Dirvish is impressive but I think it would best with a SAN or dedicated backend backup server solution.
We use it since some time; it was straight forward to set up. Well, if one doesn't complicate it oneself. :-) We additionally backup some of our data to a server at a hosting company (HostEurope); that data is very confidential and we don't really trust the security of the hosting situation. So we have a (cryptographically authenticated) VPN to that server, over which we do an NFS mount of one of its filesystems. There resides a file that we crypt-mount locally on our system and then do a dirvish-backup into that locally-crypt-mounted-filesystem-in-file-on-NFS-mounted-directory-over-VPN-on-untrusted-host. Yep, that's a mouth full. :-) When one of my staff proposed that solution, I didn't like it at first for its complexity -- but it works like a charm and is much cheaper than an outsourced backup solution; hosted servers are really cheap nowadays. (And please note that this is our 2nd backup of the data; the 1st backup is locally in our company and is used normally. That's why we don't want to spend too much money here.) Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 4/27/07, Joachim Schrod
G.T.Smith wrote:
Dirvish is impressive but I think it would best with a SAN or dedicated backend backup server solution.
We use it since some time; it was straight forward to set up.
Well, if one doesn't complicate it oneself. :-) We additionally backup some of our data to a server at a hosting company (HostEurope); that data is very confidential and we don't really trust the security of the hosting situation. So we have a (cryptographically authenticated) VPN to that server, over which we do an NFS mount of one of its filesystems. There resides a file that we crypt-mount locally on our system and then do a dirvish-backup into that locally-crypt-mounted-filesystem-in-file-on-NFS-mounted-directory-over-VPN-on-untrusted-host. Yep, that's a mouth full. :-)
When one of my staff proposed that solution, I didn't like it at first for its complexity -- but it works like a charm and is much cheaper than an outsourced backup solution; hosted servers are really cheap nowadays. (And please note that this is our 2nd backup of the data; the 1st backup is locally in our company and is used normally. That's why we don't want to spend too much money here.)
Joachim Joachim
I'm experimenting with a similar need via rdiff-backup. I have my local rdiff-backup copies stored into encfs filesystems. Then I rsync the raw (encrypted) filesystem offsite to a hosted server every night. Greg -- Greg Freemyer The Norcross Group Forensics for the 21st Century -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-04-27 at 07:09 -0400, Greg Freemyer wrote:
that we crypt-mount locally on our system and then do a dirvish-backup into that locally-crypt-mounted-filesystem-in-file-on-NFS-mounted-directory-over-VPN-on-untrusted-host. Yep, that's a mouth full. :-)
I'm experimenting with a similar need via rdiff-backup.
I have my local rdiff-backup copies stored into encfs filesystems. Then I rsync the raw (encrypted) filesystem offsite to a hosted server every night.
I guess that your way you have to transmitt more data than his way: rsync will not be as eficient on the raw fs. It would be interesting to measure, with the same data sets. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGMeKntTMYHG2NR9URAlPyAJ9eLf+rLG+gs4v0S8zRDTnfw9MMfgCfUijO YIpCPXbwgKoGHUGZGIfbR9M= =/6Zr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 4/27/07, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2007-04-27 at 07:09 -0400, Greg Freemyer wrote:
that we crypt-mount locally on our system and then do a dirvish-backup into that locally-crypt-mounted-filesystem-in-file-on-NFS-mounted-directory-over-VPN-on-untrusted-host. Yep, that's a mouth full. :-)
I'm experimenting with a similar need via rdiff-backup.
I have my local rdiff-backup copies stored into encfs filesystems. Then I rsync the raw (encrypted) filesystem offsite to a hosted server every night.
I guess that your way you have to transmitt more data than his way: rsync will not be as eficient on the raw fs. It would be interesting to measure, with the same data sets.
Why? I don't know the details of encfs, but most encrypting filesystems do it one block of data at a time. If the block is a sector (or even 4K), I would be a little surprised if rsync sends much data that is smaller than a sector at a time anyway. Or is rsync smart enough to recognise an insertion of data? With encfs, I would guess that all the data after the insertion will be encrypted totally different than it was prior to the insertion. ie. If I have a simple text doc and I insert a couple words, encfs will encrypt everything after those words differently than the original because of the way the text will overlay the on disk blocks. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R.
-
Greg Freemyer
-
Joachim Schrod