Date: Thu, 17 Jan 2008 01:34:06 +0100 From: =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se> To: Toomas Aas <toomas.aas@raad.tartu.ee> Cc: emj@emj.se, freebsd-stable@freebsd.org Subject: Re: Backup solution suggestions Message-ID: <2F76BC78-6FE7-49B3-867C-9DD37230F427@stromnet.se> In-Reply-To: <478E46D0.2080804@raad.tartu.ee> References: <E6BCC509-6CC8-44F1-98C2-416920A52218@stromnet.se> <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au> <4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF@stromnet.se> <478E46D0.2080804@raad.tartu.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 16, 2008, at 19:02 , Toomas Aas wrote: > Johan Str=F6m wrote: > >> My main problem with existing solutions is this "gap" of =20 >> encryption on the backup server side. I dont want it to be =20 >> readable outside of my box (without encryption keys ofcourse), so =20 >> as soon as I send it of from my box I want it to be encrypted over =20= >> the link, and down on the disk. Not decrypted on the remote box, =20 >> to then be encrypted again (with keys available on that box) and =20 >> then stored to disk. That would allow any users of that box (yes =20 >> sure you can have file permissions but lets assume someone else =20 >> have root access there) to read my files. >> Simple Example: >> I create regular tarball (gziped maybee) with some files i want to =20= >> backup, Then i encrypt this file with ie gpg. Then i send of this =20 >> file using some unspecified network protocol to the storage server. >> Encrypted all the way, from my end to the remote disk.. >> The downside is that it is a static file.. not a "dynamic =20 >> filesystem", nothing I can mount and have easy access to =20 >> individual files from. *Thats* what I'm looking for. > > As a long-time user of Amanda and regular lurker on their mailing =20 > list, I've noticed that latest versions of Amanda have encryption =20 > capabilities. They seem to fit your needs in that encryption can be =20= > performed entirely on the backup client ("your box") side if one =20 > opts to set things up that way. > > I haven't used encryption with Amanda myself so this is just what =20 > I've heard on the list and read from the wiki just now: > > http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption > > As for the ease of restore, it's not quite *that* easy, i.e. you =20 > can't just transparently mount the backup as a filesystem and copy =20 > files from there. Amanda has a command-line-ftp-like recovery =20 > interface, where you can specify which files/subdirectories and =20 > from which date you want recovered. It's been easy enough for me. > > Looked through that page, seems like pretty much work right now. And =20 I looked through the amanda docs, and I got to say, when calling =20 themselfs "Amanda is the world's most popular Open Source Backup and =20 Archiving software." one would expect somewhat better docs.. hehe. Anyway, I will look more into the ggated suggestion from another post =20= before digging deeper into amanda :) -- Johan=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F76BC78-6FE7-49B3-867C-9DD37230F427>