Date: Thu, 17 Jan 2008 01:34:06 +0100 From: =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se> To: Toomas Aas <toomas.aas@raad.tartu.ee> Cc: emj@emj.se, freebsd-stable@freebsd.org Subject: Re: Backup solution suggestions Message-ID: <2F76BC78-6FE7-49B3-867C-9DD37230F427@stromnet.se> In-Reply-To: <478E46D0.2080804@raad.tartu.ee> References: <E6BCC509-6CC8-44F1-98C2-416920A52218@stromnet.se> <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au> <4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF@stromnet.se> <478E46D0.2080804@raad.tartu.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 16, 2008, at 19:02 , Toomas Aas wrote:
> Johan Str=F6m wrote:
>
>> My main problem with existing solutions is this "gap" of =20
>> encryption on the backup server side. I dont want it to be =20
>> readable outside of my box (without encryption keys ofcourse), so =20
>> as soon as I send it of from my box I want it to be encrypted over =20=
>> the link, and down on the disk. Not decrypted on the remote box, =20
>> to then be encrypted again (with keys available on that box) and =20
>> then stored to disk. That would allow any users of that box (yes =20
>> sure you can have file permissions but lets assume someone else =20
>> have root access there) to read my files.
>> Simple Example:
>> I create regular tarball (gziped maybee) with some files i want to =20=
>> backup, Then i encrypt this file with ie gpg. Then i send of this =20
>> file using some unspecified network protocol to the storage server.
>> Encrypted all the way, from my end to the remote disk..
>> The downside is that it is a static file.. not a "dynamic =20
>> filesystem", nothing I can mount and have easy access to =20
>> individual files from. *Thats* what I'm looking for.
>
> As a long-time user of Amanda and regular lurker on their mailing =20
> list, I've noticed that latest versions of Amanda have encryption =20
> capabilities. They seem to fit your needs in that encryption can be =20=
> performed entirely on the backup client ("your box") side if one =20
> opts to set things up that way.
>
> I haven't used encryption with Amanda myself so this is just what =20
> I've heard on the list and read from the wiki just now:
>
> http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
>
> As for the ease of restore, it's not quite *that* easy, i.e. you =20
> can't just transparently mount the backup as a filesystem and copy =20
> files from there. Amanda has a command-line-ftp-like recovery =20
> interface, where you can specify which files/subdirectories and =20
> from which date you want recovered. It's been easy enough for me.
>
>
Looked through that page, seems like pretty much work right now. And =20
I looked through the amanda docs, and I got to say, when calling =20
themselfs "Amanda is the world's most popular Open Source Backup and =20
Archiving software." one would expect somewhat better docs.. hehe.
Anyway, I will look more into the ggated suggestion from another post =20=
before digging deeper into amanda :)
--
Johan=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F76BC78-6FE7-49B3-867C-9DD37230F427>