On 03/17/2017 03:31 AM, Dan Purgert wrote:
David Christensen wrote:
On 03/13/2017 05:38 AM, Dan Purgert wrote:
Currently, the system here is
- every PC has a cronjob backing up $HOME to a central "server" (read -
repurposed PC with decent WD drives), just an rsync script that runs
daily.
Don't forget security:
1. With a "push" arrangement (e.g. each workstation backs up itself to
the server) -- if a workstation gets compromised, the backups are at risk.
2. With a "pull" arrangement (e.g. the server backs up all the
workstations) -- if a workstation gets compromised, the backups should
be safe (and might have clues about the intrusion). Additionally, the
backup server can be completely firewalled (e.g. no open ports).
I should clarify that:
"The backup server can be firewalled with no incoming ports and
outgoing ports limited to SSH and other required ports".
I still need to figure out the "other required outgoing ports".
Suggestions and comments are welcome.
Since the PCs are laptops, they're not always here, so I was never able
to figure out how to get pull to work with the condition that we were on
vacation (or the laptops were otherwise "not home").
Though, yeah, the stuff that's statically here (desktop, server, etc.)
are rsync-by-pull.
I haven't dealt with the "roaming laptop on the Internet" use-case yet,
but I do have a desire to solve it. My idea has been, and remains, for
the backup server to poll for a "job file" on the laptop, and to execute
it when found (once; idempotent). This implies a network connection
between the backup server and the laptop. OpenVPN is a technology that
might be able to facilitate this.
David
