Backups Strategies Interrogations : I want your opinions

#I wonder how people manage their Nethserver backups ?

For Now I’m doing a good old rsync
but I plan to use the module : data backups because it’s well integrate and base on duplicity (not duplicati)

But 3 things make me insecure and I want to know your experience and your taught about it.

1st : What do you think if I use XFS
instead of ext3, which is recommended by the docs

2nd : What is the best practices if I rotate multi USB Disk
All my disk automatically mount under /mnt/USBBackup
2.1. I means, is it safer to do a full backup every day or it still ok to do incremental ?
2.1.1 Being realistic; I’ll not being able to swap disk every weeks after the full backup.
2.2. How the restoration will manage that ?

3rd: I figure it’s about Encryption
All my USBDrive are encrypted with LUKS which I automatically open with a key files and /etc/crypttab then mount in /mnt/USBBackup

3.1. I wonder if it’s better to use the duplicati encryption

xfs shouldn’t make a big difference. ext3 is used with a flag (largefile) to maximize space usage for a low number of files.

If time and space permit, a full backup is easier to handle. With incrementals, you have to swap disk before the full is run. Trying to restore a single file from a past date, you have to supply the right disk.

I have a 2 disks setup, where both disks contain the same data: one disk is always attached, but mounted only during the backup. The second disk is nearly always off-site, but when is plugged to NethServer, data from the first disk is immediately mirrored to the second disk (and an email signals when the copy is complete).

I agree that encryption would be a useful feature, I fear potential data loss in case of lost key.

Note: we use duplicity, not duplicati. :slight_smile:

1 Like

Hallo,

my backup strategy is:

  1. raid 1 system with 2 disks

  2. a 3rd internal disk for auto backup - 1st of month full and every day an incremental backup and the last backup will kept until the next full was created

  3. external USB-Harddisc the whole internal backup disc will be mirrored automtically when I connect the device. When the mirroring is finnished I’ll get an E-Mail. Then I’m storing this backup in different location from the server just for the fire case…

The steps 1-2 can be configured with Nethservers tools with encryption. (Included are E-Mails, some Databases, Nethserver Configuration.)

For 3rd step I created some own scripts which are triggered by udev rules depending from disc label.

And by the way before somebody is asking: I’m not trusting cloud stores which I’m not owning :wink:

But the strategy is depending from backup size too, maybe sometimes an USB-stick is enough as a backup storage.

I discussed an idea with friends that we could mirroring our home server data to the NAS of each other (vice versa). The reason is to have an external storage with in a trusted location / owner.

And from my point of view duplicity is very powerful tool with one disadvantage: it’s not ready for multi core cpu’s …

1 Like

For my backup I use two rotated HP USB pen drives for data and another drive for a system back up when new updates are installed. As for cloud storage I never trust my data to a third party…

1 Like

Hi Denis Robel

Just for your info…I tried for nearly two days to install onto a raid system with out any luck (4x 160 sas drives raid 0…2x2) for some reason every time i tried to recover disc space the install crashed…

I’ve seen something like that with “used” disks.
At the beginning of install, I hit Alt+F2 (or F3) to get to the shell and erased the partition table with dd if=/dev/zero of=/dev/sda count=10 (repeat for sdb).

Ok, thanks for that. it’s worth a try…I have some spare drives lying around I will give it another go this weekend, and see if I can load the stable 7.3 release on a test server.

@JOduMonT are you satisfied with such answers?

this is hard to define a backup strategy :slight_smile:

  • raid is not backup
  • internal/always connected disks are not backup (they can be stolen/flowed/burned with the server)
  • anything that requires human intervention to have a backup is the weakest ring of the whole chain…

backup is something that you configure and forget, but you have feedback (about failures) and try/test data restore…
backup is something not directly attached to the server (see above)… a nas in the same lan is far better
backup is something you can quite easily bring outside

Hallo Stefano,

indeed my backup is the external usb disc… I use two discs one is outside from the server location and one is used for backup and after every backup it will be rotated.
Once per month I’m checking the disk via smartmon tools and I make some restores to check the backups.
A Backup is never following the strategy fire and forget. You have always to check that you are able to restore your data.

Indeed, see my previous post
The procedure must be automated and with no human intervention need
The backup must be tested
The restore must be tested

So

If I consider this answer, and I consider it

Nethserver don’t trully offer a backup solution

because all of these choice are, more or less, always connected to the server and for sure, or more often than other, in the same building or worst in the same room.

I think it will be worth it to add a Destination like SSH or FTPS

1 Like

Try the WebDav option that @dnutan added. It is available in the testing repository.

Read in that thread where to get a 1TB Webdav enabled storage for free. Based in the Netherlands, so you will not have NSA watching you. For servers in EU the connection is decent.

2 Likes

Hi,

Actually I’m studying to buy a VPS to try a NS instance and try to replicate my NS home instance to the VPS.
It coud be potentially an great feature in a backup plan.

It depend on want you think the NSA watching you
but Netherlands still in The Fourteen Eyes of Global Mass Surveillance
https://privacytoolsio.github.io/privacytools.io/#kdl

1 Like

@JOduMonT what a well done page, thanks for posting.

Recently i was thinking to create a module about backup and rsync…for a remote backup it makes senses

Something like that could be nice https://splone.com/blog/2015/7/13/encrypted-backups-using-rsync-and-duplicity-with-gpg-and-ssh-on-linux-bsd/

2 Likes

It’s a bit offtopic, but if you encrypt your data yourself (IE: you have the key) then there is no way you can be forced to give your key in an investigation: you don’t have to cooperate with an investigation against yourself. So I don’t see why you think data isn’t safe in a .nl datacenter.

Another thing is that EU privacy laws go way further than US privacy (what privacy?) laws.

I don’t know, and don’t probably don’t want to know what is in your backup
But for my self, encryption is more if someones still my drive than being welling to be torturing for my data.

1 Like

another 2c of the topic, which I love;

I hope you use Elliptic curve algorithm, or better you made your own algorithm
because if you use something like RSA, which sound close of NSA :slight_smile:
it’s was approved and spread by the NIST, which I’m pretty sure they share technique with the NSA