Am 20.11.2010 um 19:30 schrieb MrBilly: > I have the job of setting up a replacement fileserver which will > hold very sensitive data. I intend using CentOS, with encrypted / > tmp, /swap and /home (where all the files will be stored). Bacula > will be used for backups, backing up onto LTO-3 tapes. In order to > maintain security of data, I'd like to use encrypted backups. That > way if any storage media whatsoever leave the office the data is > still safe. > > My question is: in the event of a catastrophic failure, can an > encrypted backup be used to restore to an identical bare server? I > will have the relevant keyfiles backed-up in a safe, and depending > on size I will keep paper copies securely as well. In a worst-case > scenario, would I be able to build a new server identical to the old > by following my own documentation, restore the keyfiles, and then > restore from exisiting encrypted backup tapes?
In case that your client system or files of that (separated from dir,sd) should be restored. Then i would boot that system from an live system/cd and setup a fd- client and install the keys. This would be enough to restore your client files. In case your backup infrastructure crash - then be prepared to that by having a copy of your configuration and (like i do) a copy of your database. I use to dump the content to a file and safe this periodically. For that i added to the job of the catalog backup a second script that do that stuff. RunBeforeJob = "/usr/libexec/bacula/make_catalog_backup.pl Katalog" # This deletes the copy of the catalog RunAfterJob = "/usr/libexec/bacula/delete_catalog_backup" RunAfterJob = "/usr/libexec/bacula/my_bacula_catalog_backup_to_file" i personally have prepared an live system the could be booted for bare metal situation ... > Ideally I'd like to be able to get things up and running quicker by > using the bare metal restore functionality of bacula, using a > bootstrap file stored on a CD, but I understand from previous posts > that encrypted tapes can't be restored this way. the decryption is done on client (fd) side ... i am not sure but extracting files this way would work because the metadata is accessible but the content would still be encrypted. > Can anyone point me in the right direction here? The bare-metal > restore seems to be the only stumbling block in my plan. > > Thanks in advance... Regards PM ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
