Hi Heitor, Thanks for your response and your good advice.
You are right that backups stored on a production machine aren’t adequate. Our intention is to store backups on a dedicate physical drive on the server and immediately copy them on. Some jobs will be copied to the cloud and others to an external drive that will be rotated offsite monthly. The latter is for high volume data with infrequent changes that can readily be recovered from the original source, so the cost for cloud storage can’t be justified. We’ve already done a lot to make Apache and PHP secure so we may have a look at the options you suggested. In the meantime we’ll probably start with any GUI and see how we go. It’s looking positive so far. Regards Howard Viccars Computer Manager Family History ACT email: <mailto:computer...@familyhistoryact.org.au> computer...@familyhistoryact.org.au url: familyhistoryact.org.au From: Heitor Faria <hei...@bacula.com.br> Sent: Sunday, February 4, 2024 12:16 AM To: computer...@familyhistoryact.org.au Cc: bacula-users@lists.sourceforge.net Subject: Re: [Bacula-users] BAT Installation Hello Howard, "On Feb 3, 2024, at 7:08 AM, computer...@familyhistoryact.org.au <mailto:computer...@familyhistoryact.org.au> wrote: Hi,Thanks for all the responses, an interesting discussion.Bacularis would probably be a good solution for us except for the security concern. Allowing Apache access to the backup directory would mean all web apps would have access and that doesn't seem like a good idea on a multi-purpose server. We're not big enough to need, or afford, a dedicated backup server.Does anyone have a suggestion?I understand that many people think the command line is best, but we have limited skills and the GUI helps" First of all, if you are storing backups in the same production data machine this is not backup. IMHO you should try to build an integrated backup appliance with Bacula with a small or even used servers, to process and store tha backup, even if having to use SATA disks. NVMe is also surprisingly cheap nowadays. It is probably the most inexpensive, usual and relatively safer solution. Personally, I designed with my team and I'm selling many backup Appliances with Bacula Enterprise and our own operating system (BaculaOS), with more than 30 security enhancements, including IDS and CRC. AFAIK Apache is present in more than 90% of the most accessed Internet websites. It is pretty safe. Many proprietary applications use Apache for critical systems. Also, Bacularis does not access Bacula volumes directly (which is the most critical data). Bacularis only access catalog via API, wich is a security abstraction layer, and confs via bjson modules. Those are also very safe IMHO. If you are concerned with Apache security you can always use allow/deny lists, firewall rules and certificates to improve the security, among other techniques. Rgds. BlueMail for Andronid <https://bluemail.me> On Feb 3, 2024, at 7:08 AM, computer...@familyhistoryact.org.au <mailto:computer...@familyhistoryact.org.au> wrote: Hi, Thanks for all the responses, an interesting discussion. Bacularis would probably be a good solution for us except for the security concern. Allowing Apache access to the backup directory would mean all web apps would have access and that doesn't seem like a good idea on a multi-purpose server. We're not big enough to need, or afford, a dedicated backup server. Does anyone have a suggestion? I understand that many people think the command line is best, but we have limited skills and the GUI helps with that. Regards Howard Viccars Computer Manager Family History ACT email: computer...@familyhistoryact.org.au <mailto:computer...@familyhistoryact.org.au> url: familyhistoryact.org.au <http://familyhistoryact.org.au> -----Original Message----- From: Bill Arlofski via Bacula-users <bacula-users@lists.sourceforge.net <mailto:bacula-users@lists.sourceforge.net> > Sent: Saturday, February 3, 2024 4:50 AM To: bacula-users@lists.sourceforge.net <mailto:bacula-users@lists.sourceforge.net> Subject: Re: [Bacula-users] BAT Installation On 2/2/24 09:35, Phil Stracchino wrote: BAT still does everything I want a Bacula console to do. The things that it does NOT do, like configuration, I don't WANT it to; I want to do those myself, by hand, using a proper editor. Hi Phil! You sound like one of the customers of mine I mentioned. :) To be truthful, I detest the "Everything is a web page/application" model. I never liked this either. I will note that there are a few known bugs in BAT, notably that some purge operations can produce *multiple* simultaneous pop-up confirmation alerts that can be confusing. My experience with BAT over the many years I have been using Bacula has been... let's just say "poor", with BAT randomly just hanging for no apparent reason, requiring me to kill and restart it so often I just gave up. Of course this is my experience, on several platforms, over several versions in several of my customers' environments. I do everything from the command l ine and avoid Web GUIs at all costs - which does not say anything about the quality nor capabilities of them, just more about my abhorrence to Web GUIs in general. :) Best regards, Bill -- Bill Arlofski w...@protonmail.com <mailto:w...@protonmail.com> _____ Bacula-users mailing list Bacula-users@lists.sourceforge.net <mailto:Bacula-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/bacula-users
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
