-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | Disks are very convenient but a bit expensive for archival storage. A 72 GB DAT tape is about $20. A hard drive is a bit more. | | You have to think about the the threats that you are protecting against.
These are real problems -- I'll address how we've handled them with our disk backups below. | 1) Theft of the servers - If they steal your backup disk with this, then what? Two problems here - one is the exposure of sensitive data, the other is the loss of your backups. I will address loss of backups in the next point. Whether you're using tapes or disks, you're bearing the risk of exposing sensitive data. There are a variety of factors that increase the risk of exposure via the network and/or physical access -- are all your backups available on disk? Do you have a full tape library available to the backup server? Are your backup servers secure -- both on the network, and physically? The only (nearly) fool-proof answer to this problem is encrypting the data before it even reaches the backup server. With this in mind (and to meet Visa CISP requirements), we store customer credit card data encrypted, and the backup server never has access to the keys. Additionally, our backup servers are placed under lock and key. Once the Bacula data encryption project is finished, it will be possible to encrypt data in the file daemon, further decreasing the risk of sensitive data exposure. | 2) Destruction of the building - fire, etc. If you lose the entire data center, it would be nice to have some off-site media. Our answer to this was to place a machine in a remote location. Our backups -- including a SQL dump of the catalog -- are automatically synchronized (using rsync) to the remote machine. If the building burns down, the machine is stolen, or San Francisco slides into the ocean, our backups will be safe. | 3) Loss of a drive. Drives are one day closer of failing every day. What if it is your catalog database? This is real concern. We currently use RAID-1 mirroring on our backup servers. Once our data storage needs grow larger, we will move to RAID-5 with a hot spare. SATA-based RAID-5 can scale quite large for relatively little money. Cheers, landonf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDC4DslplZCE/15mMRAqSZAJ4iaCpQerGBBtB2BohY/UuiTtrhbgCfdW6p EoQgMJEtZEpg2banM4p0piw= =WdYl -----END PGP SIGNATURE----- ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
