Am 02.03.2010 22:56, schrieb Peter Zenge:
> Hello, 2 year Bacula user but first-time poster. I'm currently
> dumping about 1.6TB to LTO2 tapes every week and I'm looking to
> migrate to a new storage medium.
>
> The obvious answer, I think, is a direct-attached disk array (which I
> would be able to put in a remote gigabit-attached datacenter before
> too long). However, I'm wondering if anyone is currently doing large
> (or what seem to me to be large) backups to the cloud in some way?
> Assuming I have a gigabit connection to the Internet from my
> datacenter, I'm wondering how feasible it would be to either use
> something like Amazon S3 with s3fs (I'm guessing way too much overhead
> to be efficient), or a bacula-SD implementation on an EC2 node, using
> Elastic Block Store (EBS) as "local" disk, and VPN (Amazon VPC)
> between my datacenter and the SD.
>
> Substitute your favorite cloud provider for Amazon above; I don't use
> any right now so not tied to any particular provider. It just seems
> like Amazon has all the necessary pieces today.
>
> To do this, and keep customers comfortable with the idea of data in
> the cloud, we would need to encrypt, so I'm also wondering if it would
> be possible for the SD to encrypt the backup volume, rather than the
> FD encrypt the data before sending it to SD (which is what we do
> now)? Easier to manage if we just handled encryption in one place for
> all clients.
>
> I would love to hear what other people are either doing with Bacula
> and the cloud, or why you have decided not to.
>
> Thanks
>
> Peter Zenge
> Pzenge .at. ilinc .dot. com
>
Sending unencrypted data to the SD for encryption would be OK for doing
tape based backups where you do not want to lose the tapes. I would
suggest not sending your unencrypted backup data to someone else and
trusting the receiving system to encrypt it before someone reads it from
RAM.
Depending on your needs it might be OK to do that, but AFAIK bacula does
not support this mode (yet?). AFAIK you have the options of transport
encryption (for the connection and data between the systems) and data
encryption (for the data leaving the system, with the receiving SD not
having the key to do a restore by itself).
I personally use transport and data encryption for saving data to
offsite SDs in "untrusted", meaning not directly accessible,
datacenters. If this takes too much CPU time for the 2x encryption you
*MIGHT* want to try data encryption with transport encryption but
dropping the transport encryption after authentication.. i am not sure
about this though, since metadata can be read from the encrypted data
and control structures are sent via this line i would also not suggest
doing this.
Using data encryption with bacula, imho especially with windows, is a
pain because of all the certificate management, but for me it is a
requirement.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
