Hello, pt., 25 sty 2019 o 10:40 Josip Deanovic <djosip+n...@linuxpages.net> napisał(a):
> On Friday 2019-01-25 08:56:18 Radosław Korzeniewski wrote: > > > Having the pieces fall in the same database that holds > > > my super-important backup catalog is just... like I said: !@#$ck no. > > > > Sure its your opinion. > > It's best practices, not an opinion. > Sorry no - swearing is not a best practice, it is an opinion. > > Would you hire a sysadmin/sysarch who see things any different? > I wouldn't. > And I wouldn't give him administrative access because such guy > would be dangerous to your data and your business. > > > I understand all your fears about object name collision and in my > > opinion the risk is extremely low. I am trying to understand all other > > complains, but with the sentence: "(...) like I said: !@#$ck no." is > > extremely hard. > > The risk of object collision might be extremely low but the fact that > the a third-party tool needs write access to your backup database > is not something that can overlooked by someone who is responsible > for the data and system integrity. > > > Sysadmins are doing tons of actions and steps in system design in order > to prevent extremely unlikely cases. > > E.g. creating a dedicated backup network with separated VLANs for every > logical group of servers and making sure that servers from different > logical units cannot reach each other. > > Making sure that only servers that absolutely MUST have access specific > server and port can actually access it although it already requires auth. > > Making sure that all communication is encrypted although it is extremely > unlikely that in a dedicated backup network some server from a different > logical group could ever get a chance to sniff packages. > > Additionally, sometimes servers use additional kernel based mechanisms > to ensure privileges and prevent breaches. > > Different intrusion detection system and advanced firewalls employing > complex analytic modules might be used to rise awareness in time. > > Monitoring, graphing, regular checks of hardware and service health... > > I do not understand why you complain about additional objects in Bacula database and rw access in IBAdmin when almost all others GUI for Bacula does the same for a very long time! Its insane! If you complain that IBAdmin is doing this wrong you have to complain for other GUI too! > I hope that you can now better understand why would experienced sysadmin > or system architect say that it is inflexible I disagree. The IBAdmin is extremely flexible (thanks to Django Web framework) in this area and adding support for database separation is relatively easy. > (to say the least) for a > third party software to use Backup system's database in order to write > its own data. > > For sysadmins separation is not an option, it is a requirement for a > well design software. Otherwise it just doesn't fit > Almost all other Bacula GUI do that way and no one complain! best regards -- Radosław Korzeniewski rados...@korzeniewski.net
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
