Hello guys,
Interesting conversation. I thought I would throw in some general
comments of my own.
- I really like seeing another GUI for Bacula, because it is
something we really need.
- The BWeb GUI created by Bacula Systems, is very essential to
corporate users.
- The Baculum GUI created by Bacula Community (Marcin Haba -- note
he also works
on the Enterprise BWeb) will be very essential to large
community users.
- I don't like the idea that a GUI read/write directly into the
Bacula catalog. If I am not mistaken
both BWeb and Baculum do this, but we are developing API calls and
trying to make sure all
accesses go through the Bacula core code. However, it will take
more time to get those
products switched over.
- GUI programs designed and coded by Bacula Systems and/or Bacula
Community will remain
compatible with the Bacula Catalog -- this is a given. However
non-Bacula GUI until we finish
the APIs and those programs use them, 3-rd party GUIs are almost
certain to have problems
with Bacula catalog changes (the exception is IBAdmin, because
Radek works directly with both
Bacula Enterprise and Bacula Community so he knows what is
changing before the release).
- Around April of 2019 (or whenever I finish the work) there will be
a major Bacula Community
Catalog change -- anyone who reads the catalog directly will very
likely need to adapt their
SQL.
- For Bacula itself (enterprise or community), I am not in favor of
storing Bacula configuration files in the catalog,
because doing so makes it more difficult to change the
configuration files, and requires the SD and FD and
any tool to know how to access the database. Even more
importantly, in a disaster recovery situation,
you may not be able to reconstruct the same catalog database,
while restoring ASCII configuration
files is relatively simple.
Best regards,
Kern
On 1/25/19 11:16 AM, Radosław
Korzeniewski wrote:
Hello,
On Friday 2019-01-25
08:56:18 Radosław Korzeniewski wrote:
> > Having the pieces fall in the same database that
holds
> > my super-important backup catalog is just... like
I said: !@#$ck no.
>
> Sure its your opinion.
It's best practices, not an opinion.
Sorry no - swearing is not a best practice, it is an
opinion.
Would you hire a sysadmin/sysarch who see things any
different?
I wouldn't.
And I wouldn't give him administrative access because such
guy
would be dangerous to your data and your business.
> I understand all your fears about object name collision
and in my
> opinion the risk is extremely low. I am trying to
understand all other
> complains, but with the sentence: "(...) like I said:
!@#$ck no." is
> extremely hard.
The risk of object collision might be extremely low but the
fact that
the a third-party tool needs write access to your backup
database
is not something that can overlooked by someone who is
responsible
for the data and system integrity.
Sysadmins are doing tons of actions and steps in system
design in order
to prevent extremely unlikely cases.
E.g. creating a dedicated backup network with separated
VLANs for every
logical group of servers and making sure that servers from
different
logical units cannot reach each other.
Making sure that only servers that absolutely MUST have
access specific
server and port can actually access it although it already
requires auth.
Making sure that all communication is encrypted although it
is extremely
unlikely that in a dedicated backup network some server from
a different
logical group could ever get a chance to sniff packages.
Additionally, sometimes servers use additional kernel based
mechanisms
to ensure privileges and prevent breaches.
Different intrusion detection system and advanced firewalls
employing
complex analytic modules might be used to rise awareness in
time.
Monitoring, graphing, regular checks of hardware and service
health...
I do not understand why you complain about additional
objects in Bacula database and rw access in IBAdmin when
almost all others GUI for Bacula does the same for a very
long time!
Its insane! If you complain that IBAdmin is doing this
wrong you have to complain for other GUI too!
I hope that you can now better understand why would
experienced sysadmin
or system architect say that it is inflexible
I disagree. The IBAdmin is extremely flexible (thanks to
Django Web framework) in this area and adding support for
database separation is relatively easy.
(to say the least) for a
third party software to use Backup system's database in
order to write
its own data.
For sysadmins separation is not an option, it is a
requirement for a
well design software. Otherwise it just doesn't fit
Almost all other Bacula GUI do that way and no one
complain!
best regards
--
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
