On Sat, Nov 7, 2009 at 10:11 AM, Alan Johnson <a...@datdec.com> wrote: > Ideally, a backup tool should run on a separate device and > pull data from the devices that are to be backed up in a way that only it > has access too.
If you want to get into ideals, backups should me made to separate media which is dismounted and stored offline in a different location. One reason is for protection against local disaster -- a fire being being the usual example. The other reason is that any "always available" system will have some mode where it is available for disasters. Look what happened to the Sidekick platform: During administration, the entire SAN array got destroyed. Separate credentials will not help, because during administration you're providing those credentials for administrative purposes. By analog to the tools under discussion, this is akin to logging in to change your backup system's settings, typing "rm -rf" at the wrong shell prompt, and accidentally nuking your backups. At work, the media we store off-site cannot be damaged by any single administrative accident or local disaster. The media we store on-site but in a cabinet cannot be damaged by any single administrative accident. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/