On Sat, Nov 7, 2009 at 10:11 AM, Alan Johnson <a...@datdec.com> wrote:
> Ideally, a backup tool should run on a separate device and
> pull data from the devices that are to be backed up in a way that only it
> has access too.

  If you want to get into ideals, backups should me made to separate
media which is dismounted and stored offline in a different location.
One reason is for protection against local disaster -- a fire being
being the usual example.  The other reason is that any "always
available" system will have some mode where it is available for
disasters.

  Look what happened to the Sidekick platform: During administration,
the entire SAN array got destroyed.  Separate credentials will not
help, because during administration you're providing those credentials
for administrative purposes.  By analog to the tools under discussion,
this is akin to logging in to change your backup system's settings,
typing "rm -rf" at the wrong shell prompt, and accidentally nuking
your backups.

  At work, the media we store off-site cannot be damaged by any single
administrative accident or local disaster.  The media we store on-site
but in a cabinet cannot be damaged by any single administrative
accident.

-- Ben
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Reply via email to