[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Official Backup Solution Thread
|
From: |
Yuchen Pei |
|
Subject: |
Re: Official Backup Solution Thread |
|
Date: |
Tue, 07 Dec 2021 23:39:02 +1100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
On Tue, Dec 07 2021, Yuchen Pei wrote:
> Hello it's me again :p
> On Mon, Dec 06 2021, ry via emacsconf-org wrote:
>
>> Hey all!
>>
>> I'd love to generate some discussion on what backup solution we'd like to
>> implement. For this, I'd like to point all of us unfamiliar with the
>> topic to a great
>> questionnaire presented in an excerpt UNIX and Linux System Administration
>> Handbook by Evi Nemeth (which I highly recommend, as it is the bible for
>> SysAdminning, and a wealth of great fun knowledge imo).
>>
>> Regardless of the exact technology you use to implement backups, you need a
>> written plan that
>> answers at least the following questions:
>>
>> Overall strategy:
>> What data is to be backed up?
>> What system or technology will perform the backups?
>> Where will backup data be stored?
>> Will backups be encrypted? If so, where will encryption keys be stored?
>> How much will it cost to store backups over time?
>>
>> Timelines:
>>
>> How often will backups be performed?
>> How often will backups be validated and restore-tested?
>> How long will backups be retained?
>>
>> People:
>> Who will have access to backup data?
>> Who will have access to the encryption keys that protect backup data?
>> Who will be in charge of verifying the execution of backups?
>> Who will be in charge of validating and restore-testing backups?
>>
>> Use and protection:
>> How will backup data be accessed or restored in an emergency?
>> How will you ensure that neither a hacker nor a bogus process can corrupt,
>> modify, or
>> delete backups? (That is, how will you achieve immutability?)
>> How will backup data be protected against being taken hostage by an
>> adversarial
>> cloud provider, vendor, or government?
>>
>> The best answers to these questions vary by organization, type of data,
>> regulatory environment,
>> technology platform, and budget, just to name a few potential factors.
>> Take time today to map out a backup plan for your environment or to review
>> your existing
>> backup plan.
>
> I quite like the simplicity and usefulness of basic plans offered by VPS
> providers of periodic snapshots. So how about daily snapshot as a
> simple solid starting point?
Sorry, a bit double-control-c-trigger-happy there.
My idea is that people with access to the host machine runs a cronjob
for daily snapshots of the vms (for 30 days max maybe), and restore
images on demand from sysadmins of the vms.
Not sure about encryption. If the LVM is already encrypted that offers
some protection though presumably not when the host is running.
>
>>
>> This is just a food for thought e-mail to get us all thinking about how we
>> would
>> like to tackle this. If we could come up with a solution and implementation
>> before the years end that would be ideal. Especially because zaeph and sachac
>> are pulling no punches in getting serious work done and it'd be nice to
>> support
>> that hard work with safety of their work off-site.
>>
>> I'll make a separate e-mail with my ideas to keep this one from being too
>> long.
>> :)
>>
>> Thanks!
>>
>> -opalvaults (Ry)
>>
>
>
> Best,
> Yuchen
Best,
Yuchen
--
PGP Key: 47F9 D050 1E11 8879 9040 4941 2126 7E93 EF86 DFD0
<https://ypei.me/assets/ypei-pubkey.txt>