SearchFAQMemberlist Log in
Reply to topic Page 1 of 2
Goto page 1, 2  Next
encrypted pc and pool directory
Author Message
Post encrypted pc and pool directory 
Is there any way to setup backuppc so that the pc and the pool directory
are encrypted so they can only be accessed by the web interface with a
valid user?

John


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
Short answer: no.

Speculative answers:

1. The web interface and dump/link commands could be re-written to support
ecryptfs or a similar file-based method.

2. You could use loop-AES to decrypt the partition/logical volume only when
you need it, including when accessing the web page, running backups or
restores, or running BackupPCNightly.

Snarky conclusions: if you don't trust your backup server itself, you are
doing something wrong. Loop-AES at boot to ensure the machine cannot be
carried off, plus decent host security, should be sufficient.

Regards,
Tyler

On 2012-05-16 21:52, John Hutchinson wrote:
Is there any way to setup backuppc so that the pc and the pool directory
are encrypted so they can only be accessed by the web interface with a
valid user?

John


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/


--
"Complaining about ionizing radiation on your way to a plane flight is
like complaining about a TSA pat-down on your way to Caligula's palace."
-- Soren Ragsdale

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
On 16.05.2012 22:52, John Hutchinson wrote:
Is there any way to setup backuppc so that the pc and the pool directory
are encrypted so they can only be accessed by the web interface with a
valid user?

If you mean encryption: No, not really. You can encrypt the disk where
backuppc stores the data. But anything you do will be un-encrypted as
long as backuppc (and the webinterface via apache) is running.

If you mean authentication/authorization, yes thats one of the things
apache can do. And thats really what "access the web-interface with a
valid user" means. Note the the definition of a "valid user" is only
limited by what apache supports for this (which is quite a lot and
includes kerberos and ldap and such things). See the
apache-documentation for that.

Have fun,

Arnold

PS: Is there a reason you didn't start your own thread? - Note that just
hitting "reply" and editing the subject does _not_ create a new thread,
your mail still contains headers in-reply-to: and references: and thus
is still belonging to a different thread...
--
Dieses Email wurde elektronisch erstellt und ist ohne handschriftliche
Unterschrift gültig.


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
ok That answers my question. The issue is that we are looking at backing up clients machines and my boss wanted to be able to tell them that even we can not see their files. I did not think it was possible but thought it was worth asking.

John

On 5/16/2012 7:05 PM, Arnold Krille wrote: On 16.05.2012 22:52, John Hutchinson wrote:
Is there any way to setup backuppc so that the pc and the pool directory
are encrypted so they can only be accessed by the web interface with a
valid user?

If you mean encryption: No, not really. You can encrypt the disk where
backuppc stores the data. But anything you do will be un-encrypted as
long as backuppc (and the webinterface via apache) is running.

If you mean authentication/authorization, yes thats one of the things
apache can do. And thats really what "access the web-interface with a
valid user" means. Note the the definition of a "valid user" is only
limited by what apache supports for this (which is quite a lot and
includes kerberos and ldap and such things). See the
apache-documentation for that.

Have fun,

Arnold

PS: Is there a reason you didn't start your own thread? - Note that just
hitting "reply" and editing the subject does _not_ create a new thread,
your mail still contains headers in-reply-to: and references: and thus
is still belonging to a different thread...


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net ([email]BackupPC-users < at > lists.sourceforge.net[/email])
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/


Post encrypted pc and pool directory 
Actually this coincides with an idea I had for using BackupPC for use as a backup service.  It would have to operate differently to the standard configuration, though.  The system I envisioned was as follows:
  • rather than the BackupPC Server polling clients, the clients would be responsible for initiating the connection to the BackupPC server. 
  • The BackupPC server would need to run Rsyncd in order to listen for connections and expose the backup store location to the client, based on the authentication and other defined criteria (alloted space, compression, encryption, authorization)
  • the clients would run rsync (or some other process) which will send the data across to the BackupPC server, over SSH (for example), which would utilize encryption for the SSH path.  
  • Optionally, the data can (possibly) be encrypted BY THE CLIENT, and sent across as raw bits to be stored on the Rsync store.  This would mean that, as was suggested  by John's boss, the server does not have access to the unencrypted data, as the client could choose their own password which the server/service provider would not have.  This would mean, though that data recovery from failed disks would be a royal pain

Issues: 
  • Client access to the data - the web interface would become much more complex, as it would now need to be accessed over a WAN or Internet in order to check or manipulate clients backups and restores.
  • Client would now need to keep "backup state" information
  • WAN link becomes issue - Internet connection speeds will determine backup duration.
  • Backing up of clients may be limited to the use of Rsync and SSH.



Other Considerations:
  • Client can optionally have a "staging server" which offers a web interface for local "consumption, interacts directly with the backup server (as a sort of gateway), keeps backup state and status, and stores commonly accessed info (backup details, file lists, etc), and would be responsible for requesting files for restore from the backup server.  This could aid with system security, as the Backup Service will have less interfaces to expose to the public.
  • Secure encrypted communications can then happen between staging server and BackupPC server(s), with on-disk encryption, if needed, being done by the staging server before shipping files over.



This means that BackupPC would need to be changed from a "pull" backup system (by the server), to  "push" backups (by the clients).  It would also change the way the web interface operated (if clients now access from the server), or the structure and relationship between systems if the option of a gateway or staging server is utilized.
While I am not a programmer, and would not be able to even begin to provide any assistance in this, I think such an option would not just put BackupPC over the top (as it is already there), but would place it in a completely new class of software (BaaS - Backups as a Service), and open up a whole new realm of options for OSS fans.


Any criticisms (or dissecting, correcting, whatever) of the above is welcomed.  Does anyone think this may be feasible?




Gerry George
DigiSolv, Inc.


On Thu, May 17, 2012 at 3:46 PM, John Hutchinson <john < at > upnorth.net ([email]john < at > upnorth.net[/email])> wrote:
ok That answers my question.  The issue is that we are looking at backing up clients machines and my boss wanted to be able to tell them that even we can not see their files.  I did not think it was possible but thought it was worth asking.

John

On 5/16/2012 7:05 PM, Arnold Krille wrote:

On 16.05.2012 22:52, John Hutchinson wrote:
Is there any way to setup backuppc so that the pc and the pool directory
are encrypted so they can only be accessed by the web interface with a
valid user?
If you mean encryption: No, not really. You can encrypt the disk where
backuppc stores the data. But anything you do will be un-encrypted as
long as backuppc (and the webinterface via apache) is running.

If you mean authentication/authorization, yes thats one of the things
apache can do. And thats really what "access the web-interface with a
valid user" means. Note the the definition of a "valid user" is only
limited by what apache supports for this (which is quite a lot and
includes kerberos and ldap and such things). See the
apache-documentation for that.

Have fun,

Arnold

PS: Is there a reason you didn't start your own thread? - Note that just
hitting "reply" and editing the subject does _not_ create a new thread,
your mail still contains headers in-reply-to: and references: and thus
is still belonging to a different thread...




------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net ([email]BackupPC-users < at > lists.sourceforge.net[/email])
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/




------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net ([email]BackupPC-users < at > lists.sourceforge.net[/email])
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/



Post encrypted pc and pool directory 
On 2012-05-17 21:38, Gerry George wrote:
* Optionally, the data can (possibly) be encrypted BY THE CLIENT, and
sent across as raw bits to be stored on the Rsync store.

This will render the de-duplication features of BackupPC useless.

Regards,
Tyler

--
"[...] the effectiveness of pat-downs does not matter very much, because
the obvious goal of the TSA is to make the pat-down embarrassing enough
for the average passenger that the vast majority of people will choose
high-tech humiliation over the low-tech ball check."
-- Jeffrey Goldberg, "For the First Time, the TSA Meets Resistance"
The Atlantic, 2010-10-29

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
On Thu, May 17, 2012 at 4:15 PM, Tyler J. Wagner <tyler < at > tolaris.com> wrote:
On 2012-05-17 21:38, Gerry George wrote:
  * Optionally, the data can (possibly) be encrypted BY THE CLIENT, and
    sent across as raw bits to be stored on the Rsync store.

This will render the de-duplication features of BackupPC useless.

I do like the idea of an open source project with those features but
they don't mesh with backuppc at all. And doing it as as service
you'd have to compete with these guys:
http://www.backblaze.com/
They've sort-of open-sourced their hardware design but not software.
http://blog.backblaze.com/2011/07/20/petabytes-on-a-budget-v2-0revealing-more-secrets/
--
Les Mikesell
lesmikesell < at > gmail.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
On Thursday 17 May 2012 15:46:26 John Hutchinson wrote:
ok That answers my question. The issue is that we are looking at
backing up clients machines and my boss wanted to be able to tell them
that even we can not see their files. I did not think it was possible
but thought it was worth asking.

Encrypting the data on the client side has several consequences:
- BackupPC is really good with de-duplication. The same file stored on several
clients in several backups only takes up the space one time in the pool. With
client-side encryption, this would be deactivated half-way as only the same
file from the same client could be de-duplicated.
- Client-side encryption also enforces client-side decryption. Loose the key
on the client (because you lost the client) and you also loose all the data.
This pretty much counters the whole purpose of a backup.

Yes, your clients have to trust you regarding the backup. But they (hopefully)
already trust you with their system-administration.
And it will be easier for them to trust you with the backup while all is well,
then trusting you in that you can restore at least some of their data from
their fried disk using a clean-room and an oscilloscope.
And they should trust you with their backup instead of trusting a thieve to
return the data...

What we do:
- Encrypt the disk backuppc runs on, that helps when someone steals the
disk/machine.
- Secure our systems, that helps when someone enter the network.
- Write gpg-encrypted tars to tape/nas. Helps when someone steals the media.

Have fun,

Arnold

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
I agree with the data de-duplication issues mentioned.  This is one of BackupPC's strongest features and defeating this option will seriously reduce the attraction of the software.

On the other hand, ignoring the encryption requirement, how does the conversion form "pull" to "push" backups as was described (proposed?)  sound to be able to provide an offsite data backup service?   What about the potential challenges to the client web access under the current model if the backup server is located remotely to the client?

Gerry George

On Fri, May 18, 2012 at 7:00 AM, Arnold Krille <arnold < at > arnoldarts.de ([email]arnold < at > arnoldarts.de[/email])> wrote:
On Thursday 17 May 2012 15:46:26 John Hutchinson wrote:
ok That answers my question.  The issue is that we are looking at
backing up clients machines and my boss wanted to be able to tell them
that even we can not see their files.  I did not think it was possible
but thought it was worth asking.


Encrypting the data on the client side has several consequences:
 - BackupPC is really good with de-duplication. The same file stored on several
clients in several backups only takes up the space one time in the pool. With
client-side encryption, this would be deactivated half-way as only the same
file from the same client could be de-duplicated.
 - Client-side encryption also enforces client-side decryption. Loose the key
on the client (because you lost the client) and you also loose all the data.
This pretty much counters the whole purpose of a backup.

Yes, your clients have to trust you regarding the backup. But they (hopefully)
already trust you with their system-administration.
And it will be easier for them to trust you with the backup while all is well,
then trusting you in that you can restore at least some of their data from
their fried disk using a clean-room and an oscilloscope.
And they should trust you with their backup instead of trusting a thieve to
return the data...

What we do:
 - Encrypt the disk backuppc runs on, that helps when someone steals the
disk/machine.
 - Secure our systems, that helps when someone enter the network.
 - Write gpg-encrypted tars to tape/nas. Helps when someone steals the media.

Have fun,

Arnold

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net ([email]BackupPC-users < at > lists.sourceforge.net[/email])
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/




Post encrypted pc and pool directory 
On Fri, May 18, 2012 at 6:29 AM, Gerry George <george.gerry < at > gmail.com> wrote:
I agree with the data de-duplication issues mentioned.  This is one of
BackupPC's strongest features and defeating this option will seriously
reduce the attraction of the software.

On the other hand, ignoring the encryption requirement, how does the
conversion form "pull" to "push" backups as was described (proposed?)  sound
to be able to provide an offsite data backup service?   What about the
potential challenges to the client web access under the current model if the
backup server is located remotely to the client?

You can do that with no changes to backuppc itself. You can use the
web interface to start a backup on demand. The catch is that 'remote'
in this context is likely to mean behind a NAT or roaming. In that
you can set up a VPN that has a known IP for the end point, or an ssh
tunnel with pre-arranged port forwarding for backuppc to use.

--
Les Mikesell
lesmikesell < at > gmail.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
Gerry George wrote at about 16:38:47 -0400 on Thursday, May 17, 2012:
Actually this coincides with an idea I had for using BackupPC for use as a
backup service. It would have to operate differently to the standard
configuration, though. The system I envisioned was as follows:

- rather than the BackupPC Server polling clients, the clients would be
responsible for initiating the connection to the BackupPC server.
- The BackupPC server would need to run Rsyncd in order to listen for
connections and expose the backup store location to the client, based on
the authentication and other defined criteria (alloted space, compression,
encryption, authorization)
- the clients would run rsync (or some other process) which will send
the data across to the BackupPC server, over SSH (for example), which would
utilize encryption for the SSH path.
- Optionally, the data can (possibly) be encrypted BY THE CLIENT, and
sent across as raw bits to be stored on the Rsync store. This would mean
that, as was suggested by John's boss, the server does not have access to
the unencrypted data, as the client could choose their own password which
the server/service provider would not have. This would mean, though that
data recovery from failed disks would be a royal pain

Issues:

- Client access to the data - the web interface would become much more
complex, as it would now need to be accessed over a WAN or Internet in
order to check or manipulate clients backups and restores.
- Client would now need to keep "backup state" information
- WAN link becomes issue - Internet connection speeds will determine
backup duration.
- Backing up of clients may be limited to the use of Rsync and SSH.


Other Considerations:

- Client can optionally have a "staging server" which offers a web
interface for local "consumption, interacts directly with the backup server
(as a sort of gateway), keeps backup state and status, and stores commonly
accessed info (backup details, file lists, etc), and would be responsible
for requesting files for restore from the backup server. This could aid
with system security, as the Backup Service will have less interfaces to
expose to the public.
- Secure encrypted communications can then happen between staging server
and BackupPC server(s), with on-disk encryption, if needed, being done by
the staging server before shipping files over.


This means that BackupPC would need to be changed from a "pull" backup
system (by the server), to "push" backups (by the clients). It would also
change the way the web interface operated (if clients now access from the
server), or the structure and relationship between systems if the option of
a gateway or staging server is utilized.

While I am not a programmer, and would not be able to even begin to provide
any assistance in this, I think such an option would not just put BackupPC
over the top (as it is already there), but would place it in a completely
new class of software (BaaS - Backups as a Service), and open up a whole
new realm of options for OSS fans.


Any criticisms (or dissecting, correcting, whatever) of the above is
welcomed. Does anyone think this may be feasible?

Yeah -- why would anyone ever want to do this?
The whole beauty/simplicity of BackupPC is that it does not need any
specialized client to install, manage and run -- it simply uses
existing ssh/rsync/smb/tar/ftp etc. applications. Nor is there
anything to run or break on the client.

Plus, any encryption on the client side hidden to the server would
completely destroy BackupPC's pooling/deduplication feature which is
perhaps one of its strongest and most unique features.

Plus, this would require a near-complete rewrite of BackupPC.

So, why the heck would anyone want to do this?

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
On Fri, May 18, 2012 at 9:55 AM, Jeffrey J. Kosowsky <backuppc < at > kosowsky.org ([email]backuppc < at > kosowsky.org[/email])> wrote:
Gerry George wrote at about 16:38:47 -0400 on Thursday, May 17, 2012:
 > Actually this coincides with an idea I had for using BackupPC for use as a
 > backup service.  It would have to operate differently to the standard
 > configuration, though.  The system I envisioned was as follows:
 >

 >    - rather than the BackupPC Server polling clients, the clients would be
 >    responsible for initiating the connection to the BackupPC server.

 >    - The BackupPC server would need to run Rsyncd in order to listen for
 >    connections and expose the backup store location to the client, based on
 >    the authentication and other defined criteria (alloted space, compression,
 >    encryption, authorization)

 >    - the clients would run rsync (or some other process) which will send
 >    the data across to the BackupPC server, over SSH (for example), which would
 >    utilize encryption for the SSH path.

 >    - Optionally, the data can (possibly) be encrypted BY THE CLIENT, and
 >    sent across as raw bits to be stored on the Rsync store.  This would mean
 >    that, as was suggested  by John's boss, the server does not have access to
 >    the unencrypted data, as the client could choose their own password which
 >    the server/service provider would not have.  This would mean, though that
 >    data recovery from failed disks would be a royal pain
 >
 > Issues:
 >

 >    - Client access to the data - the web interface would become much more
 >    complex, as it would now need to be accessed over a WAN or Internet in
 >    order to check or manipulate clients backups and restores.

 >    - Client would now need to keep "backup state" information
 >    - WAN link becomes issue - Internet connection speeds will determine
 >    backup duration.
 >    - Backing up of clients may be limited to the use of Rsync and SSH.
 >
 >
 > Other Considerations:
 >
 >    - Client can optionally have a "staging server" which offers a web
 >    interface for local "consumption, interacts directly with the backup server
 >    (as a sort of gateway), keeps backup state and status, and stores commonly
 >    accessed info (backup details, file lists, etc), and would be responsible
 >    for requesting files for restore from the backup server.  This could aid
 >    with system security, as the Backup Service will have less interfaces to
 >    expose to the public.

 >    - Secure encrypted communications can then happen between staging server
 >    and BackupPC server(s), with on-disk encryption, if needed, being done by
 >    the staging server before shipping files over.
 >
 >
 > This means that BackupPC would need to be changed from a "pull" backup
 > system (by the server), to  "push" backups (by the clients).  It would also
 > change the way the web interface operated (if clients now access from the
 > server), or the structure and relationship between systems if the option of
 > a gateway or staging server is utilized.
 >
 > While I am not a programmer, and would not be able to even begin to provide
 > any assistance in this, I think such an option would not just put BackupPC
 > over the top (as it is already there), but would place it in a completely
 > new class of software (BaaS - Backups as a Service), and open up a whole
 > new realm of options for OSS fans.
 >
 >
 > Any criticisms (or dissecting, correcting, whatever) of the above is
 > welcomed.  Does anyone think this may be feasible?


Yeah -- why would anyone ever want to do this?
The whole beauty/simplicity of BackupPC is that it does not need any
specialized client to install, manage and run -- it simply uses
existing ssh/rsync/smb/tar/ftp etc. applications. Nor is there
anything to run or break on the client.

Plus, any encryption on the client side hidden to the server would
completely destroy BackupPC's pooling/deduplication feature which is
perhaps one of its strongest and most unique features.

Plus, this would require a near-complete rewrite of BackupPC.

So, why the heck would anyone want to do this?




Well, the data de-duplication issue has been conceded. 

However, why would one wish to have a "push" backup server which waits for the clients to send backups - easy, to run a remote backup service for disparate clts on separate (and remote) networks, whose systems are all separate, distinct and unrelated to each other. 

I think there may be a window of opportunity there.  As far as the complete re-write, if encryption is left out, it may only require a rewrite of the web front-end, since all of the other pieces will mostly remain in place.

Gerry George

Post encrypted pc and pool directory 
Gerry George wrote at about 10:27:04 -0400 on Friday, May 18, 2012:
On Fri, May 18, 2012 at 9:55 AM, Jeffrey J. Kosowsky
<backuppc < at > kosowsky.org>wrote:

Gerry George wrote at about 16:38:47 -0400 on Thursday, May 17, 2012:
Actually this coincides with an idea I had for using BackupPC for use
as a
backup service. It would have to operate differently to the standard
configuration, though. The system I envisioned was as follows:

- rather than the BackupPC Server polling clients, the clients would
be
responsible for initiating the connection to the BackupPC server.
- The BackupPC server would need to run Rsyncd in order to listen for
connections and expose the backup store location to the client,
based on
the authentication and other defined criteria (alloted space,
compression,
encryption, authorization)
- the clients would run rsync (or some other process) which will send
the data across to the BackupPC server, over SSH (for example),
which would
utilize encryption for the SSH path.
- Optionally, the data can (possibly) be encrypted BY THE CLIENT, and
sent across as raw bits to be stored on the Rsync store. This would
mean
that, as was suggested by John's boss, the server does not have
access to
the unencrypted data, as the client could choose their own password
which
the server/service provider would not have. This would mean, though
that
data recovery from failed disks would be a royal pain

Issues:

- Client access to the data - the web interface would become much
more
complex, as it would now need to be accessed over a WAN or Internet
in
order to check or manipulate clients backups and restores.
- Client would now need to keep "backup state" information
- WAN link becomes issue - Internet connection speeds will determine
backup duration.
- Backing up of clients may be limited to the use of Rsync and SSH.


Other Considerations:

- Client can optionally have a "staging server" which offers a web
interface for local "consumption, interacts directly with the backup
server
(as a sort of gateway), keeps backup state and status, and stores
commonly
accessed info (backup details, file lists, etc), and would be
responsible
for requesting files for restore from the backup server. This could
aid
with system security, as the Backup Service will have less
interfaces to
expose to the public.
- Secure encrypted communications can then happen between staging
server
and BackupPC server(s), with on-disk encryption, if needed, being
done by
the staging server before shipping files over.


This means that BackupPC would need to be changed from a "pull" backup
system (by the server), to "push" backups (by the clients). It would
also
change the way the web interface operated (if clients now access from
the
server), or the structure and relationship between systems if the
option of
a gateway or staging server is utilized.

While I am not a programmer, and would not be able to even begin to
provide
any assistance in this, I think such an option would not just put
BackupPC
over the top (as it is already there), but would place it in a
completely
new class of software (BaaS - Backups as a Service), and open up a whole
new realm of options for OSS fans.


Any criticisms (or dissecting, correcting, whatever) of the above is
welcomed. Does anyone think this may be feasible?

Yeah -- why would anyone ever want to do this?
The whole beauty/simplicity of BackupPC is that it does not need any
specialized client to install, manage and run -- it simply uses
existing ssh/rsync/smb/tar/ftp etc. applications. Nor is there
anything to run or break on the client.

Plus, any encryption on the client side hidden to the server would
completely destroy BackupPC's pooling/deduplication feature which is
perhaps one of its strongest and most unique features.

Plus, this would require a near-complete rewrite of BackupPC.

So, why the heck would anyone want to do this?


Well, the data de-duplication issue has been conceded.

However, why would one wish to have a "push" backup server which waits for
the clients to send backups - easy, to run a remote backup service for
disparate clts on separate (and remote) networks, whose systems are all
separate, distinct and unrelated to each other.

So? BackupPC has no problem dealing with disparate systems now. It
does not care what the systems are. Plus a "push" system allows for
queuing to manage network and server bandwidth.

If you wish to avoid the central scheduler and initiate backups from
your client, then just write a client-side script that sends a command
to the server (e.g. via 'ssh') to initialize a backup.


I think there may be a window of opportunity there. As far as the complete
re-write, if encryption is left out, it may only require a rewrite of the
web front-end, since all of the other pieces will mostly remain in place.

Gerry George

----------------------------------------------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

----------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Post encrypted pc and pool directory 
On 18/05/12 23:55, Jeffrey J. Kosowsky wrote:

Yeah -- why would anyone ever want to do this?
The whole beauty/simplicity of BackupPC is that it does not need any
specialized client to install, manage and run -- it simply uses
existing ssh/rsync/smb/tar/ftp etc. applications. Nor is there
anything to run or break on the client.
Actually, when backing up machines on a remote Internet connection, this is really only true for unix like OS's. For windows you need to add some sort of non-standard software (such as SSH) to tunnel/protect the data, as well as some sort of backup/transfer (eg rsync/rsyncd) to actually transfer the changed data sensibly (no, SMB wouldn't work very well).

Backuppc works fantastically for large number of "standard" windows PC on the local network or at least internal network, or for unix like servers and workstations either local or remote.

It doesn't work perfectly for remote windows machines.

In my opinion, it would be nice to be able to move the selection of "share names" and file inclusion/exclusion to the client, along with instigating the actual backup. Also, to be able to get the client to say "Oh, this one file just changed, please add it to the backup"...

This would allow a large number of disparate configurations (ie, backup as a service type users) to maintain their own list of files that get backed up.
The main thing preventing backuppc from being used in this scenario is the lack of a "wizard" which runs on windows, and can be used to configure the backup. If a end user could download some software to run on their PC, configure the username/password allocated to them, configure the shares and files to include/exclude, and then "submit" that to the server. Finally, the client would need to keep some sort of "tunnel" open to the server so that the backups can be run through any firewall/etc. However, I think that this might almost never happen, for the following reasons:
1) People who want this don't know how to write the code (myself included) and those with the money tend to close source
2) People using backuppc tend to be 'unix' people, since it won't run under windows anyway (at least, not on an ntfs)
3) People using backuppc tend to be the "administrator", hence they will just config everything centrally rather than individually on each PC, and better to not allow the stupid end user to muck up any config on their local machine anyway.
Plus, any encryption on the client side hidden to the server would
completely destroy BackupPC's pooling/deduplication feature which is
perhaps one of its strongest and most unique features.

I would suggest that encryption at the transport layer is probably sufficient, only truly paranoid people want to encrypt without the backup server knowing the content, and truly paranoid people wouldn't trust the backup system either so would create their own Smile

Sure, some limited scenario's may require complete stored data encryption, but then a pre-process that encrypts the data before making it available to the standard backuppc methods is sufficient (ie, preusercmd or similar).
Plus, this would require a near-complete rewrite of BackupPC.

So, why the heck would anyone want to do this?
If backuppc is too far away from what you want, then it is the wrong product for your scenario. Possibly it is the closest to what you want, and so you are tempted to try and squish it into the shape you want, but that just won't work. No product is right for everybody in every scenario.

Don't get me wrong, backuppc is awesome, it does a fantastic job, it just doesn't do everything Smile

PS, the recent new exe file for windows clients from Michael Stowe is a great movement towards solving the windows issue. My dream would be to add the "tunnel" software to this client, whether ssh based, or openvpn based, (or both) either would almost completely solve the issue, including allowing winexe to run to a remote (behind NAT router) windows client.

Regards,
Adam

--
Adam Goryachev
Website Managers
www.websitemanagers.com.au

Post encrypted pc and pool directory 
On 05/19 12:41 , Adam Goryachev wrote:
In my opinion, it would be nice to be able to move the selection of
"share names" and file inclusion/exclusion to the client, along with
instigating the actual backup. Also, to be able to get the client to say
"Oh, this one file just changed, please add it to the backup"...

This is pretty much what Crashplan does.
However, for the reasons you point out, Adam, Crashplan is closed-source.

--
Carl Soderstrom
Systems Administrator
Real-Time Enterprises
www.real-time.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Display posts from previous:
Reply to topic Page 1 of 2
Goto page 1, 2  Next
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
  


Magic SEO URL for phpBB