[Borgbackup] borgbackup 1.2.0a5 alpha release
Melkor Lord
melkor.lord at gmail.com
Tue Mar 26 11:36:26 EDT 2019
On 26/03/2019 08:58, Oon-Ee Ng wrote:
> The assumption that the client is the risk and not the server is not shared
> by all. In particular when the server is off-site or on a third-party
> server, it makes sense that it be treated as untrusted (this is what borg
> assumes based on the implementation and documentation).
If the client is the risk, then having the server contacting the client
is secure by design. There's nothing the client can do to the server to
compromise it, especially if there's no entry point to the server (ssh
or other with appropriate firewall rules)
If the server is treated as untrusted, I wouldn't put my backup data
there in the first place :-)
> Besides, a 'sort-of' pull mode (with a capable server) can already be done
> by remote mounting client directories on the backup server and then running
> borgbackup from that.
This is cumbersome and fragile at best! It works for the most basic
setups but you can forget it for more serious scenarios. For example
when using FS ACLs, there's no remote mounting solution supporting that
properly.
I guess I'm stuck with no proper backup solution for a big server farm
then, at least not using Borg nor Restic for the time being.
Having all the servers (clients) banging/hammering the backup server at
the same time it definitely not a nice solution. Trying to add some
delay to the cron jobs on the clients to avoid that is an inelegant
kludge in my opinion. Instead, having the backup server decide which
servers to contact and efficiently use the I/O and network bandwidth is
way better.
Is there anyone here using Borg in a datacenter infrastructure? With a
good deal of servers pushing their data to a "central" backup server? I
wonder how you manage it efficiently.
I've read here some stories about huge repos but no story yet about lots
of clients pushing to a backup server. I'd like some feedback on that if
you're willing to share your experience.
--
Unix _IS_ user friendly, it's just selective about who its friends are.
More information about the Borgbackup
mailing list