Thursday 23 February 2012

Secure backup of untrusted remote hosts

I didn't blog for a long time, so it will be a long post caused by some nightmares I had about not doing proper backups on some of my hosts.

Servers - all those small and big machines most of the geeks own, run or operate. As VPS pricing drops, we see more and more of those low-end, resource strapped servers. Organic growth usually means you start with empty server, some kind of definition what it will be doing and... from there it just goes downhill. How do you backup such VPS? Here is something I use myself.

My backup requirements

  • Automated - it has to run without supervision in roughly regular time intervals, if it's not automated it will never be done (read no backup)
  • Off-site - in case I loose the whole machine for some reason (because RAID is not backup and what fire doesn't destroy, water poured by firemen will)
  • No Cross-Backups - because they require trust relationship between machines and if you think about using cheap VPS'es for cross-backups, remember that you get what you pay for!
  • Automatically delete old backups - to save space, (my) time and money
  • Append only - machine can only write data to its own, designated backup volume but can not delete or modify other volumes (accidents and rogue users do happen)
  • Confidentiality - no unauthorized access backed up data
  • Availability - storage volume has to be highly available so I can not only write to it knowing it's there, but also access backups when I need them
  • Access controls - ability to define granular access rules and enforce append-only usage
  • Economy - it has to have reasonable cost