Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OS Level Backup Solution

From: Matthew Caron <Matt.Caron () redlion net>
Date: Wed, 19 Dec 2012 08:42:31 -0500
On 12/19/2012 12:38 AM, Amit Bhardwaj wrote:

I have checked internet and have found Bacula as possible solution but
i am not sure if it takes OS level backup as i have mentioned above or
not.
I do not believe so. I have used it in the past, but only for data, not the OS.
As a general case, it is exceedingly difficult to take a *good* backup of the OS while the OS is running, because it will often lock specific files or partitions such that the backup cannot have access to it. Further, you may lack specific partition metadata (RAID information, partition UUIDs, etc.) because that is only available at the raw disk level, not at the mounted filesystem level. As such, the only way to really ensure a good, full, bare metal backup is to boot from alternate media and clone the disk off. That way, you can be assured that nothing is touching the disk and messing things up.
Since VM servers emulate the underlying hardware, you can typically do this from the hypervisor. I believe it accomplishes this by checkpointing the state of the machine (which is a nearly instantaneous operation), then backing up the state at that point in time. Since it is outside the running guest OS, it can do this without issue.
The way I've solved this problem before is to have a triple RAID 1 setup (3 way mirror) and for backups we remove one of the disks from the pool, then image that disk. Since a single RAID item can be booted, we have a "seed" disk to which we can add other disks which then sync with the first. Once the backup is complete, the disk is added back to the pool, where it resyncs. This scheme worked great until the resync time took so long that it started bumping up against the next backup. After that, we just went to redundant machines and only backed up the data. Since the OS only takes an hour or so to install, and hardware is cheap, we'd just spin up another machine as need be. As an optimization of the above, if we had a pool of identical systems (say, like a webserver cluster), we would make a "master" disk and just image new ones from that as needed. 

Hope that helps.
--
Matthew Caron, Software Build Engineer
Sixnet, a Red Lion business | www.sixnet.com
+1 (518) 877-5173 x138 office

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: