- Encrypted offsite backups on auto-mounted media with Bacula & vchanger
- Preparing the Drives (securely wiping)
- Preparing the Drives (encryption)
- Preparing the Drives (filesystem)
- Preparing the Drives (testing)
- Automating the Process (udev)
- Automating the Process (autofs)
- Configuring vchanger
- Configuring Bacula
Encrypted offsite backups on auto-mounted media with Bacula & vchanger
Since backups are the most important process regardless of what industry you are in, it pays to put a lot of thought into creating a reliable, easy-to-use, scalable, and secure backup solution.
This should be pretty obvious. Without a reliable backup solution that "just works" you can not be 100% sure that you will be able to restore any data at any time, and this clearly a bad thing. Files are lost or accidentally deleted by users and there is no excuse for not being able to restore this data.
If your backup process is not simple and painless for the end users (eg: the person or persons responsible for rotating the backup media) then sooner or later shortcuts will be taken, steps will be skipped, errors or warnings will be ignored, and you will not have the data you need when disaster strikes - and it will strike, it's just a matter of time.
How much data are you backing up today? Tomorrow? Next week, month, year? If you build a backup system to only handle your current needs, it will surely need to be replaced sooner than you'd think. You want to make sure that the backup solution you build will take care of your needs now and will continue to work into the future with minor adjustments rather than needing to be completely replaced in a year or two
The only thing more important than having good offsite backups of your data is making sure that someone else does not have access to your data. This is where encryption comes in. If your backups are written to an encrypted device (hard drive, tape drive, CDROM, etc) then you can safely transport your backup media on a regular schedule to an off-site location without the fear of your data being compromised.
The end result we are working towards is an inexpensive, reliable, open-source backup system with multiple, removable, encrypted, inexpensive SATA hard drives that may be removed and changed by an end user without the need to do more than unplug a drive and plug another one in.
Each encrypted drive will contain many 10GB files which Bacula treats as file volumes. The 10GB value for each volume was chosen since it is a reasonable filesize if/when a volume or multiple volumes need to be moved from one drive or system to another.
To reach our goal of creating a reliable, easy-to-use, scalable, and secure backup solution, we will be making use of the following tools/technologies:
- Linux Operating system - Gentoo is the distribution used, but these instructions will work with any Linux distribution.
- Bacula - An open-source, client-server based, scalable, enterprise-ready backup solution. This tutorial assumes that you have a working Bacula configuration
- vchanger - vchanger was designed to be used with Bacula to utilize multiple, removable disk drives as backup media.
- cryptsetyup - Cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings. We will be using LUKS, the Linux Unified Key Setup, the standard for hard disk encryption.
- udev - udev provides a dynamic device directory on a Linux system containing only the files for actually present devices. It creates or removes device node files in the /dev directory as they are added or removed.
- autofs - autofs is used to automatically mount a device or partition when access to a directory is attempted. The auto-mounting is performed based on user-defined rules.
- SATA Drives - In this tutorial, we are using several 750GB standard internal SATA hard drives. They will be connected to the system via an eSATA dock.