1.8 KiB
1.8 KiB
Requirements
- All data that are difficult or impossible to reconstruct must be backed up and able to be restored from backup if lost.
- Backups must be automated and must occur without manual interaction with any user.
- Backups must be monitored and tested on a regular basis, to ensure that
- Backups actually occur when they are scheduled
- Backed-up data can be restored and the restored data are correct.
- Backups are encrypted for privacy and security.
- All data exist in at least three places: on the device (client or server) where it is used; on a backup device on our home network; and on an off-site device.
Strategy
- On-site backup for client devices will be provided by the Teal server. The backup tool is Restic, accessible from client devices via SFTP.
- On-site backup for the Teal server itself will be provided by the Cygnus server (Synology). Backup is by Restic over SFTP.
- Note that the choice of the SFTP transport requires that the user account under which Restic is executed on each backup source machine must have passwordless SSH / SFTP access to the backup target machine (where the Restic repository resides). This means that you must log on to the source machine as the user which will be running Restic, execute ssh-keygen to generate a key (with no passphrase), and execute ssh-copy-id sftpuser@target-host to install the key on the target machine.
- Off-site backup is not currently implemented. Two different strategies are being considered:
- Build a custom ZFS-based NAS and deploy it at 28 Carlisle Rd. This server and the Teal server would provide off-site backup for each other via ZFS send / receive.
- Contract with a cloud storage provider for off-backup, probably either Backblaze using Restic over B2 or rsync.net using ZFS send / receive.