We help IT Professionals succeed at work.

Back Up - Restore - General Security Plan

curiojs
curiojs asked
on
I have a project I am working on that entails two linux servers with 50 dumb terminals.  One of the linux servers contains all of the applications and data and the other one is used for email and internet connectivity.  There are about 100 users total, some of which access these servers remotely.  I am trying to get some input on what might be the best backup device and/or software to use for this system and what some of the security risks are that need to be looked at other than the obvious (email virus, etc.)  Trying to do an overall plan for this project.  If you have any ideas on where to start please help.  Thanks.

CurioJS
Comment
Watch Question

Commented:
There is a feature running on www.securityfocus.com which will show you some strategy of dealing with the security issues of such a system.

As far as the backup is concerned, it is down to what SLA (service level agreement) is begin agreed between your users and you. This boils down to agreed times for backup cycles, for holding backup data online, offline or even offsite, for time to restore of data. This also involves disaster recovery on the one end and user education for usability and security on the other.

You basically ask us, how long is a piece of string.. ;-)

The gory details of the backup are usually down of segmenting data into static and dynamic (i.e. changing once, sometimes or often), and security level (for selected use, for common use or published).

Once you have a good idea what you are going to backup, you then can estimated the volume of traffic. Thus giving you an idea of what devices (network, built-in tape, etc.) and what volume (30GB .. NNN Terabyte) of data per shot and also how long the process is going to take.

My company uses tape libraries for customer and internal backups. Though I use a 30GB drive to backup all the source code and user data on our own server (20 ppl).

Take your pick.


Commented:
I have a similar setup to yours at a local school. The way I did it was to install a 3rd machine on the network. To this machine I attached a DLT tape drive. This is the backup system.

The backup system uses cron to drive scripts that run overnight when the system is fairly stable and perform an incremental backup to directories on the backup machine. During the day the system administrator then uses BRU-16 to back these directories to DLT tape.

The advantages of this system are as follows :

> The backup from the target systems is done unattended at a quiet system time.
> The latest image of each system exists on disk on the backup machine so individual files can be recovered quickly if a user accidentally deletes a file.
> The tape backup can be done while staff are on hand to load tapes.
> The backup system gives an area on disk where backup tapes can be recovered to disk to ensure that the tapes are readable (your do test your backup tapes don't you!)
> The backup machine can be used by new sys admins to experiment with linux if need be.

The shared disks from the target systems are shared as read-only devices and the connections are made and dropped by the backup scripts. If files are to be restored from the backup system to the targets then the shares are manually changed to r/w for the duration of the restore process only.

This may not be the ideal system but it works for this installation and is relatively cheap.

Another place to look at for backup scripts etc is www.backup-central.com. Their hostdump.sh script is especially good (and free).

Above all - buy and read the O'Reilly volume - Unix Backup and Recovery - this is a must have volume for any sys admin and may well save your job and/or sanity.

Cheers - Gavin

Commented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area to:
Accept kyrmit's answer
Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
majorwoo
EE Cleanup Volunteer
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange

Explore More ContentExplore courses, solutions, and other research materials related to this topic.