Disaster Recovery in a lanless network
-
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
-
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
-
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
True, that is what I do for mine. I have my NAS's management service and file services on separate networks. I can only access the NAS file services from my backup server... I still have risk if that backup server ends up executing a crypto-whatever, but that is a small threat window (and I also have offsite copies that are not accessible from that server.)
-
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
-
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
-
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
I think I see where you're going with this. The backup software runs as a user that is only used for that software. If that's the case, then there are still two things to consider.
- you don't actually need to mount it because the backup software will right directly to the UNC path, for which only that user is allowed right access.
- while mounted as another user, only the backup user account itself can actually write to the mount, so you should be able to leave it mounted all the time.
-
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
I think I see where you're going with this. The backup software runs as a user that is only used for that software. If that's the case, then there are still two things to consider.
- you don't actually need to mount it because the backup software will right directly to the UNC path, for which only that user is allowed right access.
- while mounted as another user, only the backup user account itself can actually write to the mount, so you should be able to leave it mounted all the time.
True. I'm thinking along the lines of the way Veeam for Linux works (I'm on the beta).... It mounts, backs up, then unmounts.
-
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
I think I see where you're going with this. The backup software runs as a user that is only used for that software. If that's the case, then there are still two things to consider.
- you don't actually need to mount it because the backup software will right directly to the UNC path, for which only that user is allowed right access.
- while mounted as another user, only the backup user account itself can actually write to the mount, so you should be able to leave it mounted all the time.
True. I'm thinking along the lines of the way Veeam for Linux works (I'm on the beta).... It mounts, backs up, then unmounts.
That explains it.. I don't think Windows works that way, and if it does, it's completely under the hood. I suppose you could see some sort of mount if you dig around, but I doubt it would be enumerated as a drive letter, if you were using a UNC instead of a pre mounted mapped drive.
-
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
I think I see where you're going with this. The backup software runs as a user that is only used for that software. If that's the case, then there are still two things to consider.
- you don't actually need to mount it because the backup software will right directly to the UNC path, for which only that user is allowed right access.
- while mounted as another user, only the backup user account itself can actually write to the mount, so you should be able to leave it mounted all the time.
True. I'm thinking along the lines of the way Veeam for Linux works (I'm on the beta).... It mounts, backs up, then unmounts.
That explains it.. I don't think Windows works that way, and if it does, it's completely under the hood. I suppose you could see some sort of mount if you dig around, but I doubt it would be enumerated as a drive letter, if you were using a UNC instead of a pre mounted mapped drive.
Don't know about the Windows version... I back up to an always connected USB drive with Veeam hangs head in shame lol.
-
@dafyre better than no backups
looks at the USB HDD's in his server room and quietly shuffles out of the thread
-
@MattSpeller said in Disaster Recovery in a lanless network:
@dafyre better than no backups
looks at the USB HDD's in his server room and quietly shuffles out of the thread
Fortunately for me, this is just a whitebox sitting on a desk.
... and all my serious backups are shipped out to Crashplan, though I may start toying with using ACD as my backup location. -
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
I think I see where you're going with this. The backup software runs as a user that is only used for that software. If that's the case, then there are still two things to consider.
- you don't actually need to mount it because the backup software will right directly to the UNC path, for which only that user is allowed right access.
- while mounted as another user, only the backup user account itself can actually write to the mount, so you should be able to leave it mounted all the time.
True. I'm thinking along the lines of the way Veeam for Linux works (I'm on the beta).... It mounts, backs up, then unmounts.
That explains it.. I don't think Windows works that way, and if it does, it's completely under the hood. I suppose you could see some sort of mount if you dig around, but I doubt it would be enumerated as a drive letter, if you were using a UNC instead of a pre mounted mapped drive.
Don't know about the Windows version... I back up to an always connected USB drive with Veeam hangs head in shame lol.
Don't feel bad. My onsite backup for our x-rays are on a USB attached drive. The Offsites are a bit better off though
-
Nothing wrong with USB-attached backup storage... if you have the time to wait out the write speed.
-
@art_of_shred said in Disaster Recovery in a lanless network:
Nothing wrong with USB-attached backup storage... if you have the time to wait out the write speed.
And have a very, very reliable means of connecting and disconnecting the backup device at the beginning and end of the backup process. If not, the backup remains tightly coupled to the machine in question and is compromised de facto with the system itself.
USB attached backups are generally toast first, rather than last or never, in the situation where you get ransomware.
-
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
I think I see where you're going with this. The backup software runs as a user that is only used for that software. If that's the case, then there are still two things to consider.
- you don't actually need to mount it because the backup software will right directly to the UNC path, for which only that user is allowed right access.
- while mounted as another user, only the backup user account itself can actually write to the mount, so you should be able to leave it mounted all the time.
True. I'm thinking along the lines of the way Veeam for Linux works (I'm on the beta).... It mounts, backs up, then unmounts.
That explains it.. I don't think Windows works that way, and if it does, it's completely under the hood. I suppose you could see some sort of mount if you dig around, but I doubt it would be enumerated as a drive letter, if you were using a UNC instead of a pre mounted mapped drive.
Don't know about the Windows version... I back up to an always connected USB drive with Veeam hangs head in shame lol.
Don't feel bad. My onsite backup for our x-rays are on a USB attached drive. The Offsites are a bit better off though
USB drive sitting on a shelf? Or actually attached to the server? USB as a mechanism is just fine.
-
@scottalanmiller said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@Dashrender said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@brianlittlejohn said in Disaster Recovery in a lanless network:
@dafyre said in Disaster Recovery in a lanless network:
@scottalanmiller said in Disaster Recovery in a lanless network:
There really isn't anything too special as normal backups tend to be LANless already. Not always, but generally. Some backup tools rely on SMB/NFS which is not very LANless, but lots don't.
You consider backups that are stored separately from other files generally safer, right?
What about a backup system that mounts the CIFS / NFS path when the backups start, and then unmounts them when it has completed?
You still have an issue where Crypto-whatever 's are scanning the networks for CIFS/NFS shares.
True, but generally such shares are only writable to a particular user / server.
Then why bother unmounting them? You gain nothing by unmounting them.
In the event that the backup server does get hit with a crypto... If the backup drives aren't mounted, then at least your data is safe until backups start.
I think I see where you're going with this. The backup software runs as a user that is only used for that software. If that's the case, then there are still two things to consider.
- you don't actually need to mount it because the backup software will right directly to the UNC path, for which only that user is allowed right access.
- while mounted as another user, only the backup user account itself can actually write to the mount, so you should be able to leave it mounted all the time.
True. I'm thinking along the lines of the way Veeam for Linux works (I'm on the beta).... It mounts, backs up, then unmounts.
That explains it.. I don't think Windows works that way, and if it does, it's completely under the hood. I suppose you could see some sort of mount if you dig around, but I doubt it would be enumerated as a drive letter, if you were using a UNC instead of a pre mounted mapped drive.
Don't know about the Windows version... I back up to an always connected USB drive with Veeam hangs head in shame lol.
Don't feel bad. My onsite backup for our x-rays are on a USB attached drive. The Offsites are a bit better off though
USB drive sitting on a shelf? Or actually attached to the server? USB as a mechanism is just fine.
Sitting on a shelf?
Actually it's both, the drive is sitting on a shelf AND it's connected to the server.
I don't like it because it's a single drive, no reliability in the data - HUGE hassle to recreate if there's a failure. Originally put in place as a band-aid, but we all know how those end up. The cost of rebuilding it is about 4 times the cost of a Buffalo 2 drive NAS.
