Jump to content

Use another, remote server instead of Cloud?


Recommended Posts

Hey Everybody—

Looking for suggestions on adjusting my usual M.O. of how I set up my customers'' Retrospect environments. I have several of these configured at different sites, and I usually use 2 or 3 USB3 hard drives as independent, rotating-offsite sets. This works okay, but I've had some difficulty w/ filling and failing disks and making sure the customers are rotating as they should be. So I'm wanting to make this less error-prone and more robust.

The Cloud functionality is kind of what I want to do, but I'd rather use my beefy fiber connection and Mac Pro/EMC disk shelves at my disposal to sort of "roll my own" offsite destination. Is this doable? I've seen reference to such things as Minio, but I'm not versed in that yet. What about a simple AFP volume that can be reached via Internet connection? Or even something using Carbon Copy Cloner?

What I'd like to do is implement a larger, faster local backup destination on the existing Retrospect servers that I don't have to make sure is rotated, then mirror those local sets to my server/disk shelf array. Thoughts?

Thanks, Fred 

Link to comment
Share on other sites

fredturner,

First, can your "beefy internet connection"  handle several customers simultaneously copying backups—that were made via Retrospect on your customer's "backup servers"—to your offsite destination?   Copying backups would likely be simultaneous because you'd want to schedule the copying when it didn't coincide with the backups being run on those "backup servers"?  Unless you can keep both those "backup servers" and your offsite destination available 24/7, that copying period would probably be in the early morning or late afternoon—and I'll assume your customers are in the same time zone as you.

Second, are you willing to adapt your OP's  "adjusting my usual M.O."  to avoid subjecting your customers' backed-up data to ransomware or data theft?  Fortunately on 18 August mbennett started a Forums thread about his "way to harden a S******y [my elision—parenthetically explained below—of the well-known brand name] NAS so it can be used with Retrospect to make it ransomware-proof." (Unfortunately that thread's later posts were marred by an argument, begun by me with a gentle expression of concern that higher-ups at StorCentric—which has owned Retrospect "Inc." since 25 June 2019—might delete the thread because S******y NASes are the leading competitor to the Drobo NASes manufactured by another subsidiary of StorCentric.)  You should read at least the "Introduction - Why?" section and the first two paragraphs of the "Overall Scheme" section of the .PDF he attached to his OP.  If you followed that  .PDF, you'd buy a S******y NAS for a few hundred $US and insert at least some members of your "disk shelf array" into it.  You'd then follow mbennett's numbered instructions after the second paragraph in "Overall Scheme" to setup that NAS "with one administrative way in, protected by a strong password and two-factor authentication. The NAS will provide a single service, that of an S3 cloud, and will provide no other file storage services."  You'd also ensure that each customer's Retrospect "backup server" application be "be password protected with a complex password ...."   The .PDF continues  "... and locked after 15 minutes of inactivity.  You should use File | Lock application if you walk away and leave Retrospect running", but that's a Windows facility—used in the .PDF because mbennett wrote it for Retrospect Windows—that AFAIK has no equivalent on macOS.

If your answer to both of those questions is "yes", then IMHO you should "make this less error-prone and more robust" using Copy Backup scripts.  Designate the same Activity Thread for each customer's Copy Backup Script that is designated for his Backup script, because (despite my Feature Request in in the April 2017 Support Case #54601) Retrospect doesn't yet have a Copy Lock feature that would pause a Copy Backup run that is overlapped with a Backup run—pausing needed because only the files that are already entered in the Catalog File are copied.

Edited by DavidHertzberg
Add 2nd paragraph. Rephrase first sentence of 2nd paragraph. Add 3rd paragraph.
Link to comment
Share on other sites

fredturner,

If your answer to either of the two questions I posed in my immediately-preceding post is "no", you might instead want to consider a couple of suggestions for improving "my usual M.O." described in the first paragraph of your OP.

The first suggestion is precisely what I have done for at least the past 5 years (probably 6 years) for my own little home installation.  That is to rotate portable HDD destination drives once a week, and to take the previous week's portable HDD to my safe deposit box in my bank branch 2 short blocks away.  The bank charges US$95/year for a small safe deposit box.  The bank branch is not open 24/7/365, so I have three portable G-DRIVE HDD destination drives instead of two (they're named "G-DRIVE Red", "G-DRIVE White", and "G-DRIVE Blue"; the color part of the names are the ritually-named colors of the American flag I learned as a little kid); the drive I bring home from the bank branch sits just inside my apartment door for a week before being used as a destination again.  If you live in Great Britain (which I suspect you do because of the time-of-day you post—but maybe you're a U.S. night-owl), your bank branch may have safe deposit boxes that are accessible 24/7/365 using 2FA.  I long-ago decided that having the latest off-site backup of my data lag my on-site daily backup by up to a week is acceptable for my little business, but your customers may feel that's too-lengthy a lag.  In any case, the drive swapping that I do at the bank branch could be done by any responsible employee of your customers' businesses—and those businesses probably have an employee go to a bank branch at least once a week for other purposes.

The second suggestion is that you monitor your customers' destination drive rotation using the Retrospect Management Console, which is a free feature of every Edition of Retrospect starting with version 18.0.  I don't need to do this, because I'm the only employee of my little business and I still remember "three cheers for the Red, White, and Blue".  However I should caution you to carefully guard the password (meaning don't store it online) for your Management Console; as Malcolm McLeary pointed out over a year ago in this post in another thread,  the Management Console's use of Heroku and its lack of 2FA pose a threat of data theft from your customers.

 

Link to comment
Share on other sites

Hey David—

Thanks for the reply and thoughts. Yes, my connection will handle the transfers just fine. It is a Gigabit fiber connection, and the fastest upload of any of these clients is 100Mbps, with some being more like 10-20Mbps.

The way I've set up my installations is just like your home setup— multiple USB disks being rotated offsite weekly. Unfortunately, since I can't be everywhere each week, and since that method relies too much on human interaction and the disk sets behaving themselves, that's why I'm wanting to do a sort of "disk-to-disk-to-cloud" arrangement, but really to my own server, not exactly the overused-word "cloud". As for monitoring, I am monitoring and constantly coordinating w/ customer sites, but I'd rather do it better and less vulnerable to human error.

Perhaps the Copy Backup function would work here... How would that compare to the Cloud set, which would back up to local media and upload to the Amazon or other service (which I would like to emulate and be my own "cloud")? Would I just set up a share and make it a File set that the local one gets copied into? I'll do a little experimenting to see if it might be similar enough to what I'm wanting to work. Does kinda suck that in 4.5 years you haven't gotten a seemingly basic lock functionality that you bug-reported. Not terribly surprising tho...

Thx,

Fred...in the US 🙂 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...