Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Revisiting VMWare ESX backup options

One word on modern backup strategy: encryption. Cloud services like CrashPlan
take care of this automatically; traditional tape-backup solutions usually
didn't, in the past.

I don't know anything about VMware-specific utilities (for VMs I just back up
the instance like any other system, and make sure that I've got O/S
configuration-management tools that allow me to regenerate an instance
readily).  But whatever utility you use, you should encrypt all backups. AES
encryption no longer adds meaningful overhead to your operations; it's
built-in to current-generation CPUs.  Look for it in whatever utility you
choose, and don't ignore it.

Encryption-key management then becomes a separate backup issue, one that I
haven't fully figured out.  The keys need to be stored separately from the
backups, and encryption-key backups need to be kept current so you don't wind
up with an unrecoverable backup volume (whether it was stored in the cloud, on
tape, or on local disks/USB/whatever).  But as part of my figuring-out
process, I'm leaning toward rotating the keys reasonably often so they're not
out-of-sight/out-of-mind. They can be kept under git within a LUKS or
TrueCrypt volume, to preserve history; or there might be other tools for doing
this that I haven't yet discovered.  My current solution is simple
git-under-LUKS, on USB flash drives that can be stored in a vault, on your
keychain, or wherever.


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /