Logaholic.de

Avatar

web development

Thank you Windows Home Server

About a year ago I bought a 3TB “NAS” running Windows Home Server: Acer Aspire EasyStore H341.

After a 15 minute setup per machine in my household everything gets automated daily, full backups.

Two days ago my ssd crashed with “SMART status BAD – backup and replace drive”, unable to ignore/boot, windows 7 repair tools didn’t even recognize the drive…

Then:

- Drive to the next store with the ssd replacement i wanted: 15 minutes

- New SSD: 200€

- Booting from the Home Server recovery CD, selecting which partitions to recover: 10 minutes

- All ssd partitions restored: 30 minutes (Gbit lan, yay)

- Reboot, working system (only 6h changes lost, luckily I was mostly sorting my mails)

Windows Home Server makes even complete drive failures a non-event, I really love this fine piece of working, reliable soft- and hardware!

Secure backups with push and pull strategies via amazon s3

Note: If you don’t want to or cannot by company-rule trust Amazon S3, this is probably not what you want to read.

I’m going to show you how one could improve the security of his production environment backups. In this setup the production environment can never harm any old backup. There is another offsite backup location if Amazon S3 should fail – for us being our office, this is also perfect for up-to-date testing/development database snapshots.

We will need two separate Amazon S3 accounts and any s3 console tool (like s3bash).

The production environment, with its own (restricted to put and get files) s3 user, will push backups to our s3 bucket. It is not allowed to delete backups there. It does not have any access to the offsite location. If someone gets access to our production environment, he can not delete our backups on s3 per their acl, and can never harm our offsite backups. This is kind of an one-way solution and represents the “push-strategy“.

The offsite location, with the second, full privileged s3 account, will pull the backups from s3 every night. There are also tools for backup verification and testing-environment updates. This is the “pull-strategy“. The offsite location has access to the production environment for maintenance task and deployment.

Small graphic:

securebackups

I wanted to mention this setup since i read a blogpost about a worst case scenario:

“A huge flight sim site was hacked and destroyed this weekend  – avsim.com. An important lesson on why off-site backups are critical! They had two servers, and had a backup of A on B, and B on A. Both were taken out.”

Downsides:

  • Access to our office network/offsite backups would be bad.
  • Bruteforcing/getting access to our administrative S3 Account would be bad.
  • you have to trust Amazon with your data

Conclusion:

Always combine different backup strategies and test your backups. One day you will need them!

,