Re: [BackupPC-users] Backup Windows clients

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Michael Stowe wrote at about 09:34:18 -0600 on Saturday, January 9, 2010:
 > > What is the best method to make backups with BackupPC on Windows clients?
 > > SSH I think, so I can remotely execute some batch scripts before and
 > > after the backup process (for example to make some SQL server dumps),
 > > right?
 > 
 > I disagree; there are other ways to run pre- and post- scripts that are
 > less delicate and more easily transferred:
 > 
 > http://www.goodjobsucking.com/?p=62
 > 
 > > If yes, what SSH server do you use on Windows (which works with
 > > BackupPC and its Rsync over SSH features)?
 > 
 > > Thank you very much!
 > > Bye.
 > 

Or for a similar approach, you can check out the routine
'shadowmountrsync' that I wrote that does it all in a bash script and
a cmd.exe 1-liner. 
  http://sourceforge.net/apps/mediawiki/backuppc/index.php?title=User_Scripts_-_Client_-_Windows_VSS

It also has code added to backup the acl structure of each share so
that you can restore the full Windows ACLs for any file on your backup

The approach uses ssh, which you probably already have installed and
may even be using if you are doing rsync(d) over ssh for security
anyway. Also, it can be done over a LAN as well as over the Internet
without a VPN or any other security tunnel.

The goodjobsucking approach relies on a separate program winexe which
has a couple of limitations:
1. ***IT DOESN'T WORK WITH XP HOME***
2. It doesn't work over the Internet without a VPN or other tunnel
3. It requires enabling: Windows networking, Printer
   & File Sharing, Remote IPC, and Remote Admin shares along with
   opening the corresponding firewall ports -- all of which
   you may or may not feel comfortable enabling.
4. Beyond that, I haven't heard much talk about winexe's security
   model including whether (or how) traffic is encrypted, how secure
   passwords are, etc. As an example, it seems to use plaintext
   passwords on the command line. On the other hand ssh has
   well-established and well-tested security using rsa/dsa keys
   without the need for cleartext passwords, etc.
5. It requires an additional program that you have to install (winexe)

For a SOHO/home environment, you may not care about 2-5, but then #1
may be a show stopper if any of your computers run XP Home (which it
is for me).

For an enterprise environment, then 2-5 and especially #4 may be an
issue. 

On the other hand, I'm sure my approach isn't perfect since I have to
do some 'tricks' to launch vss and dosdev over ssh.

I definitely am not interested in any flame war here... Both
approaches end up setting up and mounting shadow copies via vshadow
and dosdev -- so look at the different approaches yourself and figure
out what works best for you.