From: Jeffrey J. K. <bac...@ko...> - 2010-01-10 09:00:18
|
Michael Stowe wrote at about 09:34:18 -0600 on Saturday, January 9, 2010: > > What is the best method to make backups with BackupPC on Windows clients? > > SSH I think, so I can remotely execute some batch scripts before and > > after the backup process (for example to make some SQL server dumps), > > right? > > I disagree; there are other ways to run pre- and post- scripts that are > less delicate and more easily transferred: > > http://www.goodjobsucking.com/?p=62 > > > If yes, what SSH server do you use on Windows (which works with > > BackupPC and its Rsync over SSH features)? > > > Thank you very much! > > Bye. > Or for a similar approach, you can check out the routine 'shadowmountrsync' that I wrote that does it all in a bash script and a cmd.exe 1-liner. http://sourceforge.net/apps/mediawiki/backuppc/index.php?title=User_Scripts_-_Client_-_Windows_VSS It also has code added to backup the acl structure of each share so that you can restore the full Windows ACLs for any file on your backup The approach uses ssh, which you probably already have installed and may even be using if you are doing rsync(d) over ssh for security anyway. Also, it can be done over a LAN as well as over the Internet without a VPN or any other security tunnel. The goodjobsucking approach relies on a separate program winexe which has a couple of limitations: 1. ***IT DOESN'T WORK WITH XP HOME*** 2. It doesn't work over the Internet without a VPN or other tunnel 3. It requires enabling: Windows networking, Printer & File Sharing, Remote IPC, and Remote Admin shares along with opening the corresponding firewall ports -- all of which you may or may not feel comfortable enabling. 4. Beyond that, I haven't heard much talk about winexe's security model including whether (or how) traffic is encrypted, how secure passwords are, etc. As an example, it seems to use plaintext passwords on the command line. On the other hand ssh has well-established and well-tested security using rsa/dsa keys without the need for cleartext passwords, etc. 5. It requires an additional program that you have to install (winexe) For a SOHO/home environment, you may not care about 2-5, but then #1 may be a show stopper if any of your computers run XP Home (which it is for me). For an enterprise environment, then 2-5 and especially #4 may be an issue. On the other hand, I'm sure my approach isn't perfect since I have to do some 'tricks' to launch vss and dosdev over ssh. I definitely am not interested in any flame war here... Both approaches end up setting up and mounting shadow copies via vshadow and dosdev -- so look at the different approaches yourself and figure out what works best for you. |