Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Last Line of Defence: be prepared by Open Source Backups with Bareos

72 Aufrufe

Veröffentlicht am

Presentation at the "Southern California Linux Expo" 2019, introducing the Open Source backup solution Bareos. Special focus on preparation against ransomware and other attacks.

Veröffentlicht in: Software
  • The presentation is also available on YouTube: https://www.youtube.com/watch?v=hiIkx0doVB0#t=7h2m20s
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Last Line of Defence: be prepared by Open Source Backups with Bareos

  1. 1. Last Line of Defense: be prepared by Open Source Backups with Bareos
  2. 2. Bareos is a registered trademark of Bareos GmbH & Co. KG Agenda ● Resilience and Disaster recovery in times of Ransomware ● Why Open Source Backups are crucial ● Overview: Bareos – the Open Source backup solution
  3. 3. Bareos is a registered trademark of Bareos GmbH & Co. KG Threats ● Known threats and data loss – Physical damage – Software failure – User failure: rm -Rf / – Malware / Ransomware – Intrusion – ... ● Unknown / unexpected threats ? – ...
  4. 4. Bareos is a registered trademark of Bareos GmbH & Co. KG Defense and Recovery ● Important but scope for other talks – DMZ / Firewalls – Virus scanners – Intrusion detection – Training to prevent social engineering ● Our subject – Resilience and disaster recovery ● Our daily routine is the unexpected William T. Riker
  5. 5. Bareos is a registered trademark of Bareos GmbH & Co. KG
  6. 6. Bareos is a registered trademark of Bareos GmbH & Co. KG Sidekick: Non-Data Backups ● Svalbard Global Seed Vault ● Statistics ~860k seed types ● Funded by Norwegian government ● Backup of global seeds to ensure nutrition after big catastrophes ● First Use-Case: Syria 2015 – Research center Icarda (Aleppo) not fully functional – Restore / re-cultivate lentil seeds from backup seed in new location
  7. 7. Bareos is a registered trademark of Bareos GmbH & Co. KG Some Backup Guidelines ● Network backup: copy your data to dedicated backup server ● Backup your backup: make replication to other media / sites. ● Backup to cloud: encryption mandatory ● Plan your backup and retention: – How long do you need to retain your backup data?
  8. 8. Bareos is a registered trademark of Bareos GmbH & Co. KG Be prepared against Ransomware ● Protect your backup data – Backups to disk: separate from rest of network, only allow access for backup protocol – Read-only medium (worm-tape) ● If using backup-data encryption – Extra copy of encryption key – if lost or unreadable due to ransomware attack – no restore possible
  9. 9. Bareos is a registered trademark of Bareos GmbH & Co. KG Long-term availability ● Technical – Future availability of your backup software on future hardware? – Future availability of hardware drivers to read your media? ● Avoid vendor lock-in – Pay-per-use when you need a restore? – Limited usage allowance – Examples from the field ● No restart after license key expiration possible ● Obligation to delete software after subscription ends – Vendor of backup software goes out of market ?
  10. 10. Bareos is a registered trademark of Bareos GmbH & Co. KG Open Source is crucial for backups ● Distinguish between real open source and ‘open core’ ● No vendor-lock-in ● Even if companies backing a project disappear: code is still available and can be adapted ● Future-proof and adaptable to future hardware: only with open source ● Let’s you reclaim your data, if you backup to cloud
  11. 11. Bareos is a registered trademark of Bareos GmbH & Co. KG Requirements summary ● Backup software only future-proof, if 100% open source ● Be prepared against ransomware and the unexpected: – Keep extra copies of your encryption keys – Separate backup data – Use backup replication, different media (worm) – Backup data easy accessible to enable fast recovery in minimal environment
  12. 12. Bareos is a registered trademark of Bareos GmbH & Co. KG Bareos Introduction ● Backup Archive REcovery Open Sourced ● Bareos is a fork of the bacula.org project ● Fork started by Marco van Wieringen 2010 – Implement own ideas – Speed up development – Sustainably ensure open source project ● First Release 2013 ● Since then yearly a new major version Current release: 18.2
  13. 13. Bareos is a registered trademark of Bareos GmbH & Co. KG Data Sovereignty – NO vendor lock-in ● Bareos is Open Source: – Affero GNU Public License (AGPL) – Code cleanup and re-factoring – A lot of new features – Python plugin interface – Growing Open Source community – Open Storage format – Backup data (disk / tape) easy accessible with command-line tools to scan, extract and recover data without backup server
  14. 14. Bareos is a registered trademark of Bareos GmbH & Co. KG
  15. 15. Bareos is a registered trademark of Bareos GmbH & Co. KG Bareos Overview ● All common sense features of a network backup system, like ● Multi-platform support: Linux, Unix, Windows, MacOS ● Scheduler with multi generation support (Full-, differential-, incremental, virtual full, accurate, ...) ● Inventory (“catalog”) in database (MySQL, Postgres) ● Restore via CLI or GUI on any client ● Encrypted data, transport, ACLs, ... ● Backup media: disk, tape, library, cloud ● Scripting interface for pre- and post – jobs, plugin interface
  16. 16. Bareos is a registered trademark of Bareos GmbH & Co. KG Some New Features ● Support for hardware encryption with LTO (4 and upwards) and enterprise tape libraries ● Client-quota support / Bandwidth limitation ● Native NDMP Support (DAR/DDAR, tape) ● Replication to other backup sites ● Backup to (Ceph, Gluster, S3, Glacier) and from (VMWare, Ceph, Gluster) the cloud ● Python Plugin Interface ● Multi-lingual and multi-tenant web UI ● API
  17. 17. Bareos is a registered trademark of Bareos GmbH & Co. KG Current Release 18.2 ● Transport encryption pre-configured and enabled by default ● Use existing passwords as pre-shared keys ● Inidividual TLS certificates supported, too ● Backwards compatible with older clients ● PAM Authentication supported pam_unix, pam_ldap, pam_ ... ● Modernized build system Autoconf (76k lines) replaced by CMake (5k lines) ● Use modern C++ language features
  18. 18. Bareos is a registered trademark of Bareos GmbH & Co. KG Working on next release: 19.x ● Continue to modernize and refactor legacy code ● Storage Daemon – Support SCSI drive reservation – Improve handling of parallel jobs: auto-configure multiple virtual drives ● Web ui: switch to new framework vue.js – Persistent connection between server and browser: Enable push notifications – Modern design – Configuration changes ● Documentation switch from LaTeX to RST / Sphinx Work in progress, see https://docs.bareos.org ● Build more unittests using ctest
  19. 19. Bareos is a registered trademark of Bareos GmbH & Co. KG Installation Packages ● Source Code on GITHub ● Repacking using Open Build Server – All packages out of one source – All major Linux Distributions – MacOS – Windows Installer Packages with lean redesign of cross compile makefiles, silent install possible ● Additional / on request: AIX, HP-UX, BSD
  20. 20. Bareos is a registered trademark of Bareos GmbH & Co. KG Web UI Restore Browser
  21. 21. Bareos is a registered trademark of Bareos GmbH & Co. KG Publicity ● “ This is one of the largest open-source teams in the world, and is in the top 2% of all project teams on Open Hub.” ● Bareos recommended on SILLS list of open source applications by French government ● Admin Magazine #17 / 2013 Editor's summary: The Bareos fork of Bacula adds new features, expanded functionality, and simplified configuration
  22. 22. Bareos is a registered trademark of Bareos GmbH & Co. KG Downloads ● Weekly unique visits on download.bareos.org Since 2016: mirrors used, no more numbers
  23. 23. Bareos is a registered trademark of Bareos GmbH & Co. KG Customers ● Several Max-Planck-Institutes ● Beuth Hochschule Berlin ● Cardtech: Payment Transaction Provider ● Bavarian State Archives ● Lab Logistics Group ● Mixed industries – Public / government – Universities / Research – SMB – Provider – Finance
  24. 24. Bareos is a registered trademark of Bareos GmbH & Co. KG Services and Partners ● Subscription (software maintenance), Support, Consulting and Training services delivered by Bareos GmbH & Co. KG and global partner network
  25. 25. Bareos is a registered trademark of Bareos GmbH & Co. KG Contact and links ● Subscription, Support, References, Partner: http://www.bareos.com ● Community, Documentation, Download: http://www.bareos.org ● GIT: https://github.com/bareos ● Bug- and feature- tracker Mantis: https://bugs.bareos.org ● Maik Außendorf maik.aussendorf@bareos.com ● Videos and slides with technical presentations, customer stories, background information at the Open Source Backup Conferences archive: https://osbconf.org
  26. 26. Bareos is a registered trademark of Bareos GmbH & Co. KG Picture Credits ● Svalbard Vault (outside) By Frode Ramone from Oslo, Norway (DSCF0896.jpg) [CC BY 2.0 ( http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons ● Svalbard Vault (inside) Dag Endresen [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons ● Seeds CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=425642 ● Petya Free https://commons.wikimedia.org/wiki/File:Petya.A.png ●
  27. 27. Bareos is a registered trademark of Bareos GmbH & Co. KG Visit us at SCALE17 booth #315

×