Presentation at the "Southern California Linux Expo" 2019, introducing the Open Source backup solution Bareos. Special focus on preparation against ransomware and other attacks.
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
Last Line of Defence: be prepared by Open Source Backups with Bareos
1. Last Line of Defense: be prepared by Open
Source Backups with Bareos
2. Bareos is a registered trademark of Bareos GmbH & Co. KG
Agenda
●
Resilience and Disaster recovery in times of
Ransomware
●
Why Open Source Backups are crucial
●
Overview: Bareos – the Open Source backup
solution
3.
4. Bareos is a registered trademark of Bareos GmbH & Co. KG
Threats
●
Known threats and data loss
– Physical damage
– Software failure
– User failure: rm -Rf /
– Malware / Ransomware
– Intrusion
– ...
●
Unknown / unexpected threats ?
– ...
5. Bareos is a registered trademark of Bareos GmbH & Co. KG
Defense and Recovery
●
Important but scope for other talks
– DMZ / Firewalls
– Virus scanners
– Intrusion detection
– Training to prevent social engineering
●
Our subject
– Resilience and disaster recovery
●
Our daily routine is the unexpected
William T. Riker
6. Bareos is a registered trademark of Bareos GmbH & Co. KG
7. Bareos is a registered trademark of Bareos GmbH & Co. KG
Sidekick: Non-Data Backups
●
Svalbard Global Seed Vault
●
Statistics ~860k seed types
●
Funded by Norwegian government
●
Backup of global seeds to ensure
nutrition after big catastrophes
●
First Use-Case: Syria 2015
– Research center Icarda (Aleppo)
not fully functional
– Restore / re-cultivate lentil seeds
from backup seed in new location
8. Bareos is a registered trademark of Bareos GmbH & Co. KG
Some Backup Guidelines
●
Network backup: copy your data to dedicated backup
server
●
Backup your backup: make replication to other media
/ sites.
●
Backup to cloud: encryption mandatory
●
Plan your backup and retention:
– How long do you need to retain your backup data?
9. Bareos is a registered trademark of Bareos GmbH & Co. KG
Be prepared against Ransomware
●
Protect your backup data
– Backups to disk: separate from rest of network,
only allow access for backup protocol
– Read-only medium (worm-tape)
●
If using backup-data encryption
– Extra copy of encryption key – if lost or unreadable
due to ransomware attack – no restore possible
10. Bareos is a registered trademark of Bareos GmbH & Co. KG
Long-term availability
●
Technical
– Future availability of your backup software on future
hardware?
– Future availability of hardware drivers to read your media?
●
Avoid vendor lock-in
– Pay-per-use when you need a restore?
– Limited usage allowance – Examples from the field
●
No restart after license key expiration possible
●
Obligation to delete software after subscription ends
– Vendor of backup software goes out of market ?
11. Bareos is a registered trademark of Bareos GmbH & Co. KG
Open Source is crucial for backups
●
Distinguish between real open source
and ‘open core’
●
No vendor-lock-in
●
Even if companies backing a project disappear:
code is still available and can be adapted
●
Future-proof and adaptable to future hardware:
only with open source
●
Let’s you reclaim your data, if you backup to cloud
12. Bareos is a registered trademark of Bareos GmbH & Co. KG
Requirements summary
●
Backup software only future-proof,
if 100% open source
●
Be prepared against ransomware and the
unexpected:
– Keep extra copies of your encryption keys
– Separate backup data
– Use backup replication, different media (worm)
– Backup data easy accessible to enable fast
recovery in minimal environment
13. Bareos is a registered trademark of Bareos GmbH & Co. KG
Bareos Introduction
●
Backup Archive REcovery Open Sourced
●
Bareos is a fork of the bacula.org project
●
Fork started by Marco van Wieringen 2010
– Implement own ideas
– Speed up development
– Sustainably ensure open source project
●
First Release 2013
●
Since then yearly a new major version
Current release: 18.2
14. Bareos is a registered trademark of Bareos GmbH & Co. KG
Data Sovereignty – NO vendor lock-in
●
Bareos is Open Source:
– Affero GNU Public License (AGPL)
– Code cleanup and re-factoring
– A lot of new features
– Python plugin interface
– Growing Open Source community
– Open Storage format
– Backup data (disk / tape) easy accessible with command-line
tools to scan, extract and recover data without backup server
15. Bareos is a registered trademark of Bareos GmbH & Co. KG
16. Bareos is a registered trademark of Bareos GmbH & Co. KG
Bareos Overview
●
All common sense features of a network backup system, like
●
Multi-platform support: Linux, Unix, Windows, MacOS
●
Scheduler with multi generation support (Full-, differential-,
incremental, virtual full, accurate, ...)
●
Inventory (“catalog”) in database (MySQL, Postgres)
●
Restore via CLI or GUI on any client
●
Encrypted data, transport, ACLs, ...
●
Backup media: disk, tape, library, cloud
●
Scripting interface for pre- and post – jobs, plugin interface
17. Bareos is a registered trademark of Bareos GmbH & Co. KG
Some New Features
●
Support for hardware encryption with LTO (4 and upwards) and
enterprise tape libraries
●
Client-quota support / Bandwidth limitation
●
Native NDMP Support (DAR/DDAR, tape)
●
Replication to other backup sites
●
Backup to (Ceph, Gluster, S3, Glacier) and from (VMWare, Ceph,
Gluster) the cloud
●
Python Plugin Interface
●
Multi-lingual and multi-tenant web UI
●
API
18. Bareos is a registered trademark of Bareos GmbH & Co. KG
Current Release 18.2
●
Transport encryption pre-configured and enabled by default
●
Use existing passwords as pre-shared keys
●
Inidividual TLS certificates supported, too
●
Backwards compatible with older clients
●
PAM Authentication supported
pam_unix, pam_ldap, pam_ ...
●
Modernized build system
Autoconf (76k lines) replaced by
CMake (5k lines)
●
Use modern C++ language features
19. Bareos is a registered trademark of Bareos GmbH & Co. KG
Working on next release: 19.x
●
Continue to modernize and refactor legacy code
●
Storage Daemon
– Support SCSI drive reservation
– Improve handling of parallel jobs:
auto-configure multiple virtual drives
●
Web ui: switch to new framework vue.js
– Persistent connection between server and browser:
Enable push notifications
– Modern design
– Configuration changes
●
Documentation switch from LaTeX to RST / Sphinx
Work in progress, see https://docs.bareos.org
●
Build more unittests using ctest
20. Bareos is a registered trademark of Bareos GmbH & Co. KG
Installation Packages
●
Source Code on GITHub
●
Repacking using Open Build Server
– All packages out of one source
– All major Linux Distributions
– MacOS
– Windows Installer Packages with lean redesign of
cross compile makefiles, silent install possible
●
Additional / on request: AIX, HP-UX, BSD
21. Bareos is a registered trademark of Bareos GmbH & Co. KG
Web UI Restore Browser
22. Bareos is a registered trademark of Bareos GmbH & Co. KG
Publicity
●
“ This is one of the largest open-source teams in the
world, and is in the top 2% of all project teams on Open
Hub.”
●
Bareos recommended on SILLS list of open source
applications by French government
●
Admin Magazine #17 / 2013 Editor's summary:
The Bareos fork of Bacula adds new features,
expanded functionality, and simplified configuration
23. Bareos is a registered trademark of Bareos GmbH & Co. KG
Downloads
●
Weekly unique visits on download.bareos.org
Since 2016: mirrors used, no more numbers
24. Bareos is a registered trademark of Bareos GmbH & Co. KG
Customers
●
Several Max-Planck-Institutes
●
Beuth Hochschule Berlin
●
Cardtech: Payment Transaction Provider
●
Bavarian State Archives
●
Lab Logistics Group
●
Mixed industries
– Public / government
– Universities / Research
– SMB
– Provider
– Finance
25. Bareos is a registered trademark of Bareos GmbH & Co. KG
Services and Partners
●
Subscription (software maintenance), Support,
Consulting and Training services delivered by Bareos
GmbH & Co. KG and global partner network
26. Bareos is a registered trademark of Bareos GmbH & Co. KG
Contact and links
●
Subscription, Support, References, Partner:
http://www.bareos.com
●
Community, Documentation, Download:
http://www.bareos.org
●
GIT:
https://github.com/bareos
●
Bug- and feature- tracker Mantis:
https://bugs.bareos.org
●
Maik Außendorf
maik.aussendorf@bareos.com
●
Videos and slides with technical presentations, customer stories, background
information at the Open Source Backup Conferences archive:
https://osbconf.org
27. Bareos is a registered trademark of Bareos GmbH & Co. KG
Picture Credits
●
Svalbard Vault (outside)
By Frode Ramone from Oslo, Norway (DSCF0896.jpg) [CC BY 2.0 (
http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
●
Svalbard Vault (inside)
Dag Endresen [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons
●
Seeds
CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=425642
●
Petya
Free https://commons.wikimedia.org/wiki/File:Petya.A.png
●
28. Bareos is a registered trademark of Bareos GmbH & Co. KG
Visit us at SCALE17 booth #315