Creating a cold back in a cloud

[linuxsquad]

Hello,

Im happily running my freshly built home server FreeNAS, gleefully enjoying newly found privacy and security w/Nextcloud, Plex, Sync, Redmine. I do rely on my professional FOSS skils and experience, still I am a pessimist .. or pragmatist and would like to have a cold back in some other location than my basement... for instance a cloud. I don't mean a data at rest as a backup, I mean a fully operational FreeNAS. I don't need real-time failover, but some sort reassurance that I can fire up a remote FreeNAS within 24-48 hours and being able to restore jails.

Have you done it? How would you do it? Are there better ways to assure availability in a long run?

Thanks
OB

 

[Samuel Tai]

Although they don’t provide remote FreeNAS systems, rsync.net has their own cloud running ZFS which may give you 80% of what you’re looking for. They can integrate with FreeNAS several different ways:

• Full ZFS send/receive (1TB minimum)
• Standard rsync replication, tunneled via SSH
• Cloud backup via rclone (again, tunneled via SSH)
• borg backup

They also offer geographically diverse backups; you just pay by the number of diverse sites you want. I use them myself, using borg to backup to 2 diverse sites.

 

[elorimer]

Thank you for this question, as I realize I've got a Jupiter-size hole in my own resiliency plan, namely what elements are physically vulnerable in my home. So theft, fire, flood. Not so much power, as I've got that covered. Not a physical failure of the FreeNAS server either, since that is just getting a new server stood up and importing the pool and the backup of the config.

Two easy solutions come to mind: one is partnering up with someone to host each others backup FreeNAS server. The other is a RDP computer in a physically diverse location with a USB drive and copies of the datasets on Samba shares; or, a full backup FreeNAS server with a hot backup. I think I will do that as soon as that building opens up and I can get there.

I've backed up some datasets to Backblaze, which isn't that expensive unless you download back down, but that is a different scenario.

 

[linuxsquad]

@elorimer

1- Interestingly enough, I came with the same suggestion on IRC channel couple months ago asking whether FreeNAS community (owners/operators) would consider creating a mutually-assured alliance to backup each other data (fractional and encrypted). But this did not get any vibe/love from the channel.

2- A fully fledged FreeNAS server running in undisclosed location is a preferred solution. This comes with its own challenges: security, access, maintenance, etc. The top tier data-center will have checks on all the above requirements and more. However, it comes with the price I am not sure home users are willing to pay at this point: $250/monthly (IBM cloud, see below).

https://cloud.ibm.com/gen1/infrastr...form_IBMBareMetal-_-BM_1270v6_Price_Reduction

3- The downgrade from #2 is a residential site for the backup FreeNAS (in-laws, friends, etc). Which depending on your personal situation might end up costing you much more than $250/m ;-)

OB

 

[elorimer]

3- The downgrade from #2 is a residential site for the backup FreeNAS (in-laws, friends, etc). Which depending on your personal situation might end up costing you much more than $250/m ;-)

Do you think my ex will consider me to have prepaid?:)

 

[linuxsquad]

Oh... my dear ;-) I am sure she would love to repay all years of joy and affection you both share by a small token of gratitude. Besides, she would never consdier taking a hostage of your precious FreeNAS box... Would she?

 

[Ericloewe]

rsync.net stands out because they offer zfs recv as an option. They've also said they'll support encrypted sends as soon as support for that is in FreeBSD (although the specifics of that are a bit vague until FreeBSD 13, because ZoF is available from ports until then).

Encrypted send/recv will be the holy grail, because you no longer need to trust the remote server and yet they can still scrub your data.

 

[Heracles]

Have you done it? How would you do it? Are there better ways to assure availability in a long run?

Hi,

Yes, I did it here. I deployed a complete setup enforcing the 3 copies rules explained in my signature.

Main FreeNAS is doing the hard work.
DR FreeNAS was built onsite for the first sync and then moved to a second site away (actually my father's basement...)
Offline FreeNAS is at home with me. Its role is not to protect against physical incidents, so no problem having it onsite.

DR FreeNAS is kept up-to-date with live ZFS replication. In my case, the fastest one is 15 minutes.
Offline FreeNAS is re-synced every other week, never less than once a month. I power it On, the main server detects it and syncs it. When the main server tells me that all replication tasks are up-to-date, I power it back off for another 2 weeks sleep.

 

[Heracles]

would consider creating a mutually-assured alliance to backup each other data

A very good reason for not doing that is that I really do not wish to host someone else illegal stuff. No matter being inappropriate pictures, copyrighted material for which he would not have the rights or more...

 

[Heracles]

Encrypted send/recv will be the holy grail, because you no longer need to trust the remote server and yet they can still scrub your data.

Here, I managed to achieve that... I use Nextcloud server-side encryption, so every single file is encrypted by Nextcloud before being saved in FreeNAS over NFS. That way, the content that is replicated to my DR FreeNAS is cryptogram only, no keys.

To do a restore, one needs to also restore the database. That one is also saved in my replicated dataset in FreeNAS, but that backup is encrypted with a passphrase that itself is not replicated.

Without that passphrase, no database.
Without the database, no file encryption keys.
Without the file encryptions keys, no data leak.

All of that for what looks like regular files for ZFS, so ZFS can easily do its scrub and integrity control.

 

[linuxsquad]

A very good reason for not doing that is that I really do not wish to host someone else illegal stuff. No matter being inappropriate pictures, copyrighted material for which he would not have the rights or more...

There are FOSS projects, that already do partial and encrypted P2P data clustering. Users are sharing blobs of data (partial and encrypted) thus you are never in posession of someone complete data archive or even complete file, just encrypted stripes of bytes.

 

[Heracles]

Users are sharing blobs of data (partial and encrypted) thus you are never in posession of someone complete data archive or even complete file, just encrypted stripes of bytes.

Still, you can easily be considered as a facilitator by doing something like that. By offering your resources to those who mis-use them, you help them hide their activity, propagate it and more.

There is no way I will be such a facilitator. Even for my private cloud, I do not let people I host create their own shares. Should they need to share between them, I will create a share between the users who need it. I will also create a peer-to-peer share between them and me. But none of them is allowed to push a share outside of my server by themselves. That way, even if they end up putting crap in my server, that crap will not go anywhere. In case of investigation, I can recover everything and provide evidence that I had measure that prevented that crap to go out.

End-to-End encryption is also disabled, so users can not hide anything from me.

By using 2FA on every account and monitoring the cloud with Q-Radar, I also ensure password sharing is not happening, so they do not try to bypass that security.