Help With Design For Automatic Remote Back System Wanted.

[tickmike]

Design For Automatic Remote Back System Wanted.

I'm starting to think about what I need to do a 'Nightly' back up on my daughters laptop (Acer With PCLinuxOS on it ) when she goes to uni next year.

I have contacted the two main uni's she is interested out of her five offers and it looks like the backup will have to be instigated from her laptop end, because with them using Nat For there IP address's as I will not be able to reach it from my end.

I will be using 'LuckyBackup' luckyBackup - backup and sync utility as it has a good ssh remote backup part.

I have a speedtouch 636 None NATing router with a block of my own fixed IP address's (with it's firewall turned off).

From the speedtouch it goes into my Dedicated Firewall 'Smoothwall' Express Open Source Firewall Project (The Free one ) I will put a DMZ.

From DMZ it will go to a 'to be built 'Backup server' (lightweight Linux based) .

I need any advice about making the connection from her laptop to my backup server and what I will have to do about making my server hidden but accessible from the internet.
Any tips about what to look out for and do to make it a safe system and not Hackable !.

[plexer]

Use a service like backblaze?

[tickmike]

Use a service like backblaze?

Not paying out for it !.
My system is free !.

[mdench]

surely it would just be easier to back it up over night to an external HDD? a) lot less fuss b)will be alot quicker than transferring all that data over the internet?

[Arthur]

My system is free!

Have you looked at the free version of CrashPlan? Their client software automatically deals with things such as NAT traversal, and as you can see from the picture below, you can backup your daughters laptop directly to your server over the Internet without her data being stored on an intermediary server in the cloud.



More info here...
support.crashplan.com/doku.php/recipe/backing_up_to_other_computers
support.crashplan.com/doku.php/articles/how_backup_works
support.crashplan.com/doku.php/getting_started/crashplan_basics

[tickmike]

surely it would just be easier to back it up over night to an external HDD? a) lot less fuss b)will be alot quicker than transferring all that data over the internet?

If her laptop got stolen at uni , they would probably steal the external hard drive as well !.

Edit..
@Arthur I will read up about 'Crash-plan'

I'm just doing a fist trial of my system using 'luckybackup' over my home network, to test the basics.

[dhicks]

I will be using 'LuckyBackup' luckyBackup - backup and sync utility as it has a good ssh remote backup part.

For security, you could set up at your end to only accept SSH connections with a certificate, rather than with a password. Just forward port 22 from your firewall straight to your backup server, I should think that will be secure enough. I don't know if your backup software supports logging in with SSH certificates, but if not you could always simply use rsync over SSH instead.

[tickmike]

For security, you could set up at your end to only accept SSH connections with a certificate, rather than with a password. Just forward port 22 from your firewall straight to your backup server, I should think that will be secure enough. I don't know if your backup software supports logging in with SSH certificates, but if not you could always simply use rsync over SSH instead.

I think that my free Linux backup software 'Luckybackup' is the GUI front end for 'rsync' and I can set up passwordless remote ssh connections over port 22 .
I did a test over my home network last night and all went well.
On my 'Smoothwall' firewall I'm going to add a DMZ then connect that to my backup server.

[mister_z]

First, you need to decide what you are trying to back up. The first step in disaster recovery -- as I evangelize often enough -- is deciding "what disaster am I preparing for ?"
(You'd be surprised how often that question gets overlooked. And then you have 4 blind men describing the elephant AFTER many plans have been created.)

Anyway, are you trying to be able recover the entire laptop ? You do need some way, unless you want to re-install from scratch, a major pain.
I consider this part a job for CloneZilla. Periodically. And a USB drive is an excellent place to put it. Plug in the USB drive, boot from a thumb drive, answer a few questions, let it chug.


But you will want to protect daily work as well -- say her home directory.

Are you okay with working at the command line ? For my wife's laptop, I use rsnapshot to dump it to my back-end server. Especially nice since it allows her to recover earlier versions. of certain documents. see rsnapshot for details. Note that while the setup part -- done only once -- takes some ability to work at the command line and to closely follow instructions. But the nightly execution of the backup is a single command -- you can create a 1-line script and link a button, icon, or menu choice to it. Or try a cron entry.

As for "getting in," from a remote location, with a Smoothwall and a DMZ, you can portmap to a DMZ server on the orange interface (presumes 3 NIC connections on the smoothie).

Use a NONstandard SSH port on the smoothie. No sense making it obvious.
Uou MUST use stricr key-based auth (which rsnapshot needs anyway). Do not allow password-based logins at all.
You MUST use a forced command with the associated ssh key. Then the only thing the key does is to allow an rsync. Attempts to login are rejected. Read and understand Using Rsnapshot and SSH

Now, what did I forget ?

Cheers.