[ On Monday, October 14, 2002 at 19:00:29 (-0400), Dan Melomedman wrote: ]
> Subject: Re: why use Amanda? (was: FYI: upgrading GNU tar)
>
> > Security?  It's certainly good enough if you trust the security of your
> > local LAN.  Surely you are not trying to make your backup system cross
> > an insecure network, are you?
> 
> That is if you trust everybody on your LAN. There have been holes in
> AMANDA.

If you don't trust everyone on your LAN then you can't use rmt either so
I really don't understand your point.  You could maybe run all your data
through ssh, but that's often just not practical for backups --
especially considering that even client-side compression can sometimes
slow backups down too much to be practical.

You can always just buy another network card for all your systems (and
another network switch) and run your backups over a private LAN.  You
can make your DNS, NTP, and many other administrative functions a lot
more secure that way too, all the while not impacting network
performance for user use in a high-demand environment.  That's what I
always do when I don't trust all other hosts on the "public" LAN 101%,
and usually backups are only a secondary concern -- it's the other
benefits that primarily drive the construction of an administrative
private network and network backups are just another application for it.

> > > there's too much guessing done by the scheduler among other ad-hockery.
> 
> Not flame bait, read AMANDA's logs while it's doing its thing,
> you'll understand. Also take a look at the source.

Been there -- done that.  It's smarter than I am at figuring out these
things without adding one hell of a lot more policy implementing, and
complexity enhancing, code.

> > > What I am looking for is a
> > > simple yet flexible site-wide backup tools, and yet to find them. Has
> > > anyone tried afbackup?
> > 
> > "simple yet flexible site-wide backup tools" is one of those sets of
> > requirements that goes with the rule "Pick any two."
> 
> I disagree, I just think AMANDA and a few other related packages have
> been "good enough" for most people, including myself; so is the lack of
> simple and flexible tools.

I've been watching and musing at (usually with great amusement) the
variety of unix backup tools and schemes and their claims for nearly
twenty years now and I assure you there's no way you'll ever get all
three of your wishes to come true, at least not until the time comes
when your options for backup media and devices are essentially
restricted to those fast and reliable enough that you really don't need
the same kind of flexibility you originally set out to find.  Simplicity
and flexibility in this sector just cannot go together, especially if
you really need comprehensive site-wide support.  The only true
simplicity for site-wide backup comes from having centralised secondary
storage (SAN, net-FS, etc.) with proprietary backup tools, and that by
definition throws flexibility right out the door.  Pick two -- any two
-- but just two (or one :-).

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>