add draft of old article

1 files changed, 29 insertions, 0 deletions

diff --git a/content/gemtext/gemfeed/2016-04-03-offsite-backup-with-zfs.gmi b/content/gemtext/gemfeed/2016-04-03-offsite-backup-with-zfs.gmi
new file mode 100644
index 00000000..9605b7ab
--- /dev/null
+++ b/content/gemtext/gemfeed/2016-04-03-offsite-backup-with-zfs.gmi
@@ -0,0 +1,29 @@
+> Written by Paul Buetow 2016-04-03
+
+=> ../ Go back to the main site
+
+# Offsite backup with ZFS
+
+## Please don't lose all my pictures again!
+
+When it comes to data storage and potential data loss I am a paranoid person. It is not just due to my job  but also due to a personal experience I encountered over 10 years ago: A single drive failure and loss of all my data (pictures, music, ....).
+
+A little bit about my personal infrastructure: I am running my own (mostly FreeBSD based) root servers (across several countries: Two in Germany, one in Canada, one in Bulgaria) which store all my online data (E-Mail and my Git repositories). I am syncing incremental (and encrypted) ZFS snapshots between these servers forth and back so either data could be recovered from the other server.
+
+## Local storage box for offline data
+
+Also, I am operating a local server (an HP MicroServer) at home in my apartment. Full snapshots of all ZFS volumes are pulled from the "online" servers to the local server every other week and the incremental ZFS snapshots every day. That local server has a ZFS ZMIRROR with 3 disks configured (local tripple redundancy). I keep up to half a year worth of ZFS snapshots of all volumes. That local server also contains all my offline data such as pictures, private documents, videos, books, various other backups, etc.
+
+Once weekly all the data of that local server is copied to two external USB drives as a backup (without the historic snapshots). For simplicity these USB drives are not formatted with ZFS but with good old UFS. This gives me a chance to recover from a (potential) ZFS disaster. ZFS is a complex thing. Sometimes it is good not to trust complex things!
+
+## Storing it at my apartment is not enough
+
+Now I am thinking about a offsite backup of all this local data. The problem is, that all the data remains on a single physical location: My local MicroServer. What happens when the house burns or someone steals my server including the internal disks and the attached USB drives? My first thought was to backup everything into the "cloud". The major issue here is however the limited amount of available upload bandwidth (only 1MBit/s).
+
+The solution is adding another USB drive (2TB) with an encryption container (GELI) and a ZFS pool on it. The GELI encryption requires a secret key and a secret passphrase. I am updating the data to that drive once every 3 months (Google Calendar is reminding me doing it) and afterwards I am keeping that drive at a secret location outside of my apartment. All the information needed to decrypt (mounting the GELI container) is stored at another (secure) place. Key and passphrase are kept at different places though. Even if someone would know of it, he would not be able to decrypt it as some additional insider knowledge would be required also.
+
+## Walking one round less
+
+I am thinking of buying a second 2TB USB drive and to set it up the same way as the first one. So I could alternate the backups. One drive would be at the secret location, and the other drive would be at home. And these drives would swap location after each cycle. This would give some security about the failure of that drive and I would have to go to the secret location only once (swapping the drives) instead of twice (picking that drive up in order to update the data + bringing it back to the secret location).
+
+E-Mail me your throughts at comments@mx.buetow.org!