Presentation at the "Southern California Linux Expo" 2019, introducing the Open Source backup solution Bareos. Special focus on preparation against ransomware and other attacks.
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Last Line of Defence: be prepared by Open Source Backups with Bareos
1. Last Line of Defense: be prepared by Open
Source Backups with Bareos
2. Bareos is a registered trademark of Bareos GmbH & Co. KG
Agenda
●
Resilience and Disaster recovery in times of
Ransomware
●
Why Open Source Backups are crucial
●
Overview: Bareos – the Open Source backup
solution
3.
4. Bareos is a registered trademark of Bareos GmbH & Co. KG
Threats
●
Known threats and data loss
– Physical damage
– Software failure
– User failure: rm -Rf /
– Malware / Ransomware
– Intrusion
– ...
●
Unknown / unexpected threats ?
– ...
5. Bareos is a registered trademark of Bareos GmbH & Co. KG
Defense and Recovery
●
Important but scope for other talks
– DMZ / Firewalls
– Virus scanners
– Intrusion detection
– Training to prevent social engineering
●
Our subject
– Resilience and disaster recovery
●
Our daily routine is the unexpected
William T. Riker
6. Bareos is a registered trademark of Bareos GmbH & Co. KG
7. Bareos is a registered trademark of Bareos GmbH & Co. KG
Sidekick: Non-Data Backups
●
Svalbard Global Seed Vault
●
Statistics ~860k seed types
●
Funded by Norwegian government
●
Backup of global seeds to ensure
nutrition after big catastrophes
●
First Use-Case: Syria 2015
– Research center Icarda (Aleppo)
not fully functional
– Restore / re-cultivate lentil seeds
from backup seed in new location
8. Bareos is a registered trademark of Bareos GmbH & Co. KG
Some Backup Guidelines
●
Network backup: copy your data to dedicated backup
server
●
Backup your backup: make replication to other media
/ sites.
●
Backup to cloud: encryption mandatory
●
Plan your backup and retention:
– How long do you need to retain your backup data?
9. Bareos is a registered trademark of Bareos GmbH & Co. KG
Be prepared against Ransomware
●
Protect your backup data
– Backups to disk: separate from rest of network,
only allow access for backup protocol
– Read-only medium (worm-tape)
●
If using backup-data encryption
– Extra copy of encryption key – if lost or unreadable
due to ransomware attack – no restore possible
10. Bareos is a registered trademark of Bareos GmbH & Co. KG
Long-term availability
●
Technical
– Future availability of your backup software on future
hardware?
– Future availability of hardware drivers to read your media?
●
Avoid vendor lock-in
– Pay-per-use when you need a restore?
– Limited usage allowance – Examples from the field
●
No restart after license key expiration possible
●
Obligation to delete software after subscription ends
– Vendor of backup software goes out of market ?
11. Bareos is a registered trademark of Bareos GmbH & Co. KG
Open Source is crucial for backups
●
Distinguish between real open source
and ‘open core’
●
No vendor-lock-in
●
Even if companies backing a project disappear:
code is still available and can be adapted
●
Future-proof and adaptable to future hardware:
only with open source
●
Let’s you reclaim your data, if you backup to cloud
12. Bareos is a registered trademark of Bareos GmbH & Co. KG
Requirements summary
●
Backup software only future-proof,
if 100% open source
●
Be prepared against ransomware and the
unexpected:
– Keep extra copies of your encryption keys
– Separate backup data
– Use backup replication, different media (worm)
– Backup data easy accessible to enable fast
recovery in minimal environment
13. Bareos is a registered trademark of Bareos GmbH & Co. KG
Bareos Introduction
●
Backup Archive REcovery Open Sourced
●
Bareos is a fork of the bacula.org project
●
Fork started by Marco van Wieringen 2010
– Implement own ideas
– Speed up development
– Sustainably ensure open source project
●
First Release 2013
●
Since then yearly a new major version
Current release: 18.2
14. Bareos is a registered trademark of Bareos GmbH & Co. KG
Data Sovereignty – NO vendor lock-in
●
Bareos is Open Source:
– Affero GNU Public License (AGPL)
– Code cleanup and re-factoring
– A lot of new features
– Python plugin interface
– Growing Open Source community
– Open Storage format
– Backup data (disk / tape) easy accessible with command-line
tools to scan, extract and recover data without backup server
15. Bareos is a registered trademark of Bareos GmbH & Co. KG
16. Bareos is a registered trademark of Bareos GmbH & Co. KG
Bareos Overview
●
All common sense features of a network backup system, like
●
Multi-platform support: Linux, Unix, Windows, MacOS
●
Scheduler with multi generation support (Full-, differential-,
incremental, virtual full, accurate, ...)
●
Inventory (“catalog”) in database (MySQL, Postgres)
●
Restore via CLI or GUI on any client
●
Encrypted data, transport, ACLs, ...
●
Backup media: disk, tape, library, cloud
●
Scripting interface for pre- and post – jobs, plugin interface
17. Bareos is a registered trademark of Bareos GmbH & Co. KG
Some New Features
●
Support for hardware encryption with LTO (4 and upwards) and
enterprise tape libraries
●
Client-quota support / Bandwidth limitation
●
Native NDMP Support (DAR/DDAR, tape)
●
Replication to other backup sites
●
Backup to (Ceph, Gluster, S3, Glacier) and from (VMWare, Ceph,
Gluster) the cloud
●
Python Plugin Interface
●
Multi-lingual and multi-tenant web UI
●
API
18. Bareos is a registered trademark of Bareos GmbH & Co. KG
Current Release 18.2
●
Transport encryption pre-configured and enabled by default
●
Use existing passwords as pre-shared keys
●
Inidividual TLS certificates supported, too
●
Backwards compatible with older clients
●
PAM Authentication supported
pam_unix, pam_ldap, pam_ ...
●
Modernized build system
Autoconf (76k lines) replaced by
CMake (5k lines)
●
Use modern C++ language features
19. Bareos is a registered trademark of Bareos GmbH & Co. KG
Working on next release: 19.x
●
Continue to modernize and refactor legacy code
●
Storage Daemon
– Support SCSI drive reservation
– Improve handling of parallel jobs:
auto-configure multiple virtual drives
●
Web ui: switch to new framework vue.js
– Persistent connection between server and browser:
Enable push notifications
– Modern design
– Configuration changes
●
Documentation switch from LaTeX to RST / Sphinx
Work in progress, see https://docs.bareos.org
●
Build more unittests using ctest
20. Bareos is a registered trademark of Bareos GmbH & Co. KG
Installation Packages
●
Source Code on GITHub
●
Repacking using Open Build Server
– All packages out of one source
– All major Linux Distributions
– MacOS
– Windows Installer Packages with lean redesign of
cross compile makefiles, silent install possible
●
Additional / on request: AIX, HP-UX, BSD
21. Bareos is a registered trademark of Bareos GmbH & Co. KG
Web UI Restore Browser
22. Bareos is a registered trademark of Bareos GmbH & Co. KG
Publicity
●
“ This is one of the largest open-source teams in the
world, and is in the top 2% of all project teams on Open
Hub.”
●
Bareos recommended on SILLS list of open source
applications by French government
●
Admin Magazine #17 / 2013 Editor's summary:
The Bareos fork of Bacula adds new features,
expanded functionality, and simplified configuration
23. Bareos is a registered trademark of Bareos GmbH & Co. KG
Downloads
●
Weekly unique visits on download.bareos.org
Since 2016: mirrors used, no more numbers
24. Bareos is a registered trademark of Bareos GmbH & Co. KG
Customers
●
Several Max-Planck-Institutes
●
Beuth Hochschule Berlin
●
Cardtech: Payment Transaction Provider
●
Bavarian State Archives
●
Lab Logistics Group
●
Mixed industries
– Public / government
– Universities / Research
– SMB
– Provider
– Finance
25. Bareos is a registered trademark of Bareos GmbH & Co. KG
Services and Partners
●
Subscription (software maintenance), Support,
Consulting and Training services delivered by Bareos
GmbH & Co. KG and global partner network
26. Bareos is a registered trademark of Bareos GmbH & Co. KG
Contact and links
●
Subscription, Support, References, Partner:
http://www.bareos.com
●
Community, Documentation, Download:
http://www.bareos.org
●
GIT:
https://github.com/bareos
●
Bug- and feature- tracker Mantis:
https://bugs.bareos.org
●
Maik Außendorf
maik.aussendorf@bareos.com
●
Videos and slides with technical presentations, customer stories, background
information at the Open Source Backup Conferences archive:
https://osbconf.org
27. Bareos is a registered trademark of Bareos GmbH & Co. KG
Picture Credits
●
Svalbard Vault (outside)
By Frode Ramone from Oslo, Norway (DSCF0896.jpg) [CC BY 2.0 (
http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
●
Svalbard Vault (inside)
Dag Endresen [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons
●
Seeds
CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=425642
●
Petya
Free https://commons.wikimedia.org/wiki/File:Petya.A.png
●
28. Bareos is a registered trademark of Bareos GmbH & Co. KG
Visit us at SCALE17 booth #315