fbeauchamp

Backup encryption

definition

protecting data at rest : encrypt data before writing them to disk.

e2e encryption : block should be encrypted by the sender ( in our case : the host) . Not applicable for now.

key rotation : use a new key to encrypt new data without losing the ability to decrypt old data. Should be used periodically, or at least after an attacker got the keys.

fbeauchamp

Backup data tiering

goal and definition

• transfer backup to a relatively fast back to reduce the backup windows and limit the impact on the production VMs
• then transfer (move or copy) this backup to a slower storage, eventually offsite

The competitors allow for backup to mulitple local storage in parallel -> s3 -> glacier

synchronous copy

fbeauchamp

Deduplication

Goal

(WORM) Write Once Read Multiple, use less storage by keeping track of data parts and not writing them multiple times on storage

Definitions

in band / offline

fbeauchamp

Backup immutability

Definition and goal

immutability use a trusted third party that prevents us from changing or deleting files. That way, even if our system is compromised, we can't delete or break any of our backups.

it is a key feature of the fight against ransomware

state of the art

fbeauchamp

The problem

• Merging is resource expensive
• Multiple processes modify the vhd directory, creating some interesting race conditions (hi hanjo)

The solution

• don't move file, only move indexes

fbeauchamp

         function transferComplete() {
         
         }

         function stateChange() {
         contentSize = this.getResponseHeader('X-Content-size');//nginx se charge de la compression gzip et mange le content-size

         }

fbeauchamp

-- Function: agent_notify()

-- DROP FUNCTION agent_notify();

CREATE OR REPLACE FUNCTION agent_notify()
  RETURNS trigger AS
$BODY$ 
  DECLARE 
	diff hstore;
	t text;