NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Backup using rsync – what options are used
Rsync is a robust Linux file copy program with lots of options http://linux.die.net/man/1/rsync is a great discussion of the features and options. . http://serverfault.com/questions...
Sounds like you may be on your way to a solution.
FWIW, I got my ReadyNAS up into operating condition today and have the following to report regarding the rsync command as issued from the GUI
rsync -v -8 --timeout=30 --recursive --links --times --devices --specials --one-file-system --modify-window=1 --owner --group --no-acls --no-perms --exclude CrashPlan --exclude Downloads --exclude Library/logs --exclude Library/Caches --rsh=ssh -o SrticHostKeyChecking=no -PasswordAuthentication=no -p 22 name@host:/SourceShare /data/DestShare
Good luck!
EDITED TO ADD:
I forgot to say that this is Rsync over ssh with the following options
NO - enable compression
NO - remove deleted files on target
I DO have a list of excluded files/folders, but it seems the gui is programmed also to include .snapshots in that exclusion list
Schedule Full backup: "First Time Only"
NO - Remove Contents before
NO - Change ownership
Thanks for taking the time to reply and outline what you know. Very thoughtful.
We are using our ReadyNAS systems as the data repository in all of our branch operations – there are over 50 systems installed scattered across the country. What that means is that we do not have ‘IT folks” with any detailed knowledge to maintain those systems. Stuff has to be intuitive and simple.
Workstations use SMB protocols and folks do their work – sales, billing, inventory, etc. All data is captured on the ReadyNAS units. That data in turn is captured via backup to one or more Windows workstation during the night. CryptoLocker malware infecting the workstations has scared us to death – I figure it is only a matter of time before we get hit. We want backup that we can fall back on after the malware has wreaked havoc. The backup data shares will be RSYNC protocol only so in theory CryptoLocker will not find the data.
I do not understand the Linux environment well and all of our experience is in the Windows area where the terms Incremental and Differential have very precise meanings. And that is why I wanted to know what the RSYNC options selected were – to check and see if it meets our needs.
We will actually be backing up internally to the ReadyNAS – volume to volume. It will be our data repository and our backup in case of malware. For other circumstances we will have the workstation backup and use it as we currently do.
I am thinking about trying the snapshot approach but we will need to see if non-technical personnel can cope with that capability and the different ReadyNAS UI. Our trial implementation so far has been disappointing – folks do not understand the paradigm.
Thanks again
Although Incremental and Differential backups have specific meaning, I don't think in your case that you need to focus on whether rsync does one or the other. It can be configured to do either, though as I understand, not "easily" through the ReadyNAS UI in version 6.
If your ReadyNAS units are running OS 6, then the simplest solution for your various users may be to enable snapshotting on the volume or volumes in question and make sure that snapshots are NOT browseable by the users. That means the snapshots won't be exposed via SMB and CryptoLocker or other malware won't find them. If you are running large databases or have large files with frequent changes, you might look into how well this performs. I also cannot recommend this with the current 6.4.0 release as there are a lot of performance issues related to purging snapshots.
It's a good idea to practice your restore procedures too so that If you do get struck with malware of ANY kind you can be sure that your backups remain "read-only" and cannot be edited or infiltrated by the malware as you try to do your restore.
Older versions of the ReadyNAS software (before version 6) do not use the btrfs filesystem and so do not have the unlimited snapshot capability. If you are using an older version of the ReadyNAS software then you can definitely do a volume-to-volume rsync with options that suit your needs. The key to undestanding the most powerful feature here is to read up on how hard links work in Linux and how to take advantage of hard links with rsync using the --link-dest option. In a nutshell, --link-dest can give you either incremental or differential backups (depending on how you set it up) that are a breeze to restore because the UNCHANGED files for each incremental backup are hardlinked.
To explain in detail. A properly designed rsync command or script can be used to create a time-stamped backup folders in a format that looks like:
..
Volume1_Backup_20151115-0900/ Volume1_Backup_20151115-1300/ Volume1_Backup_20151115-1700/
Inside each folder would be a COMPLETE copy of all the files on the original Volume1 at the date and time indicated. Any files that are the SAME would be hardlinked to each other to save space, any files that are different in each folder would not be linked. Of course, if THESE folders were exposed to malware, they could get corrupted, but the idea is that these folders are locked down perhaps with only read permission enabled and definitely not accessible via SMB. So, your concern with a malware infection on the original Volume1 would mean that rsync would see the corrupted file as changed and when copying it to the backup, it would NOT overwrite the originals.
I have two final thoughts:
1) We've had very good luck with CrashPlan. It's not officially supported on ReadyNAS, but perhaps your Windows Servers or Workstations could run the application and move your backups safely to offsite. It's something like $10/month per computer, but even for 50 servers I think it's totally a bargain to get rock-solid offsite backups for an entire nationwide organization for only $500/month. I can't say I advocate for CrashPLan over BackBlaze or Carbonite, they all seem pretty decent. CrashPlan has a fairly sophisticated central control application for their Pro line of software, which could mean a kind of easy "central monitoring" of how the backups are working.
2) Whatever backup strategy you do use, please make sure whoever is performing the backups uses a retention policy that includes keeping older versions of the backup for a long time. On our old backup server, I kept weekly backups for half a year, monthly versions going back as far as 15 months, and then half-year versions going back as far as 3 or 4 years. If you do get a malware infection, you may have to go a long way back in time to find a version that wasn't corrupted.
best of luck
What a great answer -- you took a lot of time and I really appreciate your effort.
My issue is not technical as much as it is personnel. The individual(s) responsible for the ReacyNAS unit at each location is most likely an accounting clerk or the most junior sales person. Their knowledge of Lunix and any capability to deal with issues in non-existent. Think about a well-intentioned person who would start to 'push' buttons to get the office back operational. Then think about me on an airplane.
At this time we do not allow field personnel any access to the ReadyNAS UI – too much opportunity to’ push’ the wrong buttons. Instead we access the remote site with TeamViewer connected to a local workstations and then use Frontview.
How could I make the snapshots not browseable – the idea is intriguing. I want to explore.
Your cautionary warning about the newness of the BRFS technology to the platform is very useful – it says wait a while.
I like your idea of off-site backup but many of our operations have only 1.5 GBPS Internet access. For that reason I have avoided Internet based transportation solutions. We have an off-site backup plan and approach for each site currently. Not the best but certainly adequate.
Again, thanks for your comments and the time you spent.
Bains wrote:
How could I make the snapshots not browseable – the idea is intriguing. I want to explore.
.
There is a checkbox for each share for "Allow Snapshot Access". All you need to do is make sure it is unchecked.Though the Windows systems still have some access to the snapshots. If users right-click on a changed file or folder, they will see "restore previous versions", which accesses the snapshots. Some malware might be able to access them also. However, I'd still recommend disallowing snapshot access (assuming of course that you enable snapshots in the first place).
Bains wrote:
Your cautionary warning about the newness of the BRFS technology to the platform is very useful – it says wait a while.
The OS 6 platforms with BTRFS were introduced about 2 years ago. So its not that new.
Thank you for taking the effort to comment.
My original question was what options the ReadyNAS rsync implementation uses for its copy when activated via the UI.
The other question is if it is possible to change those options somehow without going deep into the system with kernel access.
Any leads on those answers would be appreciated.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
