Hi, I would like to get some input from people who have used these options for mounting a remote server to a local server. Basically, I need to replicate / backup data from one server to another, but over the internet (i.e. insecure channels) Currently we have been mounting an SMB share over SSH, but it's got it's own set of problems. And I don't know if this is optimal, or if I could setup something better. We don't have much control over the remote server, so I couldn't setup a VPN, or iSCSI or anything else. My options was FTP & SMB. But I want to move the backups in-house, to save bandwidth and have more control over what we do. So, with a new CentOS server & 2x1TB HDD's in RAID1 configuration, I can do pretty much whatever I want. The backup server(s) will serve backups for multiple servers, in different data centers (possible in different counties as well, I still need to think about this), so my biggest concern is security. We mainly use cPanel & DotNetPanel (Windows ServerS) , but also WebMin & VirtualMin, so I need to stick with their native backup procedures and don't really want to use a too technical backup system. The end users need access to the data 24/7, so having the remote share permanently mounted seems to be the best for this, then our support staff don't need to SSH into the servers and download the backups. With the mount, I can also use rsync backups, so an end user could restore only a single file if need be. NOW, the question is: Which protocol would be best for this? I can only think of SMB, NFS & iSCSI The SMB mounts have worked well so far, but it's not as safe, and once the SMB share is mounted, I can't unmount it until the server reboots. This isn't necessarily a bad thing, but sometime the backup script will mount the share again (I think this is a bug in cPanel) and we end up with 4 or 5 open connection to the remote server. NFS - last time I looked at it was on V3, which was IMO rather slow & insecure. iSCSI - this doesn't allow for more than one connect to the same share. Sometimes I user might want to download a backup directly from the backup server via FTP / SSH / a web interface, which I don't think will work. We also sometimes need to restore a backup on a different server (if for example the HDD on the initial server is too full), so this isn't possible. The remote shares also need to be mounted inside XEN domU's, or directly on CentOS / Windows servers. what would be my best option for this? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100128/de75123a/attachment-0001.html>
Rajagopal Swaminathan
2010-Jan-28 12:05 UTC
[CentOS] NFS vs SMb vs iSCSI for remote backup mounts
Greetings, On Thu, Jan 28, 2010 at 4:58 PM, Rudi Ahlers <Rudi at softdux.com> wrote:> Hi, > > NOW, the question is: Which protocol would be best for this? I can only > think of SMB, NFS & iSCSIJust an innocent and possibly OOB suggestion -- what you think of sshfs Regards Rajagopal
Rudi Ahlers wrote:> Hi, > > I would like to get some input from people who have used these options > for mounting a remote server to a local server. Basically, I need to > replicate / backup data from one server to another, but over the > internet (i.e. insecure channels) > > Currently we have been mounting an SMB share over SSH, but it's got it's > own set of problems. And I don't know if this is optimal, or if I could > setup something better. We don't have much control over the remote > server, so I couldn't setup a VPN, or iSCSI or anything else. My options > was FTP & SMB. > > But I want to move the backups in-house, to save bandwidth and have more > control over what we do. > > So, with a new CentOS server & 2x1TB HDD's in RAID1 configuration, I can > do pretty much whatever I want. The backup server(s) will serve backups > for multiple servers, in different data centers (possible in different > counties as well, I still need to think about this), so my biggest > concern is security. > > We mainly use cPanel & DotNetPanel (Windows ServerS) , but also WebMin & > VirtualMin, so I need to stick with their native backup procedures and > don't really want to use a too technical backup system. > > The end users need access to the data 24/7, so having the remote share > permanently mounted seems to be the best for this, then our support > staff don't need to SSH into the servers and download the backups. With > the mount, I can also use rsync backups, so an end user could restore > only a single file if need be. > > > > NOW, the question is: Which protocol would be best for this? I can only > think of SMB, NFS & iSCSI > The SMB mounts have worked well so far, but it's not as safe, and once > the SMB share is mounted, I can't unmount it until the server reboots. > This isn't necessarily a bad thing, but sometime the backup script will > mount the share again (I think this is a bug in cPanel) and we end up > with 4 or 5 open connection to the remote server. > > NFS - last time I looked at it was on V3, which was IMO rather slow & > insecure. > > iSCSI - this doesn't allow for more than one connect to the same share. > Sometimes I user might want to download a backup directly from the > backup server via FTP / SSH / a web interface, which I don't think will > work. We also sometimes need to restore a backup on a different server > (if for example the HDD on the initial server is too full), so this > isn't possible. > > The remote shares also need to be mounted inside XEN domU's, or directly > on CentOS / Windows servers. > > > what would be my best option for this?Anytime someone mentions backups, I have a knee-jerk reaction to mention backuppc because it is simple and will likely do anything you need. Docs are here: http://backuppc.sourceforge.net/ It is packaged in epel. It can use rsync (with/without ssh), smb, or tar for the backup transport. Generally for anything remote, you'll want rsync, and you'll want it badly enough to set it up even on windows targets - which is not all that difficult. -- Les Mikesell lesmikesell at gmail.com
Rudi Ahlers wrote:> Hi, > > I would like to get some input from people who have used these options for > mounting a remote server to a local server. Basically, I need to replicate / > backup data from one server to another, but over the internet (i.e. insecure > channels)NFS and CIFS and iSCSI are all terrible for WAN backups(assuming you don't have a WAN optimization appliance), tons of overhead. Use rsync over SSH, or rsync over HPNSSH. I transfer over a TB of data a day using rsync over HPNSSH across several WANs. nate
Am 28.01.2010 12:28, schrieb Rudi Ahlers:> NOW, the question is: Which protocol would be best for this? I can only > think of SMB, NFS& iSCSIHow about NFS v4? It only needs one port which you can tunnel through ssh. Rainer
J.Witvliet at MINDEF.NL
2010-Jan-29 12:44 UTC
[CentOS] NFS vs SMb vs iSCSI for remote backup mounts
________________________________ From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Rudi Ahlers Sent: Friday, January 29, 2010 12:23 AM To: CentOS mailing list Subject: Re: [CentOS] NFS vs SMb vs iSCSI for remote backup mounts On Fri, Jan 29, 2010 at 1:18 AM, nate <centos at linuxpowered.net<mailto:centos at linuxpowered.net>> wrote: Rudi Ahlers wrote:> nate, why not? Is it simply unavoidable at all costs to mount on system on > another, over a WAN? That's all I really want todoIf what you have now works, stick with it.. in general network file systems are very latency sensitive. CIFS might work best *if* your using a WAN optimization appliance, I'm not sure how much support NFS gets from those vendors. iSCSI certainly is the worst, block devices are very intolerant of latency. AFS may be another option though quite a bit more complicated, as far as I know it's a layer on top of an existing file system that is used for things like replication http://www.openafs.org/ I have no experience with it myself. nate _______________________________________________ CentOS mailing list CentOS at centos.org<mailto:CentOS at centos.org> http://lists.centos.org/mailman/listinfo/centos Thanx nate, this is what I wanted to hear :) So, is there any benefit in using NFS over SMB in this case? Can't speak for NFS(3/4), but i can tell you that that smb-protocol combined with high latency is a recepy for disaster. We tried it from europe to the carribean (both sat or fibre) but users spent their time more complaining then working. Needed horrible expensive lan-optimesers at both end So perhaps nfs4 or afs (later is intended for geographically separated machines, afaicr) but certainly not smb! ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100129/6b24831d/attachment-0001.html>
J.Witvliet at MINDEF.NL
2010-Jan-29 12:53 UTC
[CentOS] NFS vs SMb vs iSCSI for remote backup mounts
At any rate... if I were in your shoes and really restricted to the options you propose, I would go with CIFS mounts through IPSEC tunnels. Wouldn't IPSEC add more overhead than an SSH tunnel? -geoff I would *certainly* not use ssh-tunnels, on a line that is not 100% error free or with high latency. In general tcp-in-tcp tunneling is BAD. One likely gets the infamous snowbal-effect. As ipsec is lower in the protocol-stack (then openvpn) it has probably the lowest overhead. ssh-tunnels are the worst (just nice for a quick tunnel in SOHO-environments) ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100129/04505f5e/attachment-0001.html>