I am working on a disaster recovery setup.? We have 2 identical servers, both running proxmox. Server 1: ?? ?ADDC ?? ?File Server ?? ?Database ?? ?Web Server... Server 2: Runs the same VMs but sits at a remote location Our current backup does a nightly image of each of the VMs to a local NAS This image can be used to quickly restore the primary server if needed.? Once a week, this image is also copied slowly to the remote location (rate and time limited) and takes about 3 days. We also perform file system level backups using proxmox-backup-client of config and data dirs (/etc /var/lib /data) to the local NAS.? This is also pulled down at the remote location and takes about an hour or so. All this happens over a single port forwarded on the firewall I am now trying to integrate a backup of the ADDC.? There is only one.? I have read https://wiki.samba.org/index.php/Using_the_samba_backup_script along with all the warnings of early gruesome death if one uses it.? So I'm looking for recommendations and ideas on how to include the ADDC in our disaster recovery system. 1) I can image the server and restore.? This works just fine, but is quite a bit more data and fairly slow 2) I can use replication, but this is more difficult to the remote location without a vpn set up 3) I can use file level backup using proxmox-backup-client (or even rsync), this would be much faster, but now starts to fall in the warning zone of the wiki. How are others doing this? Peter
On 07/11/2022 20:48, Peter Carlson via samba wrote:> I am working on a disaster recovery setup.? We have 2 identical servers, > both running proxmox. > Server 1: > ?? ?ADDC > ?? ?File Server > ?? ?Database > ?? ?Web Server... > Server 2: Runs the same VMs but sits at a remote location > Our current backup does a nightly image of each of the VMs to a local NAS > This image can be used to quickly restore the primary server if needed. > Once a week, this image is also copied slowly to the remote location > (rate and time limited) and takes about 3 days.Provided that you are only using the DC's for authentication and replication is working, you only need to backup the domain using 'samba-tool domain backup' , this comes in two versions 'offline' and 'online'. If a disaster was to happen, the backup could be used to recover your domain. I cannot recommend any other method, otherwise you could end up with zombie accounts and the loss of recently created users and groups etc if the backups are old. Unix domain members only require the data to be backed up along with the smb.conf, given these the domain member can easily be rebuilt and rejoined to the domain. Rowland