Remote Backup of Windows Boxes w/o Samba? 100
reezle asks: "I'm looking for a good (free as in beer) method to have my Debian server back up some remote Windows machines. There is no Samba in the mix; this is supposed to be a strictly secure internet thing. I've been toying with OpenSSH on the windows computers as a good tunnel, thought of simple tools like ntbackup initiated from a script on the Linux box, but not all of the pieces have come together yet. I need to have the Linux box make the connection, back up data (full and incremental backups) and have that backup data get back to the Linux machine in an encrypted format (across the wild internet). Has anyone done something like this?"
Idea, (Score:4, Interesting)
Re:Idea, (Score:1)
Source -1- rsync1 -2- rsync2 -3- Destination
RSync works assuming that paths #1 and #3 are fast (local) and that #2 is slow (network). So it does extra reads over #1 and #3 to minimize #2.
Your suggestion puts #2 and #3 local and #1 on the network.
Re:Idea, (Score:4, Interesting)
Why not just... (Score:3, Informative)
Or one thing I use, to keep incremental backups, is rdiff-backup [stanford.edu].
ignorate question (Score:2)
Three letters: SCP. (Score:5, Interesting)
Re:Three letters: SCP. (Score:3, Informative)
The advantage of stuff like rsync is that it only sends the deltas over the network. I have a daily backup of my 400 GB over the net. If nothing changes, it only uses 100k of bandwidth.
Re:Three letters: SCP. (Score:3, Informative)
Re:Three letters: SCP. (Score:2)
Re:Three letters: SCP. (Score:2)
Re:Three letters: SCP. (Score:1)
Re:Three letters: SCP. (Score:2)
Am I missing the option, or should I be wrapping SCP in something else that figures that part out?
Re:Three letters: SCP. (Score:3, Informative)
A far more efficient method would be to look at using RSYNC with SSH as a few others have pointed out. There's a pre
Re:Three letters: SCP. (Score:2)
A far better option would be Unison [upenn.edu], which does 90% of what you're looking for, and can be made to work across an SSH tu
cron+scp (Score:2, Interesting)
Re:cron+scp (Score:1)
Re:cron+scp (Score:1, Troll)
I'm glad to see not EVERYONE makes useless posts to Slashdot just to hear themselves harrumph around acting like know-it-alls who run around rebuffing everyone who tries to help others with a little advice, but never offer any advice themselves.
+1 Insightful to you, my friend.
Re:cron+scp (Score:1, Troll)
Re:cron+scp (Score:1, Redundant)
Re:cron+scp (Score:2)
Why not samba? (Score:1, Interesting)
Re:Why not samba? (Score:2)
For that matter, just tunnel to port 139 via ssh. So port 9139 (for example) on the linux box gets forwarded over ssh to port 139 on the ms/win box, and then you start samba with port=9139...dirt simple, no?
-- MarkusQ
Re:Why not samba? (Score:1)
The Rsync solution is definitely the best suggested for what he asked for.
However personally, I would setup a fileserver for the machines and make everyone use that for stuff they want backed up. Centralized storage is always a cleaner solution.
Push vs. Pull? (Score:2)
Save for the fact he's looking to pull the backups from Linux not push them from Windows.
So he does a
on the linux box and then runs whatever backup solution he likes on the linux box (against the mount point). You can't get much more "pull from linux" than that.-- MarkusQ
Re:Push vs. Pull? (Score:1)
Re:Push vs. Pull? (Score:2)
So he wants to be secure and you are suggesting that he turns file sharing on on the windows boxes. Yeah that will really work.
I don't think you are understanding what I'm suggesting. It isn't all that complicated:
Using rsync over an unecrypted channel would be just about
Re:Push vs. Pull? (Score:1)
2) How are you going to get the windows boxes to do this without openning up SMB to the world unencrypted. (Hint you pretty much can't without a firewall box extern to windows)
3) See previous point. Windows doesn't support this.
4) See previous points.
5) See previous points.
The rsync was to be done over a ssh tunnel. Read the other posts. Either way you don't know what you are talking about so I suggest you clam up.
Re:Push vs. Pull? (Score:2)
I don't see why not. I've done it under NT4, and I can't imagine (well, I can imagine, but I don't think it's true) that the newer mswin versions are less functional in this regard. A quick peek at google seems to support [vandyke.com] the idea that it's possible (I haven't used an msbox for several years, but from what I see on google it appear
Re:Push vs. Pull? (Score:1)
A quick peek at google seems to support the idea that it's possible.
Apparently you didn't read this. This is for setuping secure access to an smb server from Windows. Which by the way is the exact opposite of what you are suggesting. They tell you to turn off file and printer sharing in the article for a good reason.
And Like Windows packet filter is secure.
Re:Why not samba? (Score:2)
Cygwin + rsync (Score:2)
-molo
Re:Cygwin + rsync (Score:2, Interesting)
It supports gpg signing and encrypting of archives and provides direct support for scp/ssh as a transport while handling full and incremental backups very nicely (well, after I wrote a few wrapper scripts just to make my life easier).
I have not used it on windows with cygwin, but I know people who are.
Re:Cygwin + rsync (Score:2, Informative)
If you're going to use rsync, use Interix/SFU. That's what I currently use, though I might switch to Unison. Works great, though sometimes the permissions are a pain (the Posix permissions don't always translate nicely
Re:Cygwin + rsync (Score:2)
-molo
Re:Cygwin + rsync (Score:1)
You wouldn't say that Linux is broken because you can make a file world-writable, would you?
Re:Cygwin + rsync (Score:2)
-molo
Backup (Score:4, Interesting)
Or.... put Samba on the Debian box, use port forwarding and the loopback adapter to create a tunnel to the samba box and have the windows backup program write to the samba share which is only listens on 127.0.1.1
setup on windows box:
Loopback IP: 172.168.254.1
Real IP: XX.XX.XX.XX
SSH port forward from Local 172.168.254.1:139 to remote 127.0.0.1:139
Create an account for each machine on the debian box.
Windows backs up to \\172.168.254.1\MACHINENAME
A solution: Acronis TrueImage (Score:3, Informative)
NTBackup that comes with Windows can NOT backup all the Windows system drive, only part of it. Windows XP and 2000 (not Windows 98) have crippled file systems, apparently to implement copy protection.
NTBackup presumes that you are a peon whose time is worth nothing, and you don't mind loading all of your programs again. Some people restore a backup over a working Windows XP installation, but this is said by Microsoft technical support people to be unstable.
The ONLY way to back up a Windows XP and 2
Re:A solution: Acronis TrueImage (Score:2)
The article *clearly* talks about cloning hard disks for distribution (i.e., building a corporate master image for distributing across an organization), and has nothing to do with backing up your hard disk and restoring it *on the same machine*.
NTFS is *not* crippled, and I've restored backups several times.
It's a pain in the butt, because you have to have a running version of NT to run ntbackup, but it works
Re:A solution: Acronis TrueImage (Score:1, Troll)
Every time I try to talk about this issue, someone tells me I'm wrong! I even put a warning paragraph at the end of my (grandparent) comment, and still it happened.
For example: A backup that must be restored to the same computer is not a backup! Suppose something fails on that motherboard and you don't have any other motherboards exactly like it?
A backup backs you up! If there are situations in which you won't get all your work back, you don't have a backup. This is not an isolated situation. The co
Re:A solution: Acronis TrueImage (Score:2)
The issue, if you had actually understood the knowledgebase article, is that XP/2K has per-machine IDs, and that cloning the hard drive *clones the machine IDs*. When you put the cloned image on two new machines, domain servers get confused.
If your machine doesn't need to talk to an NT domain controller, the problems won't arise.
If you need to generate OS installation images (say,
The SID must be changed anyway. (Score:1)
The SID must be changed anyway. That is an entirely separate issue.
I was told by a senior Microsoft technical support engineer last week, and I have been told before, that duplicate SIDs also confuse peer-to-peer networks.
XCOPY32.EXE can copy ALL files on a FAT32 partition. I stand by what I said. ALL the information in Windows XP and Windows 2000 is in files.
DriveImage, and all of PowerQuest, is now owned by Symantec, which, in my opinion, is legendary for bad technical support. Acronis is way
Re:The SID must be changed anyway. (Score:2)
You, on the other hand, have overgeneralized what they've told you into places that are
Re:A solution: Acronis TrueImage (Score:2)
Re:A solution: Acronis TrueImage (Score:2)
ostiguy
Microsoft and I stand by the facts. (Score:1, Troll)
As I said in my original post, all the facts in it have been reviewed many times by Microsoft technical support people.
I specifically said in my original post: "Some people restore a backup over a working Windows XP installation, but this is said by Microsoft technical support people to be unstable."
Re:Microsoft and I stand by the facts. (Score:1)
Part of the issue here may be that NTbackup (at least on XP / 2k) DOES backup everything (as long as you select system state). You'd need to sysprep your real system to force a hardware redetect on next boot to get the functionality you appear to want.
Re:Microsoft and I stand by the facts. (Score:2)
ostiguy
Might give Unison a Try (Score:5, Interesting)
I've had fairly good experiences with the Unison [upenn.edu] product. It works similarly to rsync [anu.edu.au] but with a few enhanced features. And I quote...
Anyway, you might give it a look...
Re:Might give Unison a Try (Score:2)
Backup operators can ignore security to read all files for backup.
Since backup operators (anyone with SeBackupPrivilege [microsoft.com]) can read all files (regardless of ACL), it can be a security risk; use it carefully.
Re:Might give Unison a Try (Score:3, Informative)
Your interpretation: This program magically allows any user to read any file on the system without admin privileges.
Correct interpretation: This program does
Re:Might give Unison a Try (Score:1)
Highly recommended!!
Re:Might give Unison a Try (Score:3, Informative)
I am a huge fan of Unison, and I use it to sync all files, bookmarks and settings between my windows laptops and desktops. But it is NOT a backup utility - if you have it set to run at set intervals, and one set of files becomes corrupted, deleted or otherwise changed, Unison will then do the same to all the other files. It does not have rollback.
It's handy for total machine or disk failures, but not so handy if, say, a virus trashes your files an
Re:Might give Unison a Try (Score:2, Informative)
Rsync with cygwin would be another option, my experience with OpenSSH/scp on Windows has been poor when it's under pressure.
-Chris
Re:Might give Unison a Try (Score:2, Informative)
A few solutions (Score:4, Informative)
There's also another easier option. But, it will cost you. Use a "real" backup program such as Retrospect [dantz.com] which will do compression and encryption (very strong encryption if you desire) client side. More often then not, this is what big businesses use. You can then safely use smb, ftp, scp, whatever you wish
Re:A few solutions (Score:2, Informative)
You will need to run ssh-host-config after you install the ssh package. Under Windows Server 2003, it apparently can't setuid properly unless an actual password is supplied, so change the service to run as the user, instead of local system.
Cygwin is sometimes a little slower than you might expect, especially for I/O, due to the extra layers of indirection. One huge performance problem is t
Re:A few solutions (Score:2)
There's a great port of OpenSSH I use regularly on my windows boxes - perfectly seamless operation with unix machines. very nice.
netcat (Score:4, Informative)
A version exists for Windows (it's what the kiddee's use), but it can be used for legit purposes if done properly.
rsync (Score:3, Informative)
Do a google search on "rsync windows backup".
The only downside is that rync will "kill" your upstream internet connection (it is that efficient). Fortunately, there is a --bwlimit option so you can back off a little.
If you are looking for a commercial hoster with all of the scripts pre-built we are happy to help (sorry for the AD), but it is pretty easy to roll this yourself.
Bacula (Score:4, Informative)
Although the clients do not have built in support for encryption, according to the manual you can run the clients through stunnel [stunnel.org] to encrypt the traffic between the clients and the backup server. Future versions are supposed to support encryption built into the client.
Re:Bacula (Score:1)
Re:Bacula (Score:2, Interesting)
I use OpenVpn for encrypted connectivity between the machines as I am backing up a number of them across the net. It also has linux and windows clients.
One caveat is that I don't use it to backup the entire system. I back up the users' data and c
cygwin, bleh (Score:3, Informative)
Networker (Score:2)
If you don't care about enterprise features (and if it turns out you have to purchase it and don't want to), use cygwin/rsync like ev
Re:Legato (Score:2)
Re:Legato (Score:2)
The leaders are Veritas's NetBackup and IBM's TSM. Not that I'm endorsing either...however, having used all three, I'd pick either NBU or TSM over Legato every time.
Re:Legato (Score:2)
I agree that Legato is best avoided - in gereral, it leaves a trail of dead bodies behind it...
As far as cpommercial b/u software goes, BakBone's NetVault is a far better (both in functionality and price) option than either Veritas (good but $$$) or TSM (a true power tool, also $$$, but also requiring *way* too much arcane knowledge about its
Look at rdiff-backup (Score:3, Interesting)
rdiff-backup backs up one directory to another, possibly over a network. The target directory ends up a copy of the source directory, but extra reverse diffs are stored in a special subdirectory of that target directory, so you can still recover files lost some time ago. The idea is to combine the best features of a mirror and an incremental backup. rdiff-backup also preserves subdirectories, hard links, dev files, permissions, uid/gid ownership, and modification times. Also, rdiff-backup can operate in a bandwidth efficient manner over a pipe, like rsync. Thus you can use rdiff-backup and ssh to securely back a hard drive up to a remote location, and only the differences will be transmitted. Finally, rdiff-backup is easy to use and settings have sensical defaults.
I found it to be very fast and reliable. And yes, it aparently does work under Windows [stanford.edu].
Easy as pie (Score:2)
Oh you said Windows... There's always Cygwin.
Bacula (Score:1)
Don't know if it goes through the net encrypted, tough. The security I would use is the (not default, heh) hash pass"phrase", compression, and VPN.
Re:Bacula (Score:2)
Arkeia! (Score:3, Insightful)
Plenty of the solutions people have posted about are fine and dandy hack jobs and while they probably will work -- they would take a lot of time and effort to implement. Arkeia is pretty easy to install on the client end - you basically just install the client and tell it the name of the server - the acutal backup is managed completely by the server. Clients are available for practically every OS under the sun.
Arkeia has served me pretty well over the last few years, so even with the cost (not very much for a comparable solution from any other vendor) you really do get a pretty decent product.
Re:Arkeia! (Score:1)
Re:Arkeia! (Score:2)
If you really never want to see it you can delve into the hysteria of the arkc command line client with it's ten million options and modes.
rsync (Score:2)
Our setup actually runs the rsync server on the windows machine. Main problem is that the default one with cygwin dies mysteriously for no apparent reason. Some googling found us a fixed version to use -- 18 months on, no issues.
rsync over ssh (cygwin) (Score:2, Informative)
There are drawbacks too. For example, you cannot store SSH key on mapped network drive. And do not use it with Windows 98, bash script and rsync will hang after 1-2 hours.
dual boot to linux (Score:2, Interesting)
Nothing fancy to do on Windows. It takes 10 to 30 minutes to restore Windows to the way it was exactly when it was backed up, including XP. Without linux, it would have taken a whole day with all the patches, drivers, exact configuration, applications insta
Re:dual boot to linux (Score:2)
BackupPC (Score:3, Insightful)
It is highly configurable and easy to set up automatic backup routines and you can monitor operations
using a webbased interface. BackupPC also supports various transfer methods such as rsync, samba, etc.
and makes use of compression and pooling of files to save diskspace.
Of course, getting some scripts using rsync over ssh or something like that won't be that hard,
but anyway, I recommend you to check out BackupPC.
Or, the commercial route: Dantz Retrospect (Score:2)
Quick and Dirty Secure Win-Lin backup (Score:3, Interesting)
First, I create backup files. To do this, I use the Backup utility built into Windows (for better or worse). Of course, this assumes you have enough freespace on your Windows volumes to accomodate the backups...
On the server side, I set up an FTP daemon and an OpenSSH daemon. The FTP daemon is configured to only accept connections from localhost, so one must log in via SSH to transfer via FTP.
Then, I use a simple Win script to
This has worked fantastically well for me, and the only thing I didn't already have was PuTTY. It's also as secure as any other SSH activity (pretty darn secure), and if you make the SSH session log in as a restricted "backup" user, it becomes very difficult to use this system to escalate privileges on the server.
Yes, I've done this. (Score:3, Informative)
To backup the systemstate (you need to do this on your DC's and Exchange boxes), you have to do it locally.
Instead of putting in a directory in your BKS, just put the word: SystemState
on its own line.
Your exchange directory store:
DS \\EXCHANGESERVERNAME
You exchange information store:
IS \\EXCHANGESERVERNAME
Directories and files:
c:\whereever\blah\blah\blah
c:\anotherdi
To exclude:
add a
Note: The BKS files are in a sort of unicode format (thanks Microsoft). I was using perl to create the files before every backup so I didn't have to depend on changing static files on each system being backed up. Its not quite unicode . . . open the file in a hex editor and check it out if you want to write them dynamically.
To kick off ntbackup at the commandline and use that BKS, something like this would work:
ntbackup backup "@\\server\backupdir\YOURSERVER_SystemState.bks"
Or for an incremental:
ntbackup backup "@\\server\backupdir\YOURSERVER_bunchadirs.bks"
I was planning on exclusively using SCP to transfer the files between the systems, but I ran into problems with the Win32 SSH client and server. Anytime I wanted to move a file bigger than 2G off the Win systems, I'd end up with a corrupt file. (So, I had to resort to using FTP in some cases).
Only semi related, If you are backing up systems at a datacenter and eventually sending them to a repository in the office (or vice versa) and sending them over a limited data line (we only had a couple T1's), you might want to look at the shaper app. I was able to limit the traffic heading over that T1 line after it was conglomerated on a datacenter server so that the users in the office could still do their work.
After adding a few hooks to the various scripts to have it spew its progress to a central server that I monitor for errors, I had a fairly scalable script based backup system using built in backups (NTBackup on 2k/Xp/2k3 and Tar). Oh, and Bzip2 is your friend on the windows systems. Getting around 2GB file size limitations was the biggest pain in the whole setup. Go through some good QA and check every backup that is created for the first week; it sucks finding out your files are corrupted when you need them . . .
Two links (Score:1)
Here's [mikerubel.org] another good site on backing up Windows machines.
Karen's Replicator + WebDav (Score:2)
It's about as close as you can get to rsync on Windows without resorting to cygwin, plus it can run non-stop as a service.
Hope this helps.
Duplicity (Score:2)
Automating NTBackup is half the battle. Example... (Score:2)
Here is an example
Move the files to Linux any way you want.
-begin backup.bat-
rem Make room by deleting oldest files, leaving four newest
for
rdiff-backup (Score:1)
I have windows installers available:
http://sol1.net/~dave/backup
http://rdiff-backup.stanford.edu
it solves your problem exactly
I use it - get blat to email you the logs and you are sweet