Offsite Backup

Los Angeles is earthquake country, plus a total loss of the home information resources is possible from fire. While we occasionally put a backup disc in our bank's safe deposit box, security of the box is not exactly absolute, particularly in an earthquake. We also have a fireproof box, which is believed to be fairly effective but which cannot be tested. An offsite backup server would give us a lot of peace of mind.

Ben may have partially agreed to let an offsite backup server onto his net.

Requirements

• Capacity requirements are modest, no more than 5Gb.

• The backup procedure should happen automatically without manual intervention at either end.

• Modern standards of security must be adhered to.

  • All access to be authenticated.
  • No open ports other than those operationally required.
  • Credentials and payload encrypted on the wire with a credible algo.
  • Virus resistance and monitoring.

• The server has to be small, unobtrusive and autonomous. Only very rare interventions needed from Ben, e.g. if he rewires the house.

• It should not be a bandwidth pig.

• It does not have to be accessible 24/7; scheduled wakeups are enough. But it has to be reliable, and self-healing after disruptions such as power failures.

• Software maintenance has to be feasible from our end.

• While the operating system is not an actual requirement, jimc has the expertise to do more with Linux, specfically OpenSuSE.

Implementation Possibilities

• Possiblity #1: Ben's NAS box can act as a rsync server. Issues:

  • How do I authenticate to him?
  • He has to do port forwarding on unfamiliar ports.
  • Encryption on the wire, how do we manage that?

• Possibility #2: On Ben's Windows machine he runs a rsync client to my host in L.A. (having a rsync server), and deposits the payload on his NAS box via SMB mounted on the client host, which is his normal mode of operation. Issues:

  • He would obviously like this to happen automatically, i.e. scheduled task or login service.
  • Could he authenticate automatically to OOBA? Requires web form programming. Yuck.
  • Getting past OOBA: use IPSec which is not controlled by OOBA.
  • How can he non-manually initiate an IPSec connection? That is not normal for desktop Windows. Probably a showstopper.

• Possibility #3: I provide a box with Linux. Issues:

  • Ben needs to forward port 22 to the box. He never serves 22 himself.
  • Authentication and encryption are via SSH.
  • Power has to be small. Promised: 10 watts or less. If a unicast magic packet on port 22 will wake it up, that would be ideal. But routing this packet does not seem to be possible.
  • Maybe Ben's router could do the WOL thing. Or Apple proxy wakeup.
  • Another possibility for power saving is for it to wake autonomously on a schedule, and I have a scheduled job that uses it then. Then the box goes to sleep (unless the schedule is altered for a special occasion).
  • Upon a power failure the box has to reboot when power resumes.

• Possibility #3A: Ben would not do port forwarding, and the Linux box would initiate a VPN connection to L.A. IKE (IPSec) in general, and StrongSwan in particular, can re-initiate the VPN if it goes down, e.g. if the wild-side IP address changes or if the machine sleeps longer than the keepalive interval. This would be great except for an operating system upgrade, which if done remotely absolutely requires the master host to originate a SSH connection to the installer running on the target being upgraded.

Unless Ben thinks of something spectacular with Windows, it looks like the Linux box is the cleanest solution.

Implementation Details

• Ben needs to register his wild-side IP. Current plan: to give him ben.jfcarter.net through Dyn.com. His router is willing to register with www.dyndns.org (variants: custom, free, static). Requires the "A" record name, account name, and password. I'm to set this up and send him the info. This can be tested ahead of time.

• Proposed hardware: CompuLab Fit-PC3 Basic. $379, sold by Compulab and fulfilled by Amazon. Specifications:

  • Model number: fit-PC3-D2x2-T40N-WB-H250-XL-FM4U
  • CPU: AMD G-T40N, 1.0GHz dual core
  • Graphics: Radeon HD 6290 integrated with CPU (we'll have no monitor)
  • Graphics ports: HDMI (1920x1200px), DisplayPort (2560x1600px) dual head
  • RAM: 4Gb: 2 SO-DIMM slots x 2Gb DDR3 1333MHz 64bit
  • Disc: 250Gb (SATA, 2.5in laptop drive) and 2x eSATA ports. Drive vendor and specs not stated.
  • Audio: Stereo 3.5mm jacks for line out and in; 7.1 channel S/PDIF (copper)
  • Network: 802.3 1000baseT; 802.11bgn + Bluetooth 3.0 (dual antennas provided)
  • Other: 2x USB-3.0 type A (rear); 6x USB-2.0 (2 rear, 4 front); 1x RS232 mini (rear), half size mini-PCIe (internal)
  • Power consumption: 8W idle, 17W maxed out. Power brick provided.
  • Cooling: Natural convection, no fan
  • Installed OS: Windows (so it says)
  • Dimensions: 6.3 x 6.3 x 1.0 inch, 16 x 16 x 2.5 cm, about 1 kg.
  • First on Amazon: 2012-07-02; this variant is no longer featured on CompuLab's website (but longterm availability to 2017 it says).

• A better choice probably is the CompuLab Fit-PC3 LP Barebone, $275 sold by Compulab and fulfilled by Amazon. Specifications: Similar to above.

  • Model number: fit-PC3-D0-T40E-FM0
  • CPU: AMD G-T40E, Dual-core 64 bit, 1.0 GHz,
  • Graphics: Radeon HD 6250 integrated with CPU (we'll have no monitor)
  • Graphics ports: HDMI (1920x1200px), DisplayPort (2560x1600px) dual head
  • RAM: None; up to 8Gb: 2 SO-DIMM slots x DDR3 1333MHz 64bit
  • Disc: None (SATA, 2.5in laptop drive) and 2x eSATA ports
  • Audio: Stereo 3.5mm jacks for line out and in; 7.1 channel S/PDIF (copper)
  • Network: 802.3 1000baseT
  • Other: 2x USB-3.0 type A (rear); 2x USB-2.0 (rear); 1x RS232 mini (rear), full + half size mini-PCIe slots (internal)
  • Power consumption: 7W idle, 15W maxed out. Power brick provided.
  • Cooling: Natural convection, no fan
  • Installed OS: None (no disc)
  • Dimensions: 6.3 x 6.3 x 1.0 inch, 16 x 16 x 2.5 cm, 1.067 kg
  • First on Amazon: 2013-06-13
  • Specification Page

• If getting the Fit-PC3 LP I'll need to get memory and a disc. I would get the same ones I have in Diamond (from Amazon). Actually, the current versions of the products.

  • Seagate Laptop Thin 500 GB Solid State Hybrid Drive SATA 6Gb/s 64 MB Cache 2.5 Inch ST500LM000, $76, SBSF Amazon. 5400 RPM with 8Gb flash cache giving SSD-like performance with favorable access patterns. The 7200 RPM non-hybrid drive for Diamond is discontinued.
  • Kingston Technology HyperX 8 GB (2x4 GB Modules) 1600 MHz DDR3 SODIMM Dual Channel Kit (PC3 12800) 204-Pin SDRAM KHX1600C9S3P1K2/8G, $66 for the pair. Non ECC. This is what's in Diamond.
  • Kingston HyperX Plug n Play 4 GB Kit (2x2GB Modules) 1600MHz DDR3 SODIMM Notebook/Netbook Memory 4 Dual Channel Kit (PC3 12800) 204-Pin KHX1600C9S3P1K2/4G , $50 for the pair, SBSF Amazon. (Current.)

So the total price tag would be $401.

How to Use It

The SSH protocol can use a variety of crypto algorithms at each step. Currently with up-to-date versions at both ends, the initial key is synced by Elliptic Curve Diffie-Hellman key exchange. This is then used in the AES128-CTR algo with HMAC-MD5-ETM integrity checking. For mutual authentication the server has a ECDSA private key and the client has a saved copy of the certificate, and this particular client user has a RSA private key (2048 bits) for which the server has the certificate, or GSSAPI (Kerberos) can be used.

Here is the scenario for setting up and using this backup machine.

• Soon, Ben would set up his router to register his wild-side IP address with Dyn.com (www.dyndns.org). He would also make sure that his CouchNet login and password are still functional. He would use these to get onto the backup machine.

• At home I would set up the machine with OpenSuSE-13.1 and configure everything. Procedures would be tested locally.

• The machine would be included in weekly software updates and backups. Access would be identical to a local machine, using the general SSH credential.

• Ben would take the machine home after Christmas and park it on the shelf of his router closet.

• The machine would sleep most of the time. It would wake at 09:00 daily and do housekeeping, then at about 09:10 Diamond would originate a connection to it using SSH with restricted execution, and would send via rsync the backup directory and the basic document cache.

  The majority of these files do not change except in distro upgrades. Syncing them takes almost zero time. If a file did change, rsync has an efficient algorithm to identify regions of the file that aren't changed, and to not send them on the wire.

• If I need to retrieve files I would use rsync, with my general SSH credential, and similarly if I need to do software maintenance.