Mailing List Archive

On 2020-10-12 5:36 a.m., Anthony Frnog wrote:
> Hi,
>
> To begin, my apologies if I post à the wrong place.
>
> I use DRBD (version 9) on differents servers. My DRDB cluster is a
> shared storage for VM on Proxmox et Vmware Currently, there is a lot of
> ransomware attacks. This is a really problem... So, if my DRBD cluster
> is encrypted, all data will be encrypted and all VMs will be "dead".  My
> question is: Is there a DRBD solution able to save all data stored on
> DRDB node in order to restart my production if I have a ransowmare ?
>
>
> Best regards Anthony  

There's no specific anti-ransomware tools in DRBD, but you could set
something up easily enough. You could, for example, take periodic
snapshots of the backing LVM devices (assuming you use LVs to back DRBD
resources). You could keep N-number of snapshots and automatically cycle
them out.

How often you snapshot, and how many you keep, would depend on your
wants and resources. You probably want to be able to roll back at least
a week though, as it is my experience that some ransomware attacks lay
dormant for a period of time before encrypting (to get into backups).

In the end, DRBD is fundamentally an availability solution, and not a
backup solution. (Same idea as how "RAID is not backup"). You really
need to be sure that your data is backed up safely and incrementally.
Any snapshot-based approach should be seen as a way to more rapidly
recover to production, and not as a core backup method.

--
Digimer
Papers and Projects: https://alteeve.com/w/
"I am, somehow, less interested in the weight and convolutions of
Einstein’s brain than in the near certainty that people of equal talent
have lived and died in cotton fields and sweatshops." - Stephen Jay Gould
_______________________________________________
Star us on GITHUB: https://github.com/LINBIT
drbd-user mailing list
drbd-user@lists.linbit.com
https://lists.linbit.com/mailman/listinfo/drbd-user

Hi,

Thank you for your answer.
I already made this.

Anthony

Le lun. 12 oct. 2020 à 11:46, Digimer <lists@alteeve.ca> a écrit :

> On 2020-10-12 5:36 a.m., Anthony Frnog wrote:
> > Hi,
> >
> > To begin, my apologies if I post à the wrong place.
> >
> > I use DRBD (version 9) on differents servers. My DRDB cluster is a
> > shared storage for VM on Proxmox et Vmware Currently, there is a lot of
> > ransomware attacks. This is a really problem... So, if my DRBD cluster
> > is encrypted, all data will be encrypted and all VMs will be "dead". My
> > question is: Is there a DRBD solution able to save all data stored on
> > DRDB node in order to restart my production if I have a ransowmare ?
> >
> >
> > Best regards Anthony
>
> There's no specific anti-ransomware tools in DRBD, but you could set
> something up easily enough. You could, for example, take periodic
> snapshots of the backing LVM devices (assuming you use LVs to back DRBD
> resources). You could keep N-number of snapshots and automatically cycle
> them out.
>
> How often you snapshot, and how many you keep, would depend on your
> wants and resources. You probably want to be able to roll back at least
> a week though, as it is my experience that some ransomware attacks lay
> dormant for a period of time before encrypting (to get into backups).
>
> In the end, DRBD is fundamentally an availability solution, and not a
> backup solution. (Same idea as how "RAID is not backup"). You really
> need to be sure that your data is backed up safely and incrementally.
> Any snapshot-based approach should be seen as a way to more rapidly
> recover to production, and not as a core backup method.
>
> --
> Digimer
> Papers and Projects: https://alteeve.com/w/
> "I am, somehow, less interested in the weight and convolutions of
> Einstein’s brain than in the near certainty that people of equal talent
> have lived and died in cotton fields and sweatshops." - Stephen Jay Gould
>

I use lvm snapshoting and borg incremental backup of snapshoted storages.

On October 12, 2020 2:27:26 PM GMT+02:00, Anthony Frnog <anth.frnog@gmail.com> wrote:
>Hi,
>
>Thank you for your answer.
>I already made this.
>
>Anthony
>
>Le lun. 12 oct. 2020 à 11:46, Digimer <lists@alteeve.ca> a écrit :
>
>> On 2020-10-12 5:36 a.m., Anthony Frnog wrote:
>> > Hi,
>> >
>> > To begin, my apologies if I post à the wrong place.
>> >
>> > I use DRBD (version 9) on differents servers. My DRDB cluster is a
>> > shared storage for VM on Proxmox et Vmware Currently, there is a
>lot of
>> > ransomware attacks. This is a really problem... So, if my DRBD
>cluster
>> > is encrypted, all data will be encrypted and all VMs will be
>"dead". My
>> > question is: Is there a DRBD solution able to save all data stored
>on
>> > DRDB node in order to restart my production if I have a ransowmare
>?
>> >
>> >
>> > Best regards Anthony
>>
>> There's no specific anti-ransomware tools in DRBD, but you could set
>> something up easily enough. You could, for example, take periodic
>> snapshots of the backing LVM devices (assuming you use LVs to back
>DRBD
>> resources). You could keep N-number of snapshots and automatically
>cycle
>> them out.
>>
>> How often you snapshot, and how many you keep, would depend on your
>> wants and resources. You probably want to be able to roll back at
>least
>> a week though, as it is my experience that some ransomware attacks
>lay
>> dormant for a period of time before encrypting (to get into backups).
>>
>> In the end, DRBD is fundamentally an availability solution, and not a
>> backup solution. (Same idea as how "RAID is not backup"). You really
>> need to be sure that your data is backed up safely and incrementally.
>> Any snapshot-based approach should be seen as a way to more rapidly
>> recover to production, and not as a core backup method.
>>
>> --
>> Digimer
>> Papers and Projects: https://alteeve.com/w/
>> "I am, somehow, less interested in the weight and convolutions of
>> Einstein’s brain than in the near certainty that people of equal
>talent
>> have lived and died in cotton fields and sweatshops." - Stephen Jay
>Gould
>>

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

On Mon, Oct 12, 2020 at 05:46:34AM -0400, Digimer wrote:
> On 2020-10-12 5:36 a.m., Anthony Frnog wrote:
> > Hi,
> >
> > To begin, my apologies if I post ? the wrong place.
> >
> > I use DRBD (version 9) on differents servers. My DRDB cluster is a
> > shared storage for VM on Proxmox et Vmware Currently, there is a lot of
> > ransomware attacks. This is a really problem... So, if my DRBD cluster
> > is encrypted, all data will be encrypted and all VMs will be "dead".? My
> > question is: Is there a DRBD solution able to save all data stored on
> > DRDB?node in order to restart my production if I have a ransowmare ?
> >
> >
> > Best regards Anthony??
>
> There's no specific anti-ransomware tools in DRBD, but you could set
> something up easily enough. You could, for example, take periodic
> snapshots of the backing LVM devices (assuming you use LVs to back DRBD
> resources). You could keep N-number of snapshots and automatically cycle
> them out.

This and the rest what Digimer wrote. One of the lesser known and newer
features of LINSTOR + an extra tool for LVM to make it efficient is
actual support for snapshot shipping [1].

Best, rck

[1] https://www.linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-linstor-snapshots
_______________________________________________
Star us on GITHUB: https://github.com/LINBIT
drbd-user mailing list
drbd-user@lists.linbit.com
https://lists.linbit.com/mailman/listinfo/drbd-user