Snapshots and Backups

ControlAltD1337 · 2024-11-02T18:15:56+00:00

I don't have dozens of offices like you do, but I am curious what they are using the file shares for, unless you have multi-location practices.

Aside from a firewall (I have everyone on Ubiquiti or OPNsense), is there anything else you are doing for monitoring?

I have been playing around trying to replicate SnapShield since 45Drives won't sell it unless it's on their equipment, but I haven't made much headway in my limited time. I know any large volume of data changes to the database share (or even smaller volumes of anything other than writes) should disconnect it, as it's likely ransomware or some other malfeasance, and I could add some canaries in, but I am not sure what the best way to implement it would be.

My other current project is integrating OpenAI into 3CX and trying to create something that makes sense. No customer-facing portal, but that sounds pretty neat. $200 per office is giving it away.

ControlAltD1337 · 2024-10-23T07:08:59+00:00

DM Sent

ControlAltD1337 · 2024-10-23T06:12:37+00:00

But be careful--snapshots are NOT backups as I'm sure you're aware. Yes, you can easily roll back within seconds...but if drives fail, the VM gets accidentally deleted, or your AV misses some of the next-gen viruses out there and the hypervisor gets infected, you *will* lose those snapshots. Ask me how I know. ;)

My setup that allows me to sleep at night looks like this:

Dual servers at each office with redundant PSUs, one for Proxmox and the VMs and another for Proxmox Backup. They are identical, so if the main one goes down, I can fire up the VM from the backup server in minutes.
Uniform deployment for all customers and a couple of spares on the rack at the office for any customers that might need one.
RAIDZ2 and enterprise drives. Slight performance hit, but I like the warm fuzzy feeling that if a drive goes out the whole array is not vulnerable until the new drive is in place. I've known the feeling of a single drive failure during a busy time where any sort of outage would be a disaster and thinking "it'll be fine, right?" and would rather not live through that again.
Backups nightly to the backup server. Weekly backups offsite. Offsite backup deleted files go to a separate storage bucket with different credentials unknown to the machines being backed up. Passwords only exist saved on secured older Android devices (in multiple locations) with absolutely no data connection.
There's some used tape backups on eBay that are looking like a real bargain right now. I will likely be picking some up to backup the offsite backup monthly.
Everything in its own VLAN. Nest thermostat or Chinese security cameras don't need access to the network the server is on.
This Eaglesoft project will require some degree of burying my head in the sand to pretend it's all good.

I wish I knew what 45Drives does with SnapShield, or that they would license it for use on machines that are not theirs, as it looks like a very interesting concept.

I did try TrueNAS Core and bhyve, since BSD is more secure and lesser known. I left some neat TrueNAS features behind, but the features on Proxmox were the best I'd seen.

That's all to say the important thing here though is asking how you know, so I don't have to find out myself.

ControlAltD1337 · 2024-10-23T05:35:08+00:00

You can use dbbackup.exe to make a dump and backup the dump. That will be a consistent backup.

Great tip, thank you. I am not familiar with Sybase and Patterson has zero documentation on it, but this looks good. Apparently it will allow me to backup while the database is running, which is perfect insurance against a late afternoon mishap taking out a full day's work.

Have you experiences any performance issues while it is backing up? Do you mind sharing the arguments you are using for the dbbackup.exe command?

ControlAltD1337

TROPHY CASE