[DRBD-user] : Backup "off line"

[Digimer]

On 2020-10-12 5:36 a.m., Anthony Frnog wrote:
> Hi,
> 
> To begin, my apologies if I post à the wrong place.
> 
> I use DRBD (version 9) on differents servers. My DRDB cluster is a
> shared storage for VM on Proxmox et Vmware Currently, there is a lot of
> ransomware attacks. This is a really problem... So, if my DRBD cluster
> is encrypted, all data will be encrypted and all VMs will be "dead".  My
> question is: Is there a DRBD solution able to save all data stored on
> DRDB node in order to restart my production if I have a ransowmare ?
> 
> 
> Best regards Anthony  

There's no specific anti-ransomware tools in DRBD, but you could set
something up easily enough. You could, for example, take periodic
snapshots of the backing LVM devices (assuming you use LVs to back DRBD
resources). You could keep N-number of snapshots and automatically cycle
them out.

How often you snapshot, and how many you keep, would depend on your
wants and resources. You probably want to be able to roll back at least
a week though, as it is my experience that some ransomware attacks lay
dormant for a period of time before encrypting (to get into backups).

In the end, DRBD is fundamentally an availability solution, and not a
backup solution. (Same idea as how "RAID is not backup"). You really
need to be sure that your data is backed up safely and incrementally.
Any snapshot-based approach should be seen as a way to more rapidly
recover to production, and not as a core backup method.

-- 
Digimer
Papers and Projects: https://alteeve.com/w/
"I am, somehow, less interested in the weight and convolutions of
Einstein’s brain than in the near certainty that people of equal talent
have lived and died in cotton fields and sweatshops." - Stephen Jay Gould