Multi-storage backup for the little ones
recently on the planet waves swept WannaCry and its clones. And the problem of codebreakers stands in front of system administrators for over 10 years. Sooner or later – but all the introduced and implemented measures to protect from light do not help and it is the user who opens the email, the attachment and gets the full "bouquet". Also a lot of "fun" hours gets system administrator.
And then it all clearly begin to understand that we need a backup (many, different, in different places). I.e., the 3-2-1 rule, invented and described by Peter Krogh om-om, it is highly desirable to perform. This article is an example that helps make the actual implementation of the rule on "the knee" — without buying expensive equipment (in tight economy).
• There is a small virtualization environment from Vmware (a couple of ESXi servers, vCenter, the cheapest package of licenses for the initial Kit and in General this is not important for this article. Similarly, the article is suitable for Hyper-V);
• There are a dozen virtual machines, the contents of which you do not want to lose in the case of mining Ransomware automated by the script;
• Have a system backup from Veeam (free edition, backups are done using PowerShell and Task Schedule).
• Make backup copies of the server 1 time a day at night;
• To multiply copies (to copy to a NAS with FreeBSD + ZFS). By the way, ZFS is also made snapshots, which are automatically deleted on a specified schedule (zfSnap + Cron);
• Have an offline copy of the "backup" on a removable media.
Since the main server which makes backups of running virtual machines, running a Windows operating system Server (because Veeam Backup works so far only on the basis of this OS), it was decided to implement the tasks use PowerShell.
To solve the problem needed a script that would run via the Task Scheduler and synchronize A directory to a network resource B that is accessible via the SMB Protocol. At first I tried to use robocopy but the tests showed a very low rate of work the script. I decided to implement this script in another tool.
The five-minute search and 10 minute tests showed the presence of viable and ready solution: powershell-synchronizing-a-folder
The script was smart:
• Works with local disks and network resources.
• Allows you to exclude certain files from the tasks;
• Allows you to synchronize files in a predetermined pattern.
• Runs at top speed (i.e. how much iron and a network issue is the speed of the sync and passes, unlike robocopy).
In the end, the primary server appeared a bundle of tasks in the Task Schedule:
the
And the task of synchronizing your backups after you perform Veeam Backup jobs have been solved (2 copy with a Delta-time).
The idea is simple:
• Connect to the server with Veeam Backup external USB 3.0 hard drive 2 TB
• Most of the time keep it Offline (and that we are protected from Ransomware automated);
• When the script runs, it brings a disk Online, make the directory with the current date copies the current backup, and after once again takes the disk Offline.
Implementation:
The starting point, use the command: Get-Disk – we need to understand what drives we have in the system and see whether we need an external USB drive:
the
Now we need to put a link to a USB disk into a variable. To identify it is proposed to use the attribute "Friendly Name". If You prefer to use other attributes, print full list (get-disk | select *). Or view a list of available properties and methods (get-disk | get-member).
Total the first part of the script:
the
Next – you need to take the disk from Offline to Online as well as to make sure that the disk in Read-Write mode (sometimes, for some reason, the disc after the transition to Online has become Read-Only. To determine the disc number using the Number property ($mybackupdisk.Number).
We get a piece:
the
To identify the drive letter will do the following trick – on the USB disk will hang the label (name): VMUSBBACKUPS (either through the Disk Manager or by using the command Set-Volume).
Next – command Get-Volume defined by the letter of the connected USB disk (after you put it Online):
the
And actually copy data to the disk:
Create directory with current date in name:
the
Copy backup:
the
Another option – when we need not to create each time a new directory and copy and overwrite files with new versions – then use previously found a script to synchronize a directory And B is a:
the
In any case – when You finish to copy or synchronize, it is highly desirable to reset the cache operations (from RAM to HDD/USB) with the command:
the
And not to forget again take the disk from Online to Offline:
the
• Got a backup in three places (Windows server, FreeBSD server, USB disk);
• Two types of storage (in the balls and on the CD);
• One carrier of another type – outsidemy. You can even have a couple of CD's and just 1 or 2 times a month to rearrange them (one in the safe). Since the USB disk is Offline 95% of the time – you can easily pull from the server.
• this scheme has been running for 6 months without a glitch;
• the amount of synchronized data (compressed and deduplicated backups – from 500 to 700 GB).
• Time sync to a USB drive 1 hour and 20 minutes on average (1 time per week at the weekend).
Full scripts available for download from Google Disk: BackupExamples
Article based on information from habrahabr.ru
And then it all clearly begin to understand that we need a backup (many, different, in different places). I.e., the 3-2-1 rule, invented and described by Peter Krogh om-om, it is highly desirable to perform. This article is an example that helps make the actual implementation of the rule on "the knee" — without buying expensive equipment (in tight economy).
so – the conditions of the problem:
• There is a small virtualization environment from Vmware (a couple of ESXi servers, vCenter, the cheapest package of licenses for the initial Kit and in General this is not important for this article. Similarly, the article is suitable for Hyper-V);
• There are a dozen virtual machines, the contents of which you do not want to lose in the case of mining Ransomware automated by the script;
• Have a system backup from Veeam (free edition, backups are done using PowerShell and Task Schedule).
Objectives:
• Make backup copies of the server 1 time a day at night;
• To multiply copies (to copy to a NAS with FreeBSD + ZFS). By the way, ZFS is also made snapshots, which are automatically deleted on a specified schedule (zfSnap + Cron);
• Have an offline copy of the "backup" on a removable media.
Implementation of:
Since the main server which makes backups of running virtual machines, running a Windows operating system Server (because Veeam Backup works so far only on the basis of this OS), it was decided to implement the tasks use PowerShell.
Solution to the problem of synchronization of backups between the main server (Windows) and NAS-server (FreeBSD):
To solve the problem needed a script that would run via the Task Scheduler and synchronize A directory to a network resource B that is accessible via the SMB Protocol. At first I tried to use robocopy but the tests showed a very low rate of work the script. I decided to implement this script in another tool.
The five-minute search and 10 minute tests showed the presence of viable and ready solution: powershell-synchronizing-a-folder
The script was smart:
• Works with local disks and network resources.
• Allows you to exclude certain files from the tasks;
• Allows you to synchronize files in a predetermined pattern.
• Runs at top speed (i.e. how much iron and a network issue is the speed of the sync and passes, unlike robocopy).
In the end, the primary server appeared a bundle of tasks in the Task Schedule:
the
powershell.exe "C:\Scripts\syncfolder.ps1 -SourceFolder:G:\Backups\WEBAPPS -TargetFolder:\\192.168.0.232\backups$\WEBAPPS"And the task of synchronizing your backups after you perform Veeam Backup jobs have been solved (2 copy with a Delta-time).
creating offline backups:
The idea is simple:
• Connect to the server with Veeam Backup external USB 3.0 hard drive 2 TB
• Most of the time keep it Offline (and that we are protected from Ransomware automated);
• When the script runs, it brings a disk Online, make the directory with the current date copies the current backup, and after once again takes the disk Offline.
Implementation:
The starting point, use the command: Get-Disk – we need to understand what drives we have in the system and see whether we need an external USB drive:
the
PS C:\Windows\system32> Get-Disk
Number Friendly Name OperationalStatus Total Size Partition Style
------ ------------- ----------------- ---------- ---------------
0 WDC WD10EZEX-60M2NA0 Online 931.51 GB GPT
2 WD Elements 25A3 USB Offline the Device 1.82 TB GPT
Now we need to put a link to a USB disk into a variable. To identify it is proposed to use the attribute "Friendly Name". If You prefer to use other attributes, print full list (get-disk | select *). Or view a list of available properties and methods (get-disk | get-member).
Total the first part of the script:
the
# Find USB disk by FriendlyName
$mybackupdisk = get-disk | where {$_.FriendlyName -like 'WD Elements 25A3 USB Device'}
Next – you need to take the disk from Offline to Online as well as to make sure that the disk in Read-Write mode (sometimes, for some reason, the disc after the transition to Online has become Read-Only. To determine the disc number using the Number property ($mybackupdisk.Number).
We get a piece:
the
# Make the disk Online
Set-Disk -Number $mybackupdisk.Number-IsOffline $False
Start-Sleep -s 5
# Make the disk Writeable (some times it ReadOnly after online - shit happens...)
Set-Disk –Number $mybackupdisk.Number-IsReadonly $False
Start-Sleep -s 5
To identify the drive letter will do the following trick – on the USB disk will hang the label (name): VMUSBBACKUPS (either through the Disk Manager or by using the command Set-Volume).
Next – command Get-Volume defined by the letter of the connected USB disk (after you put it Online):
the
# Find Disk Volume
$usbvolumename = Get-Volume | where {$_.FileSystemLabel -like 'VMUSBBACKUPS'}
And actually copy data to the disk:
Create directory with current date in name:
the
$date = Get-Date
$newbackupfolder = $date.ToString("yyyy-MM-dd")
# Full Backup Fath
$createdirfullpath = $usbvolumename.DriveLetter + ":\" + $newbackupfolder
# Create Backup Directory
New-Item -ItemType directory -Path $createdirfullpath -Force -Confirm:$false
Start-Sleep -s 2
Copy backup:
the
# Source Backup Dir (with backups)
$sourcebackup = "F:\Backups\VCENTER\"
# Copy to USB from Disk
Copy-Item $sourcebackup -Destination $createdirfullpath -Recurse
Start-Sleep -s 5
Another option – when we need not to create each time a new directory and copy and overwrite files with new versions – then use previously found a script to synchronize a directory And B is a:
the
# Sync from HDD to USB:
C:\Scripts\syncfolder.ps1 -SourceFolder:F:\Backups\ -TargetFolder:$usbvolumename.DriveLetter:\VMs\
Start-Sleep -s 5
In any case – when You finish to copy or synchronize, it is highly desirable to reset the cache operations (from RAM to HDD/USB) with the command:
the
# USB Disk Write Cache before offline
Write-VolumeCache $usbvolumename.DriveLetter
Start-Sleep -s 5
And not to forget again take the disk from Online to Offline:
the
# Place USB to Offline
Set-Disk -Number $mybackupdisk.Number-IsOffline $True
Results:
• Got a backup in three places (Windows server, FreeBSD server, USB disk);
• Two types of storage (in the balls and on the CD);
• One carrier of another type – outsidemy. You can even have a couple of CD's and just 1 or 2 times a month to rearrange them (one in the safe). Since the USB disk is Offline 95% of the time – you can easily pull from the server.
My stats:
• this scheme has been running for 6 months without a glitch;
• the amount of synchronized data (compressed and deduplicated backups – from 500 to 700 GB).
• Time sync to a USB drive 1 hour and 20 minutes on average (1 time per week at the weekend).
Full scripts available for download from Google Disk: BackupExamples
Комментарии
Отправить комментарий