Establish WORM policy for backups #22

Closed
opened 2024-03-26 22:29:29 +01:00 by lukas · 4 comments
Owner

A time-based retention policy using Write-Once-Read-Many allows control over data immutability. WORM is as close to an air-gapped backup as you can get in the cloud. Utilizing this can ensure that backups running against the Azure target will guarantee that no data can be manipulated or deleted during its intended lifetime.

Backups to the Azure target are already very safe:

  • Microsoft Azure is in the top 3 of public clouds, they are very well trusted in the industry and probably have a very stable infrastructure
  • ZRS storage employs 3 copies in 3 nearby DCs, pretty much nothing but a catastrophic natural disaster can impact data integrity.

The addition of WORM can also add:

  • protection against ransomware or other attacks on libre.moe, as no kind of API-request should be able to delete these backups
  • protection against human error and accidental deletion, as no kind of UI-interaction should be able to delete these backups

On the other side, utilizing WORM means:

  • mistakes can not easily be deleted
  • a solid plan has to be made beforehand, to ensure the policy will work as expected
A [time-based retention policy](https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-time-based-retention-policy-overview) using Write-Once-Read-Many allows control over data immutability. WORM is as close to an air-gapped backup as you can get in the cloud. Utilizing this can ensure that backups running against the Azure target will guarantee that no data can be manipulated or deleted during its intended lifetime. Backups to the Azure target are already very safe: - Microsoft Azure is in the top 3 of public clouds, they are very well trusted in the industry and probably have a very stable infrastructure - ZRS storage employs 3 copies in 3 nearby DCs, pretty much nothing but a catastrophic natural disaster can impact data integrity. The addition of WORM can also add: - protection against ransomware or other attacks on libre.moe, as no kind of API-request should be able to delete these backups - protection against human error and accidental deletion, as no kind of UI-interaction should be able to delete these backups On the other side, utilizing WORM means: - mistakes can not easily be deleted - a solid plan has to be made beforehand, to ensure the policy will work as expected
lukas added the
Kind
Enhancement
Status
Need More Info
Priority
Low
Domain
libre.moe
labels 2024-03-26 22:30:31 +01:00
lukas self-assigned this 2024-03-26 22:30:36 +01:00
lukas added this to the Issue Board project 2024-03-26 22:30:44 +01:00
Owner
https://music.youtube.com/watch?v=jeICC5SFpP0
lukas added the
Involves
Testing
label 2024-04-02 13:46:11 +02:00
lukas started working 2024-04-12 12:33:39 +02:00
Author
Owner

sieht promising aus
image

sieht promising aus ![image](/attachments/4034cec2-19c7-4ddc-addf-b44b994e567e)
Author
Owner

reminder to self: morgen nochmal schauen, ob die Dateien auch nicht durch automatische Routinen entfernt werden können, und: ob sie dann auch nach 2 Tagen (aktuelle test policy) wirklich entfernt werden, als test für die automatische Rotation von Backups

reminder to self: morgen nochmal schauen, ob die Dateien auch nicht durch automatische Routinen entfernt werden können, und: ob sie dann auch nach 2 Tagen (aktuelle test policy) wirklich entfernt werden, als test für die automatische Rotation von Backups
lukas stopped working 2024-04-12 12:46:00 +02:00
12 minutes 21 seconds
Author
Owner

confirming scenario

confirming scenario
lukas started working 2024-04-15 10:57:02 +02:00
lukas stopped working 2024-04-15 13:11:44 +02:00
2 hours 14 minutes
lukas started working 2024-04-15 13:50:52 +02:00
lukas closed this issue 2024-04-15 14:45:38 +02:00
lukas stopped working 2024-04-15 14:45:38 +02:00
54 minutes 46 seconds
lukas removed the
Status
Need More Info
label 2024-04-15 14:45:55 +02:00
lukas removed this from the Issue Board project 2024-12-17 12:27:40 +01:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
2 Participants
Notifications
Total Time Spent: 3 hours 21 minutes
lukas
3 hours 21 minutes
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: KomuSolutions/igot99issues#22
No description provided.