XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Feedback on immutability

    Scheduled Pinned Locked Moved Backup
    54 Posts 10 Posters 14.7k Views 12 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • florentF Offline
      florent Vates 🪐 XO Team @afk
      last edited by

      @afk the agent is as dumb as possible

      also if you encrypt the backup, the agent will need to decrypt the metadata to detect the chains, thus having access to the encryption key, which need getting the encryption key out of XO and transferred to the immutability agent

      I think it will be easier to provide more feedback on the immutabiltiy backup, XO has access to the chain , and / or alert when something seems to be strange

      1 Reply Last reply Reply Quote 0
      • V Offline
        vkeven
        last edited by vkeven

        Where is the doc for these ? edit ok right here https://github.com/vatesfr/xen-orchestra/tree/master/%40xen-orchestra/immutable-backups , with V**m there is an option for immutability when you add the S3 bucket directly so its look like its only a flag sent at bucket creation and using the versionning/compliance feature

        florentF 1 Reply Last reply Reply Quote 1
        • florentF Offline
          florent Vates 🪐 XO Team @vkeven
          last edited by

          @vkeven we don't have ( for now) the feature to create bucket directly from XO. Also I think it is more secure if XO don't know at all the credits of the bucket admin

          1 Reply Last reply Reply Quote 0
          • olivierlambertO Offline
            olivierlambert Vates 🪐 Co-Founder CEO
            last edited by

            Indeed, because if XO is compromised, then it could disable immutability.

            V 1 Reply Last reply Reply Quote 0
            • V Offline
              vkeven @olivierlambert
              last edited by

              @olivierlambert We tried adding compliance( prevent any file manipulation for X period) directly into bucket but XOA could not do his backup job correctly and the logs are full of access denied probably because of file merging or manipulation refused , so how we should do this ?

              R 1 Reply Last reply Reply Quote 0
              • R Offline
                rtjdamen @vkeven
                last edited by

                @vkeven same problem here, we decided not to proceed with this as it would never work with an incremental delta without doing a full every few weeks. We are going to handle this with s3 and synology internal features.

                1 Reply Last reply Reply Quote 0
                • olivierlambertO Offline
                  olivierlambert Vates 🪐 Co-Founder CEO
                  last edited by

                  Thanks for your feedback, we'll discuss internally if there's any other possible approach (and I'm not sure).

                  R 1 Reply Last reply Reply Quote 0
                  • V Offline
                    vkeven
                    last edited by

                    So what is the deal with these guy ?

                    1 Reply Last reply Reply Quote 0
                    • olivierlambertO olivierlambert referenced this topic
                    • R Offline
                      redneckitguy @olivierlambert
                      last edited by

                      @olivierlambert
                      Any updates on this? We're using Backblaze buckets with compliance turned on at the bucket level, but we keep getting failures once the retention period expires and it starts to remove the old backup chains.

                      We tried setting 28 days of retention at the bucket level, 42 in XenOrchestra, and are running a full backup every 2 weeks. I have a ticket open with support but so far a resolution hasn't been found.

                      1 Reply Last reply Reply Quote 0
                      • olivierlambertO Offline
                        olivierlambert Vates 🪐 Co-Founder CEO
                        last edited by

                        In theory that should work 🤔 Ping @florent

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post