Vulnerabilities / Threats // Insider Threats
9/9/2010
12:04 PM
Connect Directly
RSS
E-Mail
50%
50%

Turnkey Linux Intros Amazon S3 Powered Backup

Open source facility also acts as a migration mechanism to quickly move or copy fully working systems in the cloud.




Slideshow: Amazon's Case For Enterprise Cloud Computing
(click for larger image and for full photo gallery)
TurnKey Linux Wednesday released a smart, fully automated open source-based backup and restore facility powered by the Amazon Simple Storage Service (S3) cloud.

TurnKey Linux Backup and Migration (TKLBAM) is based on Ubuntu 8.04.3, was designed to add flexibility to cloud computing, and requires no configuration, according to the Tel Aviv-based developer. The solution delivers speed, intelligence, and automation to migration in the cloud, as well as backup and restore functions, said Liraz Siri, company co-founder.

The solution knows what to back up and not back up to create encrypted archives of changes to files, databases, package management state, and even users and groups, he said. In addition, TKLBAM acts as a migration mechanism to move or copy fully working systems within minutes, Siri said.

"It would be so easy you would, shockingly enough, actually test your backups. No more excuses. As frequently as you know you should be, avoiding unpleasant surprises at the worst possible timing," he said.

Businesses can easily migrate to Ubuntu Lucid from Ubuntu Hardy; to a cloud server from a local deployment; to any virtual private server from a cloud server; to bare metal from a virtual machine; to Debian from Ubuntu; and to 64-bit from 32-bit, according to TurnKey Linux. To accomplish this, TKLBAM is a vertically integrated backup solution with system-level awareness, and knows which configuration files have been changed and which remain untouched since installation. The technology leverages the package-management system to get the appropriate system binaries from package repositories, a process that prevents the waste of backup space, the company said.

"[The tool protects] you from all the small paper-cuts that conspire to make restoring an ad-hoc backup such a nightmare," said Siri. "It would transparently handle technical stuff you'd rather not think about like fixing ownership and permission issues in the restored file system after merging users and groups from the backed up system."

To address security concerns, TKLBAM lets administrators use strong cryptographic passphrase protection -- including countermeasures against dictionary attacks -- for their encryption key, but also allows administrators to create an escrow key in the case of password loss. Since not all information requires such security, the tool enables key management tasks to happen transparently, according to TurnKey Linux.

AES encrypted backup volumes automatically are uploaded to the closest cost-effective, durable cloud storage. These cloud storage systems are designed to deliver 99.999999999% uptime, the company said.

"We took our ideal and we made it work. In fact, we've been experimenting with increasingly sophisticated prototypes for a few months now, privately eating our own dog food, working out the kinks. This stuff is complex so there may be a few rough spots left, but the foundation should be stable by now," Siri said.

In the future, TKLBAM will support PostgreSQL, LAPP, and OpenBravo; currently, it only supports MySQL. Other developments on the horizon include built-in integration of TKLBAM into all TurnKey appliances, and a custom webmin module for TKLBAM, according to TurnKey Linux.

A video of the system in action is available on YouTube.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

CVE-2014-4511
Published: 2014-07-22
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.

CVE-2014-4911
Published: 2014-07-22
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.