Vulnerabilities / Threats // Insider Threats
9/9/2010
12:04 PM
50%
50%

Turnkey Linux Intros Amazon S3 Powered Backup

Open source facility also acts as a migration mechanism to quickly move or copy fully working systems in the cloud.




Slideshow: Amazon's Case For Enterprise Cloud Computing
(click for larger image and for full photo gallery)
TurnKey Linux Wednesday released a smart, fully automated open source-based backup and restore facility powered by the Amazon Simple Storage Service (S3) cloud.

TurnKey Linux Backup and Migration (TKLBAM) is based on Ubuntu 8.04.3, was designed to add flexibility to cloud computing, and requires no configuration, according to the Tel Aviv-based developer. The solution delivers speed, intelligence, and automation to migration in the cloud, as well as backup and restore functions, said Liraz Siri, company co-founder.

The solution knows what to back up and not back up to create encrypted archives of changes to files, databases, package management state, and even users and groups, he said. In addition, TKLBAM acts as a migration mechanism to move or copy fully working systems within minutes, Siri said.

"It would be so easy you would, shockingly enough, actually test your backups. No more excuses. As frequently as you know you should be, avoiding unpleasant surprises at the worst possible timing," he said.

Businesses can easily migrate to Ubuntu Lucid from Ubuntu Hardy; to a cloud server from a local deployment; to any virtual private server from a cloud server; to bare metal from a virtual machine; to Debian from Ubuntu; and to 64-bit from 32-bit, according to TurnKey Linux. To accomplish this, TKLBAM is a vertically integrated backup solution with system-level awareness, and knows which configuration files have been changed and which remain untouched since installation. The technology leverages the package-management system to get the appropriate system binaries from package repositories, a process that prevents the waste of backup space, the company said.

"[The tool protects] you from all the small paper-cuts that conspire to make restoring an ad-hoc backup such a nightmare," said Siri. "It would transparently handle technical stuff you'd rather not think about like fixing ownership and permission issues in the restored file system after merging users and groups from the backed up system."

To address security concerns, TKLBAM lets administrators use strong cryptographic passphrase protection -- including countermeasures against dictionary attacks -- for their encryption key, but also allows administrators to create an escrow key in the case of password loss. Since not all information requires such security, the tool enables key management tasks to happen transparently, according to TurnKey Linux.

AES encrypted backup volumes automatically are uploaded to the closest cost-effective, durable cloud storage. These cloud storage systems are designed to deliver 99.999999999% uptime, the company said.

"We took our ideal and we made it work. In fact, we've been experimenting with increasingly sophisticated prototypes for a few months now, privately eating our own dog food, working out the kinks. This stuff is complex so there may be a few rough spots left, but the foundation should be stable by now," Siri said.

In the future, TKLBAM will support PostgreSQL, LAPP, and OpenBravo; currently, it only supports MySQL. Other developments on the horizon include built-in integration of TKLBAM into all TurnKey appliances, and a custom webmin module for TKLBAM, according to TurnKey Linux.

A video of the system in action is available on YouTube.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7437
Published: 2015-03-29
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

CVE-2013-7438
Published: 2015-03-29
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based ...

CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.