Brussels / 1 & 2 February 2020


Self-hosted server backups for the paranoid

Using Borg, SSH, Python and FreeNAS to securely backup Linux servers

Quarkslab is a French company specializing in information security R&D, consulting and software development.

Due to strong data security constraints imposing self-hosted solutions coupled with limited resources in a fast-growth environment, data safety has been a pain point in our infrastructure.

After our backup server failed, we decided to recreate a new backup system from scratch, adapted to our needs and using technologies we were familiar with, to backup 30+ Linux servers.

In this talk, we will present how our old backup system failed, the key requirements we learned from this failure, and how we designed and implemented a new backup system based on Borg Backup, borgmatic, SSH, Python and FreeNAS to solve those requirements.

We will conclude by listing the shortcomings and improvement points of our approach, as well as comparing our solution to seven important properties every backup system should have.

Some interesting features of our new backup solution are strong data safety and security, fully self-hosted, using only open-source tools, simple to set up and easy to understand.

One specific requirement we solved was for the sysadmin team to be blind to the data they backup, managing only the process itself.

This lets people working on confidential project on dedicated and access-restricted servers to still use a centralized and resilient backup system without compromising data and server security.

We will open-source our Ansible roles and Python scripts on Github before FOSDEM.


Photo of Axel Tripier Axel Tripier