Hi,Just as I was thinking about this, I had to go to my computer BIOS settings to make some changes, and spotted one interesting functionality there that could be the answer – the ability to power on the computer at the scheduled time (time and day of week). I don't know how common is this functionality is between motherboard manufacturers, but I assume it should be common. So, my idea here is to have the dedicated "air-gapped repository" server with JBOD that serves as the target for, say, weekly backup copy jobs of most important backups. You will use this BIOS setting to power the server on right before the weekly backup copy job is scheduled to start, and then power it off with the post-job script command. This way, it will remain powered off for the entire week with absolutely no way to control it remotely. Could this be the cheapest "fire-and-forget" air-gap solution for everyone?
Couldn't find how to reply Gostev's weekly email, so I'll just post here.
Setting up computer to start at scheduled time is ancient tech and widely used. The main problem with a weekly backup is, that I'm sure there are ton of users who cannot lose a week's worth of data. At least we cannot. Then again, running this backup daily, would expose the remote machine for attacker (depends on how long your backup takes), but still, it's better than nothing
My feature request for VBR would be 'write protected' backup, so you could not delete the backups from backup server console until set period of time.
How I've implemented our 'air-gap' at the moment, is far from ideal. I run a backup copy job on site1 and target it to site2 server1. Site2 server1 is in different domain (would be way cool if the target computer would not need to ba a part of a domain....) and has a completely different set of credentials than anything on site1. Server2 on site2 is running a script which copies the backup daily from server1. First of all, this is VERY slow (copy takes ~15hours, since it has to copy full vkbs every time), and secondly it wastes several terabytes of space.
'Write protected' -backup would greatly improve the situation.