HPE Community
Operating System - HP-UX
1753835 Members
6966 Online
108806 Solutions
New Discussion юеВ

Re: script for copying data from production to DR server

 
SOLVED
Go to solution
Bill Hassell
Honored Contributor

тАО01-20-2009 04:40 PM

тАО01-20-2009 04:40 PM

Re: script for copying data from production to DR server

As Autocross mentioned, rsync has no connection to the very unsecure command rcp, rlogin, rexec commands. rsync is available and supported by HP and is ideally suited for replication to a DR site. There's a lot to consider in trying keep files in sync: timestamp, owneership, subdirectories, symbolic links, deleting remote files when the local files are deleted, compressing to speed up transmission, and all the above are included standard in rsync.

For security, you can use ssh as the transport and now the data will be encrypted over the link.


Bill Hassell, sysadmin
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

тАО01-20-2009 10:43 PM

тАО01-20-2009 10:43 PM

Re: script for copying data from production to DR server

hi Amit,

>Do we need to install ssh as well for this
>and how can we send some selective files?/

You need: HP-UX Secure Shell

It could be also that SSH is already available on your system.

To check:
SERVER1:>which ssh
/usr/bin/ssh
SERVER1:>

To do the selective copy, you can used wildcards or do a find-copy.

if you need any further assistance, please let us know.

kind regards
yogeeraj

No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Amit Manna_5
Advisor

тАО01-22-2009 06:54 AM

тАО01-22-2009 06:54 AM

Re: script for copying data from production to DR server

HI
We installed ssh and rsync and after that our Security team says we cannot use ssh and rsync. Any other alternative solution for this?
0 Kudos
Reply
Duncan Edmonstone
HPE Pro

тАО01-22-2009 07:06 AM

тАО01-22-2009 07:06 AM

Re: script for copying data from production to DR server

If your security team don't allow ssh - how do you connect to these servers??? if ssh isn't suitably secure then I think you turn around and say it can't be done.

HTH

Duncan

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
Fredrik.eriksson
Valued Contributor

тАО01-22-2009 07:35 AM

тАО01-22-2009 07:35 AM

Re: script for copying data from production to DR server

I agree with Duncan, if ssh isn't secure enough then there's some real flaw in your security department.

But, you should ask them in which manor they'd prefer the files to be moved between servers.

There are several solutions, some more secure then others, to this.

1. You can use rsync (which can be made to use TLS/SSL or just ssh-tunnel it.)
2. You can use sftp/scp (which uses ssh)
3. You can use ftp (unencrypted)
4. You can use NFS or similiar (see cifs) (can be encrypted, but gets horribly slow in my experience)
5. You can use a USB device, but I doubt you wanna run down and move it all the time :P

There probably is alot more ways to do it, but these are the ones I can tell you off the top of my head.

Basically if you need to sync the source and destination then rsync is your best option. I seem to remember that there is some other opensource software that is like rsync but has full support for SSL/TLS and support for SSH transfer... but I can't seem to remember it's name.

Best regards
Fredrik Eriksson
0 Kudos
Reply
Amit Manna_5
Advisor

тАО01-22-2009 07:44 AM

тАО01-22-2009 07:44 AM

Re: script for copying data from production to DR server

hi
The servers are in KEON. and KEON does not support ssh. I am not sure how to go forward

0 Kudos
Reply
David G. Douthitt
Regular Advisor

тАО01-23-2009 08:57 AM

тАО01-23-2009 08:57 AM

Re: script for copying data from production to DR server

"The servers are in KEON and KEON does not support ssh."

I don't think most people here will know what KEON is. I looked for the acronym, but couldn't find it.

If you use rsync to transfer very large files - you may want to turn off the differential aspect of rsync and just transfer it completely.

rsync is efficient, NOT fast (and then you throw in encryption as well, slowing it down further). So when not using slow links, it may be faster to transfer the whole thing. Just add the -W option.

I agree with others - if ssh can't be used, how can you connect to the server without transmitting your password in the clear across the network for all the world to see and copy and use?

If you're not using encryption, you might as well not use passwords at all.
0 Kudos
Reply
David G. Douthitt
Regular Advisor

тАО01-23-2009 08:58 AM

тАО01-23-2009 08:58 AM

Re: script for copying data from production to DR server

Another thing: using the -b option to rsync will cause the file that would have been "overwritten" to be saved off as a backup file with a tilde (~) attached to it.
0 Kudos
Reply
OldSchool
Honored Contributor

тАО01-23-2009 09:07 AM

тАО01-23-2009 09:07 AM

Re: script for copying data from production to DR server

well...here's a little info on "RSA KEON" security. It appears to be related to Certificate Authority files and related stuff.

So I guess the questions that need answered:
1) how are you allowed to connect to these servers?
2) what recommendations does you "security team" have, since they keep shooting things down?
3) What recommendation does the var for the security software have (if any)?
0 Kudos
Reply
OldSchool
Honored Contributor

тАО01-23-2009 09:07 AM

тАО01-23-2009 09:07 AM

Re: script for copying data from production to DR server

http://www.opsec.com/solutions/partners/rsasecurity.html

forgot the dratted link
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.