Backup compression and encryption

From The Open Source Backup Wiki (Amanda, MySQL Backup, BackupPC)

Jump to: navigation, search

Compression of backup images

MySQL ZRM backups can be compressed using any compression command available in the server running MySQL ZRM. The default compression algorithm used is gzip(1). Backup compression is controlled by mysql-zrm.conf parameters.

  • compress : Enables/Disables compression for the backup set. Default is no compression. Value of 1 means backup data will be compressed. Value 0 means no compression.
  • compress-plugin : Full patch to the command used for compression. gzip(1) command is used if this parameter is not specified.

Each backup set can have compression or no compression as well as different compression method. For example: Compression of tables using ARCHIVE storage engine is not beneficial because they are already compressed.

Compression program should be able to compress data from standard input and put the compressed output in the standard output. The compression program should also -d command line option to do uncompression of the data. Program wrapper script might be required if there is a different option of uncompression or if compression and uncompression are different commands.

When remote MySQL servers are backed up, the data is compressed on the machine running MySQL ZRM. So backup data compression does not reduce network bandwidth. It just reduces the space required for storing backup images.

Encyrption of backup data

MySQL ZRM supports backup data encryption. MySQL ZRM uses tools available in the platform such as GPG, OpenSSL to do backup encryption.

The backup data is encrypted on the machine running MySQL ZRM. If the remote MySQL server are being backed up, it is important to use SSL for encryption of the data being transferred.

MySQL ZRM does not provide key management. The user is expected to create and configure encryption keys as well passphrases. It is important the keys are kept securely, otherwise, database backup images cannot be restored.

The backup index is not encrypted. Only the backup images are encrypted.

Backup data encryption can be controlled by mysql-zrm.conf parameters. These parameters can be specified globally or to specific backup set.

  • encrypt : Enables/Disables data encryption for the backup set. Default is no encryption. Value of 1 means backup data will be encrypted. Value 0 means no encryption. If encryption is enabled, encryption program to be used must be configured.
  • encrypt-plugin : Full patch to the command used for encryption. The plugin should encrypt the data in the standard input and output encrypted data in the standard output. A sample encrypt plugin is available in /usr/share/mysql-zrm/plugins/ The sample encyrpt plugin uses GPG (GNU Privacy Guard). To use this example plugin, modify it to suit your needs.
  • decrypt-option : The command line option of the encrypt-plugin to decrypt the backup data. This option is used during database recovery.
  • passfile : File containing the passphrase used for encryption. This parameter is read by the sample encrypt plugin

Other languages: English  • Fran├žais

Personal tools