Fingerprint Documentation

  1. Introduction
  2. Installation
  3. Generating Fingerprints
  4. Comparing Fingerprints
  5. Archival Usage
  6. Data Preservation
  7. Data Transmission
  8. Backup Integrity
  9. Security Tripwire
  10. Cryptographic Sealing
  11. Notarizing
  12. Final Words

Data backup is typically an important part of any storage system. However, without end-to-end verification of backup data, it may not be possible to ensure that a backup system is working correctly. In the event that a failure occurs, data recovery may not be possible despite the existence of a backup, if that data has not been backed up reliably or correctly.

Considerations

If you are backing up online data, the backup tool you are using may backup files at non-deterministic times. This means that if software (such as a database) is writing to a file at the time the backup occurs, the data may be transferred incorrectly. Fingerprint can help to detect this, by running Fingerprint before the backup on the local storage, and then verifying the backup data after it has been copied. Ideally, you'd expect to see minimal changes to critical files.

However, the real world is often not so simple. Some software doesn't provide facilities for direct synchronization; other software provides facilities for dumping data (which may not be an option of the dataset is large). In these cases, Fingerprint can give you some visibility about the potential issues you may face during a restore.

Ensuring Data Validity

To ensure that data has been backed up correctly, use Fingerprint to analyse the data before it is backed up.

-- Perform the data analysis
$ sudo <span class="function">fingerprint</span> -a -f /etc/

-- Backup the data to a remote system
$ sudo <span class="function">rsync</span> --archive /etc/ backups.example.com:/mnt/backups/server.example.com/etc/

After the data has been copied to the remote backup device, restore the data to a temporary location and use fingerprint to verify the data. The exact procedure will depend on your backup system, e.g. if you use a tape you may need to restore from the tape to local storage first.

-- On the backup server
$ cd /mnt/backups/server.example.com/etc/
$ sudo <span class="function">fingerprint</span> -v
<span class="stderr">Data verified, 0 errors found.</span>

Preserving Backups

If your primary concern is ensuring that backup data is consistent over time (e.g. files are not modified or damaged), Fingerprint can be used directly on the backup data to check for corruption. After the data has been backed up successfully, simply analyse the data as above, but on the backup server. Once this is done, at any point in the future you can verify the correctness of the backup set.

Previous: Data Transmission
Next: Security Tripwire