16 May 2007
This is sort of a summary post related to a combination of recent technological advances, combined with older technology, that's making my networked life a lot more convenient.
MacFUSE & MacFusion: Mounting Volumes over SSH
Our company is very distributed -- we have offices in Germany, Spain and the US, with a number of employees living in yet other countries like France and Ireland. File sharing, for us, has always been a challenge.
In the past, the central file server has been located in the Germany office, and those of us outside Germany have accessed it via SFTP (using a client such as Interarchy). The office here in Spain has kept a local copy of the file server, mirrored using the Unix rsync utility, and manually updated with our files via SFTP.
The lucky people in the Germany office have always mounted the file server on their desktops with standard Mac OS X AppleShare mounting.
MacFUSE. MacFUSE is a Mac OS X kernal extension that exports the file system API to the user space. In English, it's the fundamental component that opens the door to various things like SSH accessible directories, Flickr directories, and Subversion directories to be mounted just like ordinary volumes (such as hard drives). You don't need to know much more than that, just download MacFUSE and install it. (You do not need anything else from Google, such as sshfs.)
MacFusion. Once you've installed MacFUSE, you can then install MacFusion. MacFusion is the tool that lets you mount SSH and FTP servers as volumes in the Mac OS X Finder, and work with them just as if they were local hard drives. MacFusion, when launched, creates a new menu item, where you can quickly mount SSH or FTP servers, as well as create and access SSH or FTP server bookmarks, for quick access.
Xen. Xen is similar to virtualization technologies like VMWare and Parallels. Basically, it allows you to run any number of "virtual" server machines, on a given "real" server.
Here's how we hook all this together:
On one of our internet connected dedicated servers, we run two Xen VMs: one for staff-accessible documents, and one for management-accessible documents.
We allow key-based SSH access to these servers. So all staff SSH public keys are located on the first server, and all management staff SSH public keys on the second.
Using MacFUSE and MacFusion, all staff can then mount the file server(s) "Management" and "Staff" over compressed SSH access, over ISP-level access speeds (instead of our office DSL speeds).
This is very, very nice!
My own personal off-site backup...
500GB of disk space.
5TB of monthly data transfer
$50 off the first year's cost.
I quickly signed up, and for less than $100/year, have 500 GB of offsite backup space! (Nevermind all the hosting options provided, should I ever be interested in that...
In order to backup my local files, I chose to use the Unix rsync utility since:
It's easy to specify a particular set of source locations (folders).
It can do it's job over compressed SSH
It can limit the used bandwidth
It can do archiving of changed or deleted files.
I used BBEdit to create a file called "Dreamhost Backup.command" (the .command extension causes the file to be opened and executed by the Terminal application.) Here's the contents of that document:
rsync -azRv --delete --bwlimit=15 -e ssh --backup --backup-dir=_Archives --suffix=.$right_now --exclude ".DS_Store" '/Users/mhenders/Desktop' --exclude='/Users/mhenders/Desktop/Incomplete' '/Users/mhenders/Documents' --exclude='/Users/mhenders/Documents/Downloads' '/Users/mhenders/Library/Application Support' '/Users/mhenders/Library/Preferences' [email protected]:Backup/mhenders/
With the following notes:
I'm creating a variable called "right_now" to add as a suffix to my archived files; otherwise I could only have one single copy of any given archived file.
I'm limiting the bandwidth to 15 kilobytes per second, so I can run this thing all day long without killing the ADSL line.
I'm archiving to a directory called "_Archives"
I'm specifying a list of source directories like "/Users/mhenders/Desktop", while...
I'm also specifying for each source directory, some directories to exclude, like "/Users/mhenders/Desktop/Incomplete"
So I run this file when I startup my computer, and when I connect to the office or home network.
In order to access Dreamhost via SSH without a password, I had to:
Create a new SSH user at Dreamhost via their web-admin.
SSH into Dreamhost as this new user, and create a ".ssh" directory (with permission level 700) and within that directory a "authorized_keys" file (with permission level 600).
Copied the the contents of my local SSH public key "id_dsa.pub", into the "authorized_keys" file in my account at Dreamhost.
So, that's a neat system to keep an archived set of offsite backups!
(It should be noted that Dreamhost is a shared hosting provider, so while security is probably high, you probably wouldn't want details to your swiss bank account stored in the clear there...)