Couple of options shown on the screen capture…
Does automatic disk backup for a VPS present any security threat? If not is there any real benefit, or if there’s a disaster do you think it’s better to do a fresh install of the node files anyway?
Private IP? Sounds like a private IP connection between instances on this hosting platform. Reading through some other threads it seems that ultimately the BP should be firewalled and only accept traffic from your home IP.
I think most important is that you should not have anything unnecessary on your nodes. BP must have:
- stake pool cold key (node.cert)
- stake pool hot key (kes.skey)
- stake pool VRF key (vrf.skey)
As stated here:
Relays should not have any keys and etc.
So I would add that as far as you have bare minimum on your nodes and BP, I personally think unencrypted backups is not a huge security risk. I think some of VPS providers provides option for backup encryption, so that might mitigate some of those risks.
Probably it is more desirable to use internal IPs for communication between relays and BP, but in reality if you know what you are doing and if you have proper FW rules, then I would personally say it is ok, to have communication between relays and BP using public IPs.
Regarding backup benefits, probably there are some, you made some kind of update and now node is crashing and you need to rollback to backup when everything was fine. Again it is purely dependent on your installation. For example I use Docker for running my nodes and to install newer version or to rollback to older version of cardano node is quite easy and straightforward and no need to have any backups for that.
Regarding fresh installation or not, that maybe someone else can comment, but I know it is quite popular to use precompiled binaries, what I would expect is quite easy to install and update, so I would expect no fresh installation is needed, but again take it with grain of salt, I’m just 100% docker everywhere. Keep in mind that DB sync takes some time, so you can’t just start everytime with greenfield environment, sometimes it takes days to sync. So if you still wants start from scratch then faster way will be first to backup DB, make your installation and copy back DB to your server.
I really appreciate your time for that thoughtful reply.
Your insights helped guide me to a decision on these.