Designing the architecture for a centralized file storage and backup system for an enterprise environment supporting up to 200 users, with the objective of mitigating risks and defining the complete software stack to achieve the same
| 1. | Design Objectives |
Secure and controlled file sharing | |
Ransomware mitigation by immutable archival repository | |
Centralized authentication | |
Enforced storage quotas | |
Full audit trail and monitoring | |
Automated snapshots and integrity checks | |
Simple and predictable disaster recovery | |
No proprietary software or licensing |
| 2. | Risk Mitigation |
Disk failure | ZFS RAIDZ2 + backup |
Ransomware | Borg Append only + ZFS Immutable snapshots |
Deleted file recovery | ZFS Snapshot rollback |
Backup corruption | Borg check |
User misuse | Audit logging |
| 3. | Software Stack |
OS | Debian LTS (minimal) |
File sharing | Samba (SMB3) |
Filesystem | OpenZFS |
Backup | BorgBackup + Borgmatic |
Immutable | ZFS snapshot hold + Borg append-only |
Quotas | ZFS dataset quota |
Monitoring | Prometheus + Grafana + Node exporter |
Alerts | Alertmanager |
Scheduler | systemd timers (no cron) |
Security | UFW + Fail2ban + AppArmor |
Verification | Borg check + ZFS scrub |
