Slashdot Mirror
Ask Slashdot: Open Source Back-Up Tool For Business?
New submitter xerkot writes: I am looking for a tool to make backups of PCs in a big company. We want to replace the one that we are using at this moment for this new one. The tool will be used to do backups of PCs (mainly Windows, and a few Linux), and we want to manage these backups centrally from a console, being able to automatize the backup process. The servers of the company are backed up with another tool, so they are out of scope. In the company we are being encouraged more and more to use open source software, so I would like to ask you, what are best open source tools to do backups of PCs? Are they mature enough for a big company?
What exactly are you backing up? Entire disk images? Or just user files?
If disk images, then something like clonezilla, perhaps set up to boot from a TFTP server. Boot the machine via WOL, kick off the TFTP, automatically dump the image out to a server using the machine name or MAC address or something as a unique identifier
For user files only (ie, My Documents or whatever) can you set up network based home directories ? And then just back up the server they live on.
Don't blame me, I voted for Kodos
Just look for the best tool for the job, and don't worry about whether it's open source or not.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
you can use amanda in case you want to backup files. amanda is production grade and has clients for windows and linux and
possibly unix alike. -- mallah
I once was in a crossroads of choosing between stuff like Clonezilla and Bacula, for small business purposes. Bottom line is they add a lot of complexity for low to no flexibility. I ended up building my own tar/move/ script with cron triggers at after ours downtime, then I would simply move them around network locations for avoiding single points of failure messing up the backups. Adding your own exceptions for the backup is a plus. At the last point, I had something reliable, fast, and that would require the simple overhead of re-installing Debian before the actual restore, then an update-grub and a change in fstab for the new disk replacing the broken one's UUID (because you don't really do that many restores so it's a fair trade-off, while you do save time exponentially by not backing up the entire OS). A good starting point is http://www.aboutdebian.com/tar...
http://amanda.zmanda.com/
free open source runs on windows freebsd linux and supports sft and s3 aws
Backula I think would do it, but you have to pay for it. If you are looking for free, you will have to learn how to script your own agents. For a small business (25-50 PC+) Windows Server Essentials is Boss! It boots a tftp server for recovery and nicely manages all the machines it backs-up. Conversely, You should centralize user data, so if their PC goes down, they don't lose any work. Then just keep a windows PE custom install of the PC's when they are build fresh and you can just do an image restore on failure.
I use Bacula for my home computer; it feels powerful enough for a small office, and is very versatile.
It has three main components: a client daemon that you install on the computers you want to back up, a storage daemon that you install on the computer that will write the backup files and/or tapes, and a director daemon which controls the backups. The director and storage daemons only run on unix-like operating systems (BSD, Linux, Solaris) but the client daemon has also been built for MS-Windows.
http://blog.bacula.org/
http://www.zmanda.com/company.html
"Zmanda: The Leader in Open Source Backup
Proven, Cost-Effective Open Source Backup and Recovery
Zmanda is the world’s leading provider of open source backup and recovery software. Our open source development and distribution model enables us to deliver the highest quality backup software such as Amanda Enterprise and Zmanda Recovery Manager for MySQL at a fraction of the cost of software from proprietary vendors. Our simple-to-use yet feature-rich backup software is complemented by top-notch services and support expected by enterprise customers."
http://www.amanda.org
"Amanda Network Backup
Open Source. Open Formats. Open APIs.
What is Amanda?
AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup solution that allows the IT administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda uses native utilities and formats (e.g. dump and/or GNU tar) and can back up a large number of servers and workstations running multiple versions of Linux or Unix. Amanda uses a native Windows client to back up Microsoft Windows desktops and servers.
The most recent stable release is version 3.3.7p1, released on February 15, 2015. "
I think you mean outsourced? This is a perfect fit for India. We should not be paying American IT wages for a backup monkey.
in a big company
Promise me something... that your big company gives back to open source.
Yes? Awesome!
Now here is your free advice.
I worked at a scientific institute, and they simply installed OwnCloud everywhere. It's got a client for most platforms, syncs to a server, and allows you to back up the server in the usual fashion.
It worked so well, that when I started doing consulting (at the client site), I got my own VPS with Debian, and installed OwnCloud server on that. Then installed the client on my private laptop and the laptop that I got from the client. Works beautifully, because communication is over HTTPS. Company firewalls don't block that. I tried other things like BitTorrent Sync, but these use special ports.
8 of 13 people found this answer helpful. Did you?
The tool you are looking for is Bacula, and it's enterprise grade.
You'll need a GNU/Linux or UNIX server; Solaris (or OpenSolaris variant, such as SmartOS or OmniOS) is recommended, as tape library support in Solaris is first class, especially for libraries with barcodes and robots.
Configure it with SQLite support, which is the simplest and fastest, and off you go.
The client side supports Windows. The storage and director nodes must run on some form of UNIX or UNIX-like OS. storage and director node can be combined on a single system, but they do not have to. The software really is enterprise grade, which is amazing for free, open source software.
They use this around here, seem to like it. Seems apt to your situation.
http://backuppc.sourceforge.net/
If just backing up file shares I like backuppc. However if you are virtualized and need a hypervisor level backup solution I like the Unitrends Free.
I have been using Fog and OwnCloud.
Fog (Free open ghost) for desktop backup and reimaging and OwnCloud for data backup.
http://sourceforge.net/projects/freeghost/
FOG can back up disk images and do inventory and scheduled re-images and keep images for things like AV scan and whatnot.
We mostly just use it to wipe machines back to clean slates ourselves but it's supposed to have quite a rich feature set. It does also have some bugs though.
I set one up at my school that has re-imaged 1000+ student netbooks 7 at a time, the school district also has all of our images centrally located and available throughout the district for all models of laptops/desktops that we use and manages the images there. It uses iPXE/Partclone/TFTP and LAMP. The original .32 version has plugins that can do things like identify a machine based on its DMI info and pick a set of images based on that (Capone).
I've set them up on CentOS and Ubuntu. There are always quirks though, I suggest strong perusal of the wiki before deciding, and toy with it before putting in to production.
Use AMANDA to do the back-ups. Use Amazon's S3 to actually store the dumps compressed and encrypted at the source — AMANDA has had the S3 back-end for a while. No, you do not need "Amanda Enterprise".
Having set just such a thing up at my last job, I'd be happy to help you out for a regular consulting fee. Should not take more than a week or two even on a large organization.
In Soviet Washington the swamp drains you.
syncthing, is like dropbox but decentralised, might be worth a look. I use this for my own stuff. Someone out there is using it to sync 20000 GiB of data. It also lets you use ignore patterns on devices.
Rync's --link-dest option lets you keep incremental backups that look almost exactly like full archivals but without the extra size footprint. Advantages:
* Rock solid, proven tech, been around forever, wlll probably outlast almost any other less standard solution.
* Fully and easily scriptable - no awkward GUI or web service to deal with
* Produces a standard filesystem image, usable with any other tool that deals with files, rather than some tool-specific backup image.
* You have full control over the policies - e.g, how many previous backed up versions to keep.
* Back up to anything that has a filesystem supporting hardlinks. Local, over the net, USB drives, anything you can name.
I have used this for home and work to replace tape backups (been awhile but still good software) web based and has multiple ways of syncing files (tar, rsync, smb)
Plus allows users to do restores themselves if needed
http://backuppc.sourceforge.net/
Set up home drives on file servers and back those up. Teach users that those are the only locations that are backed up. Set up the PCs to use that as the default home location. You can do this on Windows and Linux just fine. Invest in the server -- redundant power supplies, RAID arrays, failover, etc. You could even look at various open source NAS devices, or whatever works for your environment.
Why?
Backing up user PCs doesn't scale well and becomes a thankless task for some poor employee who has to keep up with broken backup clients. It's far easier to scale when you only have to keep up with the file servers. You have some number of clients saving to each server, but that's that number of backup clients you don't need to deal with. This frees up IT staff for other, more useful tasks.
It also allows you to replace end-user PCs with a simple re-image rather than trying to recover or fix anything. End-user calls and says their PC is going whacko, you pull a spare off the shelf and lay down a fresh install. Show up, take the malfunctioning equipment away and diagnose it on your time, while they get back to work. Since all the files are on the server they can just get back to it rather than waiting on you to try and fix whatever might be going wrong.
Can be used entirely for free and encrypted backups. The CrashPlan makes money with their cloud backup features. You can back machines up to a single machine or multiple machines on your network that have CrashPlan installed one them. You can run in a scheduled mode or do realtime (every 15 minutes?) backups.
Anything important is stored on a server, PCs are cloned/imaged/whatever and interchangeable/disposable.
As much as is feasible, store files on the servers you have already.
I realize this may not be feasible if your "daytime bandwidth" or latency makes it impossible, but do it if you can.
I'll leave it up to others who know more than I do to answer your original question about open-source, centrally-managed, business-grade (read: vendor-supported and hack-resistant) solutions.
Oh, one more thing: this is a business. Unless you are going to dedicate a programming team to bug-fixing this and a security team to regularly audit it, spend the money on buying software from a reputable vendor who will stay on top of security bugs. Don't make the mistake of thinking "open source means fee as in beer" - if you do, you and your company will pay for it big time with the first preventable security breach.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Anyway, I use BackupPC to backup user files from Windows machines on the company network. Works just fine. I tell my users it's "no guarantee", as they should store on the network shares any way.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Rsync is simple, lightweight, has been around forever, and gives you incredible power. Assuming by "manage centrally from a console" you mean that you have remote admin access to all the computers in the scope, it's as simple as a cron job running your Rsync script. You can trivially make several versions for different use cases (Linux vs. PC) and only have to configure the setup once in the cron job. After that, you only need to touch it if you make changes.
Rsync can push deltas to any remote server you have access to via a wide range of protocols. The rest of your IT team will appreciate that you're only sending deltas and not sending full copies every execution and hogging bandwidth.
Here's a link to get you started: https://wiki.archlinux.org/ind...
Good luck!
Maybe URBackup is the right tool.
BackupPC .
Problem solved. Next?
Is management doing this because they want the benefits of open software (ability to audit and change the code, etc)? Or because they don't want to spend money?
Because if they're trying to avoid spending money on *backups* of all things, managements priorities are fucked.
$0.02
There Fixed it for you.
Use Veeam Endpoint Backup Free. Problem Solved!
Most end-user machines are full of crap.
At one company, lots of people decided to use their work PCs as storage for their personal, home, backups. We expected about 2G of files per PC, but found people had 50G-300G of stuff they wanted backed up. That changed the project economics completely.
Politically, it was decided that during the next system refresh, very small SDDs were deployed with tiny Data partitions for users. People where pissed, but the faster CPUs made up for it. Many started using SDHC memory as expansion for their personal crap, which was fine.
Data areas for documents was provided inside a new DMS - Alfresco-based. In quick training, we made it clear that all storage was shared at the group level, the few shopping remaining lists were removed and no cat videos or music was ever placed onto the DMS.
Keep business data on servers.
BareOS Works well in our Enterprise environment. It's our secondary back up system to Netbackup. I've hooked a StorTek SL100 (100 Tape Jukebox) and works well.
Yes, you don't want to use free software for anything important.
Seconding this. In the companies I work with, this is the solution we've put into place. Windows PCs use mapped network drives for personal folders and shared folders to a server. The server runs ZFS as its file system. Simple cron scripts on the server itself automate the process of creating snapshots and doing send/receive with other servers both inside and outside the building. These additional machines also store a certain number of snapshots, so we can recover previous versions of files easily. ZFS + Samba 4 also appears to Windows as "Volume Shadow Copy", so snapshots also become browsable directly by Windows clients for the more technical users who know how to work with it.
The great thing about this strategy is that 1) you're not installing a single thing on client machines, just an initial config for mapped network drives. 2) next to nothing to install on the server machine, just ZFS and Samba (which both come with FreeNAS if you want a very simple drop-in solution)
What about using ZFS and essentially foregoing traditional backups?
I know that is heresy to traditional data-management methodology; but with ZFS' resilvering and anti-bit-rot self-healing capabilities, it would seem that, other than a fire or tornado hitting the server closet, or outright theft, that ZFS totally answers the need for traditional backup. And if you combine that with incremental backup to an offsite data-store (also ZFS?), then how wonderful would that be?
I admit my interest in ZFS FAR outstrips my knowledge of same; but it seems that the OpenZFS community pretty much has their act together.So, are there any backup tools that can backup a ZFS Pool to another ZFS Pool, or a network-full of Mixed-Platform Servers to a ZFS Pool?
I've successfully used URBackup (urbackup.org) in a heterogenous Enterprise environment for a while now. No issues, simple and effective.
While you do present very fair arguments, you failed, like me, to address important issues of the OP. Not to mention your inconsistency on such examples.
For instance, you argument for customization with an example based on the trigger of a proprietary recovery system. So you can trigger a remote process with Bacula. I have a one-liner shell script command for that, nice job. Especially with a proprietary system which the OP specifically excluded in the title (Open. Source.). And from the clues I got, Bacula has issues with Windows systems, or you're gonna be needing at least 2 different sets of binaries to support both MSW+NIX. You need something pre-main-OS boot for a completely dual solution (as an under user, I think of the likes of Acronis or Ghost, and stuff too complex for me even to start name dropping for enterprise-level).
Numero dos: tapes? Your argument for having a clue for backups is name dropping TAPES? In case you didn't notice, snapshot'ing, with rotation doesn't really need tape support. You're not going for the petabytes, and I doubt you're going for the 10+years, even for corporate. A snapshot will have only the diff of the previous one. With that said, Why da fck do I need tapes for, or barcodes, or bells and whistles?. You could have mentioned diff support in Bacula, that would have been big, if it wasn't so deep in its manual (mostly what took me away from Bacula/Clonezilla. Now to be fair, my example also does full backups over time, no diffs and integrity checks, but with exceptions - my method happens to produce really, REALLY minimal, compressed tars with 100% parity and 99% reliability to what was on that backup day if needs be (you just update Debian until that point of time, single difference in the system will be the hardware/UUID).
You know what else was designed to interface with everything and anything (including emulating virtual tapes as entire drives, or even just files)? The Unix CLI
And just to make a fking point, this guy came to /. asking around for a backup solution. Put yourself in that perspective before you go demanding the manpower of setting a datacenter-wide B&R process. Because when you start mentioning the big bucks Oracle (seriously, when there's something which's presentation page has a Training/Certification section, like that Oracle crap does, it's big bucks), that pretty much translates that you're gonna need an IT section just for managing that B&R process. This guys came to slashdot, Ima' repeat that, to SLASHDOT asking for FOSS. No matter how much he keeps mentioning "we" or "the company", he is 100% either a manager of a small team (1-3 ppl) who is trying to focus on not-so-scalable stuff. He doesn't need tapes or Oracle's antics, unless he's already on that wagon (which he's not, he was ordered to use FOSS... and HE CAME TO SLASHDOT, not Oracle support forums). And he if wants FOSS, if he does have that big a company, there's nothing more FOSS than going the extra mile and making your own fucking shell script-based super-duper-complex process, since the company is pressuring wide FOSS usage, then upping it to github with a copyleft/apache license afterwards. In the end, that's what the big guys who want to go FOSS are doing now, unless you didn't have a clue.. If that company is going FOSS for financial reasons, they are doing it wrong.
http://www.tarsnap.com
It is actually the only backup service I trust. The content is backed up on the net but it is fully encrypted.
They charge for the service (cheap!) but the main tool is opensource.
That's all. One remote system (or better yet, many), and a client on your workstation to sync with accounts on n remote systems.
Caveat: Filezilla is partnered with Sourceforge. If you don't know why I'm warning about this, where have you been - under a rock? The short version: Sourceforge have been found sideloading crapware on project downloads. I avoid them. I suggest others do the same. In case you're wondering, I have an older version (that's still perfectly functional) in my own library.
One of many citations: http://www.howtogeek.com/218764/warning-don%E2%80%99t-download-software-from-sourceforge-if-you-can-help-it/
Filezilla: https://filezilla-project.org/
~ihtoit
UrBackup is what you're looking for. Centralized management, file backup or image based, works over the internet if need be. It's not perfect, but it is free and open.
http://www.urbackup.org/
rsync and a few scripts. Perl scripts.
Religion is what happens when nature strikes and groupthink goes wrong.
I use crashplan for my backups. It's not open source, but its TOS allows for this use case.
Uses rsync and stores everthing as btrfs snapshots on a central server.
Check out Amanda.org. It was developed at the University of Maryland for a scenario that sounds like yours.
Look, I know that "open source solution" is in the title. The low hanging fruit is already camping out in the thread - Bacula, Clonezilla, and script/cron/rsync are the major solutions there.
If the business is okay with "free, even for commercial use", Veeam Endpoint Backup is excellent. It will either back up to a Samba share or a Veeam B&R if you have one in the environment somewhere. It's legit freeware, and works very well.
Even if not for this particular case, it works well for laptops. It's the only free backup application i've seen that will back up to a USB drive, such that connecting the drive triggers a backup, rather than relying on a schedule. This is great for laptop users.
We were using Arkeia, a commercial product made by the company of the same name. It was not opensource, but worked in mixed environments and was fast, easy and reliable. Unfortunately, the company was purchased by Western Digital, who finally discontinued the product. We asked WD to release it as free software but got no answer.
We are now in the process to move to a nightmare of rsync backups, difficult to audit and to maintain. BackupPC works to some extent, but open files are a problem, it has no support for application hot backups (mysql, an others) and so on.
As usual.
My company uses Bacula for all our server backups, and it works pretty well, once you beat the configuration into doing what you want.
Some things about Bacula that I've noticed:
1) It's scheduling is more than little rigid. I'm not using it on desktop PCs for that reason (the PC pretty much needs to be there when Bacula wants it to be, or you miss that backup cycle. As near as I can tell, anyway).
2) Trying to configure the retention times for Bacula is NOT for the faint of heart. Get someone to help you. It's goofier than it should be.
3) Bacula thinks of all backup media as tapes. You can make it use disk (which is REALLY convenient for frequently accessed backups), but it still treats it like a bunch of tapes.
4) If I understand correctly, the Windows backup client software isn't free anymore.
For my PC backups both at home and at the office, I'm using Burp (http://burp.grke.org/) (I'm using the 1.4.40 stable version).
Burp is REALLY easy to configure, and when a backup is missed due to the PC being off at that moment, it just figures it out when the thing comes back on line.
It's capable of continuing an interrupted backup.
One possible downside, depending on your setup, is that Burp DOES NOT DO TAPE.
It does backups to disk. That's IT. If you need tapes, you need to go elsewhere.
I'm really fond of the easy-to-configure nature of Burp, but of course my needs match it's limited capabilities very well.
Both are in active development.
If you try to use Bacula, see if you can find someone experienced to help you. I don't know that I'd have ever gotten that thing working correctly on my own the first time.
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
You "should" be able to use shadowspawn.exe along with most other backup systems (rsync, robocopy, whatever) to be able to get pst files and such with the VSS snapshot that it makes.
For example, on my home PC, I run this command each night to mirror my "C:\" to the "E:\". :: shadowspawn.exe C:\ Q: robocopy Q:\ E:\ /NS /NC /NFL /NDL /NP /LOG:H:\nightly_backup_log.txt /R:3 /W:1 /MIR /B /E /XJ /XD "Temporary Internet Files" /XF pagefile.sys hiberfil.sys thumbs.db
Here's a longer tutorial for copying over the network:
http://xpertnotes.net/blog/2014/01/20/using-shadowspawn-and-robocopy-to-copy-in-use-files-over-a-low-bandwidth-connection/
My main goal was that I have about 1TB of data, all on my C:\, and if that single hard drive fails, then I want a copy of it on a spare 1TB drive (E:\).
The "Q:\" above is a VSS Snapshot of C:\, which gets mirrored to my spare drive "E:\"
H:\ is just another drive that I have, it keeps the log.
I ran it overnight on the first pass.
After that, it only takes only about 10minutes to mirror my C:\ drive to E:\ each night.
I used to use rsync with cygwin to run a backup the my dyndns server.
I do already have cygwin for ssh tunneling, but didn't feel like using it this time around.
I think it is about time they 'automatized' your job since it doesn't sound like you know what the fuck you are doing....
Why is this down-modded? It's exactly what I was going to say. If I ran a "big company" I wouldn't be expecting my IT people to be asking for advice on a public internet forum.
And "automatized" really isn't a word.
To have a right to do a thing is not at all the same as to be right in doing it
I'll just throw this out there: I was tasked with the same requirement of backing up people's desktops 6-7 years ago and the solution that I went with was some home-grown Powershell scripts and using the built-in VSS service on the workstations.
I grab the bare necessary files to rebuild a workstation and then dump the backups to the user's home directory on the server (which is then automatically backed up). Take a look at the scripts I wrote
Down-modded probably because it makes too many assumptions. The question may not even be asked by "IT people". Abusive too, so fair game for -1 IMHO
I used Bacula to back up a company of ~25 users. It doesn't have all the bells and whistles of TSM. Once you figure out how it works, it's nice (and it's free). I ran the Bacula server on GNU/Linux (Redhat I think). There are clients for GNU/Linux, Windows, and Mac. Backups can also be encrypted.
Highly recommend UrBackup. It can do both files backup and system image backup. The backup server can run in either Linux or Windows. Clients softwares for PC to be backup are also available for both Linux and Windows. For Windows clients, system image backup is made using Volume Shadow Copy function of Windows. Not sure if system image backup is available for Linux client or not. Overall it is a very powerful, yet easy to use, backup system, avaialble at http://www.urbackup.org/
The first thing I have to say to everyone who asks me to design a backup solution is "what's your recovery solution? what are your recovery needs?". Then design your backups around that. Don't back up anything that won't be restored. You have to protect against both disaster recovery (loss of total system) and operational recovery (file deletion, corruption, historical trails). DR for a PC is usually from a stock image; OR for a PC can be managed through much better methods than PC backup.
The only thing I do at work all day every day is backup. I'm certified on one of the major commercial backup applications, two purpose built backup appliances from different vendors, and have formal training in a few other commercial applications. We have a team of 6 that manage backup for the company's data internally, another team of 5 that manage backup for our IT customers, and a couple of part-time backup admins for rogue corporate business units. We have an offshore team of 12 that support backup & storage for both internal & external 24x7 (max 3 on shift at any time). Internally our biggest backup server runs 10,000jobs/day for 1300 hosts; across all internal servers it's something like 25,000 jobs on 4,000 host. I spent almost $1M in capital this year just to refresh EOSL backup infra, and have asked for $3.1M next year to get into the 21st century for all our backup storage. My colleagues have spent at least as much in growth this year. Across the enterprise we protect 12PB of front end data. Globally we are considered a small customer to our backup software/hardware vendors. We don't do endpoint protection because it's not worth the effort.
If you really are going ahead with what you've described (I suggest you don't), then my biggest worry would be software & config deployment during version upgrades, OS re-installs and infrastructure changes. If you add another backup server are you going to have touch every PC? If you upgrade your server to a version that drops support for a given client version and the user doesn't bother upgrading can you push it down? Can you make sure it gets pushed the next time he logs in?
If you have any remote users, use a tool that does client side deduplication and incremental forever with synthetic full backups being hydrated on the server. /cdrom? Set the users expectations appropriately and communicate with them what they can expect of you. Make sure everyone knows where their division of responsibility starts and ends, and make sure there's training material available that aligns with those divisions.
Know what your requirements are for portable media, and make sure the tool you use includes/excludes it as per corp policy. Will rsync of / pick up
That said, if you really are a big company, then forget the endpoints, put your user's data on LAN shares, SharePoint, Exchange, etc and protect their data using server backup. Encrypt the endpoints in case some PHB decides to not use the LAN shares and stores corp data locally, but if he didn't put it on the LAN as per corporate policy, then let him sweat it out for losing his data when the laptop gets stolen/dropped/dies/etc. I have no sympathy for anyone that doesn't follow documented policies & procedures. They all get the stock corporate image, which gives them a personal and a team share. I don't even cheat like some of my colleagues, my laptop is not backed up to our backup servers and I've had it replaced/reimaged every 2 years or so. I keep my historical PST files in two locations. Two hours of setting up my windows preferences or importing app settings from dumps I put on my home drive and I'm back in business. Data doesn't belong on PCs - I wish they were all dumb terminals and any machine you log in to mounts your home drive, runs apps off shares or in remote sessions, and your profile follows you around. Or follow the mainframe strategy and RDP into your desktop / use VDI.
Anything less than 20 endpoints I'd consider small, go ahead and use si