Introduction

What characterizes the TERRA CLOUD backup solution?

Communication between all the components involved is always encrypted. Only one agent needs to be installed on the server to be secured.
This then connects to our data center via ports 8086 and 8087.
Thus, since the connection is from the server being secured to the outside, there is no need to configure inbound firewall rules or NAT.
The administration is done centrally via our backup portal.
In this portal you will see all servers that have linked to your account through agent registration.
The backup solution basically consists of three components: Agent, Portal and Vault. The Agent is the software component that runs as a service on your servers.
The portal is used to configure and administer these agents. The Vault is the data vault where the data is stored.

Function overview

Prerequisites

Supported operating systems

Windows Server:
Windows Server 2019: Essentials, Standard, Datacenter, Server Core

• Windows Server 2016: Essentials, Standard, Datacenter, Server Core
• Windows Server 2012 R2: Foundation, Essentials, Standard, Datacenter, Server Core
• Windows Server 2012: Foundation, Essentials, Standard, Datacenter, Server Core
• Windows Storage Server 2012: Standard, Workgroup
• Windows Small Business Server 2011: Essentials, Standard, Premium
• Windows Server 2008 R2: Standard (SP1), Enterprise (SP1), Datacenter (SP1), Server Core (SP1)
• Windows Storage Server 2008 R2: Standard (SP1), Enterprise (SP1), Workgroup (SP1), Essentials (SP1)
• Windows Small Business Server 2008: Standard (SP2), Premium (SP2)
• Windows Server 2008: Standard (SP2), Enterprise (SP2), Datacenter (SP2), Server Core (SP2), Basic (SP2), Workgroup (SP2)
• Windows Storage 2008: Standard (SP2), Enterprise (SP2)

Windows Client:

• Windows 10: Home, Pro, Enterprise (version 1909)
• Windows 8.1: Enterprise
• Windows 8: Enterprise
• Windows 7: Enterprise (SP1), Premium (SP1), Professional (SP1), Ultimate (SP1)

Linux:

• SUSE Linux Enterprise Server 15
• SUSE Linux Enterprise Server 12 (SP4)
• SUSE Linux Enterprise Server 11 (SP4)
• SUSE Linux Enterprise Desktop 11 (SP4)
• openSUSE Leap 15.0
• openSUSE Leap 42.3
• openSUSE Leap 42.2
• openSUSE Linux Enterprise Server 13.2
• openSUSE Linux Enterprise Server 13.1
• Red Hat Enterprise Linux Server 7 (Update 6)
• Red Hat Enterprise Linux Workstation 7 (Update 4)
• Red Hat Enterprise Linux Server 6 (Update 10)
• Red Hat Enterprise Linux Workstation 6 (Update 9)
• CentOS 8 (Update 1)
• CentOS 7 (Update 8)
• CentOS 6 (Update 10)
• Oracle Linux Server 7 (Update 6)
• Oracle Linux Server 6 (Update 10)
• Ubuntu Server 18.10
• Ubuntu Server 18.04
• Ubuntu Server 16.04
• Ubuntu Server 14.10
• Ubuntu Desktop 14.10
• Ubuntu Server 14.04
• Ubuntu Desktop 14.04
• Ubuntu Server 12.04 LTS
• Debian 10(Update 4)
• Debian 9 (Update 13)
• Debian 8 (Update 11)

Supported file systems under Linux:

• ext2
• ext3
• ext4
• XFS
• JRC
• ReiserFS
• JFS

Status: 22.05.2020
To be up to date with the latest supported systems of the Backup Agent, please refer to the latest release notes. You can find them under Downloads in the Backup Portal or directly under this download link:
Agent Doku/Release Notes

Network configuration

Agent registration:
8086 TCP Agent => Portal (backup.terracloud.de - 185.35.12.128/26)

Agent Management:
8087 TCP Agent => Portal (ampXX.terracloud.de - 185.35.12.160/27)

'Communication between agent and vault:
2546 TCP Agent -> Vault (vault-wmh1-XXXX.terracloud.de)

In addition to the primary Vault, it must also be possible to reach the secondary Vault.
The following examples show you the naming conventions of the different animal levels and the basevaults.

Example Tier 2:
The secondary system is operated in a different fire section, but at the same location, and the "p" (primary) in the third block is swapped for an "s" (secondary).

vault-wmh1-p001.terracloud.de = 195.4.145.2
vault-wmh1-s001.terracloud.de = 195.4.145.127

Example Tier 3:
The secondary system is operated in a partner data center, the "h" (Hüllhorst) in the second block is swapped for a "d" (Düsseldorf) and in the third block the "p" (primary) is swapped for "s" (secondary).

vault-wmh1-wp01.terracloud.de = 185.35.13.66
vault-wmd1-ws01.terracloud.de = 194.97.103.194

Example Basevaults (replication target of TERRA CLOUD backup satellite)
TERRA CLOUD Backup satellites replicate their dataset to the primary base vault, which replicates the dataset to the secondary vault system.
Basevault systems have the letter combination "bv" for Basevault in the third block, secondary ones have the abbreviation "bs" (Basevault secondary), additionally the abbreviation for the Düsseldorf location is also stored in the second block.

vault-wmh1-bv01.terracloud.de = 217.243.185.2
vault-wmd1-bs01.terracloud.de = 194.97.101.194

The direction here is always Agent -> Server in the Cloud(Vault/Portal)
.

'When using a satellite, the following ports must be open:
2547 Satellite -> Basevault (Management)
12547 Satellite -> Basevault (Data Channel)
443 Satellite -> Interface Updates
NTP Port 123/UDP -> from satellite to internet for time etc.

You can download an IP address overview with the respective networks in the Backup Portal.

Vault

A Vault is a virtual system that is operated in the TERRA CLOUD or a partner data center. This system communicates with the backup agents and receives backups and stores them according to the defined retention periods. Backup packages include access to a shared backup platform, in the form of a Vault account.

Vault account

The vault account is a unique organizational unit on a vault system, this is required for authentication of a backup agent to the vault.

The name of the Vault account is composed of your customer number at Wortmann AG and the name of your end customer at TERRA CLOUD Center in capital letters.

Example:

12345-END CUSTOMERXY

You need the Vault account e.g. when you create a new Vault profile, so that the agent can use the data from the profile to authenticate to the Vault system. The Vault account is stored for the "Account" and "Username" field.

Portal

The configuration is carried out as documented in the following sections exemplary. The administrator account "backupadmin@terracloud.de" was used for this configuration.
This corresponds to your reseller administrator account (Backup Master Account).

Structure TERRA CLOUD Backup Portal

Description:
This diagram shows the structure of the Backup Portal. The upper level consists of the parent site, which you can recognize by the name consisting of your Wortmann AG customer number and the name of your company. Through this level you can administer (child) sites and centrally use all the functions of the portal. You can create users for both levels, these are in the diagram once in green deposited for the parent site and in blue for the sites of the end customers.

Please create a separate site for your company, as marked with the NFR site in the diagram. You can then register the agents for your system into this site. Note:

 Please do not register agents in your parent site to use the full functionality of the Backup Portal. 

Create subsite

A subsite is a subarea within your portal to separate and administer a group of computers to be secured.
Subsites help to create and maintain order and structure. We recommend creating a separate subsite and user for each end customer.

Click "Sites" in the navigation bar, and then click "Create New Site".

Now assign a name for the subsite. A useful name is the name of the end customer, this can be combined with a customer number you have assigned, e.g. 12345-end customer.
Optionally, you can configure the customer number and contact addresses for the site. Then click on "Save Site".

Now assign a name for the subsite. A sensible name here would be the name of the end customer.
Optionally, you can configure the customer number and contact addresses for the site. Then click on "Save Site".

Configure Vault Profiles

Select the site you just created by clicking on it. Now click on the "Vault Profiles" tab and "Add New".
By means of Vault Profile you can store the access ID to your Vault (data storage). The profile can then be selected for each backup job,
. in which Vault the data should be stored. If you do not want to create a Vault Profile, you must manually set up the credentials to your Vault for each backup job.

"Vault name" is freely selectable. We recommend entering the end customer name. You will receive the access data to your Vault from WORTMANN AG.
Each end customer (or end customer company) MUST have their own access so that customer data is cleanly separated.
Click "OK" after the input.

The saved Vault profile should be visible afterwards.

Create user (optional)

You can create different users for your end customer's site. If you specify a created user of the "User" or "Administrator" role instead of your Parent Site Administrator when registering the agent, the agent will be registered into the end user site.
.

Note:
For more information on the different user roles, see [Authorization concept].

On the following screenshot you can see the configration of a user of the role "User".
Please note that you can still assign [Agents] to users who do not have the "Administrator" user role.

Configure notifications (optional)

Under the "Notifications" tab, you can configure an email notification for the site.
The stored address is notified as soon as the encryption password of a job is changed.
This can warn you in the event of unauthorized access, for example, if an attacker wants to gain access to future backups by changing the encryption password.
The encryption password can not be changed retroactively for already existing safesets.

Note:
The change of the encryption password is also displayed in the "Status feed".

The basic configuration for your first end user site is now complete.

Automatic agent configuration

<< Will be available only with the next portal update (end of Q2/2021). Screenshots to follow.>>
To enable automatic agent configuration, please navigate to the appropriate site and then to the Agent Configuration tab.

To create custom job templates, please open the global job template we created and make a copy of it.
Then you can edit this copy according to your needs such as: Type of job like BMR only, basic exclusions of paths, retries in case of backup errors or schedule settings.
Once you have created a custom job template for the backups click on "Save".
These templates are now available to parent site administrators for additional sub-sites and can be enabled for the other sites as well if needed.

Authorization concept

This diagram shows the four different roles that can be assigned to a user.
You can create users either within a site or at the reseller level in your parent site, for more information see the [Structure TERRA CLOUD Backup Portal] matrix.

Assign agents to users

Users who do not have the role "Administrator" must be assigned agents that may be managed by them.
You can do this either through the configration of users within the site, or through the Sites tab within your parent site.

In this example, only SERVER01 and SERVER02 have been assigned to the user for management.

Remove computer from the portal and from the Vault

'Recommended procedure for decommissioning a system:
1. select the desired system via the checkbox on the left side of the backup portal
. 2. under "Actions" select Delete selected computer(s)
. 3. select "Delete computer completely" and confirm the deletion as shown (figure below)
. 4. uninstall the Backup Agent from the affected system
.

Offline computer:
A system is displayed as offline in the portal if the "TERRA Cloud Backup BUAgent" service is not running or cannot communicate with the backup portal.
You can remove the entry in the Backup Portal via the "Delete selected computer(s)" action.
Please note that this procedure only removes the entry in the Backup Portal and leaves the dataset on the vault system.

Move computer to another site

You can move as many computers as you want to another site using the "Move Computer" action.
This function makes it possible, for example, to assign systems that were accidentally registered in the [Parent site] to the end customer's site.

Delete jobs from the portal and from the Vault

As of 9/16/2019, it is possible to delete jobs as well on the Vault.
To do this, select the desired job and under the action "Delete job".


First, select whether you want the data deleted from the portal only or from the portal AND on the Vault.
Then click on the red delete button. Further instructions will follow in the next popup.


After typing "CONFIRM", the mentioned job will be deleted after 24 hours.


The deletion is now confirmed and can then be seen in the "Last backup status" column.


Under Job Actions, you can cancel the deletion within 24 hours.

Adjustment in the Backup Portal after a data migration

After migrating the data/backups to e.g. a dedicated vault system, an adjustment of the configration must be made in the Backup Portal.
The backup agent should connect to another vault system after the migration and, if necessary, also use different credentials for authentication.
The procedure differs slightly depending on the migration method. Please perform the following customization as agreed in the migration process (support ticket).

Vault account migration

In this variant, the entire Vault account is moved to another Vault system. A vault account is an organizational unit for an end user. You will receive the access data and the name of the vault account when you provide the account e.g. 12345-DEMO.

Please perform the following steps after the account has been successfully moved:

1. Call up the "Vault settings" in the Backup Portal for each agent
2. Edit the current vault connection and exchange the FQDN of the old vault system with that of the new vault system
3. Also customize the Vault profile for this site

The following screenshot shows the current vault connection that needs to be edited.

Migration of data to a new Vault account

The prerequisite for this method is a new Vault account on e.g. a dedicated Vault account. In this variant, only the computers and their backup jobs are migrated to a new Vault account.
Since the new account is on a different vault system and uses different credentials, all items in the vault connection must be changed.

1. Call up the "Vault settings" in the Backup Portal for each agent
2. Edit the current vault connection and exchange the entire vault access data with that of the new vault account
3. Also customize the Vault profile for this site

Policies

We recommend it not to use Policies currently!
Policies currently have a few messy side effects. In particular, there may be some confusion about retention types.
In the past, this has occasionally led to an increase in Safeset consumption.
We will continue to expand and improve the topic of guidelines - even to the point of job templates including schedules that can be rolled out to multiple agents with just a few clicks.

Until then, we recommend to set the advanced settings manually
.

Reports

The report function allows you to view detailed information about your backup consumption values. To access the "Reports" page, you must be logged in as a user with "Administrator" role.
Reports can be scheduled and automatically emailed (PDF, XLS, CSV). To view reports, the "Vault account" must be synchronized to the respective site.
Synchronization takes place automatically in the background every hour on the hour.

Automatic synchronization of the Vault account - how it works:

• Below the "Vault Settings" is the Vault Registration (1).
• the "Vault account" (2) is transferred to the site (3).

For synchronization to work, the following requirements must be met:
.

1. The Vault account must NOT be used across sites (same Vault account in different sites).
2. The agent was registered in a self-created site (https://backup.terracloud.de/Sites)

Different Vault accounts can be used within a site, as long as they are not used in other sites.

Agent Upgrade Center

The Agent Upgrade Center offers you the possibility to upgrade Windows Agents from version 8.7x via Portal.

Update individual agents
Via the "Computer" tab, you can select systems and initiate the update of the agents under "Actions".

Status display
In addition to the current version, you can read from the icon whether the agent can be updated (purple dot) or is currently being updated. As soon as an agent has been successfully updated, a check mark is displayed next to the version number. If you move the cursor on the symbol next to the version number, the respective meaning will be displayed, e.g. "New agent version available". On the following screenshot you can see an agent that is being updated.

Update agents of entire sites
To do this, access the Agent Upgrade Center via your master login and select the desired agent and then the respective sites.

After that, please select whether the agents should be updated automatically or immediately:

Windows Agent

Installation via the setup

Please download the TERRA Backup Agent. To do this, log into your portal and select the appropriate version on the right side under Downloads.

Now start the installation on the server to be backed up. First select the desired language with which you want to be guided through the installation.

On the "Support Information and Release Notes" page, click Next

Accept the license terms and click Next.

In the next installation step, select "Custom" and click Next.

The local logon credentials can usually be adopted. Click Next.

Select the desired installation directory. Then click Next.

In addition to the actual backup agent, further plug-ins can be installed. Depending on the type of server, individual Microsoft SQL database instances or Exchange mailboxes can be backed up, for example.
Select the desired plug-ins and then click Next.

Enter the mail address and password of the user created in 4.2.2. Confirm with Next.

Confirm with Install.

If you are then redirected back to the agent registration, the credentials you entered are probably not correct, or you are having problems with the
. Network connection. First try to ping backup.terracloud.de. If this works, you can check via Telnet whether the port 8086 is accessible.

After 5 minutes at the latest, the server you just registered should show up within your portal under "Computers".

On the right side, under "Site Name", you can read "End Customer1" in our case. This is because we registered the agent with the user backupkunde@endkunde1.de,
which belongs to the subsite "End customer1". In this way, we can now filter for computers that belong to the "End customer1" subsite. This allows us to quickly list all computers belonging to an organizational unit.

Silent Installation under Windows

The agent can also be installed in silent mode. This is useful if the agent is to be rolled out automatically on multiple systems.

An example of silent installation including the image plug-in:
Agent-Windows-x64-x-xx-xxxx.exe /s /v" REGISTERWITHWEBCC=True AMPNWADDRESS=backup.terracloud.com AMPUSERNAME=backupkunde@firmaXYZ.de AMPPASSWORD=password FEATUREVOLUMEIMAGE=ON /qn"

Explanation:
Agent-Windows-x64-x-xx-xxxx.exe: The setup of the agent (x64) is called.
REGISTERWITHWEBCC=True: the agent should be registered to the backup portal.
AMPNWADDRESS=backup.terracloud.com: The address of the backup portal is passed.
AMPUSERNAME=backupkunde@firmaXYZ.de: The user of the client site is passed.
AMPPASSWORD=password: The password you assigned to the customer site user.

Parameters for plug-ins:
Plug-ins can be added after the AMPPASSWORD separated by a space as in the example above.

Image Plug-in: FEATUREVOLUMEIMAGE=ON
Exchange Plug-in (Legacy): FEATUREEXCHANGE=ON
Exchange Plug-in (From 2010): FEATUREEXCHANGE2010=ON
SQL Plug-in: FEATURESQL=ON
Cluster Plug-in: FEATURECLUSTER=ON
Oracle Plug-in: FEATUREORACLE=ON

Installation to another directory:
If needed, please specify the following parameter directly after /s /v" for the installation into another directory:
SILENTINSTALLDIR=\"path" Example:
SILENTINSTALLDIR=\"C:\Program Files\Example\

Silent Agent Registration

The following entry in the command line is sufficient to re-register the agent with the portal:
. C:\Program Files\TERRA Cloud Backup\Agent\buagent.exe" -cmdline --reregister --amplogin backupkunde@firmaXYZ.de --amppassword USERPW --ampserver "backup.terracloud.de" --ampport 8086

Afterwards, the Terra Cloud Backup services must be restarted once.
To do this, start Powershell with administrator rights and enter the following:
Get-Service -DisplayName "TERRA Cloud Backup*" | Restart-Service

Link agent with Vault

Each newly registered computer is initially displayed in the portal as "Not configured". First, at least one vault must be assigned to the computer.
Click the server you want to configure (in this example, "DC"). This will open the settings for that computer. Then click "Configure manually" on the right.

Now click on "Add Vault" on the right.
Then select the Vault profile created in 2.1.1 under "Vault Profile", in our case this is "Vault_Endkunde1". All fields should then be automatically filled in with the set values.

The Agent establishes a connection to the Vault on a test basis. If the connection cannot be established, for example because incorrect credentials have been entered, you will receive an error message.
If everything is OK, the Vault will now appear under the "Vault Settings".

Advanced agent configuration

Individual settings can be configured for each computer. These include, for example, mail notification and bandwidth limitation.

In the portal, go to "Computer". Select a server and then click on "Advanced" to make specific settings.

Options:
Under this point you can add a description to the system, we e.g. in a support case to store the ticket number in the description.
. We recommend the option "Log errors and finish backup" for current Windows agents, this is the default setting after installation or update.
. The option "Log errors and continue backup" offers the advantage that backup can run partially even in case of e.g. VSS problems.
The files not backed up in this job will provide an enlarged delta in the aftermath.

Storage types:
The currently stored storage types are displayed here, after an installation "Daily" and "Monthly" are stored by default. Through this tab you can create your own safekeeping types, which will be available for you to choose from in the schedule afterwards.When configuring, please note that 41 safekeeping sets per job are included free of charge.

Notifications:
The agent can send an email after a backup. You can configure at which result a notification should be sent.
The mail is sent by the agent. The SMTP port must therefore be reachable from the computer to be secured to the outside.
If you have a server environment that is isolated from the Internet, you need a relay server.
We recommend you to test the settings after the configuration and to use the mail notification only ergänzed to a monitoring strategy.
. Please keep in mind that the agent cannot send a notification in case of a system failure, for example.

Performance:
A bandwidth limit and execution priority can be configured under this item.
According to current knowledge, changing the execution priority does not show any noticeable effect, so we recommend keeping the default value.
. Bandwidth limiting is especially recommended for weak connections during your customer's working hours.
At least 1.5 Mbit/s should be allocated for a backup.

Agent log files:
Under this tab you can view all global (cross-job) log files of the agent, these can be helpful for troubleshooting.
. For example, log files of the BUAgent can be viewed, this service (TERRA Cloud Backup BUAgent) is responsible for the communication of the agent with the backup portal.
.

Updating the agent

The TERRA CLOUD Backup Agent can be updated as follows:

Windows (manual):

• From agent version 8 on, the agent can be updated directly via the setup of the newer agent version
• When you start a setup of a newer agent, you will be asked if you want to update.

Windows (Agent Updater):

• Agents from agent version 8 can be updated with the Windows Agent Updater
• The Windows Agent Update can be found in the download area of the Backup Portal.
• You receive feedback on the individual steps, as can be seen in the illustration

'Windows (Agent Upgrade Center):
You can update multiple agents centrally via the TERRA CLOUD Backup Portal, instructions can be found at:
Agent Upgrade Center

Linux Agent

Installation

Please download the TERRA Backup Agent. To do this, log into the Backup Portal and select the appropriate version on the right side under Downloads.
Please unpack the archive with tar -zxf PACKAGE-NAME.tar.gz.

Then change to the directory and call the install.sh.

Installation is very simple and largely self-explanatory. First the wizard asks for the installation directory. By default this is /opt/BUAgent.
If you agree, press the Enter key, alternatively you can enter a different path. Provided that the installation directory does not exist yet,
. you must confirm the creation of the directory afterwards.

In the next step you can either confirm the "default language" by ENTER or change it.

Under "Do you wish to register to a Web-based Agent Console server", you can also confirm the default value [Y] by pressing ENTER.
Now you need to specify the address of the portal to which the agent should connect. Please enter backup.terracloud.de here.
In the next step, the default connection port 8086 must be confirmed by ENTER.
Enter the user name and password of the user created in 4.2.2 and confirm with ENTER. The agent should now connect to the portal and perform the registration.
Once the message "Registered to the Portal" appears, the registration has been successfully completed.

The machine should now appear in the portal after a few seconds or minutes and can be configured.

Assign alternative static IP during a BMR restore

In the event of a BMR restore, the original network configuration is restored by default.
If you want to assign an alternative configuration, e.g. to perform a test backup, we recommend starting the system without network access first.
For example, with a Hyper-V, you could first boot into the recovery ISO without a connected external vSwitch, then after adjusting the network configuration, you can connect the VM to the vSwitch. This ensures that the system does not go online with the old IP address at any time.

Please follow these steps to adjust the network configuration before recovery:

1. Boot into the restore ISO and initiate the restore up to the step where you are prompted to run ./bmragent.
2. Determine the name and configuration of the network interface using ip address show.
3. Take the interface offline by e.g. ip link set name of network interface down.
4. Delete the old IP address you determined in the first step by e.g. ip address del 172.29.4.24/22 dev name of the network interface.
5. Configure a new IP address by e.g. following command ip address add 172.29.4.29/22 dev name of network interface.
6. Take the network interface online again after adjustment
7. Finally configure the default gateway by e.g. ip route del default and afterwards ip route add default via 172.29.4.1 dev name of the network interface.

This screenshot shows an example of step 1 from the instructions:

Backup Jobs

File-based backup

How it works

The backup software accesses the file system of the system to be backed up. The files are read in and divided into 32KB blocks, a checksum is calculated for each of these blocks. The checksums can be used to determine the delta in subsequent backups. The blocks determined for the backup are compressed and encrypted.

Fast file scan

The "Quick File Scan" or "QFS Quick File Scanning" function allows the Windows agent to pre-filter files based on the timestamp (modification date) in the file system for determining the delta. Files whose modification date is newer than the last backup are read in and compared with the delta file of the last backup using the calculated checksums of the 32KB blocks. Only blocks that have not yet been backed up are included in the backup.

Advantages and disadvantages

Advantages:

1. BMR backup possible
2. Included in the standard scope of the agent, no additional plug-in is required
3. No reboot required after installation
4. Granular troubleshooting possible
5. Files/directories can be excluded
6. Can be administered from the agent console without portal access
7. Script-based recovery via VPR file possible

Disadvantages:

1. Slower with many small files
2. Navigation via portal when restoring individual files

Best Practice

1.Use a file-based backup job, for a new setup, only for backing up individual files and folders.
2.add the option "Entire server" for existing file-based BMR backup jobs
3.Use an image-based job for configuring new BMR backups 

Create file-based backup job

Click on the "Jobs" tab. Then click on "Create new job for local system".

The "Create new job" window opens.

Please assign a name for the job first. In the example, the name "BMR" (for Bare Metal Restore) is used.
By default, the encryption algorithm is the AES 256 bit, which is considered very secure.
Then assign an encryption password (maximum 31 characters). Resetting an encryption password is not possible!
In the middle area you will find the directory structure that the agent sends to the portal. Here you can conveniently select all the directories and folders you want to backup.

In this example, the "BMR" and "Entire server" options have been configured. Please note our This not only backs up the actual system files, but also the boot loader. So you can restore a complete server later. With the "Bare Metal Restore", the complete c:\ system partition is backed up in addition to the data necessary for booting.

On the right side you will then see the backup set. Objects marked with "+" will be backed up. If you want to exclude individual data from the backup,
. select the file and click "Exclude". Objects marked with "-" are excluded from the backup.
Confirm the setting by clicking on "Create job".

Then a window will open automatically to configure the schedule.

Image-based backup

How it works

Unlike a file-based backup job, which protects individual files and folders during backup, an image job sequentially backs up all blocks in a volume. It is possible to set up a BMR backup when all system-relevant volumes are backed up.

Changed Block Tracking

The image plug-in installs a Changed Block Tracking driver, which requires a reboot after installation. This can be used to determine which blocks have changed in relation to the last backup.

Advantages and disadvantages

Advantages:

1. BMR backup possible
2. Faster with many small files
3. Recommendable from 1TB natively protected data volume
4. Requires less processing power than file-based backup
5. Convenient restore (image is attached)
6. Navigation via Explorer during recovery

Disadvantages:

1. No exclusion of individual files and folders possible
2. Restore only possible to same size/larger disks
3. Reboot required after agent installation/update
4. No granular troubleshooting possible
5. No ReFS support

Best Practice

1.Use a file-based backup job, for a new setup, only for backing up individual files and folders.
2.add the "entire server" option to existing file-based BMR backup jobs
3.Use an image-based job for configuring new BMR backups

Create image-based backup job

Prerequisite:
The image plug-in must be installed on the system. If the plug-in is not yet installed, you can run the agent setup again and use the "change" option to install the plug-in later.

Create job:
Please select the image job in the Backup Portal under "Select Job Task" as shown in the following screenshot:

Configure job:
In this screenshot you can see an example configuration of an image job. In this one, the option "Bare Metal Restore" and "Entire Server" has been selected and applied to the backup set.
Instead of the file system, the agent displays only individual volumes.

'Application-aware backup option:
In addition to BMR backup, this option allows you to cut and backup the transaction logs of a Microsoft SQL Server. To be able to use this, you must store the access data required for the SQL instance. We recommend not to use this option and to use a separate SQL job for a large backup of an SQL instance.

Option "Entire server":
If you add this option to the backup set, all partitions (volumes) of a system are included in the backup. This excludes removable media (e.g. external hard disks or USB sticks). Partitions (volumes) added later are automatically included, no configuration adjustment is required.

Note:

For an image-based backup job, BMR protection is automatically given by the "Entire server" option, but in order to provide a default configuration for file and image-based backup jobs, the BMR option has been additionally added in the screenshot above. 

Best practice schedule

• The Best Practice schedule uses the "Monthly" and "Daily" storage types, these are automatically created during installation
• The backup with monthly retention is placed on the dynamic last day.
• Time of the backup must be the same so that the set priority takes effect (rarely before often)
• The compression is set to "smaller" by default, so that the delta to be transmitted is as small as possible.
The "Automatic restart for scheduled backups" setting allows the backup agents to restart the backup in case of an error, after a defined waiting time.
• We EXPRESSLY recommend to run the backup jobs at night between 22:00 and 6:00 in the morning.
• Our backend is optimized to provide full bandwidth and performance during this time
• Consistency checks are performed during the day, which may affect performance under certain circumstances.
• With the help of consistency checks, we ensure the integrity of your data and thus guarantee a very high backup quality

Run job manually

You can also run jobs manually if you wish.

Click on "Start backup".

Completed backup operation:

In this case, because the agent is able to compress, only 7.13 GB of data was transferred and stored in the Vault for a complete Windows Server 2016 VM. The original size of the system is 19.30.
This is an initial backup, as 19.30 GB are also stored under Changed.
Also under the "Jobs" tab we can see that the backup process has been completed successfully:

By clicking on "Completed" in the middle, more details can be viewed.

Reset function

The option of deferral allows to complete an initial backup after a defined period of time, regardless of how much data of the initial backup has already been transferred. After the defined backup window of e.g. 8 hours, a safeset is created, from which only what was transferred in the 8 hours can be restored.

A deferral can be defined in the schedule and manual execution:

Recommendation:
The deferral function can be used exclusively for the initial backup. You can select the deferral in each case during manual execution or store it in the schedule. We recommend placing a reminder in the agent description that the deferral feature is active in the schedule. After the first successful completion of the backup without deferral, you can remove the feature from the schedule and the reminder from the agent description.

The deferral can be used to split the initial backup or seed backup into several backup jobs. You will receive a warning in the log file until the backup job has completed once. In the case of a BMR job, BMR protection is only given after the first successful completion without deferral.

Example:
Day 1:
The backup job is started the first time with a reset and finishes the backup after a defined period of 8 hours and Safeset 1 has been created.
Day 2:
The backup is restarted and creates Safeset 2 after 8 hours.
Day 3:
On the third run, the backup job completes before the 8 hour period, Safeset 3 is created and the seedbackup is successfully completed.
The status of the backup job changes from "Reset with warnings" to "OK".

Restoring a backup job

After backing up data of a system, you can select the "Restore" item in the backup jobs under "Actions".

Windows

Restore from a file-based backup

Using the calendar button, you can select the safeset from which you want to restore the data.
Enter the encryption password of the job. The "Hint" button will display your password hint once clicked.
The folders and files to be restored can be set using checkboxes for complete folders or files and then included in the restore using "Include".
With the search function it is possible to search for specific files without searching out the file path.
The wildcard characters * (for any number of characters) and ? (for a single character) are supported.
However, the question mark cannot be used for an umlaut (ö,ä,ü). Select the appropriate files and add them to the recovery by clicking "Include selected".
To search for files in a specific folder of the backup, enter the desired path in the "Search path" field.
When you include a folder in a restore, the subdirectories and files in that folder are also included by default.
Provided that you want to restore only a part of subdirectories or files in a folder, you can add filters to the Include record.
It is also possible, for example, to add a filter to restore only files with .doc or .docx extension in a folder.
When you exclude a folder from a restore, the subdirectories and files in that folder are also excluded by default.
Provided that only a part of subdirectories or files in a folder should be excluded, you can add filters to the Exclude record.
For example, you can add a filter to exclude only files with .exe extension in a folder from recovery.



You have the options to restore the files to the original location or to an alternate location.
If you decide to use an alternative location, you can use the folder button to select the desired location.
Also you have the options to overwrite existing files, not overwrite (adding a numeric extension, e.g. .0001), rename incoming files and rename existing files.
.

Overwrite existing data

If you attempt to restore multiple files with the same name to an alternate location and select Overwrite Existing Files, only the last file restored will be retained.
Other files with the same name will be overwritten. To add a numeric extension (e.g. .0001) to a recovered file name, select Do not overwrite existing files.
. For example, if you restore a file named filename.txt to a location that contains a file with the same name, an extension is added to the restored filename (for example, filename.txt.0001).

Rename existing files

To add a numeric extension (e.g. .0001) to an existing file name, select Rename Existing Files.
For example, if you restore a file named filename.txt to a location that contains a file with the same name, an extension is added to the existing filename (for example, filename.txt.0001).
The name of the restored file is still "filename.txt".

Advanced Recovery Options

Options for locked files

When restoring data from a local job, you can specify whether locked files should be overwritten by restored files with the same name.
To do this, select one of the following options:

• "Yes, overwrite locked files"
  

Files in the system that are locked during recovery are overwritten with the recovered files when you restart. This option must be enabled for system state or system volume restores.

• "No, do not overwrite locked files"
  

Files in the system that are locked during recovery are not overwritten with the recovered files with the same name when you restart.

Streams

When running backups, information from your files is captured in various streams.
The original data created by a user is called a data stream.
Other information such as security settings, data for other operating systems, file references and attributes are stored in separate streams.
When restoring data from a local job, you have the following options to choose from:

• '"Restore all streams"
  

Restores all information streams. Use this option when restoring files to a system with an identical platform.

• '"Restore data streams only"
  

Select this option for cross-platform restores. With this option, there are no conflicts due to system-specific data streams.

Protocol options

Select one of the following logging levels from the list:

• Files: Provides more detailed information and is usually used for troubleshooting. Provides information about files that are being restored.
  
• Directory: Provides less detailed information than the Files logging level. Provides information about folders that are being restored.
  
• Summary: Provides top-level information, including Vault/Agent version and backup size.
  
• Minimal: Provides top-level information, including Vault/Agent version.
  

Changing the logging level only affects log files that are created afterwards. Log files that have already been created are not affected by this change.

Performance options

To use all available bandwidth for recovery, select "Use all available bandwidth".
Bandwidth throttling specifies the bandwidth an agent is allowed to consume for backups and restores.
For example, you can restrict traffic so that online users are not impacted, and unrestrict usage at night so that scheduled backups or restores can be performed as quickly as possible.
Bandwidth throttling values are set at the computer (or agent) level and apply to backups and restores.
If three jobs are running simultaneously on one computer, each job receives 1/3 of the specified maximum bandwidth.
Possible bandwidth settings: Maximum bandwidth (upper limit) in MB per second that the agent may consume for all backups and restores.
Period during the day when throttling is activated. Only one time window can be specified.
No throttling takes place outside the time window. The days of the week when throttling is activated.
As soon as the bandwidth throttling time window starts during a running backup or restore, the maximum bandwidth is dynamically adopted for the running process.
If the throttling time window ends during an ongoing backup or restore, bandwidth throttling is lifted.
If you change an agent's bandwidth settings during a running backup or restore, the new settings do not affect the running process.
The bandwidth settings are applied when the backup or restore is started and are not changed afterwards.

Recovery from another computer (file-based)

It is possible to restore some or all data backed up on one computer to another computer with the same characteristics.
To restore the data from another computer, you can redirect the data from a backup job in the Vault to another computer.
. If the data was backed up using a plug-in, the same plug-in and the corresponding installation (e.g. Microsoft SQL) must also be present on the target computer.
Then the new computer downloads information from the Vault to restore the data to the new computer.
Example: computer A backs up its data with job A, computer B restores the data from job A (data from computer A) to computer B.

Restore from an image-based backup

Here you can select whether a complete partition or individual files or folders are to be restored.
Select the desired manufacture and click "Configure source next".

Partition Recovery

Select the desired partition to be restored.



Select the partition to which you want to restore.
Click "OK" and then you can click "Run Recovery" to start the recovery process.

File or folder recovery

Select the partition from which individual files or folders are to be restored and assign a drive letter for it.
Now click on "Make Volumes Available". This mounts the partition and you can copy the desired files or folders from the drive.
. Under "Duration of inactivity", set a time default for how long the drive should be mounted so that you have enough time to restore the relevant files or folders.
.

Restore from another computer (image-based)

You can restore some or all data backed up on one computer to another computer with the same characteristics.
To restore the data from another computer, you can redirect the data from a backup job in the Vault to another computer.
If the data was backed up with a plug-in, the same plug-in must also be installed on the target computer.
If the data was backed up using the Exchange Plug-in, the Exchange Plug-in must be installed on the target computer.
If the data was backed up using the SQL plug-in, Microsoft SQL Server must consequently be installed on the target computer.
Then the new computer downloads information from the Vault to restore the data to the new computer.
Example: computer A backs up its data with job A, computer B restores the data from job A (data from computer A) to computer B.



Click on "Computers" in the navigation bar. A grid with the available computers is displayed.
Locate the computer on which you want to restore the data and expand its view by clicking on the computer row.
Click "Restore from another computer" in the "Select job task" menu.
The Restore from Another Computer dialog box opens.
In the Vaults list, select the vault where the backup was saved.
On "Computer" list, select the computer with the backup to perform the restore with.
In the "Jobs" list, select the job from which the data is to be restored. Click on "OK".
The portal attempts to download information about the selected job. After the job information is downloaded, the job is displayed in the Jobs tab for the computer.
You can then proceed as you would for a normal restore.
If an error occurs while downloading the information about the selected job, the recovery cannot continue.
This can happen if the Vault is not accessible, the job information is not retrievable, or a required plug-in is not installed on the target computer.
Make sure that all required plug-ins are installed on the target computer before repeating the process.



Enter the encryption password of the backup job and click "OK".

Select the partition to which you want to restore.
Click "OK" and then you can start the recovery process by clicking "Run Recovery".



Select the partition from which individual files or folders are to be restored and assign a drive letter for it.
Now click on "Make Volumes Available". This mounts the partition and you can copy the desired files or folders from the drive.
. Under "Duration of inactivity", set a time default for how long the drive should be mounted so that you have enough time to restore the relevant files or folders.
.

Restore from another computer

The Restore from another computer option allows users to redirect the (original) job to another client for restore (restore location). To do this, the configuration information (Vault name, computer name, and job name) is retrieved from the original configuration and then added to your location so that the restore can be performed there.
This other client must be registered with the same Vault, using the same credentials.
This wizard contains the following steps:

• Selecting an existing Vault profile
  .
• Selecting the computer that backed up the job to be imported
  .
• Selecting the job to be restored
  .
• The wizard will now copy the job to your local workstation.
  
• Then the recovery will continue normally.
  

Linux

Restoring a backup is the most common use, allowing you to restore anything from a single file to a directory structure to an entire system.
To start a restore, select a job (i.e. you highlight it) and perform one of the following actions:

• Select "Actions" (Actions) and "Restore" (Restore).
  
• Click the restore icon (or use CTRL+R).
  
• Click on a job in the left pane with the right mouse button.
  

The recovery wizard will be launched. It offers the following options:

• Select a source device, vault, or directory type. Depending on which option you choose here, you can also select a Vault and a Backup. You can also select a restore from a specific backup set or set of backup sets.
  
• Enter the password if the backup is encrypted. If the backup is not encrypted, this window may not appear. If you forget the password, you will not have access to the backup data.
  
• Select the recovery objects (files or directories). You can expand the directories (if any) and select files for recovery or deselect specific files.
  
• Enter the options for the restore destination. You can choose to restore files to the original location or to another location, you can create subdirectories, and you can overwrite existing files.
  
• Select the other recovery options. You can overwrite locked files and select all streams or only data streams. You can select a log file with different level of detail.
  
• Click the Finish button to start the recovery process. The recovery will be performed and the process information will be displayed.
  

You may want to view the log files after the process is complete. The recovery logs are identified in the log list by the prefix "RST".

Bare Metal Restore

The Bare Metal Restore is a complete restore including all necessary components for the boot process (e.g. the boot loader).

Export drivers of a backed up system

With the following instructions you can export all drivers of a system:

1. Create a directory where the drivers should be placed e.g. (C:\Driver)
2. Run this command with administrative privilege in the CMD:

     dism /online /export-driver /destination:"C:\Treiber" 

You can add the exported drivers when creating a new Restore Iso. If there are complications with a BMR test restore, we recommend exporting the drivers of the protected system as described above and adding them to the restore iso. Please keep this iso or the drivers separately.

Create Restore ISO

To perform a bare metal restore, you need a restore iso (.iso file). The restore iso is based on Windows PE and additionally contains the restore software of the TERRA CLOUD backup solution, this is started automatically as soon as the system boots into the iso. You can create this iso yourself and use it for BMR backups of all your systems.

Download:
Please download the Bootable Media Creator from the Backup Portal.

Installation:
Now install the Bootable Media Creator, which also requires the Windows Assessment and Deployment Kit. By default, the Bootable Media Creator Setup will guide you through the installation of the ADK components, alternatively you can use the following setups for the installation:
https://backup.terracloud.de/Download/adksetup.exe
https://backup.terracloud.de/Download/adkwinpesetup.exe

After installation, the image can be created very easily.
First start the Bootable Media Creator and simply select a target directory below.

You can add exported drivers from [Export_Driver] in this step by selecting the driver directory via "add". Now click "Continue" to create the image.

The image can now be burned to a CD or attached to a virtual machine, for example.

Perform restore

The following instructions show a typical restore operation in a virtual machine. The ISO file was attached to the virtual machine. Legacy adapters must be used as network adapters under both VMware and Hyper-V.
After restarting the machine, a connection must be made to the machine via Console. The following screen then appears:

In the first step, configure the time zone and the desired language, then click Next.

In the following window, accept the license terms and then click "Next".

The "System Restore" gets the IP address from a DHCP server by default. If no DHCP server is available or you want to assign the IP address manually, click "Settings" in the main menu.
Select the network interface and then click on "Properties". Assign an IP address and confirm with "Apply".

To perform a restore operation, click Restore My System in the main menu. Click "Next" in the wizard.

On the following page, enter your data to the Vault (data store) and confirm with Next. The System Restore now tries to establish a connection to the Vault.

On the following page you will see all computers that belong to your account. Select the computer you want to restore. Then click on "Next".

On the following page you can see all backup jobs that belong to this computer. Select the job you want to restore. Then click on "Next".

In the next step you can select which safeset should be restored. Select the desired safeset and then click "Next".
If you have set up a password for the backup job, a password prompt appears. Enter the password and confirm with OK.

In the following step, the volumes to be restored can be selected. To do this, simply drag the partitions down into the "Destination" field.
Then click on "Next".

In the last step you can check the settings again. Then check the box "Click here to confirm the restore plan". Then click on "Next".

The restore process starts.

If the restore process is completed successfully, click OK to close the window. Exit the wizard and restart the server.

Backup satellites

Description and advantages

The Backup Satellite is a hardware appliance or a virtual machine that is deployed on your end user's network and can accept backups over the local network. The satellite provides you with all Vault functions, e.g. provision of partitions from an image backup. The rental devices or the virtual machines are provided to you by TERRA Cloud and, depending on size and performance, invoiced monthly in addition to the required backup packages.

By using a satellite, you can implement a hybrid cloud backup solution, as backups are stored locally on a satellite and replicated downstream to a data center.

This backup concept enables the following advantages:

• Fast backup and restore, thanks to locally connected vault system (satellite)
• No acquisition costs, as the hardware is provided to you
• Time decoupling between backup and replication possible
• Restore can be performed independently of the data center
• Inital backup can be performed directly against the satellite
• Bandwidth of your customer can be optimally utilized

Commissioning

After ordering your backup package including satellites, you will receive an email with the credentials as soon as the Vault account is deployed on the Basevault.
You will receive a separate notification after the satellite has been provisioned and shipped to you.

After receiving the satellite, the following steps must still be performed (hardware satellites):

• Set up and launch satellite on your end customer's network.
• You reach the satellite interface via the local address of the satellite (optionally static IP or DHCP).
• Please note that the satellite interface is accessible via HTTPS and may have to be allowed in the browser first.
• Via the interface you can change the access data in the user administration and, if necessary, adjust the network configuration
• Please deactivate the bypass mode via the function Deactivate bypass mode 10.3.1.3.
• The satellite is now prepared for productive use and must be stored as a backup target in the Vault settings of the agents (local IP of the satellite)
• Initial backups can optionally be performed directly against the satellite

Commissioning of a satellite VM:

You will receive a Hyper-V VM container from TERRA Cloud Support, which you can import and virtualize under Hyper-V.

• Further setup or storage allocation is done in a remote session with TERRA Cloud Support.

Satellite interface

System

Registration

The following interface can be reached in your browser under the IP address of the satellite. There are two different users available, in the figure you can see the administrative user, which has
unrestricted access. In addition, there is a user who has read-only rights, you can specify the access data at a later time.
The default credentials for the admin user are:
.
User = admin
Password = terra

Information

The Information item shows you the dashboard with all the important vital indicators of the hardware, e.g. CPU, RAM or the hard disk utilization.
In addition, the mode of the satellite is apparent. A distinction is made between two modes, the active and inactive bypass mode.
When the bypass is active, the satellite rejects all agent requests, so that communication for backups, restores, synchronizations or job creation takes place via the Basevault. Accordingly, the Basevault address must be stored in the portal under the Vault Settings tab.

With the inactive bypass, the satellite is enabled and accepts all agent requests, so that communication for backups, restores, synchronizations, etc. can be handled by the satellite. or jobs are created via the satellite. Accordingly, the IP address of the satellite must be stored in the portal under the Vault Settings tab.

Hard disk capacity:
Green = Between 0% and 85%
Orange = From 85% to 95%
Red = From 95% to 99.99%

Functions

System functions:
Under the item Functions you will find a list of the relevant stored services on the satellite. Please check if all services are running.
If a service is stopped, you can start it via the Play icon. Please do not restart any services while the satellite is running.

Satellite functions:
You can shut down or reboot the satellite from this interface.

Disable bypass:
A satellite with Bypass mode enabled cannot accept backups and delegates them to the Basevault. Please disable the bypass mode so that the satellite can accept backups.
.

Enable Support Connect:
With this switch you allow TERRA Cloud Support to access the satellite via remote maintenance.

Branding

This function allows you to customize the interface of the satellite to the CI of your company. The configuration only needs to be done on one satellite, as you can export it and import it on other satellites. In addition, there is the option to store your own logo.

Maintenance

Vault maintenance checks the satellite's database daily at 9:23 a.m. for safesets that have exceeded their retention period, the number of retention days and copies must be exceeded for this. Expired safesets are deleted from the satellite. You can adjust the start time of this maintenance as needed.

Updates

You can check the satellite interface directly for the latest updates and apply them.

XML View

This menu item will take you to the satellite's XML output in a new tab. This output lists all relevant information of the satellite and can be monitored.
You can add this link to your own monitoring solution or use ready-made sensors. You can find prefabricated sensors for Server-Eye and PRTG Network Monitor, the sensors can be found
. under the search term "Terra Cloud Backup".
Homepage Server-Eye

Replication

Connectivity

This overview shows you the status of the connection to the Basevault. The satellite transmits a "heartbeat" to the Basevault .
at regular intervals. In addition, the connection to the backup portal and to Basevault is checked via ping and telnet, this ensures that all necessary ports are enabled for the satellite.
During replication, for example, the outgoing network print set can also be monitored.

Replication status

This overview shows you which safesets are still pending replication to the data center, these are processed as in a queue.
On the right side of the page, you can click through the satellite's current inventory and view more detailed information about individual safesets, such as the compressed
size or whether this safe set has already been replicated.

Bandwidth limitation

You can configure bandwidth limitation for the satellite replication. Please note that after an adjustment the replication service restarts and thus running replications are aborted.
We recommend configuring the "Quality of Service" on the firewall for the satellite and assigning it a low priority in case of a weaker connection.
This setting on the firewall ensures that replication can take place at full bandwidth on a holiday, for example, which
. Bandwidth allocation is therefore more flexible than a fixed bandwidth limit.

Replication Schedule

The replication schedule allows you to control whether to replicate immediately after a newly created backup and after
. defined schedule or exclusively according to a configured replication schedule. This option is particularly recommended if
.

should be backed up during your customer's working hours, but should not start replication until after working hours.

In this image, you can see the configuration for a replication schedule that initiates a replication process every day around 8pm:
.

Safeset Management

Special configurations can be made on the satellite via the Safeset Management, these can affect the function of the satellite if they are incorrectly configured.
Changes can only be made after activation via the slider and may only be made after consultation with support.

Backup data

Using the satellite interface, you have the option of deleting entire systems, jobs or individual backup sets (safesets).
The deletion refers only to satellites, the data stock in the data center on the respective Basevault remains unaffected.
Online safesets are displayed, these are highlighted in black and can be selected by clicking on the checkbox.
Online safesets are characterized by the fact that they are stored locally on the satellite and are directly available there.
Safesets that are grayed out and cannot be selected are offline safesets.
An offline safeset is only present on the basevault and no longer on the satellite, the satellite only "knows" through the offline safeset that there is a safeset on the basevault with the following properties.
Only meta information about these safesets is stored on the satellite.

Procedure for a deletion:
For a deletion, the desired objects must be selected and removed via the button "Delete selected entries".
Please perform a "quick memory optimization" after a deletion.

Job Monitor

You can view open or already completed processes in the Job Monitor.
Backups or restores can be monitored with it, as well as replication processes.
The following screenshot shows a satellite that currently has no open jobs:

Jobs on the screenshot:
Maintenance Host = This process represents the maintenance on the satellite, this process should always be displayed
. Satellite Replication Service = Behind this process is the active replication service, this process should always be displayed
. Satellite Replication - Upload Satellite Statistics = In the screenshot, this process is set to "Inactive" because it completed successfully. The satellite has passed information to the Basevault in this job.

User management

Within the user administration you can define passwords for the total of two users. Which users are stored in total?

1. Admin: This user has unrestricted access and is intended for the administration of the satellite.
2. User: This user has read-only permission and can be issued to the end user as needed.

Network configuration

Via the network configration you can pass your desired settings directly to the satellite or use the "Enable DHCP" function.
Once DHCP is enabled, you will see the network configuration assigned by the DHCP server.

Backup Import

Recommended path

The initial backup can be created easily and quickly via the TERRA Cloud Initialbackuptool. The functionality of the initial backup tool is explained in the following short video: TERRA Cloud Initialbackup Tool.

Please select a locally mounted volume as the destination for the initial backup, the initial backup cannot be placed on a network share. After the initial backup has been created by the tool, it can either be sent via an external hard drive or uploaded to the TERRA Cloud FTP server.

Manual way

Alternatively, the initial backup can also be created manually. The following steps must be carried out or already completed beforehand:

• Backup Agent is installed on the desired system and registered on the portal
• The backup job and schedule are configured as desired
• The schedule is disabled so that the agent does not automatically try to back up to the Vault.

Procedure Please run this job once manually and select the vault system as destination. The backup job must transfer metadata and configuration data to the vault system so that, for example, a new registration of the system or a restore is possible. As soon as the status of the backup changes to "Processing in progress" the actual backup is transferred and you can cancel the job. After that, please run the backup with the destination "Directory on disk", there you can select the external hard drive on your server and store the backup.
. Please select a locally mounted volume as the destination for the initial backup, the initial backup cannot be placed on a network share. The following folder structure MUST be stored on the selected data carrier for identification. Here is an example:

\$CONTONAME$\$COMPUTERNAME$\$JOBNAME$

Example path: d:\00000-Example\srv-terracloud\bmrjob
It is essential that this directory structure is adhered to. The data is encrypted and we otherwise have no way of knowing which data belongs to which job.

Send in data medium

PLEASE make sure that all fragment files are present in each backup job, they are incremented and must be present without gaps. Each fragment (except the last one) must be 1,048,576KB in size. Also a fragment with the name (Safeset number.SSI) must be created. Please send the hard drive along with the completed submission form to the following address:

terra CLOUD GmbH
Hankamp 2
32609 Hüllhorst

Please do not send us unencrypted raw data from your end customer under any circumstances!!!
These will be returned to the sender unprocessed.

FTP upload

The created initial backup, whether manually or via the tool, can be uploaded to the TERRA Cloud FTP server.
The necessary access data will be provided by us for this purpose. The individual fragments of the backup (SSI files) can also be uploaded in stages.
PLEASE make sure that all fragment files are present in each backup job, these are incremented and must be present without gaps.
Each fragment (except the last one) must be 1,048,576KB in size. Also, a fragment with the name (Safeset number.SSI) must be created.

You will receive feedback from us as soon as the backup has been imported. The schedule should only then be reactivated.
The next time the job is started, the agent resynchronizes with the Vault and from that point on, only the changed blocks are transferred.

Pass USB disk to HyperV VM

Attaching a virtual disk to a Hyper-V based VM

Backup Export

Safeset export (agent format)

With this export option, each safeset is exported individually to an external HDD or the FTP server of TERRA CLOUD and divided into 1GB fragments, just like an import.
. The size of each safe set is the original size of the system at the time of backup minus an average compression rate of 50%.
. Please note that if you export more than one safe set, EACH safe set will be the size described.
The exported fragments can be processed directly by an agent.

You can restore from an exported safeset by selecting "Directory on disk" as the source device when restoring.
Restore individual files or folders:

BMR restore from an exported safeset:

Export of the entire data set (Vault format)

As an alternative to individual safesets, the entire data set (All Safesets) can be exported.
With this option, the data is exported directly in Vault format so that deduplication can be used. The exported data must be read in with additional software so that an agent can process and restore it.

You can find the required software at:
Secondary Restore Server

Import export and create release:
The Secondary Restore Server reads the export in Vault format and presents the individual safesets to an agent.
.

• Please navigate in the Secondary Restore Server to the directory where the export of the entire data set is stored (mount).
• Put the data of the exported Vault account e.g. (00000-CUSTOMER) and the Vault password.
• Start the share via the Secondary Restore Server (Start).
• Active sharing allows agents to recover from this system as if it were a vault system

Please enter the address of the system with active Secondary Restore Server (e.g. 127.0.0.1)
as restore target after enabled sharing. In the following example, Backup Agent and Secondary Restore Server are together on one system:

Agent scripting

Windows Agent

The Windows Agent can also be started via command line or script in addition to the portal.
Agent scripting is recommended to stop e.g. non VSS capable databases before backup (MySQL, MariaDB and many more)
.

Addressing Windows Agent via command line

Please change first in the CMD or PowerShell to the installation directory of the agent, this is by default 'C:\Program Files\TERRA Cloud Backup\Agent\'
.

To start a backup the following parameters must be passed to the VV.exe:

• VV.exe backup JOBNAME /retention=RetentionName (CMD)
  
• .\VV.exe backup JOBNAME /retention=RetentionName (PowerShell)
  

With the parameter /retention=RetentionName you can determine which retention type should be used.
Please replace "RetentionName" with the retention period name, you can view this in the Agent Settings.

Addressing Windows Agent via script

The desired commands can be stored in a script.

Recommended formats are .bat and .cmd'

Scripts can be extended as desired, e.g. to store pre- and post-commands, i.e. commands before or after the backup.

Sample script:

@echo off
cd "C:\Program Files\TERRA Cloud Backup\Agent"
echo "Start backup" >> backuplog.txt
VV.exe backup BMR /retention=Daily
echo "Backup performed" >> backuplog.txt

Run script before shutdown

You can include your created script in the pre-shutdown event of the system with the following configuration. This is especially recommended for client systems that are not in continuous use.

Please follow these steps to deposit a script:

1. Open the local group policy editor (WIN + R "gpedit.msc")
   
2. Store your created script under "Computer configuration -> Windows settings -> Scripts (startup/shutdown)
   
3. Click on "Shutdown" and add your script via "Add".
   
4. Please adjust the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc\PreshutdownTimeout
   
5. This key defines the length of the pre-shutdown event, which is set to 15 minutes by default. Please increase this value so that a backup can be created in this time.
6. Please navigate to "Computer Configuration -> Administrative Templates -> System -> Scripts
   in the Local Group Policy Editor.
7. Adjust the "Specify maximum wait time for group policy scripts" setting. You can enter a value up to 32,000 seconds or a 0 for an infinite wait time.
8. If you have a Windows Server 2019 machine in use, please note that you have adjusted the rights accordingly.
   

We have described more information about this in the following wiki article: PreshutdownTimeout Value Permissions

Create new custom command

This option allows you to schedule already created scripts via the Backup Portal.

When you create a new custom command, the agent checks if scripts are stored in the agent directory in the "ScheduleScripts" batch files subfolder.

The default path to this directory where a script for this function can be placed:

C:\Program Files\TERRA Cloud Backup\Agent\ScheduleScripts

In the following screenshot you can see a selected script, with a configured schedule:

Recommendation: The schedule of a custom command can be created only one-line. Please check our Best Practice for agent scripting to work around this disadvantage.

Agent scripting best practice

The Backup Agent can be tailored to individual application scenarios through the use of scripts. We recommend that you use the following instructions as a basis for your scenario.

Preparation:
What should be prepared before using the following scripts?

1. Installation of the agent on the system to be protected.

Linking the system in the Backup Portal to the Vault

1. Create backup job(s), without schedule

Step 1: Create batch file
Create a batch file (.bat) with the following structure

powershell.exe -ExecutionPolicy Bypass -File "Path to PowerShell script\agentscripting_retention.ps1"

Please adapt this batch file later to the path and name of the PowerShell script you have specified.

Copy the created batch script to the following folder in the agent installation directory:
C:\Program Files\TERRA Cloud Backup\Agent\ScheduleScripts (Standard)

In the Backup Portal, click "Create_new_custom_command" under "Select Job Task" for the system in question.
Via this function you can select a stored batch script and provide it with a schedule, please configure the desired time. (e.g. 22 o'clock)

Function:
This batch file will be started later via schedule by the backup agent itself. The batch file starts the PowerShell and the second script. Since PowerShell is much more comprehensive and flexible, the first script is only used to call PowerShell.

Step 2: Create PowerShell script
In this step you create the PowerShell script which is controlled by the batch script from Step 1. This script is used to access the Backup Agent to perform a backup. In addition, it is possible to use different retention periods and to include pre- and postcommands.

Contents:
Please create a PowerShell script (.ps1) with e.g. the following content:

Set-Location "C:\Program Files\TERRA Cloud Backup\Agent"
$date = Get-Date
$currentday = $date.Day
$lastday = [DateTime]::DaysInMonth($date.Year, $date.Month)
if ($lastday -eq $currentday){ 
    Placeholder for Pre-Commands
    .\VV.exe backup NamedesBackupJobs /quickscan=true /retention=Monthly
    Placeholder for Post-Commands
} 
else{
    Placeholder for Pre-Commands
    .\VV.exe backup NamedBackupJobs /quickscan=true /retention=Daily 
    Placeholder for Post-Commands
}

Function: This PowerShell script goes to the installation directory of the agent and checks the current date. If the date is equal to the total number of days of the month (the dynamic last day of the month), a backup is performed with the "Monthly" retention type. On all other days, the "Daily" storage type is used.

Advantages of this implementation:

1. You can use the full functionality of PowerShell and customize this base script as you like for your customers
2. The schedule can be created via the Backup Portal and does not need to be implemented via the script
3. Pre- and post-commands allow you to stop databases before backup that cannot be brought to a consistent state via the VSS technique

Linux Agent

The Linux Agent can also be addressed via created scripts in addition to the portal.

You can address the agents directly through a created script. As in the following example script (CustomScript.sh):

nano CustomScript.sh cd /opt/BUagent
./VV backup RootDir

RootDir is the backup job name in the example.
The script (e.g.: CustomScript.sh) must be equipped with the appropriate rights afterwards. Please execute the following command for this:
chmod +x CustomScript.sh

Optionally, you can schedule scripts via the Backup Portal, to do this you need to perform the following steps:
.

• On Linux, by default, no folder named "ScheduleScripts is created in the installation directory. Please create it with e.g. mkdir ScheduleScripts
  
• Save created script (.bat or .cmd) in agent directory in newly created ScheduledScripts folder
• In the Backup Portal, use "Select Job Task" to "Create New Custom Command" and select your script.
• Create a schedule for the script

vSphere Recovery Agent

The vSphere Recovery Agent, abbreviated as VRA in the following, is used to back up VMware vSphere environments. As of vSphere version 6.0, virtual machines can be protected via the VRA. For this purpose, the VRA is installed on a Windows server, which can either be a VM within the vSphere environment or a VM within the vSphere environment. or a physical system. The VRA connects to the vCenter Server appliance for backup, which is mandatory. Individual ESXi hosts without vCenter cannot be backed up using this agent.

Installation

Please run the installation setup of the VRA on a Windows Server system with access to the vCenter. Follow the recommendations in the Best Practise section. For a detailed description of the installation process, see the documentation in the Backup Portal download area. The process turns out to be relatively simple, as all you need to do to complete the installation is to enter the credentials for the subsite user so that the VRA is registered to the correct end user site, just like other agents.

Configuration of the agent

After successful installation and registration on the Backup Portal, you can now add the system to the Vault as described in [System to Vault].

Afterwards the VRA has to be linked to the vCenter, please enter the address and the login data for the vCenter under the tab "vCenter" as shown in the following screenshot:

Create vSphere Backup Job

Once the VRA is added to the Vault and the connection to the vCenter is established, you can create a new "Job for VMware vCenter". The following screenshot shows an example of a new job for a vSphere environment. Please enter a job name and optionally a description and the encryption password. You can either include all virtual machines in the backup by selecting the "Virtual machines" level, all virtual machines are thus recursively included. This option has the advantage that new virtual machines are automatically included in the backup job. Alternatively, you can select individual VMs and include them in the backup set.

Application consistent settings:
As soon as you enable application-consistent backup, the VSS components of the guest operating system, for example, can be accessed via VMware Tools. Additionally, transaction logs from MS Exchange or SQL can be backed up or truncated.

For log truncation, the system's credentials must be stored as the agent has the necessary permissions, if you are protecting multiple VMs in a job, you can store credentials for each VM individually in the backup set in the lower right corner if necessary.

Rapid VM Recovery (fast VM recovery)

The Rapid VM Recovery function allows you to start a VM directly from the backup. You can use this function to test the backup for functionality very quickly or to get a system up and running again very quickly in the event of an error, since you can log on to the system shortly after starting the recovery.

Prerequisite:

• Exclusively available in conjunction with a TERRA CLOUD backup satellite
• Each ESXi host must have a software ISCSI adapter

The datastore on which the VM is started can be either on local, ISCSI or vSAN storage. A datastore to which a VM is to be migrated can also be located on an NFS share in addition to the storage types mentioned above.

• There must be at least two datastores in total
• vSphere Recovery Agent 8.82 or higher

The Windows server on which the VRA is installed has the Windows feature "iSCSI Target Server".

'Sample Configration of an ESXi Host for Rapid VM Recovery:

In the following screenshot, an iSCSI software adapter has been added via vCenter using "Add Software Adapter".

Additionally, a VMkernel adapter has been added without an enabled service role, as seen in the following screenshot:

Procedure: Once all prerequisites are met, you will get an additional "Virtual machine using fast VM recovery option" under "Restore":
.

Afterwards you will get to the configuration of the restore, where you can decide which VM should be restored and which datastore should be used. On the following screenshot you can see the datastore "Rapid VM Recovery Datastore", this datastore is configured for e.g. recovery and functional test, during recovery you can migrate the VM to another datastore, where e.g. your production systems are located.

Best Practice

• Install the vSphere Recovery Agent in a separate Windows Server VM, this is only used for management or backup if possible.
• Keep the vSphere Recovery Agent VM highly available via vSphere HA.

Use a satellite for the TERRA CLOUD backup to be able to use Rapid VM Recovery.

• Place the vSphere Recovery Agent VM on the same subnet as the vCenter Server appliance.
• Enable the "Application aware backup" option in the backup job.
• Use Change Block Tracking for virtual machine backup, this setting can be found under the "vCenter Settings" tab.

Hyper-V Agent

Script to convert VM ID to VM name

General:
TERRA CLOUD Backup Hyper-V Agent creates a separate backup job on the Vault for each protected VM, independent of the backup jobs created in the portal. This backup job is named after the VM ID, this is then also displayed to you in the report function or the reseller or end customer reports.

An example for such a VM ID is:
HV_OXD7RG6JJ5DDVNMEAFRLWISXRA

This ID is displayed in the Backup Portal when you place the cursor on the Virtual Machine in the Virtual Machines tab, for example.

Script:
You can run the following PowerShell script on the system where the MGMT component of TERRA CLOUD Backup Hyper-V agent is installed. The script reads the VM IDs from the configuration files in the agent directory and gives you the corresponding VM names. Please note that you will only be shown the IDs and VM names of the systems that are protected via a backup job.

Download PowerShell script "VmName2TaskName.ps1"

= Automatic Bare-metal System Restore Test (ABSRT tool) =.

Automatic Bare-metal System Restore Test (ABSRT tool)

General

Regular BMR test backups are a necessity for the quality management of a backup concept.
However, manual tests are time-consuming and therefore cost-intensive; automation can remedy this and reduce the time spent on configuration and control.

The ABSRT tool creates virtual machines based on Microsoft Hyper-V, these have a prepared Restore ISO.
All data that would have to be entered during a manual restore, such as the system name or the address of the vault system are read from a CSV file and entered in the restore process.
The most recent safeset is dynamically used for the restore test.
After the automated configuration is complete, a full restore is performed, including the system startup after the successful completion.

To further increase efficiency, you can also paralellize the restore by storing the data from multiple BMR backup jobs in the CSV file.

Prerequisites

1. Attend TERRA CLOUD Backup Certified Specialist training.
2. At least one Microsoft Hyper-V host with appropriate spare capacity for the test VMs.
3. The test VMs need access to a DHCP server
4. An external vSwitch must be available
5. Activated Windows Server license
6. Certified Specialist ABSRT license (available upon request from Support)

Setup

When you first start the ABSRT tool, the tool will ask you for a Certified Specialist ABSRT license:

After you enter a valid license, the installation path selection will appear:

Next, the following required components will be checked/installed:

1. Hyper-V Installation
2. Bootable Media Creator
3. Windows Assessment and Deployment Kit
4. If configured, VeraCrypt

If software components are missing or not up to date, they will be installed automatically by the tool.
If the Hyper-V component is installed, a reboot must be performed.

Preparation of the CSV file

Please navigate to the installation directory of the tool and open the folder "CSV" (e.g. under C:\ABSRT\CSV).
In this folder is the "Backups.csv" file, which you can use as the basis of your configuration.

Important! The first line serves as a legend and must not be customized!

Example:
Vaultaddress,Vaultaccount,Vaultaccountpassword,Computername,Jobname,EncryptionPassword,VHDXCapacity,VMGeneration,VHDXStorage,VSwitchName,AmountOfPhysicalDisks,SendEmail
==> vault-wmh1-wp01.terracloud.com,00000-RESELLER,RtHKha451!HjioplÖ03,DC,BMR,hdakzeogsz1,300,2,D,external,3,n

You can save the CSV file under any name. We recommend creating a separate CSV file for each end user.

Explanation of parameters

Vaultaddress = FQDN of the vault system

Vaultaccount = Vaultaccount, you can take this e.g. from your vault profile

Vaultaccountpassword = you have received this password in the confirmation of the provisioning

computer name = computer name on the Vault system, this does not necessarily have to correspond to the name displayed in the Backup Portal, please check your Reseller Report if in doubt

Jobname = name of the backup job

EncryptionPassword = The encryption password of the selected backup job

VHDXCapacity = Please enter here the size of the restored volume, if the system has more than one volume please enter the value of the largest in GB.

VHDXStorage = Please enter the drive letter for the storage location of the VHDX

VSwitchName = name of the external vSwitch, you can get this from the virtual switch manager

AmountOfPhysicalDisks = Please specify the number of hard disks the system has

SendEmail = An optional switch that allows you to configure an email notification (n = no, y = yes)

If you want to restore multiple systems at the same time, simply add more lines starting from line 3. The legend line does not need to be copied.

Execution

After you have prepared one or more CSV files, you can start the tool again. Here you then only need to select the CSV file to start a recovery.

Monitoring

During recovery, another process is started which checks the status of the recovery based on the virtual machine heartbeat.
Once a heartbeat is present, a screenshot of the connection window is taken and placed in the ABSRT directory under "Screenshots".
If the SendEmail option is selected, the screenshot will also be sent to the specified email address.

Email notification ABSRT

To use email notification, you must edit and fill in the C:\ABSRT\smtp.xml file:


The script checks in advance if the required fields have been filled in. Unless an entry has been filled in, the notification is skipped.

VeraCrypt

Activate function afterwards:

VeraCrypt REG-Key under HKEY_LOCAL_MACHINE\SOFTWARE\ABSRT\ remove ABSRT.exe start again and activate VeraCrypt

Disable function afterwards:

Remove container if necessary under C:\ABSRT\VeraCrypt Remove VeraCrypt REG-Key under HKEY_LOCAL_MACHINE\SOFTWARE\ABSRT\ Restart ABSRT.exe and deny VeraCrypt

Re-create CSV container:

Remove container from C:\ABSRT\VeraCrypt Restart ABSRT.exe and enter password for new container

Script-based handling ABSRT

The following parameters can be used exclusively via PowerShell:

-Install [Switch] - "C:\Users\Administrator\Desktop\ABSRT.exe -Install"
-> Ensures that setup does not ask to reboot the system after Hyper-V installation during initial setup.

-Password [String] - "C:\Users\Administrator\Desktop\ABSRT.exe -Password Terra001!"
-> Ensures that the VeraCrypt container is automatically mounted. Provided that the password is incorrect, a manual query is made.

-CSV [String] - "C:\Users\Administrator\Desktop\ABSRT.exe -Password Terra001! -CSV V:\CSV\TestCSV.csv"
-> Ensures that the CSV file is automatically selected. Please always specify the complete path of the CSV + file extension. (Shift + right click -> "Copy as path" can be used for this)
.

Prerequisites

1. Attend TERRA CLOUD Backup Certified Specialist training.
2. At least one Microsoft Hyper-V host with appropriate spare capacity for the test VMs.
3. The test VMs need access to a DHCP server
4. An external vSwitch must be available
5. Activated Windows Server license
6. Certified Specialist ABSRT license (available upon request from Support)

Setup

When you first start the ABSRT tool, the tool will ask you for a Certified Specialist ABSRT license:

After you enter a valid license, the installation path selection will appear:

Next, the following required components will be checked/installed:

1. Hyper-V Installation
2. Bootable Media Creator
3. Windows Assessment and Deployment Kit
4. If configured, VeraCrypt

If software components are missing or not up to date, they will be installed automatically by the tool.
If the Hyper-V component is installed, a reboot must be performed.

Preparation of the CSV file

Please navigate to the installation directory of the tool and open the folder "CSV" (e.g. under C:\ABSRT\CSV).
In this folder is the "Backups.csv" file, which you can use as the basis of your configuration.

Important! The first line serves as a legend and must not be customized!

Example:
Vaultaddress,Vaultaccount,Vaultaccountpassword,Computername,Jobname,EncryptionPassword,VHDXCapacity,VMGeneration,VHDXStorage,VSwitchName,AmountOfPhysicalDisks,SendEmail
==> vault-wmh1-wp01.terracloud.com,00000-RESELLER,RtHKha451!HjioplÖ03,DC,BMR,hdakzeogsz1,300,2,D,external,3,n

You can save the CSV file under any name. We recommend creating a separate CSV file for each end user.

Explanation of parameters

Vaultaddress = FQDN of the vault system

Vaultaccount = Vaultaccount, you can take this e.g. from your vault profile

Vaultaccountpassword = you have received this password in the confirmation of the provisioning

computer name = computer name on the Vault system, this does not necessarily have to correspond to the name displayed in the Backup Portal, please check your Reseller Report if in doubt

Jobname = name of the backup job

EncryptionPassword = The encryption password of the selected backup job

VHDXCapacity = Please enter here the size of the restored volume, if the system has more than one volume please enter the value of the largest in GB.

VHDXStorage = Please enter the drive letter for the storage location of the VHDX

VSwitchName = name of the external vSwitch, you can get this from the virtual switch manager

AmountOfPhysicalDisks = Please specify the number of hard disks the system has

SendEmail = An optional switch that allows you to configure an email notification (n = no, y = yes)

If you want to restore multiple systems at the same time, simply add more lines starting from line 3. The legend line does not need to be copied.

Execution

After you have prepared one or more CSV files, you can start the tool again. Here you then only need to select the CSV file to start a recovery.

Monitoring

During recovery, another process is started which checks the status of the recovery based on the virtual machine heartbeat.
Once a heartbeat is present, a screenshot of the connection window is taken and placed in the ABSRT directory under "Screenshots".
If the SendEmail option is selected, the screenshot will also be sent to the specified email address.

Email notification ABSRT

To use email notification, you must edit and fill in the C:\ABSRT\smtp.xml file:


The script checks in advance if the required fields have been filled in. Unless an entry has been filled in, the notification is skipped.

VeraCrypt

Activate function afterwards:

VeraCrypt REG-Key under HKEY_LOCAL_MACHINE\SOFTWARE\ABSRT\ remove ABSRT.exe start again and activate VeraCrypt

Disable function afterwards:

Remove container if necessary under C:\ABSRT\VeraCrypt Remove VeraCrypt REG-Key under HKEY_LOCAL_MACHINE\SOFTWARE\ABSRT\ Restart ABSRT.exe and deny VeraCrypt

Re-create CSV container:

Remove container from C:\ABSRT\VeraCrypt Restart ABSRT.exe and enter password for new container

Script-based handling ABSRT

The following parameters can be used exclusively via PowerShell:

-Install [Switch] - "C:\Users\Administrator\Desktop\ABSRT.exe -Install"
-> Ensures that setup does not ask to reboot the system after Hyper-V installation during initial setup.

-Password [String] - "C:\Users\Administrator\Desktop\ABSRT.exe -Password Terra001!"
-> Ensures that the VeraCrypt container is automatically mounted. Provided that the password is incorrect, a manual query is made.

-CSV [String] - "C:\Users\Administrator\Desktop\ABSRT.exe -Password Terra001! -CSV V:\CSV\TestCSV.csv"
-> Ensures that the CSV file is automatically selected. Please always specify the complete path of the CSV + file extension. (Shift + right click -> "Copy as path" can be used for this)
.

Backup Assistant

The TERRA CLOUD Backup Assistant is a self developed tool from TERRA CLOUD. This tool is intended to provide you with basic support when working with our backup solution.

Status

On the right side of the tool you will find information of the "connections" and "software" versions.
If you are not able to connect to our servers, please check the corresponding ports.
Furthermore, you can use the Backup Assistant to install or update your software.

Agent Installation

If the backup agent is not yet installed on the affected system, this can be downloaded and installed using the tool.
. Please first store the access data of a Backup Portal user, which is located in the corresponding customer site.
If you want an automatic job setup, you can check this directly there. For this only an encryption password is needed from you, which should be assigned.
For more information on automatic agent configuration, see here.



After you have selected the required plugins and accepted the license agreement, the latest backup agent will be downloaded and installed in the background.

Initial Backup

This feature presents the same options that are available for the Initial Backup tool. This tool is presented in the following video

Agent functions

In the overview you can read your already created jobs of the device and execute them manually if necessary.

Backup Reset

Using this function, corrupted files are deleted from the backup agent directory.
After the deletion, the tool performs a synchronization. This process may take some time to complete. Attached is an example where this should be performed:
delta mapping file is corrupted

Support Bundle

With the Support Bundle, all the necessary information and logs such as VSS logs, system event logs, and backup job logs are combined and packed into a .zip file.
This can support us in various support cases to find out the cause.

FAQ

VSS

Enclosed is a small explanation on the subject of VSS:

What actually is VSS?

• VSS is the abbreviation is a derivation of "Volume Snapshot Service"
• Translated: volume shadow copy service

Implemented since Windows XP / Windows Server 2003, used to create version snapshots

• A snapshot is a snapshot of a volume (read-only).
• VSS works on block level

VSS technology is used in most backup solutions that back up Windows systems.

• VSS errors are the main source of failure for these backup solutions

Components of the VSS technique

VSS Writer:

• each VSS-enabled application installs its own VSS writer on the system, this is needed to bring its application into a consistent state

VSS Requestor:

• any program that needs consistent data can become a requestor, in our case the backup agent

VSS Provider:

• The provider creates and manages the shadow copies of data in the system

Forgotten encryption password of a backup job

If you forget the encryption password of a backup job there is no possibility to restore files from the backup job.
A change of the password is not possible by us.

Change encryption password of a backup job

You have the option to reset the encryption password. To do this, go to the corresponding backup job in the backup portal and then click on "Edit job".
On the left, you can now set a new password. Please note that backups created with the old encryption password can only be restored with this password.
. Here our recommendation would be to delete the backup job and create a new backup job with the new encryption password.

Granular Restore Tool - License

During the installation of the Granular Restore Tool you will be asked for a license.

Please send us an email including your customer number with the subject "Granular Restore License" to support@terracloud.de
We will then provide you with an appropriate license.

Deletion of data on a Vault

If you delete a job or server from Backupportal, the data will still remain on the Vault for security reasons.
. To remove the data permanently, we need an explicit deletion request. This must contain the following information:
- Account name
- Server name
- Job name, if applicable
- Safesets if necessary

Register again

For example, if a job has been deleted from the portal, a re-registration of the server to the Vault must take place.
To do this, you must proceed as follows:
Please delete the existing jobs and vault for this computer from the portal.
Your data is not affected by the deletion. Then proceed as follows:
1. please select "Re-register" under "Vault Settings" in the Backupportal.
2. Load the Vault settings. The desired system can be found at the bottom right of the current window.
3. After a few seconds, the computers and jobs should be displayed again. You may need to log in again.
4. edit the existing jobs and enter the encryption password in each case and perform synchronization.
5. in the last step, please start the backup manually.

Change site

To change the site of a system that has already been integrated into the Backup Portal, please apply the following steps:

1. Restart the installation of the TERRA Cloud Backup Agent.
   
2. Click "Next" to continue.
   
3. Select the item "Change" among the items "Change", "Repair", and "Remove" and click "Next".
   
4. Make sure that "Leave unchanged" is selected in the next window and click "Next".
   

Now select your custom setup and confirm your settings with "Next".
Now you get the message "The agent is already registered with Web Agent Console", select the item "Change registration" and confirm with "Next"
. Now enter the e-mail address and password of the user of the site you want to switch to and press "Next".

1. Now click "Install" to begin installing your newly configured agent. Finally, click "Finish".
   

After 5 minutes at the latest, the re-registered server should show up within your portal under "Computers".
You can delete the computer with the incorrect registration from the portal as soon as it is displayed as "Offline".
This happens after 10 minutes at the latest and a new login in the Backupportal.

Evaluate job status in XML file

With agent-based backup, both Windows and Linux, an XML file can be evaluated to know the backup status.
.
Under Linux, this XML file is usually located at:
/opt/BUAgent/<JOBNAME>/BackupStatus.xml

On Windows, you can also find the BackupStatus.xml inside the installation directoryC:\Program Files\TERRA Cloud Backup\Agent\<JOBNAME>

The following results are possible:

• UNKNOWN => The job status is currently unknown.
  
• COMPLETED => The job is completed or finished with errors/warnings.
  
• CANCELLED => The job was cancelled manually.
  
• FAILED => The job failed, please check the log files.
  
• NO_FILES => No backup could be performed because no files are protected by this job.
  

Backup of a DATEV SQL database

When backing up a DATEV SQL database, there are some peculiarities compared to an "ordinary" SQL database backup. Usually the administrator does not have full access to the database and therefore the SQL plug-in cannot be used. In addition, there may be problems with a file-based backup, since the timestamp of the database file (MDF file) is partially reset.
Transaction logs do not need to be truncated, since circulation logging is configured for the DATEV SQL database.

Recommended backup concept:
The system should be protected via an image-based BMR backup, as the database file timestamp is irrelevant in this partition-based backup method.

How does the migration of backups from existing customers to a dedicated vault system work?

Initial situation:
You currently have Backup Standard or Backup Basic packages booked for your customers and would like to have your customers' backups moved to a new dedicated vault system.

Satellites:
Please note that backup packages cannot be moved to a dedicated vault system in conjunction with a satellite. Satellites can only be used in conjunction with a dedicated Basevault. Basevaults are optimized specifically for communication with satellites, so mixed operation on a vault system is not possible. We recommend, if you have satellites in use, to move only your customers without satellite.

Preparation:
Please prepare the following steps for the migration process:

1. Order the dedicated vault system in the desired location on your company (Please note the provisioning time of up to 10 working days)
2. After deploying your new vault system, place an order for a vault account for each of your customers (You can key the vault accounts to the respective customers).
3. Create a comparison in e.g. Microsoft Excel with the old Vault account (e.g. 12345-DRMEY) and the newly ordered Vault account, on your dedicated Vault e.g. (12345-DRMEYER).

When your vault system is provisioned, a support ticket for the migration process is automatically created, please specify the migration timeframe in this ticket.

Procedure during migration:
On the morning of the migration day, the process is started by the TERRA CLOUD team. You will receive a notification by email which accounts have been started for migration. You can deposit the new backup targets for the agents directly after starting the migration, as described in Instructions for the adjustments in the Backup Portal. Please note that no backups can be performed during the migration, as both accounts are locked by the migration. Typically, migrations complete on the same business day, allowing backup agent scheduled backups to occur against the migrated dataset on the dedicated vault.

How does the migration work technically?
The migration process starts a copy operation of the stored computers / backup jobs / safesets from the old account from the shared vault to the account on the dedicated vault system.

How many end customers can be moved per migration day?
Usually approx. 5 end customers can be moved per day, this depends on the size of the respective accounts approx. 1.5 TB (native protected data volume)

What happens to the old accounts after migration?

After the completion of the entire migration process, the old accounts still need to be cancelled by you, otherwise double billing may occur.

Of course, during the migration process, a support team member will be available as a contact person for individual planning of the migration process.

Backup Troubleshooting

• Backup Troubleshooting