Technical Deep Dive
Long gone are the days when having a Windows image backup was sufficient. Yes, you need a bare metal backup for system recovery... but that's only the start.
With so many hackers targeting your systems and your backups, what you need are multiple layers of protection.
BackupAssist Classic provides onsite, offsite, online and offline backups including Windows system drive images, and application & file backups. This gives you multiple recovery options when you need them the most. Back up to USB disk, NAS, iSCSI, cloud - it's easy to be cyber-resilient and never pay a ransom!
The problem is, no single backup can do everything and be resilient to all potential disasters. Each type of backup (image backup, file backup, etc) has strengths and weaknesses, which you might not realize until it’s too late.
Now, in the age of cyber crime, hackers are exploiting these weaknesses to hold businesses and government departments to ransom.
Overview of backup TYPES
Welcome to our five "backup engines" - the building blocks for success.
(Windows image backup)
(File backup to ZIP)
What's in it for you
Using the five backup engines in the right combination gives you advantages that no other Windows backup software package can offer.
Using multiple backup engines will slash your window of data loss while making recovery faster.
1. A comprehensive cyber-resilience strategy with BackupAssist Classic gives multiple recovery options in each of the three major emergency situations.
Destroyed / Stolen
Not compromised by hacking / ransomware
In the best case, your last onsite drive image is available, reducing your data loss to the previous night’s state.
However, thieves may have stolen some or all of your onsite backup hardware. If that is the case, you will rely on your offsite backups for the recovery.
YOUR RESPONSE PLAN
Then restore files from the last available onsite file replication or cloud offsite backup. This updates your data files to the previous night’s state.
Infected or sabotaged
Compromised by hacking / ransomware
In cases of ransomware, your onsite backups are shielded by CryptoSafeGuard and likely will be available.
In cases of malicious hacking, the hackers may have gained “root access” to various systems, including your server and/or your backup devices such as NAS. Therefore, your online backups may be destroyed, regardless of whether they are onsite or offsite.
Therefore, in the best case, all your backups will be available. In the worst case, only your offline backups will be available.
YOUR RESPONSE PLAN
If onsite backups are available, then follow the recovery options provided for Case 1.
If all onsite backups have been destroyed, then follow the recovery option given in Case 3.
YOUR RESPONSE PLAN
Then restore files from the last available cloud offsite backup. This updates your data files to the previous night’s state.
Then restore files from the last available offsite file replication backup. This updates your data files to the previous night’s state.
Windows image backup
(Stored at a different physical location)
(Disconnected from the Internet / LAN)
2. BackupAssist Classic gives you optimal solutions for business continuity, file versioning and system of record (long term data retention).
3. Using multiple backup jobs improves recovery times while reducing data loss.
Unfortunately, there’s no single “perfect” backup. In fact, each type of backup has its own “Achilles Heel”… but combining different backup types together will give you a much more resilient system with fast recovery (RTO) and small window of data loss (RPO).
Here are some issues with individual types of backups.
System Protection (Windows Image Backup)
Fastest way to recover a server.
If backup is online (NAS, iSCSI), it is vulnerable to hacking.
If backup is onsite, it is vulnerable to premises destruction.
Taking the backup offsite and offline requires manual human intervention.
Generally, you need to back up your entire system, so the backups are generally large.
Automatic offsite backups without human intervention.
Downloading large amounts of data from a public cloud is slow.
File Protection (file replication)
Massive amounts of version history.
You can selectively protect parts of the file system, saving on backup storage space.
Not suitable for a full system recovery.
File Archiving (backup to ZIP)
Fantastic for long term data retention.
Not suitable for a full system recovery
Near continuous protection for SQL Server
Only backs up to local directory on SQL Server
Combining Windows Image backup and Cloud offsite backup to reduce window of data loss, retaining fast recovery.
Acme company performs a System Protection (Windows image backup) job nightly at 10pm, to a set of USB hard disks. These disks get swapped offsite daily.
Their building burns down on Wednesday at 2am. This is the worst case – they have to recover from the last offsite backup, which was done on Monday at 10pm. They lost all work since Monday 10pm – a total of 28 hours, including all of Tuesday’s work.
However, Acme II company (in the same building) does 2 backups – the same as described above, and they also do a Cloud Offsite backup to back up their files. And they do this backup every 6 hours (12am, 6am, 12pm, 6pm). Now the only lose 2 hours of work.
Acme II will do this for their recovery:
- Bare metal recovery of entire system from Monday night’s Windows image backup
- Differential restore from the cloud – only downloading the changes between the last backup (Wednesday 12am) and Monday 10pm.
Therefore – the recovery is fast, window of data loss is reduced.
4. BackupAssist Classic provides long term data retrievability from backup.
* Cloud offsite backups are stored in our proprietary format because there is no industry standard data format that is suitable.
All other backups are stored in open, open-source or ubiquitous file formats.
HOW IT WORKS
Each backup engine provides specific protection for your Windows environment.
Here are detailed technical details of each of our backup engines:
(a.k.a. Windows system image backup, drive image backup)
A System Protection backup is a Windows system image, or drive image backup that can be used for a bare metal disaster recovery (BMDR) – that is, rebuilding a system from a backup, to new hardware. It is the only type of backup that can be used to recover a complete machine, so we recommend it for most of our clients for a baseline level of “essential cyber-resilience“.
When it comes to recovery, you can recover your entire system, or just restore specific files, folders, or VSS Applications.
Image backups have the added benefit of running incrementally. This means the jobs are quick and the backups use minimal space. You can also choose to include only selected volumes in your backup.
There are many situations where this type of backup is recommended.
1. When you need fast recovery for an entire system.
2. Where your system contains many configuration customizations, so rebuilding it from the OS up is not feasible.
3. If you have Hyper-V installed – back up the host machine to capture all guests. You will be able to recover guest VMs almost instantly with Rapid VM Recovery.
4. If you have Exchange installed – this prepares you for future Exchange Granular Recovery tasks.
System Protection is ideal for backing up files, folders and applications. And you can restore individual files, folders, and application files using the Integrated Restore Console.
A business has three servers, virtualized onto a single Hyper-V Host. All critical servers that would need to be recovered quickly if there was a ransomware infection or operating system failure. One is an Active Directory server; another is an Exchange server; the last runs a SQL Database and custom applications.
The business uses BackupAssist Classic to back up the Hyper-V Host machine. This captures all three critical virtual servers using System Protection. They back up to removable USB drives that are later taken offsite and stored in a secure location.
In this example, the business can achieve full bare-metal disaster recovery, and also near-instant recovery of any guest VM by using the Rapid VM Recovery feature.
* Note: the Rapid VM Recovery feature is provided in the Hyper-V Advanced Add-on.
When choosing the backup destination, consider how it will be accessed if you perform a recovery. Destinations like network locations can be easy to access, but they are vulnerable to outages and ransomware. USB drives that are stored offsite are more secure but they can take longer to recall and access.
To use a System Protection backup in a recovery, you can use BackupAssist to create a bootable media that will launch the RecoverAssist recovery environment. RecoverAssist streamlines recoveries from many types of backups including those accessed over a network and includes many other helpful features.
Supported backup destinations
Cloud Offsite Backup
Cloud Offsite Backup creates a secure and efficient backup of files to a cloud destination. It is a superb option for automated offsite backups.
Your destination can be a public or private cloud – Azure Blob Storage, Amazon S3 and WebDAV are all supported. Private cloud options are particularly cost effective.
To keep your data safe, all data is encrypted before it is sent to the cloud destination.
Data deduplication and compression are used to reduce the amount of data that needs to be transferred and stored at your destination. Cloud seeding also makes the initial transfer fast.
Please note that Cloud Offsite Backup requires the Cloud Offsite Backup Add-on.
There are two compelling situations where you would use Cloud Offsite Backups.
1. When you want an extra layer of protection against ransomware, machine theft and destruction, enhancing your cyber-resilience over and above your daily drive imaging backups. Having an offsite copy of your data in the cloud gives you extra options for recovery.
2. In situations where you cannot rely on a human swapping out USB HDDs to achieve offsite backups.
In both cases, your backups will be stored in a safe, offsite location, with no human intervention required.
An education company uses documents and training materials that are created and updated daily.
These documents are kept on two servers, and the backups of these servers have two main requirements.
The first requirement is that they need to be offsite and resilient to ransomware, because staff add a lot of documents from client sites.
The second requirement is that the backup destination needs to be able to grow as documents are added.
The company decides to use BackupAssist Classic to set up Cloud Backup jobs for both of these servers to their Microsoft Azure storage.
Firstly, you should decide where to store your backups. Your choices are a public cloud (Amazon S3, Azure, or any public WebDAV provider) or a private cloud.
Then, configure BackupAssist Classic.
Choose Cloud Backup from the Backup tab and follow the steps. These include the selection of data, the backup schedule and the notification settings.
Azure and Amazon S3 each have a dedicated set up screen that includes fields for security information and the name of the cloud container. BackupAssist will create this container in the cloud destination for you.
To use Cloud Backup, you will need to set up an account with Microsoft Azure, Amazon Web Services or a cloud service that supports WebDAV. We do recommend logging into the cloud service portal to review the settings for the cloud container as these can greatly impact the cost of backup storage.
If you want to set up your own private cloud destination, you can use any server or NAS device that supports WebDAV. Examples include a Windows Server running IIS or a QNAP NAS.
Supported backup destinations
File Protection backups are a complete replica of the files and folders onto the backup destination.
Think of it as a turbo-charged version of “
robocopy /mir /copyall” – the destination will mirror the source, including all files, folders, and metadata such as NTFS security attributes.
However, thanks to the single-instance store, unchanged files do not have to be re-copied across. Instead, hard links are used. This enables large amounts of backup history to be kept.
Because the files are copied across to the backup device, no special software is required to do a restore. The files are “just there” on the destination.
However, the BackupAssist Classic Restore Console does make the restore process easy – enabling both a point-in-time restore of the entire file system, and version history restore of a specific file.
Use this backup type when you need to keep large amounts of backup history.
For example, if your organization works on document files, such as Word and Excel, you can easily get hundreds of days of backup history.
This backup is a superior way to achieve file versioning when compared to using VSS Snapshots, as placing past versions onto a separate backup device means your primary disks won’t get choked up by VSS snapshots.
It’s also provides more reliable file version history when compared to drive imaging (which provides “best effort” version history).
You can also use this type of backup as an extra layer of protection against ransomware. For example, many of our clients perform daily file replications to a NAS or DAS, while CryptoSafeGuard shields that device from unauthorized access.
The firm uses configures BackupAssist Classic to back up the client folders to a local NAS, using the File Protection backup engine on a daily basis. This captures a daily snapshot of client documents.
Additionally, a separate yearly backup is taken to a removable USB disk, and that disk is placed into offsite archive storage for record keeping.
Selecting a backup destination depends on your restore objectives. Most of our clients value fast restores, so they choose an onsite destination such as NAS.
However, you can also achieve offsite, offline backups by using USB disks.
Supported backup destinations
It uses the industry standard ZIP64 file format, which features compression and AES-256 encryption.
Data from the ZIP file can be restored using BackupAssist restore tools, or any standard ZIP program such as WinZip.
For average data sets, the compression ratio of ZIP is around 2:1 (that is, 50% space saving).
A ZIP file can be as large as 18,446,744 TB – a limit you’re unlikely to encounter in real life!
Each ZIP file is completely self contained, so it is perfect for putting into archive storage.
You can also use this type of backup as an extra layer of protection against ransomware. For example, perform weekly backups to a USB disk on the weekend. Every Monday, someone disconnects the disk, and takes it offsite.
The File Archiving engine also supports tape drive destinations, when you have purchased the Tape Archiving Add-on.
The company configures BackupAssist Classic to back up all quotations, invoices, project documents and email correspondence to a USB disk, and then put that disk in physical archival storage.
This provides an offline and offsite backup.
These disks are retained for 12 years.
Selecting your type of backup destination (disk, tape, etc.) can depend on the required lifetime of the data. Check with the manufacturer of your backup device. Many tape manufacturers quote a shelf life of 30 years, and the commonly quoted life of a USB disk is 10 years.
Supported backup destinations
SQL Protection creates full or transactional backups of Microsoft SQL Server databases.
The transactional backups can run as frequently as every 5 minutes throughout the day.
This can be important for frequently changing databases, because a daily backup is often not adequate for SQL Servers.
Performing a restore from these backups is made easy with the SQL point-in-time restore tool, and the backups are compatible with native SQL tools.
Please note that SQL Protection requires the SQL Continuous Add-on.
When a SQL Server is used by an application, the databases undergo constant change when items like sales and stock are updated.
The risk for these SQL Servers is that when only one backup is performed per day, up to a day’s worth of transactions could be lost if you have to perform a restore.
SQL Protection solves this by running frequent transactional backups that can help you to meet your restore point objectives.
Instead of losing 24 hours’ worth of transactions, you would lose 5 minutes’ worth at the most.
A soda company uses an in-house application for its sales force, who travel to customers and enter orders into their tablets.
The application stores this data in an SQL database, which is updated about 200 times a day. The company decides that a daily backup of the SQL Server is not adequate, so they use BackupAssist Classic to create an SQL Protection backup job for the database.
Choose SQL Protection from the Backup tab and follow the steps. These include selecting the SQL Server and databases, and setting up the schedule and notifications.
When setting up a transactional backup schedule, consider how often you want the backup job to run. This can depend on how often the databases change and your RPO, meaning how many minutes’ worth of changes you can afford to lose. Another consideration is the processing power of the server running the SQL Server and the backups.
For example, if you want good performance and know you can manually recreate 15 minutes’ worth of transactions easily, you could set the backup frequency to be every 15 minutes.
Supported backup destinations
Frequently Asked Questions
We hear your pain… if you’re just starting off preparing for cyber-resilience, it can seem daunting to have to set up multiple backups all at once.
We recommend that you start with one backup type – system protection – to get a windows image backup for essential cyber-resilience, and build from there.
Why do you recommend system protection (Windows system image) backup for essential cyber-resilience?
- Rebuild your entire server.
- Restore VSS applications (Exchange, Hyper-V, SQL Server).
- Restore files.
- The drive image files can become very large if your system is large. There is one backup file (VHDX file format) per volume on your system.
- Large drive images are not suitable for uploading to the cloud. A file backup solution is more suited to this.
All these generally refer to the same thing:
- Windows image backup
- Windows block level backup
- Sector-level backup
- System image backup
- Drive image
All of these are named because they describe various aspects of this class of backup. The backup works by copying blocks of information (sectors) from the source hard disk to a backup file. The backup file then becomes an “image” of the source – in some ways you can think of it as a photograph of the source.
An excellent description of how it works is given here: http://www.wbadmin.info/articles/how-does-windows-server-2008-backup-work.html
Closely related to this is a “drive clone” – the difference is that the clone is a sector for sector copy the disk to another disk, whereas an image is a sector for sector copy of the disk to a backup file.
A file backup, or file-based backup, is a completely different technology that backs up file-by-file. This is generally slower than an image backup, but has advantages because it backs up at a very granular level.
A good file backup engine will not only back up the file contents, but the metadata for each file. The metadata includes the timestamps (created, modified, accessed), attributes such as read-only, and Access Control Lists. This means when you restore a file, all metadata associated with that file is also restored.
BackupAssist Classic’s file backup engines will correctly back up and restore both file contents and metadata.
Your path to cyber-resilience
Take the 30-day Trial of BackupAssist Classic for free!
Within 30 days not only will you have successful backups, but you should also have performed several test recoveries.
We’re here to help.
There aren’t many questions we can’t answer!