The Planet Forums > EVault Backup Frequently Asked Questions (FAQ)

Full Version: EVault Backup Frequently Asked Questions (FAQ)

The Planet Forums > System Administration > Backups, Restores and Transfers

jscott

Jul 21 2006, 11:38 AM

EVault Backup FAQ
(Last updated: 13 Feb 2007)

> What Is EVault Backup?
> What Platforms Are Supported?
> How Does It Work?
> How Does EVault Backup Process My Backup?
> What If I Change The Hostname?
> What About The Security Of My Information During Backups?
> What About The Security Of My Information On The Vault?
> How Much Data Will Be Transferred Over My Public Network Interface?
> How Can I Remove Backups From My Vault?
> How Do Retention Periods Work?
> How Can I Make A Backup With Daily And Weekly Copies With Differing Retentions?
> Firewall Considerations
> How Are Usage And Over-Usage Determined And Billed?
> What Is The Bottom Line?

______________________________________________

What Is EVault Backup?

EVault Backup is a powerful software application that allows you to manage the protection of your mission critical applications and data on your server hosted at The Planet.

What Platforms Are Supported?

EVault Backup is currently supported on the 32-bit versions of:
Windows 2003 Server
RedHat Enterprise 3
RedHat Enterprise 4
CentOS 4

How Does It Work?

Software, called an Agent, is installed on your server that manages the information required to process and schedule your backups. The Agent contains Tasks, which are the actual jobs that backup your data. Also contained within the Agent software are Schedules, which determine when your server will push your backup data to the storage server, and how long that data should be retained on the storage server.

Another software, referred to as the Vault, runs on our backup servers which are located in the Dallas Texas 3 (dllstx3) datacenter. This datacenter, which is physically disparate from our other facilities, contains core services for our network. What this means is that every backup you make using the EVault Backup software is immediately located "off-site". This adds an additional layer of protection for your critical data.

The third component of this service, which is called Agent Console, is used on your local workstation to control the Agent(s) on your server(s). This software allows you to configure your Tasks and Schedules, and also allows you perform recovery of data when necessary.

At this time, Agent Console only operates under Windows operating systems. A Linux version of this software is planned for future release.

Your system may have been pre-provisioned with the EVault Backup software installed and configure, if you ordered your EVault Backup service at the same time as your server. If the software is not installed on your server, you will need to download and install the appropriate installer package(s).

Once the software is installed and configured on your server, your Agent will wake up at the Scheduled time and execute the defined Task associated with that Schedule. This provides the automated backup of your data to the Vault.

It is important to note that it is your responsibility to setup backup Tasks and Schedules. Even in the cases where the software is pre-installed and configured on your server, the Tasks and Schedules that may be defined on that software are defined to backup an empty directory and are only created as an example for you to use when configuring this service.

How Does EVault Backup Process My Backup?

Upon the first execution of a Task, EVault Backup collects a "Seed Backup". This Seed is a full, compressed copy of all files and folders included in the Task.

Upon the first execution of a Task, EVault Backup collects a "Seed Backup". This Seed is a full, compressed copy of all files and folders included in the Task.

This is the only "Full Backup" that will be made of your Task Source data. This is accomplished by a technology reffered to as "Delta Block Incrementals". Each subsequent backup of your data will collect only the blocks of each file that have changed, whcih significantly reduces the amount of disk storage required to contain your backup data. Once you have met the criteria defined in your "Retention Period", the Delta Block Incrementals are "rolled up" into your Seed Backup.

The benefits of this technology become more apparent when you consider the network traffic and time required by traditional backup technologies, which typically send a full copy of all your files every day or every week.

All EVault Backup backups occur over your public interface. This means that all traffic with the Vault is counted against your monthly bandwidth allocation. Again, you can see the added benefit of the Delta Block Incremental technology, as this drastically reduces the amount of network traffic required to protect your data with backups.

What If I Change My Hostname?

EVault Backup tracks your backups based on the hostname that your computer knows itself as. Changing your hostname will cause your backups to cease to function. In the event you wish to change your server's hostname, you will need to do two things.

First, you will need to delete your existing Vault Profile.

Next, you will need to re-register your Agent with the Vault.

These two steps permit you to construct new Tasks and Schedules so your backups
can continue.

Finally, you will need to open a ticket requesting that your old hostname (and consequently, all data backed up to that hostname) to be purged from your Vault.

Failure to perform the final step could cause your backups under the old hostname to remain stagnant on the Vault, consuming space. Overage charges may be applied to your account if your usage exceeds your subscription.

What About The Security Of My Information During Backups?

EVault Backup uses an "encryption over the wire" technology, which is based on the strength of the AES encryption algorithm. Each session between the Agent and the Vault is encrypted using a "One Time Key". This technology is very similar to what is used with SSH on UNIX-based systems, and is very secure.

This encrypts every aspect of the traffic between the Agent and the Vault, including the authentication and backup/recovery operations.

What About The Security Of My Information On The Vault?

First, your data is physically separated from other customers' data on the Vault. Only your server, when authenticated with your server's Vault credentials, may access the contents of your backup data. No other customer can "breech" your Vault Pool, or recover data from your server's Vault Pool.

Also, EVault Backup allows you to set your Task to encrypt all your backup data locally before sending it to the Vault for storage. The Vault does not have your encryption key, and does not decrypt your data at any point. Your data is stored on the Vault in the encrypted format generated by your Agent software.

Encryption algorithms available include:

DES 56-bit
Blowfish 56-bit
TripleDES 112-bit
Blowfish 128-bit
AES 128-bit

It is important to understand that encryption adds overhead to the backup process, and this will consume more CPU time on your server(s).

It is EXTREMELY important to understand that once you set the encryption key on a Task, the clear-text version of this key is not stored anywhere on the Agent or Vault. This clear-text version of the key will be required in the event of a restoration of files, and if the clear-text version of this key is misplaced, there is NOTHING that can be done to recover your data from the Vault.

How Much Data Will Be Transferred Across My Public Network Interface?

EVault Backup utilizes a proprietary compression algorithm which strives to reach 50% average compression on every file. The actual percentage of compression will vary from file to file, depending on what kind of data is contained in the file, and how compressed that data is to begin with.

The general rule-of-thumb for the initial Seed backup is approximately 50% of the original size of the Task Source data.

Delta Block Incrementals, which are already incredibly small will compress very tightly, and typically total only 2% of the original value of the whole Task Source data.

For example, if you select files and folders that consume approximately 10 gigabytes uncompressed on your disk, your initial Seed backup will be close to 5 gigabytes. Your Delta Block Incrementals will be approximately 2% of the total uncompressed value for each Scheduled interval, or approximately 200 megabytes. This means that within a week from your initial Seed Backup, you will have stored 5 gigabytes of compressed data, plus six days of Delta Block Incrementals, totaling approximately 6 gigabytes.

Going forward into the second week of a 14-day retention period, the average daily storage required for the Delta Block Incrementals would remain approximately 200 megabytes. At the end of the second week, you will have the 6 gigabytes of the previous week, plus an additional 1.4 gigabytes of incrementals from the second week. This comes to 7.4 gigabytes.

If you remain on the 14-day retention period in the example above, on the 15th day, your oldest Delta Block Incremental will be "rolled up" into the Seed Backup. This permits you to essentially continue adding 200 megabytes of Delta Block Incrementals each day, without stepping over the same storage utilization. Effectively, at the point when you reach the end of your retention period, your storage requirements cease to increase.

How Can I Remove Backups From My Vault?

To prevent unintentional or malicious deletion of your critical backup data, we prohibit the deletion of your backups from the Agent or Agent Console.

In the event that you require data to be removed from your vault prior to the retention period criteria being met, please open a ticket in Orbit to have a Backup Engineer investigate the situation for you.

How Do Retention Periods Work?

The terms "Retention Period" or "Retention Group" or "Retention Policy" are used interchangeably throughout the EVault Backup software. Each of these terms refer to the same concept. This is a set of rules by which EVault Backup will automatically expire old data from your backups to make room for new data.

The terms "Retention Period" or "Retention Group" or "Retention Policy" are used interchangeably throughout the EVault Backup software. Each of these terms refer to the same concept. This is a set of rules by which EVault Backup will automatically expire old data from your backups to make room for new data.

Depending on which operating system you are running, and whether your software came pre-installed on your server, there are two default sets of Retention Periods.

These retention sets are as follows:

Set A:
"OneWeek" - 7 copies AND 7 days
"TwoWeeks" - 14 copies AND 14 days

Set B:
"Daily" - 7 copies AND 7 days
"Weekly" - 5 copies AND 31 days
"Monthly" - 12 copies AND 365 days

As you can see, two variables are defined in a Retention Period. These variables are "Number of Copies Online" and "Number of Days Online". There is a logical AND operator between the two variables. If both variables are not met, EVault Backup will not remove data from your backups.

This differs from almost every other backup technology on the market today. Most other backup technologies only have one variable or the other.

EVault Backup protects your data further by ensuring that it will not expire in the event that new data is not coming into the system. For example, if you have a Task set with the "OneWeek" or "Daily" Retention Period, and your backups cease to operate for seven days, and then on the eighth day your backup service is restored, you will still have seven "points-in-time" available to restore data from. A traditional backup solution may have already expired that data, leaving you with only one point-in-time to restore from.

It is very important to understand how your Retention Periods affect your storage utilization.

For example, if you setup a Schedule for a Task which backs up data once per day, and select the "Weekly" Retention Period, you will be creating seven copies per week. Your Retention Period explicitly instructs EVault Backup to keep all data until you have at least 5 copies AND at least 31 days of data. This Retention Period is designed to be used with a schedule that only backs up your data once per week. As such, your vault will contain 31 copies of 31 days of data before any data is permitted to expire from your backups. This could cause a very serious over-usage condition on your Vault, which will be billed at $3/gb for each gigabyte over your storage subscription, based on the average daily Pool Size of your Vault.

Once the data in your Vault Pool meets the criteria defined in your Retention Period, EVault Backup will sort through the expiring safeset(s) to determine if any of the data contained therein would still be required for recovery of files on your server. If any data from the safeset(s) are still required, the will be "rolled up", or added to, your Seed Backup. Any data which is no longer required, either because it was deleted from your server on a date that meets your Retention Period criteria, or because it changed on subsequent backups, is "rolled out", or expired/removed from your Vault Pool, freeing up space for new data.

How Can I Make A Backup With Daily And Weekly Copies With Differing Retentions?

Some EVault Backup users require a "tiered" backup strategy, which includes Daily, Weekly, and/or Monthly backups to be retained at different intervals.

EVault Backup handles this quite gracefully by allowing you to keep multiple schedules to launch a Task with different requirements.

The advantage here is that multiple Schedules on a single Task permit all your tiers of the strategy to share a common Vault Pool, which means they also share the same Seed Backup. If one was to create this schema using multiple Tasks, three separate Schedules would still need to be created, but this would also create three Vault Pools, and three Seed Backups, which would triple the overall storage usage.

Your Schedule(s) not only defines the day of the week/month and time at which to backup your data, but also the Retention Period to be used with that scheduled backup.

If, for example, you wished to keep a tiered backup strategy which kept one daily backup for each day of the week, plus one weekly backup for each week of the month, in addition to one monthly backup for each month of the year, this can be
accomplished with one Task and three Schedules.

To accomplish the tiered strategy in this example, the following Schedule Settings could be used:

Schedule 1:
Purpose: Daily Backups
Retention Period: Daily (7 copies AND 7 days)
Command Cycle: Weekly
Days: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday
Start Time: 02:00 AM

Schedule 2:
Purpose: Weekly Backup
Retention Period: Weekly (5 copies AND 31 days)
Command Cycle: Weekly
Days: Sunday
Start Time: 02:00 AM

Schedule 3:
Purpose: Monthly Backup
Retention Period: Monthly (12 copies AND 365 days)
Command Cycle: Monthly
Days: 1 (first of month)
Start Time: 02:00 AM

This permits three tiers of protection, wherein once monthly, a backup is taken on the first of the month and will be stored for a year. Once weekly, a backup is taken on Sunday and will be stored for a month. Once daily, a backup is taken on Mon through Sat and will be stored for a week.

Keep in mind that such a strategy will greatly increase your storage usage requirements, and may cause an over-usage condition depending on how many tiers configured, how long that data is retained, and how large the Task Source dataset is.

Firewall Considerations

The Agent utilizes two TCP ports for communication OUTBOUND to the Vault, and Agent Console utilizes one TCP port for communication INBOUND to the Agent.

Your firewall must permit OUTBOUND traffic on TCP ports 807 and 2546 so the Agent may communicate with the Vault. This is only a concern if you restrict the traffic that leaves your server for the network.

Your firewall must permit INBOUND traffic on TCP port 808 to the location(s) you intend to run Agent Console from. If you restrict traffic on this port, please ensure that you permit traffic from our EVault Backup server network, 70.85.125.0/27. This will permit us to assist you with Agent configuration, if necessary.

Finally, if you run a Windows Server, with Agent Console installed on that server, and also run a software firewall, it must be configured to permit all traffic on TCP port 808 from 127.0.0.1

How Are Usage And Over-Usage Determined And Billed?

Your subscription (I.E. 40 GB) pertains to the daily average pool utilization on your Vault Account.

Each day, the Vault servers generate a storage utilization report which can be viewed as a graph in Orbit under the EVault Backup Backups section. This represents the amount of storage consumed for your service on the Vault at that moment in time.

These graphs do not represent the amount of data backed up for each day listed, they are representative of the entire storage utilization on your account.

At the end of the month, all available data points on this graph are averaged against the number of days in the month (or the number of days the service has been subscribed to, if the service was purchased after the first of the month) and this average value is what your subscription represents.

If your usage exceeds your subscription, and overage fee will be added to your invoice.

For example: If you stored between 23.3 GB and 31.2 GB for an entire 31-day month, your daily average pool usage may be 27.64 GB. If your subscription level is 20 GB, then an overage invoice for 7.64 GB at the overage rate will be created.

What Is The Bottom Line?

In a nutshell, this means that even though your backup data is transferred over your public network interface, it is secure and does not contribute significantly to your monthly bandwidth allocation, unlike traditional networked backup methods.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.