AcronisCyberBackupSCS 12.5 Userguide en-US
AcronisCyberBackupSCS 12.5 Userguide en-US
AcronisCyberBackupSCS 12.5 Userguide en-US
5
Update 4.1
USER GUIDE
Table of contents
1 Installation ......................................................................................................................7
1.1 Components...............................................................................................................................7
1.2 Software requirements ..............................................................................................................9
1.2.1 Supported web browsers ............................................................................................................................... 9
1.2.2 Supported operating systems and environments ........................................................................................ 9
1.2.3 Supported Microsoft SQL Server versions................................................................................................... 12
1.2.4 Supported Microsoft Exchange Server versions ......................................................................................... 12
1.2.5 Supported Microsoft SharePoint versions .................................................................................................. 12
1.2.6 Supported Oracle Database versions .......................................................................................................... 13
1.2.7 Supported virtualization platforms .............................................................................................................. 13
1.2.8 Linux packages ............................................................................................................................................... 16
1.2.9 Compatibility with encryption software ...................................................................................................... 18
1.3 System requirements...............................................................................................................19
1.4 Supported file systems ............................................................................................................20
1.5 Limitations of the Acronis Cyber Backup SCS builds ................................................................22
1.6 Installing the management server ...........................................................................................22
1.6.1 Installation in Windows ................................................................................................................................ 22
1.6.2 Installation in Linux ....................................................................................................................................... 24
1.6.3 Adding a machine running Linux .................................................................................................................. 24
1.7 Adding machines via the web interface ..................................................................................24
1.7.1 Adding a machine running Windows........................................................................................................... 25
1.7.2 Adding a vCenter or an ESXi host ................................................................................................................. 26
1.8 Installing agents locally ............................................................................................................29
1.8.1 Installation in Windows ................................................................................................................................ 29
1.8.2 Installation in Linux ....................................................................................................................................... 31
1.9 Unattended installation or uninstallation ...............................................................................32
1.9.1 Unattended installation or uninstallation in Windows .............................................................................. 32
1.9.2 Unattended installation or uninstallation in Linux ..................................................................................... 36
1.10 Deploying Agent for VMware (Virtual Appliance) from an OVF template ..............................39
1.10.1 Before you start ............................................................................................................................................. 39
1.10.2 Deploying the OVF template ........................................................................................................................ 40
1.10.3 Configuring the virtual appliance ................................................................................................................. 40
1.11 Managing licenses....................................................................................................................42
1.12 Deploying agents through Group Policy ..................................................................................43
1.13 Updating agents .......................................................................................................................44
1.14 Uninstalling the product ..........................................................................................................45
2 Upgrading to Acronis Cyber Backup SCS 12.5 .................................................................. 47
5 Backup .......................................................................................................................... 56
5.1 Backup plan cheat sheet ..........................................................................................................57
5.2 Selecting data to back up .........................................................................................................59
5.2.1 Selecting files/folders .................................................................................................................................... 59
5.2.2 Selecting disks/volumes................................................................................................................................ 60
5.2.3 Selecting ESXi configuration ......................................................................................................................... 63
5.3 Selecting a destination.............................................................................................................63
5.3.1 About Secure Zone ........................................................................................................................................ 65
5.4 Schedule...................................................................................................................................67
5.4.1 Schedule by events ....................................................................................................................................... 68
5.4.2 Start conditions ............................................................................................................................................. 70
5.5 Retention rules ........................................................................................................................75
5.6 Encryption ................................................................................................................................76
5.7 Conversion to a virtual machine ..............................................................................................78
5.7.1 What you need to know about conversion [for SCS] ................................................................................. 78
5.7.2 Conversion to a virtual machine in a backup plan ...................................................................................... 79
5.7.3 How regular conversion to VM works ......................................................................................................... 80
5.8 Replication ...............................................................................................................................81
5.9 Starting a backup manually .....................................................................................................81
5.10 Backup options ........................................................................................................................82
5.10.1 Alerts .............................................................................................................................................................. 84
5.10.2 Backup consolidation .................................................................................................................................... 84
5.10.3 Backup file name ........................................................................................................................................... 85
5.10.4 Backup format ............................................................................................................................................... 88
5.10.5 Backup validation .......................................................................................................................................... 89
5.10.6 Task start conditions ..................................................................................................................................... 89
5.10.7 Changed block tracking (CBT) ....................................................................................................................... 90
5.10.8 Cluster backup mode .................................................................................................................................... 90
5.10.9 Compression level ......................................................................................................................................... 91
5.10.10 Email notifications ......................................................................................................................................... 91
5.10.11 Error handling ................................................................................................................................................ 92
5.10.12 Fast incremental/differential backup .......................................................................................................... 93
5.10.13 File filters ........................................................................................................................................................ 93
5.10.14 File-level backup snapshot ........................................................................................................................... 94
5.10.15 Log truncation................................................................................................................................................ 95
5.10.16 LVM snapshotting ......................................................................................................................................... 95
5.10.17 Mount points ................................................................................................................................................. 95
5.10.18 Multi-volume snapshot................................................................................................................................. 96
5.10.19 Performance and backup window ............................................................................................................... 97
5.10.20 Pre/Post commands...................................................................................................................................... 99
5.10.21 Pre/Post data capture commands ............................................................................................................. 101
5.10.22 SAN hardware snapshots............................................................................................................................ 102
5.10.23 Scheduling.................................................................................................................................................... 103
5.10.24 Sector-by-sector backup ............................................................................................................................. 103
5.10.25 Splitting ........................................................................................................................................................ 104
5.10.26 Tape management ...................................................................................................................................... 104
5.10.27 Task failure handling ................................................................................................................................... 106
5.10.28 Volume Shadow Copy Service (VSS) .......................................................................................................... 107
5.10.29 Volume Shadow Copy Service (VSS) for virtual machines ....................................................................... 108
5.10.30 Weekly backup ............................................................................................................................................ 108
Choose an agent, depending on what you are going to back up. The following table summarizes the
information, to help you decide.
Note that Agent for Windows is installed along with Agent for Exchange, Agent for SQL, Agent for
Active Directory, and Agent for Oracle. If you install, for example, Agent for SQL, you also will be able
to back up the entire machine where the agent is installed.
Physical machines
Disks, volumes, and files Agent for Windows
on physical machines
running Windows
Disks, volumes, and files Agent for Linux On the machine that will be backed up.
on physical machines
running Linux
Applications
SQL databases Agent for SQL On the machine running Microsoft SQL Server.
On the machine running the Mailbox role of Microsoft
Exchange Server.
Exchange databases and If only mailbox backup is required, the agent can be
Agent for Exchange
mailboxes installed on any Windows machine that has network
access to the machine running the Client Access role of
Microsoft Exchange Server.
Machines running Active Agent for Active Directory On the domain controller.
Directory Domain
Services
Machines running Oracle Agent for Oracle On the machine running Oracle Database
Database
Virtual machines
VMware ESXi virtual Agent for VMware On a Windows machine that has network access to
machines (Windows) vCenter Server and to the virtual machine storage.*
Agent for VMware On the ESXi host.
(Virtual Appliance)
Other components
The backups or databases from which you extract data must originate from the same SharePoint
version as the one where SharePoint Explorer is installed.
VMware
VMware vSphere versions: 4.1, 5.0, 5.1, 5.5,
6.0, 6.5, 6.7*
VMware vSphere editions:**
VMware vSphere Essentials
VMware vSphere Essentials Plus + +
VMware vSphere Standard
VMware vSphere Advanced
VMware vSphere Enterprise
VMware vSphere Enterprise Plus
VMware vSphere Hypervisor (Free ESXi)*** +
VMware Server (VMware Virtual server)
VMware Workstation
+
VMware ACE
VMware Player
Microsoft
Citrix
Citrix XenServer 4.1.5, 5.5, 5.6, 6.0, 6.1, 6.2, 6.5, Only fully virtualized
7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6 (aka HVM) guests
Parallels
Parallels Workstation +
Parallels Server 4 Bare Metal +
Oracle
Limitations
Fault tolerant machines
Agent for VMware backs up a fault tolerant machine only if fault tolerance was enabled in
VMware vSphere 6.0 and later. If you upgraded from an earlier vSphere version, it is enough to
disable and enable fault tolerance for each machine. If you are using an earlier vSphere version,
install an agent in the guest operating system.
Independent disks and RDM
Agent for VMware does not back up Raw Device Mapping (RDM) disks in physical compatibility
mode or independent disks. The agent skips these disks and adds warnings to the log. You can
avoid the warnings by excluding independent disks and RDMs in physical compatibility mode
from the backup plan. If you want to back up these disks or data on these disks, install an agent
in the guest operating system.
Pass-through disks
Agent for Hyper-V does not back up pass-through disks. During backup, the agent skips these
disks and adds warnings to the log. You can avoid the warnings by excluding pass-through disks
from the backup plan. If you want to back up these disks or data on these disks, install an agent
in the guest operating system.
Hyper-V guest clustering
Agent for Hyper-V does not support backup of Hyper-V virtual machines that are nodes of a
Windows Server Failover Cluster. A VSS snapshot at the host level can even temporarily
disconnect the external quorum disk from the cluster. If you want to back up these machines,
install agents in the guest operating systems.
In-guest iSCSI connection
Agent for VMware and Agent for Hyper-V do not back up LUN volumes connected by an iSCSI
initiator that works within the guest operating system. Because the ESXi and Hyper-V hypervisors
are not aware of such volumes, the volumes are not included in hypervisor-level snapshots and
are omitted from a backup without a warning. If you want to back up these volumes or data on
these volumes, install an agent in the guest operating system.
Linux machines containing logical volumes (LVM)
Agent for VMware and Agent for Hyper-V do not support the following operations for Linux
machines with LVM:
P2V and V2P migration. Use Agent for Linux or bootable media to create the backup and
bootable media to recover.
Running a virtual machine from a backup created by Agent for Linux or bootable media.
Converting a backup created by Agent for Linux or bootable media to a virtual machine.
Encrypted virtual machines (introduced in VMware vSphere 6.5)
In Red Hat Enterprise Linux, CentOS, and Fedora, the packages normally will be installed by the setup
program. In other distributions, you need to install the packages if they are not installed or do not
have the required versions.
The packages will be downloaded from the distribution's repository and installed.
For other Linux distributions, please refer to the distribution's documentation regarding the exact
names of the required packages and the ways to install them.
Disk-level encryption software encrypts data on the fly. This is why data contained in the backup is
not encrypted. Disk-level encryption software often modifies system areas: boot records, or partition
tables, or file system tables. These factors affect disk-level backup and recovery, the ability of the
recovered system to boot and access to Secure Zone.
You can back up the data encrypted by the following disk-level encryption software:
Microsoft BitLocker Drive Encryption
If the recovered system fails to boot, rebuild Master Boot Record as described in the following
Microsoft knowledge base article: https://support.microsoft.com/kb/2622803
Note To comply with FIPS certification standards, install backup agents for Windows on machines that support
RDRAND CPU instructions.
To comply with Common Criteria certification standards, install backup agents for Linux on operating systems
that support D-bus.
While backing up, an agent typically consumes about 350 MB of memory (measured during a 500-GB
volume backup). The peak consumption may reach 2 GB, depending on the amount and type of data
being processed.
A management server with one registered machine consumes 200 MB of memory. Each of the newly
registered machines adds about 2 MB. Thus, a server with 100 registered machines consumes
approximately 400 MB above the operating system and running applications. The maximum number
of registered machines is 900-1000. This limitation originates from the management server's
embedded SQLite.
You can overcome this limitation by specifying an external Microsoft SQL Server instance during the
management server installation. With an external SQL database, up to 8000 machines can be
registered without significant performance degradation. The SQL Server will then consume about 8
GB of RAM. For better backup performance, we recommend managing the machines by groups, with
approximately 100 machines in each.
The following table summarizes the file systems that can be backed up and recovered. The
limitations apply to both the agents and bootable media.
FAT16/32 + +
ext2/ext3/ext4 + +
JFS - +
Files cannot be
excluded from a disk
backup
ReiserFS4 - +
Files cannot be
excluded from a disk
backup
ReFS + +
Fast incremental/
differential backup
All agents cannot be enabled
XFS + + Volumes cannot be
resized during a
recovery
Only disk/volume
backup is supported
+
Bootable media Files cannot be
cannot be used excluded from a
exFAT All agents +
for recovery if backup
the backup is
stored on exFAT Individual files
cannot be recovered
from a backup
The software automatically switches to the sector-by-sector mode when backing up drives with
unrecognized or unsupported file systems. A sector-by-sector backup is possible for any file system
that:
is block-based
spans a single disk
has a standard MBR/GPT partitioning scheme
If the file system does not meet these requirements, the backup fails.
Common settings
The components to be installed.
The folder where the product will be installed.
The accounts under which the services will run.
You can choose one of the following:
Use Service User Accounts (default for the agent service)
Service User Accounts are Windows system accounts that are used to run services. The
advantage of this setting is that the domain security policies do not affect these accounts'
user rights. By default, the agent runs under the Local System account.
Create a new account (default for the management server service)
The account names will be Acronis Agent User, and AMS User for the agent, and
management server, respectively.
Use the following account
If you install the product on a domain controller, the setup program prompts you to specify
existing accounts (or the same account) for each service. For security reasons, the setup
program does not automatically create new accounts on a domain controller.
Also, choose this setting if you want the management server to use an existing Microsoft SQL
server installed on a different machine and use Windows Authentication for the SQL Server.
If you chose the Create a new account or Use the following account option, ensure that the
domain security policies do not affect the related accounts' rights. If an account is deprived of
the user rights assigned during the installation, the component may work incorrectly or not work.
Management server installation
The database to be used by the management server. By default, the built-in SQLite database is
used.
You can select any edition of the following Microsoft SQL Server versions:
Microsoft SQL Server 2012
Microsoft SQL Server 2014
Microsoft SQL Server 2016
Microsoft SQL Server 2017 (running in Windows)
The instance you choose can also be used by other programs.
Before selecting an instance installed on another machine, ensure that SQL Server Browser
Service and the TCP/IP protocol are enabled on that machine. For instructions on how to start
SQL Server Browser Service, refer to: http://msdn.microsoft.com/en-us/library/ms189093.aspx.
You can enable the TCP/IP protocol by using a similar procedure.
The port that will be used by a web browser to access the management server (by default, 9877)
and the port that will be used for communication between the product components (by default,
7780). Changing the latter port after the installation will require re-registering of all of the
components.
Installation
To install the management server
1. As the root user, run the installation file.
2. Accept the terms of the license agreement.
3. [Optional] Select the components that you want to install.
By default, the following components will be installed:
Management Server
Agent for Linux
Bootable Media Builder
4. Specify the port that will be used by a web browser to access the management server. The
default value is 9877.
5. Specify the port that will be used for communication between the product components. The
default value is 7780.
6. Click Next to proceed with the installation.
7. After the installation completes, select Open web console, and then click Exit. The backup
console will open in your default web browser.
If the management server is installed in Linux, you will be asked to select the setup program based
on the type of the machine that you want to add. Once the setup program is downloaded, run it
locally on that machine.
You may need to download the installation packages in the following situations:
Components for remote installation were not installed during the management server
installation.
Installation packages were manually removed from the location specified in the registry key.
You need to add a 32-bit machine to the 64-bit management server or vice versa.
You need to update agents on a 32-bit machine from the 64-bit management server or vice versa,
by using the Agents tab.
To get the installation packages
1. In the backup console, click the account icon in the top-right corner > Downloads.
2. Select Offline installer for Windows. Pay attention to the required bitness – 32-bit or 64-bit.
3. Save the installer to the packages location.
1.7.2.1 Deploying Agent for VMware (Virtual Appliance) via the web
interface
1. Click All devices > Add.
2. Click VMware ESXi.
3. Select Deploy as a virtual appliance to each host of a vCenter.
4. Specify the address and access credentials for the vCenter Server or stand-alone ESXi host. We
recommend using an account that has the Administrator role assigned. Otherwise, provide an
account with the necessary privileges (p. 194) on the vCenter Server or ESXi.
5. Select the name or IP address that the agent will use to access the management server.
By default, the server name is chosen. You may need to change this setting if the DNS server is
unable to resolve the name to the IP address, which results in an agent registration failure.
6. [Optional] Click Settings to customize the deployment settings:
ESXi hosts that you want to deploy the agent to (only if a vCenter Server was specified in the
previous step).
The virtual appliance name.
The datastore where the appliance will be located.
The resource pool or vApp that will contain the appliance.
The network that the virtual appliance's network adapter will be connected to.
Network settings of the virtual appliance. You can choose DHCP auto configuration or specify
the values manually, including a static IP address.
7. Click Deploy.
Installation
1. Click All devices > Add.
2. Click VMware ESXi.
3. Select Remotely install on a machine running Windows.
4. Specify the host name or IP address of the machine, and the credentials of an account with
administrative privileges on that machine.
5. Select the name or IP address that the agent will use to access the management server.
By default, the server name is chosen. You may need to change this setting if the DNS server is
unable to resolve the name to the IP address, which results in an agent registration failure.
6. Click Connect.
7. Specify the address and credentials for the vCenter Server or stand-alone ESXi host, and then
click Connect. We recommend using an account that has the Administrator role assigned.
Otherwise, provide an account with the necessary privileges (p. 194) on the vCenter Server or
ESXi.
8. Click Install to install the agent.
By using this procedure, you can also change the existing association of the agent with a vCenter
Server or ESXi. Alternatively, you can do this in the Agent for VMware (Virtual Appliance) console or
by clicking Settings > Agents > the agent > Details > vCenter/ESXi.
To configure Agent for VMware
1. Click All devices > Add.
2. Click VMware ESXi.
3. The software shows the unconfigured Agent for VMware that appears first alphabetically.
If all of the agents registered on the management server are configured, click Configure an
already registered agent, and the software will show the agent that appears first alphabetically.
4. If necessary, click Machine with agent and select the agent to be configured.
5. Specify or change the host name or IP address of the vCenter Server or the ESXi host, and
credentials to access it. We recommend using an account that has the Administrator role
assigned. Otherwise, provide an account with the necessary privileges (p. 194) on the vCenter
Server or ESXi.
6. Click Configure to save the changes.
During the installation, you can use a file known as a transform (an .mst file). A transform is a file
with installation parameters. As an alternative, you can specify installation parameters directly in the
command line.
Here:
Here, <package name> is the name of the .msi file. This name is AB.msi or AB64.msi, depending on
the operating system bitness.
Available parameters and their values are described in "Unattended installation or uninstallation
parameters" (p. 33).
Examples
Installing Management Server and Components for Remote Installation.
msiexec.exe /i ab64.msi /l*v my_log.txt /qn
ADDLOCAL=AcronisCentralizedManagementServer,WebConsole,ComponentRegisterFeature
TARGETDIR="C:\Program Files\Acronis" REBOOT=ReallySuppress
AMS_USE_SYSTEM_ACCOUNT=1
Installing Agent for Windows, Command-Line Tool, and Backup Monitor. Registering the machine
with the agent on a previously installed management server.
msiexec.exe /i ab64.msi /l*v my_log.txt /qn
ADDLOCAL=AgentsCoreComponents,BackupAndRecoveryAgent,CommandLineTool,TrayMonito
r TARGETDIR="C:\Program Files\Acronis" REBOOT=ReallySuppress
MMS_CREATE_NEW_ACCOUNT=1 REGISTRATION_ADDRESS=10.10.1.1
In addition to these parameters, you can use other parameters of msiexec, as described at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa367988(v=vs.85).aspx.
Installation parameters
Common parameters
ADDLOCAL=<list of components>
The components to be installed, separated by commas without space characters. All of the
specified components must be extracted from the setup program prior to installation.
The full list of the components is as follows.
Component Must be installed together with Bitness Component name /
description
AcronisCentralizedManagementSer WebConsole 32-bit/64-bit Management Server
ver
WebConsole AcronisCentralizedManagementServe 32-bit/64-bit Web Console
r
TARGETDIR=<path>
The folder where the product will be installed.
REBOOT=ReallySuppress
If the parameter is specified, the machine reboot is forbidden.
REGISTRATION_ADDRESS=<host name or IP address>:<port>
The host name or IP address of the machine where the management server is installed. Agents
specified in the ADDLOCAL parameter will be registered on this management server. The port
number is mandatory if it is different from the default value (9877).
If anonymous registration on the management server is disabled (p. 224), you must specify either
the REGISTRATION_TOKEN parameter, or the REGISTRATION_LOGIN and
REGISTRATION_PASSWORD parameters.
REGISTRATION_TOKEN=<token>
The registration token that was generated in the backup console as described in Deploying
agents through Group Policy (p. 43).
REGISTRATION_LOGIN=<user name>, REGISTRATION_PASSWORD=<password>
The user name and password of a management server administrator.
REGISTRATION_TENANT=<unit ID>
Installation parameters
Common parameters
{-i |--id=}<list of components>
The components to be installed, separated by commas without space characters.
The following components are available for installation:
Component Component description
AcronisCentralizedManagementServer Management Server
BackupAndRecoveryAgent Agent for Linux
BackupAndRecoveryBootableComponents Bootable Media Builder
MonitoringServer Monitoring Service
Without this parameter, all of the above components will be installed.
{-d|--debug}
If the parameter is specified, the installation log is written in the verbose mode. The log is
located in the file /var/log/trueimage-setup.log.
{-t|--strict}
If the parameter is specified, any warning that occurs during the installation results in the
installation failure. Without this parameter, the installation completes successfully even in the
case of warnings.
{-n|--nodeps}
If the parameter is specified, absence of required Linux packages will be ignored during the
installation.
Management server installation parameters
{-W |--web-server-port=}<port number>
The port that will be used by a web browser to access the management server. By default, 9877.
--ams-tcp-port=<port number>
The port that will be used for communication between the product components. By default,
7780.
Agent installation parameters
Specify one of the following parameters:
--skip-registration
Do not register the agent on the management server.
{-C |--ams=}<host name or IP address>
We recommend increasing these resources to 8 GB of RAM and 4 vCPUs if the backup traffic
bandwidth is expected to exceed 100 MB per second (for example, in 10-GBit networks), in order to
improve backup performance.
The appliance's own virtual disks occupy no more than 6 GB. Thick or thin disk format does not
matter, it does not affect the appliance performance.
It is normal to use both the virtual appliance and Agent for VMware (Windows) at the same time, as
long as they are connected to the same vCenter Server or they are connected to different ESXi hosts.
Avoid cases when one agent is connected to an ESXi directly and another agent is connected to the
vCenter Server which manages this ESXi.
We do not recommend using locally attached storage (i.e. storing backups on virtual disks added to
the virtual appliance) if you have more than one agent. For more considerations, see "Using a locally
attached storage" (p. 190).
After the management server is installed, the OVF package of the virtual appliance is located in the
following folder.
In Windows: %ProgramFiles%\Acronis\ESXAppliance
In Linux: /usr/lib/Acronis/ESXAppliance
Deploying the OVF template
The instructions in this section apply to VMware vSphere Host Client connected to a standalone
VMware ESXi host version 6.5. The OVF deployment steps for other vSphere versions and/or
different vSphere setups may vary. Please refer to the VMware documentation portal for details.
1. Verify that the OVF template files of Agent for VMware (Virtual Appliance) can be accessed from
the machine where the vSphere Client is running.
2. Connect the VMware vSphere Client to the ESXi host.
3. Click Create/register VM and select Deploy a virtual machine from an OVF or OVA file.
4. Browse and select the OVF and VMDK files of Agent for VMware (Virtual Appliance) and enter a
name for the deployed virtual machine.
5. Follow the steps in the OVF deployment wizard to configure storage and other deployment
options.
When configuring storage, select the shared datastore, if it exists.
The disk provisioning format does not affect the performance of the appliance, so you can
select Thin to save space.
When configuring network connections, be sure to select a network that includes the
management server, so that the agent can properly register itself.
6. Review the summary and click Finish.
To start using Acronis Cyber Backup SCS, you need to add at least one license key to the management
server. A license is automatically assigned to a machine when a backup plan is applied.
Licenses can also be assigned and revoked manually. Manual operations with licenses are available
only to organization administrators (p. 225).
To access the Licenses page
1. Do one of the following:
Click Settings.
Click the account icon in the top-right corner.
2. Click Licenses.
To add a license key
1. Click Add keys.
2. Enter the license keys.
3. Click Add.
4. Click Done.
Managing licenses
To assign a license to a machine
1. Select a license.
The software displays the license keys that correspond to the selected license.
2. Select the key to assign.
3. Click Assign.
The software displays the machines that the selected key can be assigned to.
4. Select the machine, and then click Done.
To revoke a license from a machine
1. Select a license.
The software displays the license keys that correspond to the selected license. The machine that
the key is assigned to is shown in the Assigned to column.
2. Select the license key to revoke.
In this section, you will find out how to set up a Group Policy object to deploy agents onto machines
in an entire domain or in its organizational unit.
Every time a machine logs on to the domain, the resulting Group Policy object will ensure that the
agent is installed and registered.
Prerequisites
Before proceeding with agent deployment, ensure that:
You have an Active Directory domain with a domain controller running Microsoft Windows
Server 2003 or later.
You are a member of the Domain Admins group in the domain.
You have downloaded the All agents for installation in Windows setup program. The download
link is available on the Add devices page in the backup console.
Step 1: Generating a registration token
A registration token passes your identity to the setup program without storing your login and
password for the backup console. This enables you to register any number of machines under your
account. For more security, a token has limited lifetime.
To generate a registration token
1. Sign in to the backup console by using the credentials of the account to which the machines
should be assigned.
2. Click All devices > Add.
3. Scroll down to Registration token, and then click Generate.
4. Specify the token lifetime, and then click Generate token.
5. Copy the token or write it down. Be sure to save the token if you need it for further use.
You can click Manage active tokens to view and manage the already generated tokens. Please be
aware that for security reasons, this table does not display full token values.
Step 2: Creating the .mst transform and extracting the installation package
1. Log on as an administrator on any machine in the domain.
2. Create a shared folder that will contain the installation packages. Ensure that domain users can
access the shared folder—for example, by leaving the default sharing settings for Everyone.
3. Start the setup program.
4. Click Create .mst and .msi files for unattended installation.
5. Review or modify the installation settings that will be added to the .mst file. When specifying the
method of connection to the management server, select Use a registration token, and then
enter the token you generated.
6. Click Proceed.
You can update agents by repeating their installation in any available way. To update multiple agents
simultaneously, use the following procedure.
To update agents by using the Agents tab
1. Update the management server.
If you want to remove all of the product components from a machine, follow the steps described
below.
Warning Please do not uninstall the management server by mistake. The backup console will become
unavailable. You will no longer be able to back up and recover all machines that are registered on the
management server.
In Windows
1. Log on as an administrator.
2. Go to Control panel, and then select Programs and Features (Add or Remove Programs in
Windows XP) > Acronis Cyber Backup SCS > Uninstall.
3. [Optional] Select the Remove the logs and configuration settings check box.
Keep this check box cleared if you are uninstalling an agent and are planning to install it again. If
you select the check box, the machine may be duplicated in the backup console and the backups
of the old machine may not be associated with the new machine.
4. Confirm your decision.
5. If you are planning to install the agent again, skip this step. Otherwise, in the backup console,
click Settings > Agents, select the machine where the agent was installed, and then click Delete.
In Linux
1. As the root user, run /usr/lib/Acronis/BackupAndRecovery/uninstall/uninstall.
2. [Optional] Select the Clean up all product traces (Remove the product's logs, tasks, vaults, and
configuration settings) check box.
Keep this check box cleared if you are uninstalling an agent and are planning to install it again. If
you select the check box, the machine may be duplicated in the backup console and the backups
of the old machine may not be associated with the new machine.
3. Confirm your decision.
4. If you are planning to install the agent again, skip this step. Otherwise, in the backup console,
click Settings > Agents, select the machine where the agent was installed, and then click Delete.
Removing Agent for VMware (Virtual Appliance)
1. Start the vSphere Client and log on to the vCenter Server.
See also Limitations of the Acronis Cyber Backup SCS builds (p. 22).
The login page address is the IP address or name of the machine where the management server is
installed.
Both the HTTP and the HTTPS protocols are supported on the same TCP port, which can be
configured during the management server installation (p. 23). The default port is 9877.
You can configure the management server (p. 53) to prohibit accessing the backup console via HTTP
and to use a third-party SSL certificate.
In Windows
If the management server is installed in Windows, there are two ways to sign in to the backup
console:
Сlick Sign in to sign in as the current Windows user.
In Linux
If the management server is installed in Linux, specify the user name and password of an account
that is in the list of the management server administrators. By default, this list contains only the root
user on the machine running the management server. For more information, refer to "Administrators
and units" (p. 225).
We recommend configuring your web browser for Integrated Windows Authentication. Otherwise,
the browser will ask for a user name and password.
Otherwise, add the console's login page to the list of Trusted sites and enable the Automatic logon
with current user name and password setting.
The step-by-step instructions are provided later in this section. Because these browsers use Windows
settings, it is also possible to configure them by using Group Policy in an Active Directory domain.
3. Click Sites.
5. Click Close.
6. Click OK.
4. On the Security tab, with Trusted sites still selected, click Sites.
5. In Add this website to the zone, enter the address of the backup console login page, and then
click Add.
Optionally, you can configure the management server to prohibit accessing the backup console via
HTTP, by redirecting all users to HTTPS.
To change the SSL certificate settings
1. Ensure that you have all of the following:
The certificate file (.pem, .cert, or other format)
The file with the private key for the certificate (usually .key)
The private key passphrase, if the key is encrypted
2. Copy the files to the machine running the management server.
3. On this machine, open the following configuration file with a text editor:
In Windows: %ProgramData%\Acronis\ApiGateway\api_gateway.json
In Linux: /var/lib/Acronis/ApiGateway/api_gateway.json
4. Locate the following section:
"tls": {
"cert_file": "cert.pem",
"key_file": "key.pem",
"passphrase": "",
"auto_redirect": false
}
5. Between the quotation marks in the "cert_file" line, specify the full path to the certificate
file. For example:
In Windows (note the forward slashes): "cert_file":
"C:/certificate/local-domain.ams.cert"
In Linux: "cert_file": "/home/user/local-domain.ams.cert"
6. Between the quotation marks in the "key_file" line, specify the full path to the private key file.
For example:
In Windows (note the forward slashes): "key_file": "C:/certificate/private.key"
In Linux: "key_file": "/home/user/private.key"
7. If the private key is encrypted, between the quotation marks in the "passphrase" line, specify
the private key passphrase. For example: "passphrase": "my secret passphrase"
8. If you want to prohibit accessing the backup console via HTTP, by redirecting all users to HTTPS,
change the "auto_redirect" value from false to true. Otherwise, skip this step.
9. Save the api_gateway.json file.
Important Please be careful and do not accidentally delete any commas, brackets, and quotation marks
in the configuration file.
10. Restart Acronis Service Manager Service as described below.
The table view is enabled automatically when the number of machines becomes large.
VMware or Hyper-V virtual machines and ESXi hosts can be backed up by an agent that is not
installed on them. You cannot delete such machines individually. To delete them, you need to find
and delete the machine on which the respective Agent for VMware or Agent for Hyper-V is installed.
To delete a virtual machine or ESXi host without an agent
1. Under Devices, select All devices.
2. Click the gear icon in the upper right corner and enable the Agent column.
5 Backup
A backup plan is a set of rules that specify how the given data will be protected on a given machine.
A backup plan can be applied to multiple machines at the time of its creation, or later.
To create the first backup plan
1. Select the machines that you want to back up.
2. Click Backup.
The software displays a new backup plan template.
3. [Optional] To modify the backup plan name, click the default name.
4. [Optional] To modify the plan parameters, click the corresponding section of the backup plan
panel.
5. [Optional] To modify the backup options, click the gear icon.
6. Click Create.
SQL databases
Local folder (p. Always full (p. 67)
Direct selection (p. 63) 63) Weekly full, daily
Network folder incremental (p. 67)
Exchange databases (p. 63) Custom (F-I) (p. 67)
Tape device (p.
63)
Limitations
SFTP server and tape device
These locations cannot be a destination for application-aware backups.
The Always incremental (single-file) backup scheme is not available when backing up to these
locations.
The By total size of backups retention rule is not available for these locations.
NFS
Backup to NFS shares is not available in Windows.
Secure Zone
Secure Zone cannot be created on a Mac.
Always incremental (single-file)
The Always incremental (single-file) backup scheme is not available when backing up to an SFTP
server or a tape device.
By total size of backups
The By total size of backups retention rule is not available:
If the backup scheme is set to Always incremental (single-file)
When backing up to an SFTP server, a tape device, or a managed location with enabled
deduplication.
A file-level backup is not sufficient for recovery of the operating system. Choose file backup if you
plan to protect only certain data (the current project, for example). This will reduce the backup size,
thus saving storage space.
There are two ways of selecting files: directly on each machine or by using policy rules. Either
method allows you to further refine the selection by setting the file filters (p. 93).
Direct selection
1. In What to back up, select Files/folders.
2. Click Items to back up.
3. In Select items for backup, select Directly.
4. For each of the machines included in the backup plan:
a. Click Select files and folders.
b. Click Local folder or Network folder.
The share must be accessible from the selected machine.
c. Browse to the required files/folders or enter the path and click the arrow button. If
prompted, specify the user name and password for the shared folder.
Direct selection
Direct selection is available only for physical machines.
1. In What to back up, select Disks/volumes.
2. Click Items to back up.
3. In Select items for backup, select Directly.
4. For each of the machines included in the backup plan, select the check boxes next to the disks or
volumes to back up.
5. Click Done.
Using policy rules
1. In What to back up, select Disks/volumes.
2. Click Items to back up.
3. In Select items for backup, select Using policy rules.
4. Select any of the predefined rules, type your own rules, or combine both.
The policy rules will be applied to all of the machines included in the backup plan. If no data
meeting at least one of the rules is found on a machine when the backup starts, the backup will
fail on that machine.
5. Click Done.
Rules for Windows and Linux
[All volumes] selects all volumes on machines running Windows and all mounted volumes on
machines running Linux.
Rules for Windows
Drive letter (for example C:\) selects the volume with the specified drive letter.
[Fixed Volumes (Physical machines)] selects all volumes of physical machines, other than
removable media. Fixed volumes include volumes on SCSI, ATAPI, ATA, SSA, SAS, and SATA
devices, and on RAID arrays.
[BOOT+SYSTEM] selects the system and boot volumes. This combination is the minimal set of
data that ensures recovery of the operating system from the backup.
[Disk 1] selects the first disk of the machine, including all volumes on that disk. To select
another disk, type the corresponding number.
Rules for Linux
/dev/hda1 selects the first volume on the first IDE hard disk.
/dev/sda1 selects the first volume on the first SCSI hard disk.
/dev/md1 selects the first software RAID hard disk.
To select other basic volumes, specify /dev/xdyN, where:
"x" corresponds to the disk type
"y" corresponds to the disk number (a for the first disk, b for the second disk, and so on)
"N" is the volume number.
To select a logical volume, specify its path as it appears after running the ls /dev/mapper
command under the root account. For example:
This output shows two logical volumes, lv1 and lv2, that belong to the volume group vg_1. To back
up these volumes, enter:
/dev/mapper/vg_1-lv1
/dev/mapper/vg-l-lv2
With the sector-by-sector (raw mode) backup option (p. 103) enabled, a disk backup stores all the
disk sectors. The sector-by-sector backup can be used for backing up disks with unrecognized or
unsupported file systems and other proprietary data formats.
Windows
A volume backup stores all files and folders of the selected volume independent of their attributes
(including hidden and system files), the boot record, the file allocation table (FAT) if it exists, the root
and the zero track of the hard disk with the master boot record (MBR).
A disk backup stores all volumes of the selected disk (including hidden volumes such as the vendor's
maintenance partitions) and the zero track with the master boot record.
The following items are not included in a disk or volume backup (as well as in a file-level backup):
The swap file (pagefile.sys) and the file that keeps the RAM content when the machine goes into
hibernation (hiberfil.sys). After recovery, the files will be re-created in the appropriate place with
the zero size.
If the backup is performed under the operating system (as opposed to bootable media or backing
up virtual machines at a hypervisor level):
Windows shadow storage. The path to it is determined in the registry value VSS Default
Provider which can be found in the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBa
ckup. This means that in operating systems starting with Windows Vista, Windows Restore
Points are not backed up.
If the Volume Shadow Copy Service (VSS) backup option (p. 107) is enabled, files and folders
that are specified in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSn
apshot registry key.
Linux
A volume backup stores all files and directories of the selected volume independent of their
attributes, a boot record, and the file system super block.
A disk backup stores all disk volumes as well as the zero track with the master boot record.
The virtual machines running on the host are not included in the backup. They can be backed up and
recovered separately.
Should the disk experience a physical failure, the backups located in the Secure Zone may be lost.
That's why Secure Zone should not be the only location where a backup is stored. In enterprise
environments, Secure Zone can be thought of as an intermediate location used for backup when an
ordinary location is temporarily unavailable or connected through a slow or busy channel.
5.4 Schedule
You can choose one of the predefined backup schemes or create a custom scheme. A backup scheme
is a part of the backup plan that includes the backup schedule and the backup methods.
For example, you may want to set up a backup plan that will automatically perform an emergency
full backup of your data as soon as Windows discovers that your hard disk drive is about to fail.
To browse the events and view the event properties, use the Event Viewer snap-in available in the
Computer Management console. To be able to open the Security log, you must be a member of the
Administrators group.
Event properties
Log name
Specifies the name of the log. Select the name of a standard log (Application, Security, or
System) from the list, or type a log name—for example: Microsoft Office Sessions
Event source
Specifies the event source, which typically indicates the program or the system component that
caused the event—for example: disk
Event type
Specifies the event type: Error, Warning, Information, Audit success, or Audit failure.
Event ID
Specifies the event number, which typically identifies the particular kind of events among events
from the same source.
When Windows detects a bad block on a hard disk, it records an event with the event source disk
and the event number 7 into the System log; the type of this event is Error.
When creating the plan, type or select the following in the Schedule section:
Log name: System
Event source: disk
Event type: Error
Event ID: 7
Important To ensure that such a backup will complete despite the presence of bad blocks, you must make the
backup ignore bad blocks. To do this, in Backup options, go to Error handling, and then select the Ignore bad
sectors check box.
To access these settings, click Show more when setting up a schedule for a backup plan.
The scheduler behavior, in case the condition (or any of multiple conditions) is not met, is defined by
the Backup start conditions (p. 89) backup option. To handle the situation when the conditions are
not met for too long and further delaying the backup is becoming risky, you can set the time interval
after which the backup will run irrespective of the condition.
The table below lists the start conditions available for various data under Windows and Linux.
WHAT TO BACK Disks/volumes or Disks/volumes ESXi Exchange SQL
UP files (physical (virtual configuration databases and databases
machines) machines) mailboxes
Example
Run the backup on the machine every day at 21:00, preferably when the user is idle. If the user is still
active by 23:00, run the backup anyway.
Schedule: Daily, Run every day. Start at: 21:00.
Condition: User is idle.
Backup start conditions: Wait until the conditions are met, Start the backup anyway after 2
hour(s).
As a result,
(1) If the user becomes idle before 21:00, the backup will start at 21:00.
(2) If the user becomes idle between 21:00 and 23:00, the backup will start immediately after the
user becomes idle.
(3) If the user is still active at 23:00, the backup will start at 23:00.
This condition does not cover the availability of the location itself — only the host availability. For
example, if the host is available, but the network folder on this host is not shared or the credentials
for the folder are no longer valid, the condition is still considered met.
Example
Data is backed up to a network folder every workday at 21:00. If the machine that hosts the folder is
not available at that moment (for instance, due to maintenance work), you want to skip the backup
and wait for the scheduled start on the next workday.
Schedule: Daily, Run Monday to Friday. Start at: 21:00.
Condition: The backup location's host is available.
(1) If 21:00 comes and the host is available, the backup will start immediately.
(2) If 21:00 comes but the host is unavailable, the backup will start on the next workday if the host is
available.
(3) If the host is never available on workdays at 21:00, the backup will never start.
Example
Run the backup at 20:00 every Friday, preferably when all users are logged off. If one of the users is
still logged on at 23:00, run the backup anyway.
Schedule: Weekly, on Fridays. Start at: 20:00.
Condition: Users logged off.
Backup start conditions: Wait until the conditions are met, Start the backup anyway after 3
hour(s).
As a result:
(1) If all users are logged off at 20:00, the backup will start at 20:00.
(2) If the last user logs off between 20:00 and 23:00, the backup will start immediately after the user
logs off.
(3) If any user is still logged on at 23:00, the backup will start at 23:00.
Example
A company uses different locations on the same network-attached storage for backing up users' data
and servers. The workday starts at 08:00 and ends at 17:00. Users' data should be backed up as soon
as the users log off, but not earlier than 16:30. Every day at 23:00 the company's servers are backed
up. So, all the users' data should preferably be backed up before this time, in order to free network
bandwidth. It is assumed that backing up user's data takes no more than one hour, so the latest
backup start time is 22:00. If a user is still logged on within the specified time interval, or logs off at
any other time – do not back up the users' data, i.e., skip backup execution.
Event: When a user logs off the system. Specify the user account: Any user.
Condition: Fits the time interval from 16:30 to 22:00.
Backup start conditions: Skip the scheduled backup.
As a result:
(1) if the user logs off between 16:30 and 22:00, the backup will start immediately following the
logging off.
(1) If 21:00 comes and the device is connected to a power source, the backup will start immediately.
(2) If 21:00 comes and the device is running on battery power, the backup will start as soon as the
device is connected to a power source.
As an additional measure to prevent backups over mobile hotspots, when you enable the Do not
start when on metered connection condition, the condition Do not start when connected to the
following Wi-Fi networks is enabled automatically. The following network names are specified by
default: "android", "phone", "mobile", and "modem". You can delete these names from the list by
clicking on the X sign.
Example
Data is backed up every workday at 21:00. If the device is connected to the Internet by using a
metered connection (for instance, the user is on a business trip), you want to skip the backup to save
the network traffic and wait for the scheduled start on the next workday.
Schedule: Daily, Run Monday to Friday. Start at: 21:00.
Condition: Do not start when on metered connection.
Backup start conditions: Skip the scheduled backup.
As a result:
(2) If 21:00 comes and the device is connected to the Internet by using a metered connection, the
backup will start on the next workday.
(3) If the device is always connected to the Internet by using a metered connection on workdays at
21:00, the backup will never start.
The restriction applies to all networks that contain the specified name as a substring in their name,
case-insensitive. For example, if you specify "phone" as the network name, the backup will not start
when the device is connected to any of the following networks: "John's iPhone", "phone_wifi", or
"my_PHONE_wifi".
This condition is useful to prevent backups when the device is connected to the Internet by using a
mobile phone hotspot.
As an additional measure to prevent backups over mobile hotspots, the Do not start when
connected to the following Wi-Fi condition is enabled automatically when you enable the Do not
start when on metered connection condition. The following network names are specified by default:
"android", "phone", "mobile", and "modem". You can delete these names from the list by clicking on
the X sign.
Example
Data is backed up every workday at 21:00. If the device is connected to the Internet by using a
mobile hotspot (for example, a laptop is connected in the tethering mode), you want to skip the
backup and wait for the scheduled start on the next workday.
Schedule: Daily, Run Monday to Friday. Start at: 21:00.
Condition: Do not start when connected to the following networks, Network name: <SSID of
the hotspot network>.
Backup start conditions: Skip the scheduled backup.
As a result:
(1) If 21:00 comes and the machine is not connected to the specified network, the backup will start
immediately.
(2) If 21:00 comes and the machine is connected to the specified network, the backup will start on
the next workday.
(3) If the machine is always connected to the specified network on workdays at 21:00, the backup
will never start.
This condition is useful in the event of a user being overseas, to avoid large data transit charges. Also,
it helps to prevent backups over a Virtual Private Network (VPN) connection.
Example
Data is backed up every workday at 21:00. If the device is connected to the corporate network by
using a VPN tunnel (for instance, the user is working from home), you want to skip the backup and
wait until the user brings the device to the office.
Schedule: Daily, Run Monday to Friday. Start at: 21:00.
Condition: Check device IP address, Start if outside IP range, From: <beginning of the VPN IP
address range>, To: <end of the VPN IP address range>.
Backup start conditions: Wait until the conditions are met.
As a result:
(1) If 21:00 comes and the machine IP address is not in the specified range, the backup will start
immediately.
(2) If 21:00 comes and the machine IP address is in the specified range, the backup will start as soon
as the device obtains a non-VPN IP address.
(3) If the machine IP address is always in the specified range on workdays at 21:00, the backup will
never start.
5.6 Encryption
Important There is no way to recover encrypted backups if you lose or forget the password.
Saving the encryption settings on a machine affects the backup plans in the following way:
Backup plans that are already applied to the machine. If the encryption settings in a backup
plan are different, the backups will fail.
After the encryption settings are saved, they can be changed or reset as described below.
Important If a backup plan that runs on this machine has already created backups, changing the encryption
settings will cause this plan to fail. To continue backing up, create a new plan.
The encryption key is then encrypted with AES-256 using an SHA-256 hash of the password as a key.
The password itself is not stored anywhere on the disk or in the backups; the password hash is used
for verification purposes. With this two-level security, the backup data is protected from any
unauthorized access, but recovering a lost password is not possible.
Conversion methods
Regular conversion
There are two ways to configure a regular conversion:
Make the conversion a part of a backup plan (p. 79)
The conversion will be performed after each backup (if configured for the primary location)
or after each replication (if configured for the second and further locations).
Create a separate conversion plan (p. 135)
This method enables you to specify a separate conversion schedule.
Recovery to a new virtual machine (p. 111)
This method enables you to choose disks for recovery and adjust the settings for each virtual disk.
Use this method to perform the conversion once or occasionally, for example, to perform a
physical-to-virtual migration (p. 197).
To perform a conversion to VMware ESXi or Hyper-V, you need an ESXi or Hyper-V host and a backup
agent (Agent for VMware or Agent for Hyper-V) that manages this host.
Conversion to VHDX files assumes that the files will be connected as virtual disks to a Hyper-V virtual
machine.
The following table summarizes the virtual machine types that can be created by the agents:
VM type Agent for Agent for Agent for Agent for Linux
VMware Hyper-V Windows
VMware ESXi + – – –
Microsoft Hyper-V – + – –
VMware + + + +
Workstation
VHDX files + + + +
Limitations
Agent for Windows, Agent for VMware (Windows), and Agent for Hyper-V cannot convert
backups stored on NFS.
Backups stored on NFS or on an SFTP server cannot be converted in a separate conversion plan
(p. 135).
Backups stored in Secure Zone can be converted only by the agent running on the same machine.
Regular conversion takes CPU and memory resources. Files of the virtual machine constantly occupy
space on the datastore (storage). This may be not practical if a production host is used for conversion.
However, the virtual machine performance is limited only by the host resources.
In the second case, the resources are consumed only while the virtual machine is running. The
datastore (storage) space is required only to keep changes to the virtual disks. However, the virtual
machine may run slower, because the host does not access the virtual disks directly, but
communicates with the agent that reads data from the backup. In addition, the virtual machine is
temporary. Making the machine permanent is possible only for ESXi.
For information about prerequisites and limitations, please refer to "What you need to know about
conversion" (p. 78).
To set up a conversion to a virtual machine in a backup plan
1. Decide from which backup location you want to perform the conversion.
2. On the backup plan panel, click Convert to VM under this location.
3. Enable the Conversion switch.
4. In Convert to, select the type of the target virtual machine. You can select one of the following:
VMware ESXi
Microsoft Hyper-V
VMware Workstation
VHDX files
5. Do one of the following:
For VMware ESXi and Hyper-V: click Host, select the target host, and then specify the new
machine name template.
For other virtual machine types: in Path, specify where to save the virtual machine files and
the file name template.
The default name is [Machine Name]_converted.
6. [Optional] Click Agent that will perform conversion, and then select an agent.
To be able to update the virtual machine, the software stores a few intermediate snapshots of it.
They are named Backup… and Replica… and should be kept. Unneeded snapshots are deleted
automatically.
The latest Replica… snapshot corresponds to the result of the latest conversion. You can go to this
snapshot if you want to return the machine to that state; for example, if you worked with the
machine and now want to discard the changes made to it.
5.8 Replication
This section describes backup replication as a part of the backup plan. For information about creating
a separate replication plan, refer to "Off-host data processing" (p. 131).
If you enable backup replication, each backup will be copied to another location immediately after
creation. If earlier backups were not replicated (for example, the network connection was lost), the
software also replicates all of the backups that appeared after the last successful replication.
Replicated backups do not depend on the backups remaining in the original location and vice versa.
You can recover data from any backup, without access to other locations.
Usage examples
Reliable disaster recovery
Store your backups both on-site (for immediate recovery) and off-site (to secure the backups
from local storage failure or a natural disaster).
Keeping only the latest recovery points
Delete older backups from a fast storage according to retention rules, in order to not overuse
expensive storage space.
Supported locations
You can replicate a backup from any of these locations:
A local folder
A network folder
Secure Zone
An SFTP server
You can replicate a backup to any of these locations:
A local folder
A network folder
An SFTP server
A tape device
To enable replication of backups
1. On the backup plan panel, click Add location.
The Add location control is shown only if replication is supported from the last selected location.
2. Specify the location where the backups will be replicated.
3. [Optional] In How long to keep, change the retention rules for the chosen location, as described
in "Retention rules" (p. 75).
4. [Optional] In Convert to VM, specify the settings for conversion to a virtual machine, as
described in "Conversion to a virtual machine" (p. 78).
5. [Optional] Repeat steps 1-4 for all locations where you want to replicate the backups. Up to five
consecutive locations are supported, including the primary one.
The backup progress is shown in the Status column for the machine.
File-level Virtual
SQL and Exchange
backup machines
Windows
Windows
Windows
Hyper-V
Linux
Linux
ESXi
Windows
Windows
Windows
Hyper-V
Linux
Linux
ESXi
Re-attempt, if an error occurs + + + + + + +
Windows
Windows
Windows
Hyper-V
Linux
Linux
ESXi
Volume Shadow Copy Service + - + - - + +
(VSS) (p. 107)
Volume Shadow Copy Service - - - - + + -
(VSS) for virtual machines (p.
108)
Weekly backup (p. 108) + + + + + + +
5.10.1 Alerts
No successful backups for a specified number of consecutive days
The preset is: Disabled.
This option determines whether to generate an alert if no successful backups were performed by the
backup plan for a specified period of time. In addition to failed backups, the software counts backups
that did not run on schedule (missed backups).
The alerts are generated on a per-machine basis and are displayed on the Alerts tab.
You can specify the number of consecutive days without backups after which the alert is generated.
Consolidation is the process of combining two or more subsequent backups into a single backup.
If this option is enabled, a backup that should be deleted during cleanup is consolidated with the
next dependent backup (incremental or differential).
Otherwise, the backup is retained until all dependent backups become subject to deletion. This helps
avoid the potentially time-consuming consolidation, but requires extra space for storing backups
whose deletion is postponed. The backups' age or number can exceed the values specified in the
retention rules.
Important Please be aware that consolidation is just a method of deletion, but not an alternative to deletion.
The resulting backup will not contain data that was present in the deleted backup and was absent from the
retained incremental or differential backup.
However, if version 12 format is used, and multiple backup chains are present (every chain being
stored in a separate .tibx file), consolidation works only within the last chain. Any other chain is
deleted as a whole, except for the first one, which is shrunk to the minimum size to keep the meta
information (~12 KB). This meta information is required to ensure the data consistency during
simultaneous read and write operations. The backups included in these chains disappear from the
GUI as soon as the retention rule is applied, although they physically exist until the entire chain is
deleted.
In all other cases, backups whose deletion is postponed are marked with the trash can icon ( ) in
the GUI. If you delete such a backup by clicking the X sign, consolidation will be performed. Backups
stored on a tape disappear from the GUI only when the tape is overwritten or erased.
These names can be seen in a file manager when browsing the backup location.
Version 11 backup Multiple .tib files and one .xml metadata file
One .tib file and one .xml metadata file
format (traditional format)
Version 12 backup One .tibx file per backup chain (a full or differential backup, and all incremental
format backups that depend on it)
All files have the same name, with or without the addition of a timestamp or a sequence number.
You can define this name (referred to as the backup file name) when creating or editing a backup
plan.
After you change a backup file name, the next backup will be a full backup, unless you specify a file
name of an existing backup of the same machine. If the latter is the case, a full, incremental, or
differential backup will be created according to the backup plan schedule.
Note that it is possible to set backup file names for locations that cannot be browsed by a file
manager (such as a tape device). This makes sense if you want to see the custom names on the
Backups tab.
The default backup file name for mailbox backup is [Mailbox ID]_mailbox_[Plan ID]A.
The diagram below shows the default backup file name for mailboxes.
For the Version 12 format with the Always incremental (single-file) backup scheme:
MyBackup.tibx
For the Version 11 format with the Always incremental (single-file) backup scheme:
MyBackup.xml
MyBackup.tib
Using variables
Besides the variables that are used by default, you can use the [Plan name] variable, which is
replaced with the name of the backup plan.
If multiple machines or mailboxes are selected for backup, the backup file name must contain the
[Machine Name], the [Mailbox ID], or the [Unique ID] variable.
Usage examples
View user-friendly file names
You want to easily distinguish backups when browsing the backup location with a file manager.
Continue an existing sequence of backups
Let's assume a backup plan is applied to a single machine, and you have to remove this machine
from the backup console or to uninstall the agent along with its configuration settings. After the
machine is re-added or the agent is reinstalled, you can force the backup plan to continue
backing up to the same backup or backup sequence. Just go this option, click Select, and select
the required backup.
This option is not effective for mailbox backups. Mailbox backups always have the new format.
Version 12 backup One .tibx file per backup chain (a full or differential backup, and all incremental
format backups that depend on it)
Validation calculates a checksum for every data block that can be recovered from the backup.
Validation is a time-consuming process, even for an incremental or differential backup, which are
small in size. This is because the operation validates not only the data physically contained in the
backup, but all of the data recoverable by selecting the backup. This requires access to previously
created backups.
While the successful validation means a high probability of successful recovery, it does not check all
factors that influence the recovery process. If you back up the operating system, we recommend
performing a test recovery under the bootable media to a spare hard drive or running a virtual
machine from the backup (p. 176) in the ESXi or Hyper-V environment.
This option determines the program behavior in case a task is about to start (the scheduled time
comes or the event specified in the schedule occurs), but the condition (or any of multiple
conditions) is not met. For more information about conditions refer to "Start conditions" (p. 70).
The preset is: Wait until the conditions from the schedule are met.
To handle the situation when the conditions are not met for too long and further delaying the task is
becoming risky, you can set the time interval after which the task will run irrespective of the
condition. Select the Run the task anyway after check box and specify the time interval. The task will
start as soon as the conditions are met OR the maximum time delay lapses, depending on which
comes first.
This option determines whether to use Changed Block Tracking (CBT) when performing an
incremental or differential backup.
The CBT technology accelerates the backup process. Changes to the disk or database content are
continuously tracked at the block level. When a backup starts, the changes can be immediately saved
to the backup.
These options are effective for database-level backup of Microsoft SQL Server and Microsoft
Exchange Server.
These options are effective only if the cluster itself (Microsoft SQL Server Always On Availability
Groups (AAG) or Microsoft Exchange Server Database Availability Group (DAG)) is selected for backup,
rather than the individual nodes or databases inside of it. If you select individual items inside the
cluster, the backup will not be cluster-aware and only the selected copies of the items will be backed
up.
A higher compression level means that the backup process takes longer, but the resulting backup
occupies less space. Currently, the High and Maximum levels work similarly.
The optimal data compression level depends on the type of data being backed up. For example, even
maximum compression will not significantly reduce the backup size if the backup contains essentially
compressed files, such as .jpg, .pdf or .mp3. However, formats such as .doc or .xls will be compressed
well.
You can either use the system settings or override them with custom values that will be specific for
this plan only. The system settings are configured as described in "Email notifications" (p. 222).
Before enabling this option, ensure that the Email server (p. 222) settings are configured.
To customize email notifications for a backup plan
1. Select Customize the settings for this backup plan.
2. In the Recipients' email addresses field, type the destination email address. You can enter
several addresses separated by semicolons.
3. [Optional] In Subject, change the email notification subject.
You can use the following variables:
[Alert] - alert summary.
[Device] - device name.
[Plan] - the name of the plan that generated the alert.
[ManagementServer] - the host name of the machine where the management server is
installed.
[Unit] - the name of the unit to which the machine belongs.
The default subject is [Alert] Device: [Device] Plan: [Plan]
4. Select the check boxes for the events that you want to receive notifications about. You can select
from the list of all alerts that occur during backup, grouped by severity.
When a recoverable error occurs, the program re-attempts to perform the unsuccessful operation.
You can set the time interval and the number of attempts. The attempts will be stopped as soon as
the operation succeeds OR the specified number of attempts are performed, depending on which
comes first.
For example, if the backup destination on the network becomes unavailable or not reachable, the
program will attempt to reach the destination every 30 seconds, but no more than 30 times. The
attempts will be stopped as soon as the connection is resumed OR the specified number of attempts
is performed, depending on which comes first.
With the silent mode enabled, the program will automatically handle situations requiring user
interaction (except for handling bad sectors, which is defined as a separate option). If an operation
cannot continue without user interaction, it will fail. Details of the operation, including errors, if any,
can be found in the operation log.
When this option is disabled, each time the program comes across a bad sector, the backup activity
will be assigned the Interaction required status. In order to back up the valid information on a
When taking a virtual machine snapshot fails, the program re-attempts to perform the unsuccessful
operation. You can set the time interval and the number of attempts. The attempts will be stopped
as soon as the operation succeeds OR the specified number of attempts are performed, depending
on which comes first.
This option is not effective (always disabled) for volumes formatted with the JFS, ReiserFS3,
ReiserFS4, ReFS, or XFS file systems.
Incremental or differential backup captures only data changes. To speed up the backup process, the
program determines whether a file has changed or not by the file size and the date/time when the
file was last modified. Disabling this feature will make the program compare the entire file contents
to those stored in the backup.
File filters are available for both disk-level and file-level backup, unless stated otherwise.
To enable file filters
1. Select the data to back up.
2. Click the gear icon next to the backup plan name, and then click Backup options.
3. Select File filters.
4. Use any of the options described below.
Exclude files matching specific criteria
There are two options that function in an inverse manner.
Back up only files matching the following criteria
Example: If you select to back up the entire machine and specify C:\File.exe in the filter criteria,
only this file will be backed up.
Note This filter is not effective for file-level backup if Version 11 is selected in Backup format (p. 88).
You can use one or more wildcard characters (*, **, and ?) in the criterion. These characters can be
used both within the full path and in the file or folder name.
The asterisk (*) substitutes for zero or more characters in a file name. For example, the criterion
Doc*.txt matches files such as Doc.txt and Document.txt
The double asterisk (**) substitutes for zero or more characters in a file name and path, including the
slash character. For example, the criterion **/Docs/**.txt matches all txt files in all subfolders of all
folders Docs.
The question mark (?) substitutes for exactly one character in a file name. For example, the criterion
Doc?.txt matches files such as Doc1.txt and Docs.txt, but not the files Doc.txt or Doc11.txt
This option defines whether to back up files one by one or by taking an instant data snapshot.
Note Files that are stored on network shares are always backed up one by one.
This option defines whether the SQL Server transaction logs are truncated after a successful backup.
When this option is enabled, a database can be recovered only to a point in time of a backup created
by this software. Disable this option if you back up transaction logs by using the native backup engine
of Microsoft SQL Server. You will be able to apply the transaction logs after a recovery and thus
recover a database to any point in time.
This option is effective for disk-level backup of volumes managed by Linux Logical Volume Manager
(LVM). Such volumes are also called logical volumes.
This option defines how a snapshot of a logical volume is taken. The backup software can do this on
its own or rely on Linux Logical Volume Manager (LVM).
This option is effective only when you select for backup a folder that is higher in the folder hierarchy
than the mount point. (A mount point is a folder on which an additional volume is logically attached.)
If such folder (a parent folder) is selected for backup, and the Mount points option is enabled, all
files located on the mounted volume will be included in the backup. If the Mount points option is
disabled, the mount point in the backup will be empty.
Example
Let's assume that the C:\Data1\ folder is a mount point for the mounted volume. The volume
contains folders Folder1 and Folder2. You create a protection plan for file-level backup of your data.
If you select the check box for volume C and enable the Mount points option, the C:\Data1\ folder in
your backup will contain Folder1 and Folder2. When recovering the backed-up data, be aware of
proper using the Mount points option for recovery (p. 124).
If you select the check box for volume C, and disable the Mount points option, the C:\Data1\ folder
in your backup will be empty.
If you select the check box for the Data1, Folder1 or Folder2 folder, the checked folders will be
included in the backup as ordinary folders, regardless of the state of the Mount points option.
This option applies to disk-level backup. This option also applies to file-level backup when the
file-level backup is performed by taking a snapshot. (The "File-level backup snapshot" (p. 94) option
determines whether a snapshot is taken during file-level backup).
This option determines whether to take snapshots of multiple volumes at the same time or one by
one.
When this option is disabled, the volumes' snapshots are taken one after the other. As a result, if the
data spans several volumes, the resulting backup may be not consistent.
You can configure this option separately for each location specified in the backup plan. To configure
this option for a replication location, click the gear icon next to the location name, and then click
Performance and backup window.
This option is effective only for the backup and backup replication processes. Post-backup commands
and other operations included in a backup plan (validation, conversion to a virtual machine) will run
regardless of this option.
When this option is disabled, backups are allowed to run at any time, with the following parameters
(no matter if the parameters were changed against the preset value):
CPU priority: Low (in Windows, corresponds to Below normal).
Output speed: Unlimited.
When this option is enabled, scheduled backups are allowed or blocked according to the
performance parameters specified for the current hour. At the beginning of an hour when backups
are blocked, a backup process is automatically stopped and an alert is generated.
Even if scheduled backups are blocked, a backup can be started manually. It will use the performance
parameters of the most recent hour when backups were allowed.
Backup window
Each rectangle represents an hour within a week day. Click a rectangle to cycle through the following
states:
Green: backup is allowed with the parameters specified in the green section below.
Blue: backup is allowed with the parameters specified in the blue section below.
This state is not available if the backup format is set to Version 11.
Gray: backup is blocked.
CPU priority
This parameter defines the priority of the backup process in the operating system.
The priority of a process running in a system determines the amount of CPU and system resources
allocated to that process. Decreasing the backup priority will free more resources for other
This option sets the priority of the backup process (service_process.exe) in Windows and the
niceness of the backup process (service_process) in Linux and OS X.
When this option is enabled, you can specify the maximum allowed output speed:
As a percentage of the estimated writing speed of the destination hard disk (when backing up to
a local folder) or of the estimated maximum speed of the network connection (when backing up
to a network share).
This setting works only if the agent is running in Windows.
In KB/second (for all destinations).
The program does not support interactive commands, i.e. commands that require user input (for
example, "pause").
The following scheme illustrates when the pre/post data capture commands are executed.
<---------------------------- Backup ---------------------------->
Pre-backup Pre-data Data Post-data Post-backup
command capture capture capture command
command command
If the Volume Shadow Copy Service option (p. 107) is enabled, the commands' execution and the
Microsoft VSS actions will be sequenced as follows:
"Before data capture” commands -> VSS Suspend -> Data capture -> VSS Resume -> "After data
capture" commands.
By using the pre/post data capture commands, you can suspend and resume a database or
application that is not compatible with VSS. Because the data capture takes seconds, the database or
application idle time will be minimal.
This option determines whether to use the SAN snapshots when performing a backup.
If this option is disabled, the virtual disk content will be read from a VMware snapshot. The snapshot
will be kept for the whole duration of the backup.
Prior to enabling this option, please check and carry out the requirements listed in "Using SAN
hardware snapshots" (p. 186).
5.10.23 Scheduling
This option defines whether backups start as scheduled or with a delay, and how many virtual
machines are backed up simultaneously.
This option defines whether an exact copy of a disk or volume on a physical level is created.
If this option is enabled, all disk or volume's sectors will be backed up, including unallocated space
and those sectors that are free of data. The resulting backup will be equal in size to the disk being
5.10.25 Splitting
This option is effective for the Always full; Weekly full, Daily incremental; Monthly full, Weekly
differential, Daily incremental (GFS), and Custom backup schemes.
This option enables you to select the method of splitting of large backups into smaller files.
If this check box is selected, at each backup, the software creates supplementary files on a hard disk
of the machine where the tape device is attached. File recovery from disk backups is possible as long
as these supplementary files are intact. The files are deleted automatically when the tape storing the
respective backups is erased (p. 220), removed (p. 220) or overwritten.
If the supplementary files were not created during backup, or have been deleted, you still can create
them by rescanning (p. 218) the tapes where the backup is stored.
Move a tape back to the slot after each successful backup of each machine
The preset is: Enabled.
If both this option and the Eject tapes after each successful backup of each machine option are
enabled, the tape will be ejected.
When this check box is selected, the software will eject tapes after any successful backup of each
machine. If, according to the backup plan, other operations follow the backup (such as the backup
validation or replication to another location), the tapes will be ejected after completion of these
operations.
Overwrite a tape in the stand-alone tape drive when creating a full backup
The preset is: Disabled.
The option applies only to stand-alone tape drives. When this option is enabled, a tape inserted into
a drive will be overwritten every time a full backup is created.
A tape pool contains tapes from all tape devices attached to a machine. When you select a tape pool
as a backup location, you indirectly select the machine to which the tape device(s) are attached. By
default, backups can be written to tapes through any tape drive on any tape device attached to that
machine. If some of the devices or drives are missing or not operational, the backup plan will use
those that are available.
You can click Only selected devices and drives, and then choose tape devices and drives from the list.
By selecting an entire device, you select all of its drives. This means that any of these drives can be
used by the backup plan. If the selected device or drive is missing or is not operational, and no other
devices are selected, the backup will fail.
By using this option, you can control backups performed by multiple agents to a large tape library
with multiple drives. For example, a backup of a large file server or file share may not start if multiple
agents back up their machines during the same backup window, because the agents occupy all of the
drives. If you allow the agents to use, say, drives 2 and 3, drive 1 becomes reserved for the agent that
backs up the share.
Use tape sets within the tape pool selected for backup
The preset is: Disabled.
Tapes within one pool can be grouped into so-called tape sets.
If you leave this option disabled, data will be backed up on all tapes belonging to a pool. If the option
is enabled, you can separate backups according to the predefined or custom rules.
Use a separate tape set for each (choose a rule: Backup type, Device type, Device name, Day in
month, Day of week, Month of year, Year, Date)
For example, if you specify tape set Monday for Tape 1, Tuesday for Tape 2, etc. and specify
[Weekday] in the backup options, the corresponding tape will be used on the respective day of the
week.
The option defines whether a Volume Shadow Copy Service (VSS) provider has to notify VSS-aware
applications that the backup is about to start. This ensures the consistent state of all data used by the
applications; in particular, completion of all database transactions at the moment of taking the data
snapshot by the backup software. Data consistency, in turn, ensures that the application will be
recovered in the correct state and become operational immediately after recovery.
If this option is enabled, transactions of all VSS-aware applications running in a virtual machine are
completed before taking snapshot. If a quiesced snapshot fails after the number of re-attempts
specified in the "Error handling" (p. 92) option, and application backup is disabled, a non-quiesced
snapshot is taken. If application backup is enabled, the backup fails.
If this option is disabled, a non-quiesced snapshot is taken. The virtual machine will be backed up in a
crash-consistent state.
This option defines whether the agents have to log events of the backup operations in the
Application Event Log of Windows (to see this log, run eventvwr.exe or select Control Panel >
Administrative tools > Event Viewer). You can filter the events to be logged.
6 Recovery
6.1 Recovery cheat sheet
The following table summarizes the available recovery methods. Use the table to choose a recovery
method that best fits your need.
What to recover Recovery method
Physical machine Using the web interface (p. 109)
(Windows or Linux) Using bootable media (p. 114)
SQL databases
Using the web interface (p. 169)
Exchange databases
Exchange mailboxes
Oracle databases Using Oracle Explorer tool (p. 173)
We highly recommend that you create and test a bootable media as soon as you start using disk-level
backup. Also, it is a good practice to re-create the media after each major update of the backup
agent.
You can recover either Windows or Linux by using the same media.
To create bootable media in Windows or Linux
1. Download the bootable media ISO file. To download the file, click the account icon in the
top-right corner > Downloads > Bootable media.
2. Do any of the following:
Burn a CD/DVD using the ISO file.
Create a bootable USB flash drive by using the ISO file and one of the free tools available
online.
Use ISO to USB or RUFUS if you need to boot an UEFI machine, Win32DiskImager for a
BIOS machine. In Linux, using the dd utility makes sense.
Connect the ISO file as a CD/DVD drive to the virtual machine that you want to recover.
Alternatively, you can create bootable media by using Bootable Media Builder (p. 136).
Use bootable media instead of the web interface if you need to recover:
Any operating system to bare metal or to an offline machine
The structure of logical volumes (volumes created by Logical Volume Manager in Linux). The
media enables you to recreate the logical volume structure automatically.
5. If you are unsatisfied with the mapping result or if the disk mapping fails, click Disk mapping to
re-map the disks manually.
For more information about P2V migration, refer to "Machine migration" (p. 197).
To recover a physical machine as a virtual machine
1. Select the backed-up machine.
2. Click Recovery.
3. Select a recovery point. Note that recovery points are filtered by location.
If the machine is offline, the recovery points are not displayed. Do any of the following:
If the backup location is shared storage (i.e. other agents can access it), click Select machine,
select a machine that is online, and then select a recovery point.
Select a recovery point on the Backups tab (p. 127).
This behavior can be changed by using the VM power management recovery option (click Recovery
options > VM power management).
To recover a virtual machine
1. Do one of the following:
Select a backed-up machine, click Recovery, and then select a recovery point.
Select a recovery point on the Backups tab (p. 127).
2. Click Recover > Entire machine.
3. If you want to recover to a physical machine, select Physical machine in Recover to. Otherwise,
skip this step.
Recovery to a physical machine is possible only if the disk configuration of the target machine
exactly matches the disk configuration in the backup.
If this is the case, continue to step 4 in "Physical machine" (p. 109). Otherwise, we recommend
that you perform the V2P migration by using bootable media (p. 114).
4. The software automatically selects the original machine as the target machine.
To recover to another virtual machine, click Target machine, and then do the following:
a. Select the hypervisor (VMware ESXi or Hyper-V).
b. Select whether to recover to a new or existing machine.
c. Select the host and specify the new machine name, or select an existing target machine.
d. Click OK.
5. [Optional] When recovering to a new machine, you can also do the following:
Click Datastore for ESXi or Path for Hyper-V, and then select the datastore (storage) for the
virtual machine.
Click Disk mapping to select the datastore (storage), interface, and provisioning mode for
each virtual disk. The mapping section also enables you to choose individual disks for
recovery.
11. [When recovering Linux] If the backed-up machine had logical volumes (LVM) and you want to
reproduce the original LVM structure:
a. Ensure that the number of the target machine disks and each disk capacity are equal to or
exceed those of the original machine, and then click Apply RAID/LVM.
b. Review the volume structure, and then click Apply RAID/LVM to create it.
12. [Optional] Click Recovery options to specify additional settings.
13. Click OK to start the recovery.
Universal Restore will perform the recursive search in all the sub-folders of the specified folder, find
the most suitable HAL and HDD controller drivers of all those available, and install them into the
system. Universal Restore also searches for the network adapter driver; the path to the found driver
is then transmitted by Universal Restore to the operating system. If the hardware has multiple
network interface cards, Universal Restore will try to configure all the cards' drivers.
If Universal Restore cannot find a compatible driver in the specified locations, it will display a prompt
about the problem device. Do one of the following:
Add the driver to any of the previously specified locations and click Retry.
After that, you will be able to configure the network connection and specify drivers for the video
adapter, USB and other devices.
When Universal Restore is applied to a Linux operating system, it updates a temporary file system
known as the initial RAM disk (initrd). This ensures that the operating system can boot on the new
hardware.
Universal Restore adds modules for the new hardware (including device drivers) to the initial RAM
disk. As a rule, it finds the necessary modules in the /lib/modules directory. If Universal Restore
cannot find a module it needs, it records the module’s file name into the log.
Universal Restore may modify the configuration of the GRUB boot loader. This may be required, for
example, to ensure the system bootability when the new machine has a different volume layout than
the original machine.
The initial RAM disk is stored on the machine in a file. Before updating the initial RAM disk for the
first time, Universal Restore saves a copy of it to the same directory. The name of the copy is the
name of the file, followed by the _acronis_backup.img suffix. This copy will not be overwritten if you
run Universal Restore more than once (for example, after you have added missing drivers).
Requirements
This functionality is available only in Windows by using File Explorer.
A backup agent must be installed on the machine from which you browse a backup.
The backed-up file system must be one of the following: FAT16, FAT32, NTFS, ReFS, Ext2, Ext3,
Ext4, XFS, or HFS+.
The backup must be stored in a local folder or on a network share (SMB/CIFS).
To extract files from a backup
1. Browse to the backup location by using File Explorer.
2. Double-click the backup file. The file names are based on the following template:
<machine name> - <backup plan GUID>
3. If the backup is encrypted, enter the encryption password. Otherwise, skip this step.
File Explorer displays the recovery points.
4. Double-click the recovery point.
File Explorer displays the backed-up data.
5. Browse to the required folder.
6. Copy the required files to any folder on the file system.
If you are recovering an ESXi configuration to a non-original host and the original ESXi host is still
connected to the vCenter Server, disconnect and remove this host from the vCenter Server to avoid
unexpected issues during the recovery. If you want to keep the original host along with the
recovered one, you can add it again after the recovery is complete.
The virtual machines running on the host are not included in an ESXi configuration backup. They can
be backed up and recovered separately.
To recover an ESXi configuration
1. Boot the target machine by using the bootable media.
2. Click Manage this machine locally.
3. On the welcome screen, click Recover.
4. Click Select data, and then click Browse.
Windows
Windows
Bootable
Bootable
ESXi and
Hyper-V
media
media
Linux
Linux
Backup + + + + + + + +
validation (p.
121)
Boot mode (p. + - - - - - + -
121)
Date and time - - - + + + - -
for files (p. 122)
Error handling + + + + + + + +
(p. 123)
Windows
Windows
Windows
Bootable
Bootable
ESXi and
Hyper-V
media
media
Linux
Linux
File exclusions - - - + + + - -
(p. 123)
Flashback (p. + + + - - - + -
123)
Full path - - - + + + - -
recovery (p. 124)
Mount points (p. - - - + - - - -
124)
Performance (p. + + - + + - + +
124)
Pre/post + + - + + - + +
commands (p.
124)
SID changing (p. + - - - - - - -
126)
VM power - - - - - - + -
management (p.
126)
Windows event + - - + - - Hyper-V +
log (p. 126) only
Validation calculates a checksum for every data block saved in the backup.
Validation is a time-consuming process, even for an incremental or differential backup, which are
small in size. This is because the operation validates not only the data physically contained in the
backup, but all of the data recoverable by selecting the backup. This requires access to previously
created backups.
This option enables you to select the boot mode (BIOS or UEFI) that Windows will use after the
recovery. If the boot mode of the original machine is different from the selected boot mode, the
software will:
Recommendations
If you need to transfer Windows between UEFI and BIOS:
Recover the entire disk where the system volume is located. If you recover only the system
volume on top of an existing volume, the agent will not be able to initialize the target disk
properly.
Remember that BIOS does not allow using more than 2 TB of disk space.
Limitations
Transferring between UEFI and BIOS is supported for:
64-bit Windows operating systems starting with Windows Vista SP1
64-bit Windows Server operating systems starting with Windows Server 2008 SP1
Transferring between UEFI and BIOS is not supported if the backup is stored on a tape device.
When transferring a system between UEFI and BIOS is not supported, the agent behaves as if the As
on the backed-up machine setting is chosen. If the target machine supports both UEFI and BIOS, you
need to manually enable the boot mode corresponding to the original machine. Otherwise, the
system will not boot.
This option defines whether to recover the files' date and time from the backup or assign the files the
current date and time.
When a recoverable error occurs, the program re-attempts to perform the unsuccessful operation.
You can set the time interval and the number of attempts. The attempts will be stopped as soon as
the operation succeeds OR the specified number of attempts are performed, depending on which
comes first.
With the silent mode enabled, the program will automatically handle situations requiring user
interaction where possible. If an operation cannot continue without user interaction, it will fail.
Details of the operation, including errors, if any, can be found in the operation log.
When this option is enabled, you can specify a folder on the local disk (including flash or HDD drives
attached to the target machine) or on a network share where the log, system information, and crash
dump files will be saved. This file will help the technical support personnel to identify the problem.
The option defines which files and folders to skip during the recovery process and thus exclude from
the list of recovered items.
Note Exclusions override the selection of data items to recover. For example, if you select to recover file
MyFile.tmp and to exclude all .tmp files, file MyFile.tmp will not be recovered.
6.6.6 Flashback
This option is effective when recovering disks and volumes on physical and virtual machines.
If the option is enabled, only the differences between the data in the backup and the target disk data
are recovered. This accelerates data recovery to the same disk as was backed up, especially if the
volume layout of the disk has not changed. The data is compared at the block level.
For physical machines, comparing the data at the block level is a time-consuming operation. If the
connection to the backup storage is fast, it will take less time to recover the entire disk than to
If this option is enabled, the full path to the file will be re-created in the target location.
Enable this option to recover files and folders that were stored on the mounted volumes and were
backed up with the enabled Mount points (p. 95) option.
This option is effective only when you select for recovery a folder that is higher in the folder
hierarchy than the mount point. If you select for recovery folders within the mount point or the
mount point itself, the selected items will be recovered regardless of the Mount points option value.
Note Please be aware that if the volume is not mounted at the moment of recovery, the data will be recovered
directly to the folder that has been the mount point at the time of backing up.
6.6.9 Performance
This option defines the priority of the recovery process in the operating system.
The priority of a process running in a system determines the amount of CPU and system resources
allocated to that process. Decreasing the recovery priority will free more resources for other
applications. Increasing the recovery priority might speed up the recovery process by requesting the
operating system to allocate more resources to the application that will perform the recovery.
However, the resulting effect will depend on the overall CPU usage and other factors like disk I/O
speed or network traffic.
A post-recovery command will not be executed if the recovery proceeds with reboot.
This option is not effective when recovery to a virtual machine is performed by Agent for VMware or
Agent for Hyper-V.
The software can generate a unique security identifier (Computer SID) for the recovered operating
system. You only need this option to ensure operability of third-party software that depends on
Computer SID.
Microsoft does not officially support changing SID on a deployed or recovered system. So use this
option at your own risk.
Recovery to an existing virtual machine is not possible if the machine is online, and so the machine is
powered off automatically as soon as the recovery starts. Users will be disconnected from the
machine and any unsaved data will be lost.
Clear the check box for this option if you prefer to power off virtual machines manually before the
recovery.
After a machine is recovered from a backup to another machine, there is a chance the existing
machine's replica will appear on the network. To be on the safe side, power on the recovered virtual
machine manually, after you take the necessary precautions.
This option defines whether the agents have to log events of the recovery operations in the
Application Event Log of Windows (to see this log, run eventvwr.exe or select Control Panel >
Administrative tools > Event Viewer). You can filter the events to be logged.
Backups that are stored in a shared location (such as an SMB or NFS share) are visible to all users that
have the read permission for the location.
Backup locations that are used in backup plans are automatically added to the Backups tab. To add a
custom folder (for example, a detachable USB device) to the list of backup locations, click Browse
and specify the folder path.
To select a recovery point by using the Backups tab
1. On the Backups tab, select the location where the backups are stored.
The software displays all backups that your account is allowed to view in the selected location.
The backups are combined in groups. The group names are based on the following template:
<machine name> - <backup plan name>
2. Select a group from which you want to recover the data.
3. [Optional] Click Change next to Machine to browse from, and then select another machine.
Some backups can only be browsed by specific agents. For example, you must select a machine
running Agent for SQL to browse the backups of Microsoft SQL Server databases.
Important Please be aware that the Machine to browse from is a default destination for recovery from a
physical machine backup. After you select a recovery point and click Recover, double check the Target
machine setting to ensure that you want to recover to this specific machine. To change the recovery
destination, specify another machine in Machine to browse from.
4. Click Show backups.
5. Select the recovery point.
Mounting volumes in the read/write mode enables you to modify the backup content; that is, save,
move, create, delete files or folders, and run executables consisting of one file. In this mode, the
software creates an incremental backup that contains the changes you make to the backup content.
Please be aware that none of the subsequent backups will contain these changes.
Requirements
This functionality is available only in Windows by using File Explorer.
Agent for Windows must be installed on the machine that performs the mount operation.
The backed-up file system must be supported by the Windows version that the machine is
running.
The backup must be stored in a local folder, on a network share (SMB/CIFS), or in the Secure
Zone.
The backup file name (p. 85) of the exported backup depends on the value of the backup format (p.
88) option:
For the Version 12 format with any backup scheme, the backup file name is the same as that of
the original backup, except for the sequence number. If multiple backups from the same backup
chain are exported to the same location, a four-digit sequence number is appended to the file
names of all backups except for the first one.
For the Version 11 format with the Always incremental (single-file) backup scheme, the backup
file name exactly matches the backup file name of the original backup. If multiple backups from
the same backup chain are exported to the same location, every export operation overwrites the
previously exported backup.
For the Version 11 format with other backup schemes, the backup file name is the same as that
of the original backup, except for the timestamp. The timestamps of the exported backups
correspond to the time when the export is performed.
The exported backup inherits the encryption settings and password from the original backup. When
exporting an encrypted backup, you must specify the password.
To export a backup
1. Select the backed-up machine.
2. Click Recovery.
3. Select a recovery point. Note that recovery points are filtered by location.
If the machine is offline, the recovery points are not displayed. Do any of the following:
If the backup location is a shared storage (i.e. other agents can access it), click Select
machine, select a target machine that is online, and then select a recovery point.
Select a recovery point on the Backups tab (p. 127).
4. Click the gear icon, and then click Export.
5. Select the agent that will perform the export.
6. If the backup is encrypted, provide the encryption password. Otherwise, skip this step.
7. Specify the export destination.
8. Click Start.
In each section, you can create, edit, disable, enable, delete, start the execution, and inspect the
execution status of a plan.
Cloning and stopping are available only for backup plans. Unlike stopping a backup from the Devices
tab, the backup plan will be stopped on all devices where it is running. If the backup start is
distributed in time for multiple devices, stopping the backup plan will also prevent it from starting on
the devices where it is not running yet.
You can also export a plan to a file and import a previously exported plan.
Most actions that are a part of a backup plan, such as replication, validation, and applying retention
rules, are performed by the agent that performs the backup. This puts additional workload on the
machine where the agent is running, even after the backup process is complete.
Separating the replication, validation, cleanup, and conversion plans from backup plans gives you the
flexibility:
To choose another agent(s) for performing these operations
To schedule these operations for off-peak hours to minimize network bandwidth consumption
To shift these operations outside of business hours, if setting up a dedicated agent is not in your
plans
Unlike the backup and VM replication plans, which employ the time settings of machines running the
agents, the off-host data processing plans run according to the time settings of the management
server machine.
Local folder + +
NFS folder – –
Secure Zone – –
SFTP server – –
Tape device – +
9.1.2 Validation
Validation is an operation that checks the possibility of data recovery from a backup.
Validation of a backup location validates all the backups stored in the location.
How it works
A validation plan offers two validation methods. If you select both methods, the operations will be
performed consecutively.
Calculating a checksum for every data block saved in a backup
For more information about validation by calculating a checksum, refer to "Backup validation" (p.
89).
Running a virtual machine from a backup
Supported locations
The following table summarizes backup locations supported by validation plans.
Backup location Calculating a checksum Running a VM
Local folder + +
Network folder + +
NFS folder – –
Secure Zone – –
SFTP server – –
Tape device + –
9.1.3 Cleanup
Cleanup is an operation that deletes outdated backups according to the retention rules.
Supported locations
Cleanup plans support all backup locations, except for NFS folders, SFTP servers, and Secure Zone.
For information about prerequisites and limitations, please refer to "What you need to know about
conversion" (p. 78).
To create a plan for conversion to a virtual machine
1. Click Plans > Conversion to VM.
2. Click Create plan.
The software displays a new plan template.
3. [Optional] To modify the plan name, click the default name.
4. In Convert to, select the type of the target virtual machine. You can select one of the following:
VMware ESXi
Microsoft Hyper-V
VMware Workstation
VHDX files
5. Do one of the following:
For VMware ESXi and Hyper-V: click Host, select the target host, and then specify the new
machine name template.
For other virtual machine types: in Path, specify where to save the virtual machine files and
the file name template.
The default name is [Machine Name]_converted.
6. Click Agent, and then select the agent that will perform the conversion.
7. Click Items to convert, and then select the backups that this plan will convert to virtual
machines.
You can switch between selecting backups and selecting entire locations by using the Locations /
Backups switch in the top-right corner.
If the selected backups are encrypted, all of them must use the same encryption password. For
backups that use different encryption passwords, create separate plans.
8. [Only for VMware ESXi and Hyper-V] Click Datastore for ESXi or Path for Hyper-V, and then select
the datastore (storage) for the virtual machine.
9. [Optional] For VMware ESXi and Hyper-V, you can also do the following:
Change the disk provisioning mode. The default setting is Thin for VMware ESXi and
Dynamically expanding for Hyper-V.
Click VM settings to change the memory size, the number of processors, and the network
connections of the virtual machine.
10. [Optional] Click Schedule, and then change the schedule.
11. If the backups selected in Items to convert are encrypted, enable the Backup password switch,
and then provide the encryption password. Otherwise, skip this step.
12. [Optional] To modify the plan options, click the gear icon.
13. Click Create.
Bootable Media Builder is installed by default when you install the management server. You can
install the media builder separately on any machine running Windows or Linux. The supported
operating systems are the same as for the corresponding agents.
Please remember that in most cases you need a 64-bit media to boot a machine that uses Unified
Extensible Firmware Interface (UEFI).
These parameters are typically used when experiencing problems while working with the bootable
media. Normally, you can leave this field empty.
You can also specify any of these parameters by pressing F11 while in the boot menu.
acpi=off
Disables Advanced Configuration and Power Interface (ACPI). You may want to use this
parameter when experiencing problems with a particular hardware configuration.
noapic
Disables Advanced Programmable Interrupt Controller (APIC). You may want to use this
parameter when experiencing problems with a particular hardware configuration.
vga=ask
Prompts for the video mode to be used by the bootable media's graphical user interface.
Without the vga parameter, the video mode is detected automatically.
vga=mode_number
Specifies the video mode to be used by the bootable media's graphical user interface. The mode
number is given by mode_number in the hexadecimal format—for example: vga=0x318
Screen resolution and the number of colors corresponding to a mode number may be different
on different machines. We recommend using the vga=ask parameter first to choose a value for
mode_number.
quiet
Disables displaying of startup messages when the Linux kernel is loading, and starts the
management console after the kernel is loaded.
This parameter is implicitly specified when creating the bootable media, but you can remove this
parameter while in the boot menu.
Without this parameter, all startup messages will be displayed, followed by a command prompt.
To start the management console from the command prompt, run the command: /bin/product
nousb
Disables loading of the USB (Universal Serial Bus) subsystem.
nousb2
Disables USB 2.0 support. USB 1.1 devices still work with this parameter. This parameter allows
you to use some USB drives in the USB 1.1 mode if they do not work in the USB 2.0 mode.
nodma
Disables direct memory access (DMA) for all IDE hard disk drives. Prevents the kernel from
freezing on some hardware.
nofw
Disables the FireWire (IEEE1394) interface support.
nopcmcia
Disables detection of PCMCIA hardware.
nomouse
Disables mouse support.
module_name=off
If you want the bootable media to perform a determined set of operations, you can specify a script
while creating the media in Bootable Media Builder. Every time the media boots, it will run this script
instead of displaying the user interface.
You can select one of the predefined scripts or create a custom script by following the scripting
conventions.
Predefined scripts
Bootable Media Builder provides the following predefined scripts:
Backup to and recovery from the bootable media (entire_pc_local)
Backup to and recovery from a network share (entire_pc_share)
The scripts can be found on the machine where Bootable Media Builder is installed, in the following
directories:
In Windows: %ProgramData%\Acronis\MediaBuilder\scripts\
In Linux: /var/lib/Acronis/MediaBuilder/scripts/
Backup to and recovery from the bootable media
This script will back up a machine to the bootable media or recover the machine from its most recent
backup created by this script on the same media. On its start, the script will prompt the user to
choose between backup, recovery, and starting the user interface.
In Bootable Media Builder, you can specify a password that the script will use to encrypt or access
the backups.
Custom scripts
Important Creating custom scripts requires the knowledge of the Bash command language and JavaScript
Object Notation (JSON). If you are not familiar with Bash, a good place to learn it is
http://www.tldp.org/LDP/abs/html. The JSON specification is available at http://www.json.org.
Files of a script
Your script must be located in the following directories on the machine where Bootable Media
Builder is installed:
In Windows: %ProgramData%\Acronis\MediaBuilder\scripts\
In Linux: /var/lib/Acronis/MediaBuilder/scripts/
The script must consist of at least three files:
<script_file>.sh - a file with your Bash script. When creating the script, use only a limited set of
shell commands, which you can find at https://busybox.net/downloads/BusyBox.html. Also, the
following commands can be used:
acrocmd - the command-line utility for backup and recovery
product - the command that starts the bootable media user interface
This file and any additional files that the script includes (for example, by using the dot command)
must be located in the bin subfolder. In the script, specify the additional file paths as
/ConfigurationFiles/bin/<some_file>.
autostart - a file for starting <script_file>.sh. The file contents must be as follows:
#!/bin/sh
. /ConfigurationFiles/bin/variables.sh
. /ConfigurationFiles/bin/<script_file>.sh
. /ConfigurationFiles/bin/post_actions.sh
autostart.json - a JSON file that contains the following:
The script name and description to be displayed in Bootable Media Builder.
The names of the script variables to be configured via Bootable Media Builder.
The parameters of controls that will be displayed in Bootable Media Builder for each
variable.
Variable object
Pair Required Description
Name Value type
displayName string Yes The variable name used in <script_file>.sh.
type string Yes The type of a control that is displayed in Bootable Media Builder.
This control is used to configure the variable value.
For all supported types, see the table below.
description string Yes The control label that is displayed above the control in Bootable
Media Builder.
default string if type No The default value for the control. If the pair is not specified, the
is string, default value will be an empty string or a zero, based on the
multiString control type.
, password,
or enum The default value for a check box can be 0 (the cleared state) or 1
number if (the selected state).
type is
number,
spinner, or
checkbox
order number Yes The control order in Bootable Media Builder. The higher the
(non-negative) value, the lower the control is placed relative to other controls
defined in autostart.json. The initial value must be 0.
min number No The minimum value of the spin control in a spin box. If the pair is
(for spinner not specified, the value will be 0.
only)
max number No The maximum value of the spin control in a spin box. If the pair is
(for spinner not specified, the value will be 100.
only)
step number No The step value of the spin control in a spin box. If the pair is not
(for spinner specified, the value will be 1.
only)
items array of strings Yes The values for a drop-down list.
(for enum only)
Control type
Name Description
string A single-line, unconstrained text box used to enter or edit short strings.
multiString A multi-line, unconstrained text box used to enter or edit long strings.
password A single-line, unconstrained text box used to enter passwords securely.
number A single-line, numeric-only text box used to enter or edit numbers.
spinner A single-line, numeric-only text box used to enter or edit numbers, with a spin control. Also,
called a spin box.
enum A standard drop-down list, with a fixed set of predetermined values.
checkbox A check box with two states - the cleared state or the selected state.
The sample autostart.json below contains all possible types of controls that can be used to configure
variables for <script_file>.sh.
{
"displayName": "Autostart script name",
"description": "This is an autostart script description.",
"variables": {
"var_string": {
"displayName": "VAR_STRING",
"type": "string", "order": 1,
"description": "This is a 'string' control:", "default": "Hello,
world!"
},
"var_multistring": {
"displayName": "VAR_MULTISTRING",
"type": "multiString", "order": 2,
"description": "This is a 'multiString' control:",
"default": "Lorem ipsum dolor sit amet,\nconsectetur adipiscing elit."
},
"var_number": {
"displayName": "VAR_NUMBER",
"type": "number", "order": 3,
"description": "This is a 'number' control:", "default": 10
},
"var_spinner": {
"displayName": "VAR_SPINNER",
Registering the media enables you to manage the media via the backup console as if it was a
registered machine. Besides the convenience of remote access, this grants an administrator the
capability to trace all operations performed under bootable media. The operations are logged in
Activities, so it is possible to see who and when started an operation.
If the registration was not pre-configured, it is still possible to register the media after booting the
machine from it (p. 150).
To pre-configure registration on the management server
1. Select the Register media on the management server check box.
2. In Server name or IP, specify the host name or IP address of the machine where the
management server is installed. You can use one of the following formats:
http://<server>. For example, http://10.250.10.10 or http://server1
<IP address>. For example, 10.250.10.10
<host name>. For example, server1 or server1.example.com
3. In Port, specify the port that will be used to access the management server. The default value is
9877.
4. In Display name, specify the name that will be displayed for this machine in the backup console.
If you leave this field empty, the display name will be set to one of the following:
If the machine was previously registered on the management server, it will have the same
name.
Otherwise, either the fully qualified domain name (FQDN) or the IP address of the machine
will be used.
5. Select which account will be used to register the media on the management server. The
following options are available:
Ask for user name and password at booting up
The credentials will have to be provided every time a machine is booted from the media.
For successful registration, the account must be in the list of the management server
administrators (Settings > Administrators). In the backup console, the media will be available
under the organization or under a specific unit, according to the permissions given to the
specified account.
In the bootable media interface, it will be possible to change the user name and password by
clicking Tools > Register media on the management server.
Register under the following account
The machine will be registered automatically every time it is booted from the media.
The account you specify must be in the list of the management server administrators
(Settings > Administrators). In the backup console, the media will be available under the
organization or under a specific unit, according to the permissions given to the specified
account.
In the bootable media interface, it will not be possible to change the registration parameters.
Do not ask for user name and password
The machine will be registered anonymously, unless anonymous registration on the
management server is disabled (p. 224).
You can change the settings, except for the MAC address; or configure the settings for a non-existent
NIC, if need be.
Once the bootable agent starts on the server, it retrieves the list of available NICs. This list is sorted
by the slots the NICs occupy: the closest to the processor on top.
The bootable agent assigns each known NIC the appropriate settings, identifying the NICs by their
MAC addresses. After the NICs with known MAC addresses are configured, the remaining NICs are
assigned the settings that you have made for non-existent NICs, starting from the upper
non-assigned NIC.
You can customize bootable media for any machine, and not only for the machine where the media
is created. To do so, configure the NICs according to their slot order on that machine: NIC1 occupies
the slot closest to the processor, NIC2 is in the next slot and so on. When the bootable agent starts
on that machine, it will find no NICs with known MAC addresses and will configure the NICs in the
same order as you did.
Example
The bootable agent could use one of the network adapters for communication with the management
console through the production network. Automatic configuration could be done for this connection.
Sizeable data for recovery could be transferred through the second NIC, included in the dedicated
backup network by means of static TCP/IP settings.
Adding drivers to bootable media is available when you are creating a removable media or its ISO or
detachable media, such as a flash drive. Drivers cannot be uploaded on WDS/RIS.
The drivers can be added to the list only in groups, by adding the INF files or folders containing such
files. Selecting individual drivers from the INF files is not possible, but the media builder shows the
file content for your information.
To add drivers:
1. Click Add and browse to the INF file or a folder that contains INF files.
2. Select the INF file or the folder.
3. Click OK.
The drivers can be removed from the list only in groups, by removing INF files.
To remove drivers:
1. Select the INF file.
2. Click Remove.
For more information on customizing Windows PE 2.x and 3.x, see the Windows Preinstallation
Environment User's Guide (Winpe.chm). The information on customizing Windows PE 4.0 and later is
available in the Microsoft TechNet Library.
Changes made during a session will be lost after the machine reboots.
Adding VLANs
In the Network Settings window, you can add virtual local area networks (VLANs). Use this
functionality if you need access to a backup location that is included in a specific VLAN.
VLANs are mainly used to divide a local area network into segments. A NIC that is connected to an
access port of the switch always has access to the VLAN specified in the port configuration. A NIC
connected to a trunk port of the switch can access the VLANs allowed in the port configuration only if
you specify the VLANs in the network settings.
To enable access to a VLAN via a trunk port
1. Click Add VLAN.
2. Select the NIC that provides access to the local area network that includes the required VLAN.
If you need to remove a VLAN, click the required VLAN entry, and then click Remove VLAN.
Local connection
To operate directly on the machine booted from bootable media, click Manage this machine locally
in the startup window.
Remote connection
To connect to the media remotely, register it on the management server, as described in "Registering
media on the management server" (p. 150).
Registering the media is possible only if at least one Acronis Cyber Backup SCS Advanced license is
added to the management server.
The registration parameters can be pre-configured in the Management server (p. 144) option of
Bootable Media Builder. If all the registration parameters are pre-configured, the media will appear
in the backup console automatically. If some of the parameters are pre-configured, some steps in the
following procedures may be not available.
An iSCSI target server (or target portal) is a server that hosts an iSCSI device. An iSCSI target is a
component on the target server; this component shares the device and lists iSCSI initiators that are
allowed access to the device. An iSCSI initiator is a component on a machine; this component
provides interaction between the machine and an iSCSI target. When configuring access to an iSCSI
device on a machine booted with bootable media, you need to specify the iSCSI target portal of the
device and one of the iSCSI initiators listed in the target. If the target shares several devices, you will
get access to all of them.
To add an iSCSI device in a Linux-based bootable media
1. Click Tools > Configure iSCSI/NDAS devices.
2. Click Add host.
3. Specify the IP address and port of the iSCSI target portal, and the name of any iSCSI initiator that
is allowed access to the device.
4. If the host requires authentication, specify the user name and password for it.
5. Click OK.
6. Select the iSCSI target from the list, and then click Connect.
7. If CHAP authentication is enabled in the iSCSI target settings, you will be prompted for
credentials to access the iSCSI target. Specify the same user name and target secret as in the
iSCSI target settings. Click OK.
8. Click Close to close the window.
To add an iSCSI device in a PE-based bootable media
1. Click Tools > Run the iSCSI Setup.
2. Click the Discovery tab.
3. Under Target Portals, click Add, and then specify the IP address and port of the iSCSI target
portal. Click OK.
4. Click the General tab, click Change, and then specify the name of any iSCSI initiator that is
allowed access to the device.
5. Click the Targets tab, click Refresh, select the iSCSI target from the list, and then click Connect.
Click OK to connect to the iSCSI target.
6. If CHAP authentication is enabled in the iSCSI target settings, you will see the Authentication
Failure error. In this case, click Connect, click Advanced, select the Enable CHAP log on check box,
and then specify the same user name and target secret as in the iSCSI target settings. Click OK to
close the window, and then click OK to connect to the iSCSI target.
7. Click OK to close the window.
Startup Recovery Manager is especially useful for traveling users. If a failure occurs, reboot the
machine, wait for the prompt "Press F11 for Acronis Startup Recovery Manager…" to appear, and
then press F11. The program will start and you can perform recovery.
You can also back up using Startup Recovery Manager, while on the move.
On machines with the GRUB boot loader installed, you select the Startup Recovery Manager from the
boot menu instead of pressing F11.
A machine booted with Startup Recovery Manager can be registered on the management server
similarly to a machine booted from bootable media. To do this, click Tools > Register media on the
management server, and then follow the step-by-step procedure described in "Registering media on
the management server" (p. 150).
Under Linux, when using a boot loader other than GRUB (such as LILO), consider installing it to a
Linux root (or boot) partition boot record instead of the MBR before activating Startup Recovery
Manager. Otherwise, reconfigure the boot loader manually after the activation.
Deactivation disables the boot time prompt "Press F11 for Acronis Startup Recovery Manager…" (or,
the menu item in GRUB). If Startup Recovery Manager is not activated, you will need one of the
following to recover the system when it fails to boot:
boot the machine from a separate bootable media
use network boot from a PXE server or Microsoft Remote Installation Services (RIS)
Network booting:
eliminates the need to have a technician onsite to install the bootable media into the system that
must be booted
during group operations, reduces the time required for booting multiple machines as compared
to using physical bootable media.
Bootable components are uploaded to Acronis PXE Server using Acronis Bootable Media Builder. To
upload bootable components, start the Bootable Media Builder, and then follow the step-by-step
instructions described in "Linux-based bootable media" (p. 136).
Booting multiple machines from the Acronis PXE Server makes sense if there is a Dynamic Host
Control Protocol (DHCP) server on your network. Then the network interfaces of the booted
machines will automatically obtain IP addresses.
Limitation:
On a machine that has an operating system on the hard disk, the BIOS must be configured so that the
network interface card is either the first boot device, or at least prior to the Hard Drive device. The
example below shows one of reasonable BIOS configurations. If you don’t insert bootable media, the
machine will boot from the network.
In some BIOS versions, you have to save changes to BIOS after enabling the network interface card so
that the card appears in the list of boot devices.
If the hardware has multiple network interface cards, make sure that the card supported by the BIOS
has the network cable plugged in.
To protect only the content, you can back up the content databases separately.
Recovering applications
The following table summarizes the available application recovery methods.
From an application-aware
From a database backup From a disk backup
backup
Entire machine (p. 109)
Databases to a live SQL
Databases to a live SQL
Microsoft SQL Server Server instance (p. 164) Entire machine (p. 109)
Server instance (p. 164)
Databases as files (p. 164)
Databases as files (p. 164)
Active Directory
- Entire machine (p. 109) -
Domain Services
11.1 Prerequisites
Before configuring the application backup, ensure that the requirements listed below are met.
To check the VSS writers state, use the vssadmin list writers command.
Common requirements
For Microsoft SQL Server, ensure that:
At least one Microsoft SQL Server instance is started.
The SQL writer for VSS is turned on.
For Microsoft Exchange Server, ensure that:
The Microsoft Exchange Information Store service is started.
Windows PowerShell is installed. For Exchange 2010 or later, the Windows PowerShell version
must be at least 2.0.
Microsoft .NET Framework is installed.
For Exchange 2007, the Microsoft .NET Framework version must be at least 2.0.
For Exchange 2010 or later, the Microsoft .NET Framework version must be at least 3.5.
The Exchange writer for VSS is turned on.
On a domain controller, ensure that:
The Active Directory writer for VSS is turned on.
When creating a backup plan, ensure that:
For physical machines, the Volume Shadow Copy Service (VSS) (p. 107) backup option is enabled.
For virtual machines, the Volume Shadow Copy Service (VSS) for virtual machines (p. 108) backup
option is enabled.
Additional requirements for application-aware backups
When creating a backup plan, ensure that Entire machine is selected for backup. The
Sector-by-sector backup option must be disabled in a backup plan, otherwise it will be impossible to
perform a recovery of application data from such backups. If the plan is executed in the
Sector-by-sector mode due to an automatic switch to this mode, then recovery of application data
will also be impossible.
If the application runs on a virtual machine that is backed up by Agent for VMware, ensure that:
Select the databases as described below, and then specify other settings of the backup plan as
appropriate (p. 57).
The SQL transaction logs are truncated after each successful backup. SQL log truncation can be
disabled in the backup plan options (p. 95).
To select SQL databases
1. Click Devices > Microsoft SQL.
The software shows the tree of SQL Server Always On Availability Groups (AAG), machines
running Microsoft SQL Server, SQL Server instances, and databases.
2. Browse to the data that you want to back up.
Expand the tree nodes or double-click items in the list to the right of the tree.
3. Select the data that you want to back up. You can select AAGs, machines running SQL Server, SQL
Server instances, or individual databases.
If you select an AAG, all databases that are included into the selected AAG will be backed up.
For more information about backing up AAGs, refer to "Protecting Always On Availability
Groups (AAG)" (p. 158).
If you select a machine running SQL Server, all databases that are attached to all SQL Server
instances running on the selected machine will be backed up.
If you select a SQL Server instance, all databases that are attached to the selected instance
will be backed up.
If you select databases directly, only the selected databases will be backed up.
4. Click Backup. If prompted, provide credentials to access the SQL Server data. The account must
be a member of the Backup Operators or Administrators group on the machine and a member
of the sysadmin role on each of the instances that you are going to back up.
An incremental backup contains the changed blocks of the database files, the checkpoint files, and a
small number of the log files that are more recent than the corresponding database checkpoint.
Because changes to the database files are included in the backup, there is no need to back up all the
transaction log records since the previous backup. Only the log that is more recent than the
checkpoint needs to be replayed after a recovery. This makes for faster recovery and ensures
successful database backup, even with circular logging enabled.
The transaction log files are truncated after each successful backup.
To select Exchange Server data
1. Click Devices > Microsoft Exchange.
The software shows the tree of Exchange Server Database Availability Groups (DAG), machines
running Microsoft Exchange Server, and Exchange Server databases. If you configured Agent for
Exchange as described in "Mailbox backup" (p. 162), mailboxes are also shown in this tree.
2. Browse to the data that you want to back up.
Expand the tree nodes or double-click items in the list to the right of the tree.
3. Select the data that you want to back up.
If you select a DAG, one copy of each clustered database will be backed up. For more
information about backing up DAGs, refer to "Protecting Database Availability Groups (DAG)"
(p. 159).
If you select a machine running Microsoft Exchange Server, all databases that are mounted
to the Exchange Server running on the selected machine will be backed up.
If you select databases directly, only the selected databases will be backed up.
If you configured Agent for Exchange as described in "Mailbox backup" (p. 162), you can
select mailboxes for backup (p. 163).
4. If prompted, provide the credentials to access the data.
5. Click Protect.
In a Failover Cluster Instance, SQL databases are located on a shared storage. This storage can only
be accessed from the active cluster node. If the active node fails, a failover occurs and a different
node becomes active.
Thus, the clusters are already serving as a disaster recovery solution themselves. However, there
might be cases when the clusters cannot provide data protection: for example, in case of a database
logical corruption, or when the entire cluster is down. Also cluster solutions do not protect from
harmful content changes, as they usually immediately replicate to all cluster nodes.
How many agents are required for cluster data backup and recovery?
For successful data backup and recovery of a cluster Agent for SQL has to be installed on each node
of the WSFC cluster.
2. Select the AAG to backup as described in "Selecting SQL databases" (p. 157).
Important You must select the AAG itself, rather than the individual nodes or databases inside of it. If you
select individual items inside the AAG, the backup will not be cluster-aware and only the selected copies of
the items will be backed up.
3. Configure the "Cluster backup mode" (p. 90) backup option.
Recovery of databases included in an AAG
1. Select the databases that you want to recover, and then select the recovery point from which
you want to recover the databases.
When you select a clustered database under Devices > Microsoft SQL > Databases, and then click
Recover, the software shows only the recovery points that correspond to the times when the
selected copy of the database was backed up.
The easiest way to view all recovery points of a clustered database is to select the backup of the
entire AAG on the Backups tab (p. 127). The names of AAG backups are based on the following
template: <AAG name> - <backup plan name> and have a special icon.
2. To configure recovery, follow the steps described in "Recovering SQL databases" (p. 164), starting
from step 5.
The software automatically defines a cluster node to which the data will be recovered. The
node's name is displayed in the Recover to field. You can manually change the target node.
Important A database that is included in an Always On Availability Group cannot be overwritten during a
recovery because Microsoft SQL Server prohibits this. You need to exclude the target database from the
AAG before the recovery. Or, just recover the database as a new non-AAG one. When the recovery is
completed, you can reconstruct the original AAG configuration.
However, there might be cases when failover cluster solutions cannot provide data protection: for
example, in case of a database logical corruption, or when a particular database in a cluster has no
copy (replica), or when the entire cluster is down. Also cluster solutions do not protect from harmful
content changes, as they usually immediately replicate to all cluster nodes.
Cluster-aware backup
With cluster-aware backup, you back up only one copy of the clustered data. If the data changes its
location within the cluster (due to a switchover or a failover), the software will track all relocations of
this data and safely back it up.
DAG is a group of up to 16 Exchange Mailbox servers. Any node can host a copy of mailbox database
from any other node. Each node can host passive and active database copies. Up to 16 copies of each
database can be created.
How many agents are required for cluster-aware backup and recovery?
For successful backup and recovery of clustered databases, Agent for Exchange has to be installed on
each node of the Exchange cluster.
Tip After you install the agent on one of the nodes, the backup console displays the DAG and its nodes under
Devices > Microsoft Exchange > Databases. To install Agents for Exchange on the rest of the nodes, select the
DAG, click Details, and then click Install agent next to each of the nodes.
When you back up a machine running Microsoft SQL Server, Microsoft Exchange Server, or Active
Directory Domain Services, enable Application backup for additional protection of these
applications' data.
On a virtual machine, no agent installation is required; it is presumed that the machine is backed up
by Agent for VMware (Windows).
Agent for VMware (Virtual Appliance) can create application-aware backups, but cannot recover
application data from them. To recover application data from backups created by this agent, you
need Agent for VMware (Windows), Agent for SQL, or Agent for Exchange on a machine that has
access to the location where the backups are stored. When configuring recovery of application data,
select the recovery point on the Backups tab, and then select this machine in Machine to browse
from.
Other requirements are listed in the "Prerequisites" (p. 156) and "Required user rights" (p. 162)
sections.
Before backing up mailboxes, you must connect Agent for Exchange to the machine running the
Client Access server role (CAS) of Microsoft Exchange Server. In Exchange 2016 and later, the CAS
role is not available as a separate installation option. It is automatically installed as part of the
Mailbox server role. Thus, you can connect the agent to any server running the Mailbox role.
To connect Agent for Exchange to CAS
1. Click Devices > Add.
2. Click Microsoft Exchange Server.
3. Click Exchange mailboxes.
If no Agent for Exchange is registered on the management server, the software suggests that you
install the agent. After the installation, repeat this procedure from step 1.
4. [Optional] If multiple Agents for Exchange are registered on the management server, click Agent,
and then change the agent that will perform the backup.
5. In Client Access server, specify the fully qualified domain name (FQDN) of the machine where
the Client Access role of Microsoft Exchange Server is enabled.
In Exchange 2016 and later, the Client Access services are automatically installed as part of the
Mailbox server role. Thus, you can specify any server running the Mailbox role. We refer to this
server as CAS later in this section.
6. In Authentication type, select the authentication type that is used by the CAS. You can select
Kerberos (default) or Basic.
7. [Only for basic authentication] Select which protocol will be used. You can select HTTPS (default)
or HTTP.
8. [Only for basic authentication with the HTTPS protocol] If the CAS uses an SSL certificate that was
obtained from a certification authority, and you want the software to check the certificate when
connecting to the CAS, select the Check SSL certificate check box. Otherwise, skip this step.
9. Provide the credentials of an account that will be used to access the CAS. The requirements for
this account are listed in "Required user rights" (p. 163).
10. Click Add.
As a result, the mailboxes appear under Devices > Microsoft Exchange > Mailboxes.
You can recover SQL databases to a SQL Server instance, if Agent for SQL is installed on the machine
running the instance. You will need to provide credentials for an account that is a member of the
Backup Operators or Administrators group on the machine and a member of the sysadmin role on
the target instance.
Alternatively, you can recover the databases as files. This can be useful if you need to extract data for
data mining, audit, or further processing by third-party tools. You can attach the SQL database files to
a SQL Server instance, as described in "Attaching SQL Server databases" (p. 166).
If you use only Agent for VMware, recovering databases as files is the only available recovery
method.
System databases are basically recovered in the same way as user databases. The peculiarities of
system database recovery are described in "Recovering system databases" (p. 166).
To recover SQL databases to a SQL Server instance
1. Do one of the following:
When recovering from an application-aware backup, under Devices, select the machine that
originally contained the data that you want to recover.
When recovering from a database backup, click Devices > Microsoft SQL, and then select the
databases that you want to recover.
2. Click Recovery.
3. Select a recovery point. Note that recovery points are filtered by location.
If the machine is offline, the recovery points are not displayed. Do one of the following:
[Only when recovering from an application-aware backup] If the backup location is shared
storage (i.e. other agents can access it), click Select machine, select an online machine that
has Agent for SQL, and then select a recovery point.
Select a recovery point on the Backups tab (p. 127).
The machine chosen for browsing in either of the above actions becomes a target machine for
the SQL databases recovery.
4. Do one of the following:
When recovering from an application-aware backup, click Recover > SQL databases, select
the databases that you want to recover, and then click Recover.
When recovering from a database backup, click Recover > Databases to an instance.
Attaching a database requires any of the following permissions: CREATE DATABASE, CREATE ANY
DATABASE, or ALTER ANY DATABASE. Normally, these permissions are granted to the sysadmin role
of the instance.
To attach a database
1. Run Microsoft SQL Server Management Studio.
2. Connect to the required SQL Server instance, and then expand the instance.
3. Right-click Databases and click Attach.
4. Click Add.
5. In the Locate Database Files dialog box, find and select the .mdf file of the database.
6. In the Database Details section, make sure that the rest of database files (.ndf and .ldf files) are
found.
Details. SQL Server database files may not be found automatically, if:
You can recover Exchange Server data to a live Exchange Server. This may be the original Exchange
Server or an Exchange Server of the same version running on the machine with the same fully
qualified domain name (FQDN). Agent for Exchange must be installed on the target machine.
The following table summarizes the Exchange Server data that you can select for recovery and the
minimal user rights required to recover the data.
Exchange version Data items User rights
Membership in the Exchange Organization
2007 Storage groups
Administrators role group.
Membership in the Server Management role
2010/2013/2016/2019 Databases
group.
Alternatively, you can recover the databases (storage groups) as files. The database files, along with
transaction log files, will be extracted from the backup to a folder that you specify. This can be useful
if you need to extract data for an audit or further processing by third-party tools, or when the
recovery fails for some reason and you are looking for a workaround to mount the databases
manually (p. 168).
If you use only Agent for VMware (Windows), recovering databases as files is the only available
recovery method. Recovering databases by using Agent for VMware (Virtual Appliance) is not
possible.
We will refer to both databases and storage groups as "databases" throughout the below
procedures.
To recover Exchange databases to a live Exchange Server
1. Do one of the following:
When recovering from an application-aware backup, under Devices, select the machine that
originally contained the data that you want to recover.
When recovering from a database backup, click Devices > Microsoft Exchange > Databases,
and then select the databases that you want to recover.
2. Click Recovery.
3. Select a recovery point. Note that recovery points are filtered by location.
If the machine is offline, the recovery points are not displayed. Do one of the following:
[Only when recovering from an application-aware backup] If the backup location is shared
storage (i.e. other agents can access it), click Select machine, select an online machine that
has Agent for Exchange, and then select a recovery point.
Select a recovery point on the Backups tab (p. 127).
The account you use to attach a database must be delegated an Exchange Server Administrator role
and a local Administrators group for the target server.
For details about how to mount databases, see the following articles:
Exchange 2010 or later: http://technet.microsoft.com/en-us/library/aa998871.aspx
Exchange 2007: http://technet.microsoft.com/en-us/library/aa998871(v=EXCHG.80).aspx
Granular recovery can be performed to Microsoft Exchange Server 2010 Service Pack 1 (SP1) and
later. The source backup may contain databases or mailboxes of any supported Exchange version.
Granular recovery can be performed by Agent for Exchange or Agent for VMware (Windows). The
target Exchange Server and the machine running the agent must belong to the same Active Directory
forest.
When a mailbox is recovered to an existing mailbox, the existing items with matching IDs are
overwritten.
Recovery of mailbox items does not overwrite anything. Instead, the full path to a mailbox item is
recreated in the target folder.
A mailbox that does not meet the above conditions is skipped during recovery.
If some mailboxes are skipped, the recovery will succeed with warnings. If all mailboxes are skipped,
the recovery will fail.
6. Click Recover.
7. Click Target machine with Microsoft Exchange Server to select or change the target machine.
This step allows recovery to a machine that is not running Agent for Exchange.
Specify the fully qualified domain name (FQDN) of the machine where the Client Access role of
Microsoft Exchange Server is enabled. The machine must belong to the same Active Directory
forest as the machine that performs the recovery.
If prompted, provide the credentials of an account that will be used to access the machine. The
requirements for this account are listed in "Required user rights" (p. 163).
7. Click Recover.
8. Click Target machine with Microsoft Exchange Server to select or change the target machine.
This step allows recovery to a machine that is not running Agent for Exchange.
Specify the fully qualified domain name (FQDN) of the machine where the Client Access role of
Microsoft Exchange Server is enabled. The machine must belong to the same Active Directory
forest as the machine that performs the recovery.
If prompted, provide the credentials of an account that will be used to access the machine. The
requirements for this account are listed in "Required user rights" (p. 163).
9. In Target mailbox, view, change, or specify the target mailbox.
By default, the original mailbox is selected. If this mailbox does not exist or a non-original target
machine is selected, you must specify the target mailbox.
10. [Only when recovering email messages] In Target folder, view or change the target folder in the
target mailbox. By default, the Recovered items folder is selected.
11. Click Start recovery.
The recovery progress is shown on the Activities tab.
To recover a mailbox item from a mailbox backup
1. Click Devices > Microsoft Exchange > Mailboxes.
2. Select the mailbox that originally contained the items that you want to recover, and then click
Recovery.
You can search mailboxes by name. Wildcards are not supported.
If the mailbox was deleted, select it on the Backups tab (p. 127), and then click Show backups.
3. Select a recovery point. Note that recovery points are filtered by location.
4. Click Recover > Email messages.
5. Select the items that you want to recover.
The following search options are available. Wildcards are not supported.
For email messages: search by subject, sender, recipient, and date.
For events: search by title and date.
For tasks: search by subject and date.
For contacts: search by name, email address, and phone number.
When an email message is selected, you can click Show content to view its contents, including
attachments.
Tip Click the name of an attached file to download it.
13 Active Protection
Active Protection protects a system from ransomware and cryptocurrency mining malware.
Ransomware encrypts files and demands a ransom for the encryption key. Cryptomining malware
performs mathematical calculations in the background, thus stealing the processing power and
network traffic.
Active Protection is available for machines running Windows 7 and later, Windows Server 2008 R2
and later. Agent for Windows must be installed on the machine.
How it works
Active Protection monitors processes running on the protected machine. When a third-party process
tries to encrypt files or mine cryptocurrency, Active Protection generates an alert and performs
additional actions, if those are specified by the configuration.
In addition, Active Protection prevents unauthorized changes to the backup software's own
processes, registry records, executable and configuration files, and backups located in local folders.
For specifying folders, you can use the wildcard characters * and ?. The asterisk (*) substitutes for
zero or more characters. The question mark (?) substitutes for exactly one character. Environment
variables, such as %AppData%, cannot be used.
There can be only one Active Protection plan in an organization. If the organization has units, unit
administrators are not allowed to apply, edit, or revoke the plan.
This option applies to files that have extensions .tibx, .tib, .tia, and are located in local folders.
This option lets you specify the processes that are allowed to modify the backup files, even though
these files are protected by self-protection. This comes in handy, for example, if you delete backup
files or move them to a different location by using a script.
If this option is enabled, the backup files can be modified only by processes signed by the backup
software vendor. This allows the software to apply retention rules and to delete backups when a user
requests this from the web interface. Other processes, no matter suspicious or not, cannot modify
the backups.
If this option is disabled, you can allow other processes to modify the backups. Specify the full path
to the process executable, starting with the drive letter.
Cryptomining protection
This option defines whether Active Protection detects potential cryptomining malware.
Cryptomining malware degrades performance of useful applications, increases electricity bills, may
cause system crashes and even hardware damage due to abuse. We recommend that you add
cryptomining malware to the Harmful processes list to prevent it from running.
Mapped drives
This option defines whether Active Protection protects network folders that are mapped as local
drives.
If a file was originally located on a mapped drive, it cannot be saved to the original location when
extracted from the cache by the Revert using cache action. Instead, it will be saved to the folder
specified in this option's settings. The default folder is C:\ProgramData\Acronis\Restored Network
You can run a virtual machine from a disk-level backup that contains an operating system. This
operation, also known as instant recovery, enables you to spin up a virtual server in seconds. The
virtual disks are emulated directly from the backup and thus do not consume space on the datastore
(storage). The storage space is required only to keep changes to the virtual disks.
We recommend running this temporary virtual machine for up to three days. Then, you can
completely remove it or convert it to a regular virtual machine (finalize) without downtime.
As long as the temporary virtual machine exists, retention rules cannot be applied to the backup
being used by that machine. Backups of the original machine can continue to run.
Usage examples
Disaster recovery
Instantly bring a copy of a failed machine online.
Testing a backup
Run the machine from the backup and ensure that the guest OS and applications are functioning
properly.
Accessing application data
While the machine is running, use application's native management tools to access and extract
the required data.
Prerequisites
At least one Agent for VMware or Agent for Hyper-V must be registered in the backup service.
The backup can be stored in a network folder, or in a local folder of the machine where Agent for
VMware or Agent for Hyper-V is installed. If you select a network folder, it must be accessible
from that machine. A virtual machine cannot be run from a backup stored on an SFTP server, a
tape device, or in Secure Zone.
The backup must contain an entire machine or all of the volumes that are required for the
operating system to start.
The backup must not contain Linux logical volumes (LVM).
Backups of both physical and virtual machines can be used. Backups of Virtuozzo containers
cannot be used.
3. [Optional] Click Target machine, and then change the virtual machine type (ESXi or Hyper-V), the
host, or the virtual machine name.
4. [Optional] Click Datastore for ESXi or Path for Hyper-V, and then select the datastore for the
virtual machine.
Changes to the virtual disks accumulate while the machine is running. Ensure that the selected
datastore has enough free space. If you are planning to preserve these changes by making the
virtual machine permanent (p. 178), select a datastore that is suitable for running the machine in
production.
5. [Optional] Click VM settings to change the memory size and network connections of the virtual
machine.
6. [Optional] Select the VM power state (On/Off).
7. Click Run now.
As a result, the machine appears in the web interface with one of the following icons: or
For an ESXi machine, you have the option to make this machine permanent, i.e. recover all of its
virtual disks, along with the changes that occurred while the machine was running, to the datastore
that stores these changes. This process is named finalization.
Finalization is performed without downtime. The virtual machine will not be powered off during
finalization.
To finalize a machine that is running from a backup
1. On the All devices tab, select a machine that is running from a backup.
2. Click Finalize.
3. [Optional] Specify a new name for the machine.
4. [Optional] Change the disk provisioning mode. The default setting is Thin.
5. Click Finalize.
The machine name changes immediately. The recovery progress is shown on the Activities tab. Once
the recovery is completed, the machine icon changes to that of a regular virtual machine.
The replication can be started manually or on the schedule you specify. The first replication is full
(copies the entire machine). All subsequent replications are incremental and are performed with
Changed Block Tracking (p. 182), unless this option is disabled.
However, powering on a replica is much faster than a recovery and faster than running a virtual
machine from a backup. When powered on, a replica works faster than a VM running from a backup
and does not load the Agent for VMware.
Usage examples
Replicate virtual machines to a remote site.
Replication enables you to withstand partial or complete datacenter failures, by cloning the
virtual machines from a primary site to a secondary site. The secondary site is usually located in a
remote facility that is unlikely to be affected by environmental, infrastructure, or other factors
that might cause the primary site failure.
Replicate virtual machines within a single site (from one host/datastore to another).
Onsite replication can be used for high availability and disaster recovery scenarios.
What you can do with a replica
Test a replica (p. 180)
The replica will be powered on for testing. Use vSphere Client or other tools to check if the
replica works correctly. Replication is suspended while testing is in progress.
Failover to a replica (p. 181)
Failover is a transition of the workload from the original virtual machine to its replica. Replication
is suspended while a failover is in progress.
Back up the replica
Both backup and replication require access to virtual disks, and thus impact the performance of
the host where the virtual machine is running. If you want to have both a replica and backups of
a virtual machine, but don't want to put additional load on the production host, replicate the
machine to a different host, and set up backups of the replica.
Restrictions
The following types of virtual machines cannot be replicated:
Fault-tolerant machines running on ESXi 5.5 and lower.
Machines running from backups.
Replicas of virtual machines.
Stopping failover
To stop a failover
1. Select a replica that is in the failover state.
2. Click Replica actions.
3. Click Stop failover.
4. Confirm your decision.
Failing back
To failback from a replica
1. Select a replica that is in the failover state.
Disk provisioning
This option defines the disk provisioning settings for the replica.
The following values are available: Thin provisioning, Thick provisioning, Keep the original setting.
Error handling
This option is similar to the backup option "Error handling" (p. 92).
Pre/Post commands
This option is similar to the backup option "Pre/Post commands" (p. 99).
Error handling
This option is similar to the recovery option "Error handling" (p. 123).
Pre/Post commands
This option is similar to the recovery option "Pre/Post commands" (p. 124).
VM power management
This option is similar to the recovery option "VM power management" (p. 126).
If your ESXi uses a SAN attached storage, install the agent on a machine connected to the same SAN.
The agent will back up the virtual machines directly from the storage rather than via the ESXi host
and LAN. This capability is called a LAN-free backup.
The diagram below illustrates a LAN-based and a LAN-free backup. LAN-free access to virtual
machines is available if you have a fibre channel (FC) or iSCSI Storage Area Network. To completely
eliminate transferring the backed-up data via LAN, store the backups on a local disk of the agent's
machine or on a SAN attached storage.
Limitations
In vSphere 6.0 and later, the agent cannot use the SAN transport mode if some of the VM disks
are located on a VMware Virtual Volume (VVol) and some are not. Backups of such virtual
machines will fail.
Encrypted virtual machines, introduced in VMware vSphere 6.5, will be backed up via LAN, even
if you configure the SAN transport mode for the agent. The agent will fall back on the NBD
transport because VMware does not support SAN transport for backing up encrypted virtual
disks.
Example
If you are using an iSCSI SAN, configure the iSCSI initiator on the machine running Windows where
Agent for VMware is installed.
To configure the SAN policy
1. Log on as an administrator, open the command prompt, type diskpart, and then press Enter.
2. Type san, and then press Enter. Ensure that SAN Policy : Offline All is displayed.
3. If another value for SAN Policy is set:
a. Type san policy=offlineall.
b. Press Enter.
c. To check that the setting has been applied correctly, perform step 2.
d. Restart the machine.
To configure an iSCSI initiator
1. Go to Control Panel > Administrative Tools > iSCSI Initiator.
Tip. To find the Administrative Tools applet, you may need to change the Control Panel view to
something other than Home or Category, or use search.
2. If this is the first time that Microsoft iSCSI Initiator is launched, confirm that you want to start the
Microsoft iSCSI Initiator service.
3. On the Targets tab, type the fully qualified domain name (FQDN) name or the IP address of the
target SAN device, and then click Quick Connect.
4. Select the LUN that hosts the datastore, and then click Connect.
If the LUN is not displayed, ensure that the zoning on the iSCSI target enables the machine
running the agent to access the LUN. The machine must be added to the list of allowed iSCSI
initiators on this target.
5. Click OK.
By default, the agent uses native VMware snapshots created by the ESXi host. While the snapshot is
kept, the virtual disk files are in the read-only state, and the host writes all changes done to the disks
to separate delta files. Once the backup process is finished, the host deletes the snapshot, i.e.
merges the delta files with the virtual disk files.
Both maintaining and deleting the snapshot affect the virtual machine performance. With large
virtual disks and fast data changes, these operations take a long time during which the performance
can degrade. In extreme cases, when several machines are backed up simultaneously, the growing
delta files may nearly fill the datastore and cause all of the virtual machines to power off.
You can reduce the hypervisor resource utilization by offloading the snapshots to the SAN. In this
case, the sequence of operations is as follows:
[For NFS datastores] Access to NFS shares from Windows NFSv3 clients must be enabled on the
Storage Virtual Machine (SVM) that was specified when creating the datastore. The access can be
enabled by the following command:
vserver nfs modify -vserver [SVM name] -v3-ms-dos-client enable
For more information, refer to the NetApp Best Practices document:
https://kb.netapp.com/support/s/article/ka21A0000000k89QAA/top-windows-nfsv3-0-issues-wo
rkarounds-and-best-practices
A virtual appliance that is running on the same host or cluster with the backed-up virtual machines
has direct access to the datastore(s) where the machines reside. This means the appliance can attach
the backed-up disks by using the HotAdd transport, and therefore the backup traffic is directed from
one local disk to another. If the datastore is connected as Disk/LUN rather than NFS, the backup will
Using a locally attached storage presumes that the agent always backs up the same machines. If
multiple agents work within the vSphere, and one or more of them use locally attached storages, you
need to manually bind (p. 191) each agent to all machines it has to back up. Otherwise, if the
machines are redistributed among the agents by the management server, a machine's backups may
be dispersed over multiple storages.
You can add the storage to an already working agent or when deploying the agent from an OVF
template (p. 40).
To attach a storage to an already working agent
1. In VMware vSphere inventory, right click the Agent for VMware (Virtual Appliance).
2. Add the disk by editing the settings of the virtual machine. The disk size must be at least 10 GB.
Warning Be careful when adding an already existing disk. Once the storage is created, all data previously
contained on this disk will be lost.
3. Go to the virtual appliance console. The Create storage link is available at the bottom of the
screen. If it is not, click Refresh.
4. Click the Create storage link, select the disk and specify a label for it. The label length is limited to
16 characters, due to file system restrictions.
To select a locally attached storage as a backup destination
When creating a backup plan (p. 56), in Where to back up, select Local folders, and then type the
letter corresponding to the locally attached storage, for example, D:\.
The below distribution algorithm works for both virtual appliances and agents installed in Windows.
Distribution algorithm
The virtual machines are automatically evenly distributed between Agents for VMware. By evenly,
we mean that each agent manages an equal number of machines. The amount of storage space
occupied by a virtual machine is not counted.
However, when choosing an agent for a machine, the software tries to optimize the overall system
performance. In particular, the software considers the agent and the virtual machine location. An
agent hosted on the same host is preferred. If there is no agent on the same host, an agent from the
same cluster is preferred.
Once a virtual machine is assigned to an agent, all backups of this machine are delegated to this
agent.
Redistribution
Redistribution takes place each time the established balance breaks, or, more precisely, when a load
imbalance among the agents reaches 20 percent. This may happen when a machine or an agent is
added or removed, or a machine migrates to a different host or cluster, or if you manually bind a
machine to an agent. If this happens, the management server redistributes the machines using the
same algorithm.
When you remove an agent from the management server, the machines assigned to the agent are
distributed among the remaining agents. However, this will not happen if an agent gets corrupted or
is deleted from manually from vSphere. Redistribution will start only after you remove such agent
from the web interface.
Automatic assignment cannot be disabled for an agent if there are no other registered agents, or if
automatic assignment is disabled for all other agents.
To disable automatic assignment for an agent
1. Click Settings > Agents.
In the VMware tab, you can back up the following vSphere infrastructure objects:
Data center
Folder
Cluster
ESXi host
Resource pool
Each of these infrastructure objects works as a group object for virtual machines. When you apply a
protection plan to any of these group objects, all virtual machines included in it, will be backed up.
You can back up either the selected group machines by clicking Protect, or the parent group
machines in which the selected group is included by clicking Protect group.
You can change access credentials for the vCenter Server or stand-alone ESXi host without
re-installing the agent.
To change the vCenter Server or ESXi host access credentials
1. Under Devices, click VMware.
2. Click Hosts and Clusters.
3. In the Hosts and Clusters list (to the right of the Hosts and Clusters tree), select the vCenter
Server or stand-alone ESXi host that was specified during the Agent for VMware installation.
4. Click Details.
5. Under Credentials, click the user name.
6. Specify the new access credentials, and then click OK.
To perform operations on all hosts and clusters managed by a vCenter Server, Agent for VMware
needs the privileges on the vCenter Server. If you want the agent to operate on a specific ESXi host
only, provide the agent with the same privileges on the host.
Specify the account with the necessary privileges during Agent for VMware installation or
configuration. If you need to change the account at a later time, refer to the "Changing the vSphere
access credentials" (p. 193) section.
+ + + +
Disable methods + + +
Enable methods + + +
Host > VM autostart
+
Configuration configuration
Storage partition
+
configuration
Host > Inventory Modify cluster +
Host > Local Create VM
+ +
operations
Delete VM + +
Reconfigure VM + +
Network Assign network + + + +
Resource Assign VM to
+ + + +
resource pool
vApp Add virtual machine +
Import +
Virtual machine > Add existing disk
+ + +
Configuration
Add new disk + + + +
Add or remove
+ + +
device
Advanced + + + +
Change CPU count +
Physical machine + + +
VMware ESXi virtual machine + + +
Hyper-V virtual machine + + +
When multiple backup plans overlap in time, the numbers specified in their backup options are
added up. Even though the resulting total number is programmatically limited to 10, overlapping
plans can affect the backup performance and overload both the host and the virtual machine
storage.
[HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\MMS\Configuration\ManagedMachine\Simultane
ousBackupsLimits]
"MaxNumberOfSimultaneousBackups"=dword:00000001
3. Replace 00000001 with the hexadecimal value of the limit that you want to set. For example,
00000001 is 1 and 0000000A is 10.
4. Save the document as limit.reg.
5. Run the file as an administrator.
6. Confirm that you want to edit the Windows registry.
7. Do the following to restart the agent:
a. In the Start menu, click Run, and then type: cmd
b. Click OK.
c. Run the following commands:
net stop mms
net start mms
To limit the total number of virtual machines that Agent for VMware (Virtual Appliance) can
back up
1. To start the command shell, press CTRL+SHIFT+F2 while in the virtual appliance UI.
2. Open the file /etc/Acronis/MMS.config in a text editor, such as vi.
3. Locate the following section:
<key name="SimultaneousBackupsLimits">
<value name="MaxNumberOfSimultaneousBackups" type="Tdword">"10"</value>
</key>
4. Replace 10 with the decimal value of the limit that you want to set.
5. Save the file.
6. Execute the reboot command to restart the agent.
The Dashboard and Reports sections appear under the Overview tab only if the Monitoring Service
component was installed with the management server (it is installed by default).
Widgets have clickable elements that enable you to investigate and troubleshoot issues.
You can download the current state of the dashboard in the .pdf or .xlsx format, or send it via email.
To send the dashboard via email, ensure that the Email server (p. 222) settings are configured.
15.2 Reports
Note This functionality is available only with the Acronis Cyber Backup SCS Advanced license.
A report can include any set of the dashboard widgets. You can use predefined reports or create a
custom report.
The reports can be sent via email or downloaded on a schedule. To send the reports via email, ensure
that the Email server (p. 222) settings are configured.
To export the report structure, select a report, and then click Export.
To import the report structure, click Create report, and then click Import.
The software generates the data dump on the fly. If you specify a long period of time, this action may
take a long time.
To dump the report data
1. Select a report, and then click Open.
2. Click the vertical ellipsis icon in the top-right corner, and then click Dump data.
3. In Location, specify the folder path for the .csv file.
4. In Time range, specify the time range.
5. Click Save.
Changing the severity of an alert does not affect already generated alerts.
The severity key defines the alert severity. It must have one of the following values: critical,
error, or warning.
16 Device groups
Device groups are designed for convenient management of a large number of registered devices.
You can apply a backup plan to a group. Once a new device appears in the group, the device becomes
protected by the plan. If a device is removed from the group, the device will no longer be protected
by the plan. A plan that is applied to a group cannot be revoked from a member of the group, only
from the group itself.
Only devices of the same type can be added to a group. For example, under Hyper-V you can create a
group of Hyper-V virtual machines. Under Machines with agents, you can create a group of machines
with installed agents. Under All machines, you cannot create a group.
Built-in groups
Once a device is registered, it appears in one of the built-in root groups on the Devices tab.
Root groups cannot be edited or deleted. You cannot apply plans to root groups.
Some of the root groups contain built-in sub-root groups. These groups cannot be edited or deleted.
However, you can apply plans to sub-root built-in groups.
A custom group can contain one or more nested groups. Any custom group can be edited or deleted.
There are the following types of custom groups:
Static groups
Static groups contain the machines that were manually added to them. The static group content
never changes unless you explicitly add or delete a machine.
Example: You create a custom group for the accounting department and manually add the
accountants' machines to this group. Once you apply a backup plan to the group, the
accountants' machines become protected. If a new accountant is hired, you will have to add the
new machine to the group manually.
Dynamic groups
Dynamic groups contain the machines added automatically according to the search criteria
specified when creating a group. The dynamic group content changes automatically. A machine
remains in the group while it meets the specified criteria.
Example 1: The host names of the machines that belong to the accounting department contain
the word "accounting". You specify the partial machine name as the group membership criterion
and apply a backup plan to the group. If a new accountant is hired, the new machine will be
added to the group as soon as it is registered, and thus will be protected automatically.
Example 2: The accounting department forms a separate Active Directory organizational unit
(OU). You specify the accounting OU as the group membership criterion and apply a backup plan
to the group. If a new accountant is hired, the new machine will be added to the group as soon
as it is registered and added to the OU (regardless of which comes first), and thus will be
protected automatically.
Operators
The following table summarizes the available operators.
An autoloader is a particular case of tape libraries. It contains one drive, several slots, a changer and
a barcode reader (optional).
A stand-alone tape drive (also called streamer) contains one slot and can hold only one tape at a
time.
In Windows, Acronis Cyber Backup SCS can back up to a tape device even if the drivers for the
device's changer are not installed. Such a tape device is shown in Device Manager as Unknown
Medium Changer. However, drivers for the device's drives must be installed. In Linux and under
bootable media, backing up to a tape device without drivers is not possible.
Recognition of IDE or SATA connected devices is not guaranteed. It depends on whether proper
drivers have been installed in the operating system.
The parameters are set on each machine that has a tape device attached. It is a machine where an
agent is installed. On a machine running Windows, the configuration is performed in the registry; on
a Linux machine, it is done in the configuration file /etc/Acronis/BackupAndRecovery.config.
In Windows, create the respective registry keys and their DWORD values. In Linux, add the following
text at the end of the configuration file, right before the </registry> tag:
<key name="TapeLocation">
<value name="WriteCacheSize" type="Dword">
"value"
</value>
<value name=DefaultBlockSize" type="Dword">
"value"
</value>
</key>
Possible values: 0, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536, 131072,
262144, 524288, 1048576.
If the value is 0 or if the parameter is absent, the block size is determined as follows:
In Windows, the value is taken from the tape device driver.
In Linux, the value is 64 KB.
Registry key (on a machine running Windows):
HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\BackupAndRecovery\TapeLocation\DefaultBlockSize
If the specified value is not accepted by the tape drive, the software divides it by two until the
applicable value is reached or until the value reaches 32 bytes. If the applicable value is not found,
the software multiplies the specified value by two until the applicable value is reached or until the
value reaches 1 MB. If no value is accepted by the drive, the backup will fail.
WriteCacheSize
This is the buffer size (in bytes) used when writing to tapes.
Possible values: 0, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536, 131072,
262144, 524288, 1048576, but not less than the DefaultBlockSize parameter value.
If the value is 0 or if the parameter is absent, the buffer size is 1 MB. If the operating system does not
support this value, the software divides it by two until the applicable value is found or until the
DefaultBlockSize parameter value is reached. If the value supported by the operating system is not
found, the backup fails.
If you specify a non-zero value that is not supported by the operating system, the backup will fail.
The operation of detecting the new tape devices (p. 214) can be performed simultaneously with any
other operation. During inventorying (p. 217), no other operation is available except for detecting the
new tape devices.
17.1.2.7 Limitations
The limitations of tape device usage are the following:
1. Tape devices are not supported when a machine is booted from 32-bit Linux-based bootable
media.
2. You cannot back up Microsoft Exchange mailboxes to tapes.
3. You cannot create application-aware backups of physical and virtual machines.
4. The consolidation of backups located on tapes is not possible. As a result, the Always
incremental backup scheme is unavailable when you back up to tapes.
5. The deduplication of backups located on tapes is not possible.
6. The software cannot automatically overwrite a tape that contains at least one non-deleted
backup or if there are dependent backups on other tapes.
7. You cannot recover under an operating system from a backup stored on tapes if the recovery
requires the operating system reboot. Use bootable media to perform such recovery.
8. You can validate (p. 132) any backup stored on tapes, but you cannot select for validation an
entire tape-based location or tape device.
9. The software cannot simultaneously write one backup to multiple tapes or multiple backups
through the same drive to the same tape.
10. Devices that use the Network Data Management Protocol (NDMP) are not supported.
11. Barcode printers are not supported.
12. Linear Tape File System (LTFS) formatted tapes are not supported.
c. If the loaded tapes were sent to the Unrecognized tapes or Imported tapes pool and you
want to use them for backing up, move (p. 216) such tapes to the Free tapes pool manually.
Tapes sent to the Imported tapes pool contain backups written by Acronis software . Before moving
such tapes to the Free tapes pool, ensure that you do not need these backups.
Backing up
Create a backup plan as described in the "Backup" (p. 56) section. When specifying the backup
location, select Tape pool 'Acronis'.
Results
To access the location where backups will be created, click Backups > Tape pool 'Acronis'.
Tapes with the backups will be moved to the Acronis pool.
When detecting tape devices, the backup software finds tape devices attached to the machine and
places information about them in the tape management database. Detected tape devices are
disabled from RSM.
Usually, a tape device is detected automatically as soon as it is attached to a machine with the
product installed. However you may need to detect tapes devices in the following cases:
After you have attached or re-attached a tape device.
After you have installed or reinstalled the backup software on the machine to which a tape
device is attached.
To detect the tape devices
1. Click Settings > Tape management.
2. Select the machine to which the tape device is attached.
3. Click Detect devices. You will see the connected tape devices, their drives and slots.
The Acronis pool and custom pools are also used as backup locations.
Predefined pools
Unrecognized tapes
The pool contains tapes that were written by third-party applications. To write to such tapes, you
need to move (p. 216) them to the Free tapes pool explicitly. You cannot move tapes from this pool
to any other pool, except for the Free tapes pool.
Imported tapes
Free tapes
The pool contains free (empty) tapes. You can manually move tapes to this pool from other pools.
When you move a tape to the Free tapes pool, the software marks it as empty. If the tape contains
backups, they are marked with the icon. When the software starts overwriting the tape, the data
related to the backups will be removed from the database.
Acronis
The pool is used for backing up by default, when you do not want to create your own pools. Usually it
applies to one tape drive with a small number of tapes.
Custom pools
You need to create several pools if you want to separate backups of different data. For example, you
may want to create custom pools in order to separate:
backups from different departments of your company
backups from different machines
backups of system volumes and users' data.
Creating a pool
To create a pool:
1. Click Settings > Tape management.
2. Select the machine to which your tape device is attached, and then click Tape pools under this
machine.
3. Click Create pool.
4. Specify the pool name.
5. [Optional] Clear the Take tapes from the 'Free tapes' pool automatically... check box. If cleared,
only tapes that are included into the new pool at a certain moment will be used for backing up.
6. Click Create.
Editing a pool
You can edit parameters of the Acronis pool or your own custom pool.
To edit a pool:
1. Click Settings > Tape management.
2. Select the machine to which your tape device is attached, and then click Tape pools under this
machine.
3. Select the required pool, and then click Edit pool.
4. You can change the pool name or settings. For more information about pool settings, see the
"Creating a pool" (p. 215) section.
5. Click Save to save the changes.
To delete a pool:
1. Click Settings > Tape management.
2. Select the machine to which your tape device is attached, and then click Tape pools under this
machine.
3. Select the required pool and click Delete.
4. Select the pool to which the tapes of the pool being deleted will be moved after the deletion.
5. Click OK to delete the pool.
When you move a tape to the Free tapes pool, the software marks it as empty. If the tape contains
backups, they are marked with the icon. When the software starts overwriting the tape, the
data related to the backups will be removed from the database.
Inventorying
The inventorying operation detects tapes loaded into a tape device and assigns names to those that
have none.
Inventorying methods
There are two methods of inventorying.
Fast inventorying
The agent scans tapes for barcodes. Using barcodes, the software can quickly return a tape to the
pool where it was before.
Select this method to recognize tapes used by the same tape device attached to the same machine.
Other tapes will be sent to the Unrecognized tapes pool.
If your tape library contains no barcode reader, all tapes will be sent to the Unrecognized tapes pool.
To recognize your tapes, perform full inventorying or combine fast and full inventorying as described
later in this section.
Full inventorying
The agent reads earlier written tags and analyzes other information about the contents of the loaded
tapes. Select this method to recognize empty tapes and tapes written by the same software on any
tape device and any machine.
The following table shows pools to which tapes are sent as a result of the full inventorying.
Tape was used by... Tape is read by... Tape is sent to pool...
the same Agent where the tape was before
Agent
another Agent Imported tapes
The fast inventorying can be applied to entire tape devices. The full inventorying can be applied to
entire tape devices, individual drives, or slots. For stand-alone tape drives, the full inventorying is
always performed, even if the fast inventorying is selected.
Full inventorying of an entire tape device may take a long time. If you need to inventory only a few
tapes, proceed as follows:
1. Perform the fast inventorying of the tape device.
2. Click the Unrecognized tapes pool. Find the tapes you want to inventory and note which slots
they occupy.
3. Perform the full inventorying of these slots.
What to do after inventorying
If you want to back up to tapes that were placed in the Unrecognized tapes or Imported tapes pool,
move (p. 216) them to the Free tapes pool, and then to the Acronis pool or a custom pool. If the pool
to which you want to back up is replenishable, you may leave the tapes in the Free tapes pool.
If you want to recover from a tape that was placed in the Unrecognized tapes or Imported tapes
pool, you need to rescan (p. 218) it. The tape will be moved to the pool you have selected during the
rescanning, and the backups stored on the tape will appear in the location.
Sequence of actions
1. Click Settings > Tape management.
2. Select the machine to which the tape device is attached, and then select the tape device that you
want to inventory.
3. Click Inventory.
4. [Optional] To select the fast inventorying, turn off Full inventory.
5. [Optional] Turn on Move unrecognized and imported tapes to the 'Free tapes' pool.
Warning. Only enable this switch if you are absolutely sure that the data stored on your tapes can be
overwritten.
6. Click Start inventorying now to start inventory.
Rescanning
The information about the contents of tapes is stored in a dedicated database. The rescanning
operation reads the contents of tapes and updates the database if the information in it mismatches
the data stored on tapes. The backups detected as a result of the operation are placed in the
specified pool.
Within one operation, you can rescan tapes of one pool. Only online tapes can be selected for the
operation.
5. Select the Unrecognized tapes pool. This is the pool to which most of the tapes are sent as a
result of the fast inventorying. Rescanning any other pool is also possible.
6. [Optional] To rescan only individual tapes, select them.
7. Click Rescan.
8. Select the pool where the newly detected backups will be placed.
9. If necessary, select the Enable file recovery from disk backups stored on tapes check box.
Details. If the check box is selected, the software will create special supplementary files on a
hard disk of the machine where the tape device is attached. File recovery from disk backups is
possible as long as these supplementary files are intact. Be sure to select the check box if the
tapes contain application-aware backups (p. 161). Otherwise, you will not be able to recover the
application data from these backups.
10. If the tapes contain password-protected backups, select the corresponding check box, and then
specify the password for the backups. If you do not specify a password, or the password is
incorrect, the backups will not be detected. Please keep this in mind in case you see no backups
after the rescanning.
Tip. If the tapes contain backups protected by various passwords, you need to repeat the
rescanning several times specifying each password in turn.
11. Click Start rescan to start the rescanning.
Result. The selected tapes are moved to the selected pool. The backups stored on the tapes can be
found in this pool. A backup spread over several tapes will not appear in the pool until all of these
tapes are rescanned.
Renaming
When a new tape is detected by the software, it is automatically assigned a name in the following
format: Tape XXX, where XXX is a unique number. Tapes are numbered sequentially. The renaming
operation allows you to manually change the name of a tape.
To rename tapes:
1. Click Settings > Tape management.
2. Select the machine to which your tape device is attached, and then click Tape pools under this
machine.
Erasing
Erasing a tape physically deletes all backups stored on the tape and removes the information about
these backups from the database. However the information about the tape itself remains in the
database.
After erasing, a tape located in the Unrecognized tapes or Imported tapes pool is moved to the Free
tapes pool. A tape located in any other pool is not moved.
To erase tapes:
1. Click Settings > Tape management.
2. Select the machine to which your tape device is attached, and then click Tape pools under this
machine.
3. Click the pool that contains the necessary tapes, and then select the required tapes.
4. Click Erase. The system prompts to confirm the operation.
5. Select the erasing method: fast or full.
6. Click Erase to start the operation.
Details. You cannot cancel the erasing operation.
Ejecting
For successful ejecting of a tape from a tape library, the tape library must have the mail slot and the
slot must not be locked by a user or by other software.
To eject tapes:
1. Click Settings > Tape management.
2. Select the machine to which your tape device is attached, and then click Tape pools under this
machine.
3. Click the pool that contains the necessary tapes, and then select the required tapes.
4. Click Eject. The software will prompt you to provide the tape description. We recommend that
you describe the physical location where the tapes will be kept. During recovery, the software
will display this description so you could easily find the tapes.
5. Click Eject to start the operation.
After a tape is ejected either manually or automatically (p. 104), it is recommended to write its name
on the tape.
Removing
The removal operation deletes the information about the backups stored on the selected tape and
about the tape itself from the database.
3. Perform the rescanning (p. 218) to match the data stored on tapes with the database.
Unlike specifying tape sets in the backup options (p. 104), where you can use variables, here you can
specify only a string value.
Perform this operation if you want the software to back up to specific tapes according to a certain
rule (for example, if you want to store Monday's backups on Tape 1, Tuesday's backups on Tape 2,
etc). Specify a certain tape set for each of the required tapes, and then specify the same tape set or
use proper variables in the backup options.
For the above example, specify tape set Monday for Tape 1, Tuesday for Tape 2, etc. In the backup
options, specify [Weekday]. In this case, a proper tape will be used on the respective day of the
week.
To specify a tape set for one or several tapes:
1. Click Settings > Tape management.
2. Select the machine to which your tape device is attached, and then click Tape pools under this
machine.
3. Click the pool that contains the necessary tapes, and then select the required tapes.
4. Click Tape set.
5. Type the tape set name. If another tape set is already specified for the selected tapes, it will be
replaced. If you want to exclude the tapes from the tape set without specifying another one,
delete the existing tape set name.
6. Click Save to save the changes.
18 System settings
To access these settings, click Settings > System settings.
The System settings section is visible only to organization administrators (p. 225).
In default backup options (p. 223), you can override these settings exclusively for the events that
occur during backup. In this case, the global settings will be effective for operations other than
backup.
When creating a backup plan (p. 91), you can choose which settings will be used: the global settings
or the settings specified in the default backup options. You can also override them with custom
values that will be specific for the plan only.
Important When the global email notification settings are changed, all backup plans that use the global
settings are affected.
Before configuring these settings, ensure that the Email server (p. 222) settings are configured.
To configure global email notification settings
1. Click Settings > System settings > Email notifications.
2. In the Recipients' email addresses field, type the destination email address. You can enter
several addresses separated by semicolons.
3. [Optional] In Subject, change the email notification subject.
You can use the following variables:
[Alert] - alert summary.
[Device] - device name.
[Plan] - the name of the plan that generated the alert.
[ManagementServer] - the host name of the machine where the management server is
installed.
[Unit] - the name of the unit to which the machine belongs.
The default subject is [Alert] Device: [Device] Plan: [Plan]
4. [Optional] Select the Daily recap about active alerts check box, and then do the following:
a. Specify the time when the recap will be sent.
b. [Optional] Select the Do not send the 'No active alerts' messages check box.
5. Select the check boxes for the events that you want to receive notifications about. You can select
from the list of all possible alerts, grouped by severity.
6. Click Save.
18.3 Security
Log out inactive users after
This option lets you specify a timeout for automatic logout due to user inactivity. When one minute is
left in the set timeout, the software prompts the user to stay logged in. Otherwise, the user will be
logged out and all unsaved changes will be lost.
When creating a backup plan, a user can override a default value with a custom value that will be
specific for this plan only.
To change a default option value
1. Sign in to the backup console as an organization administrator.
2. Click Settings > System settings.
3. Expand the Default backup options section.
4. Select the option, and then make the necessary changes.
5. Click Save.
It is possible to disable anonymous registration on the management server so that the valid user
name and password of a management server administrator are always required for a device
registration. If a user opts for anonymous registration, the registration will fail. Registration of
bootable media pre-configured with the Do not ask for user name and password option also will be
rejected. During unattended installation, you will need to provide a registration token in the
transform file (.mst) or as the msiexec command parameter.
To disable anonymous registration on the management server
1. Log in to the machine where the management server is installed.
2. Open the following configuration file in a text editor:
In Windows: %ProgramData%\Acronis\ApiGateway\api_gateway.json
In Linux: /var/lib/Acronis/ApiGateway/api_gateway.json
3. Locate the following section:
"auth": {
"anonymous_role": {
"enabled": true
}
},
If you updated the management server from build 11010 or earlier, this section is absent. Copy
and paste it to the beginning of the file right after the opening brace {.
4. Change true to false.
5. Save the api_gateway.json file.
Important Please be careful and do not accidentally delete any commas, brackets, and quotation marks
in the configuration file.
6. Restart Acronis Service Manager Service as described in "Changing the SSL certificate settings" (p.
53).
Organization administrators are the top-level administrators. Unit administrators are administrators
of the child groups (units).
In the backup console, each administrator has a view scoped to their area of control. An
administrator can view and manage anything on or below their level in the hierarchy.
In Linux
When the management server is being installed on a machine, the root user is added to the
management server as an organization administrator.
For information about how to add an administrator to the management server, refer to "Adding
administrators" (p. 227).
This way, you can delegate backup management to other people whose access permissions will be
strictly limited to the corresponding units.
For information about how to create a unit, refer to "Creating units" (p. 227).
An account that has permissions for all units does not have permissions for the organization.
Organization administrators must be added to the Organization group explicitly.
When installing agents locally (p. 29), an administrator provides their credentials. The machine is
added to the unit managed by the administrator. If the administrator manages multiple units, the
installer prompts to choose a unit to which the machine will be added.
20 Command-line reference
Command-line reference is a separate document available at
https://dl.acronisscs.com/support/documentation/AcronisBackup_12.5_Command_Line_Reference
21 Troubleshooting
This section describes how to save an agent log to a .zip file. If a backup fails for an unclear reason,
this file will help the Acronis personnel to identify the problem.
To collect logs
1. Do one of the following:
VMware and VMware Ready are trademarks and/or registered trademarks of VMware, Inc. in the
United States and/or other jurisdictions.
All other trademarks and copyrights referred to are the property of their respective owners.
Distribution of substantively modified versions of this document is prohibited without the explicit
permission of the copyright holder.
Distribution of this work or derivative work in any standard (paper) book form for commercial
purposes is prohibited unless prior permission is obtained from the copyright holder.
Third party code may be provided with the Software. The license terms for such third-parties are
detailed in the license.txt file located in in one of the installation directories.
For the Custom backup scheme, the backup sets correspond to the backup methods (Full,
Differential, and Incremental).
In all other cases, the backup sets are Monthly, Daily, Weekly, and Hourly.
A monthly backup is the first backup created after a month starts.
A weekly backup is the first backup created on the day of the week selected in the Weekly
backup option (click the gear icon, then Backup options > Weekly backup).
If a weekly backup is the first backup created after a month starts, this backup is considered
monthly. In this case, a weekly backup will be created on the selected day of the next week.
A daily backup is the first backup created after a day starts, unless this backup falls within the
definition of a monthly or weekly backup.
An hourly backup is the first backup created after an hour starts, unless this backup falls within
the definition of a monthly, weekly, or daily backup.
D
Differential backup
A differential backup stores changes to the data against the latest full backup (p. 230). You need
access to the corresponding full backup to recover the data from a differential backup.
F
Full backup
A self-sufficient backup containing all data chosen for backup. You do not need access to any other
backup to recover the data from a full backup.
I
Incremental backup
A backup that stores changes to the data against the latest backup. You need access to other backups
to recover data from an incremental backup.
S
Single-file backup format
A new backup format, in which the initial full and subsequent incremental backups are saved to a
single .tib file, instead of a chain of files. This format leverages the speed of the incremental backup
method, while avoiding its main disadvantage–difficult deletion of outdated backups. The software
The single-file backup format is not available when backing up to locations that do not support
random-access reads and writes, for example, SFTP servers.