Jump to:navigation, search
Wiki






























De.png
En.png
Fr.png






Configuring Securepoint UMA Backup for backup and recovery
Last adaptation to the version: 3.3
New:
notempty
This article refers to a Resellerpreview

3.0.4 2.5.10

Access: UMA-IP:Port or UMA-URL:POrt
z.B.: https://uma.ttt-point.de:11115
Default: https://192.168.175.254:11115
Wartung Tab Backup

Introduction

The UMA is an audit-proof archiving system. All archived information should be kept unchanged and be easily and permanently available to users.

When considering a holistic backup strategy, this information must be considered so that it can be made available again in the event of a failure of the UMA and the subsequent reinstallation.

The backup strategy is extended by one of the following backup options of the UMA.


Backup of the UMA configuration

UMAv3.3 Wartung Backup Konfig-Import-Export-en.png

Section Configuration Import/Export
Since the archive store of the UMA is encrypted and the backup files are also encrypted during creation, it is necessary to backup this key.
The container encryption information is located in the UMA configuration. Therefore it must be backed up first. The Export button creates a file which can then be Download. A click on this button saves the UMA configuration as a file named "uma-config.db" in the folder designated for your downloads.

A backup copy should absolutely be kept in a further safe place.
Only in this way it is guaranteed that this is also available in case of emergency.

Additionally, the Encryption Key, which can also be found on the Backup tab, can also be backed up.
With it, a restore is also possible without configuration data.



Backup devices

Backup devices
Backup devices

The archive system can either be backed up on a network storage or on an external storage medium. External storage media are connected to the appliance via an USB port. Both external hard drives and flash storage media (USB sticks, etc.) are supported.

First, in the section Backup Devices the device or devices to which the backups are to be saved are defined. The following types are distinguished:

  • iSCSI (Recommended)
  • Windows Share
  • Windows Share (signed)
  • SFTP
  • FTP
  • USB device


iSCSI (Recommended)

Establishment
Backup iSCSI

First, an iSCSI target must be set up on a NAS or server. Please follow the instructions for the corresponding storage devices or servers.

The following settings must be made in the UMA:

  • Choose a meaningful name
  • select backup type iSCSI
  • Enter the IP address of the drive or server on which the iSCSI Target was created
  • Via the button Change Target the connection is established and the information about the target is requested
  • Complete the process by pressing the Register button
  • All previous data on this drive will be overwritten
  • After completing the registration, the created backup device must be saved using the Save Devices button
  • Finally a test must be performed using the Test Device button, which should of course be confirmed with a success message from the UMA
The port used for this is 3260

The iSCSI (internet Small Computer System Interface) is a very efficient network data transfer method.
The storage devices on which the data are then to be stored are called "targets". Many server systems or NAS (Network Attached Storage) can be set up as iSCSI targets.

Caption Value Description
Name iSCSI-Backup-Drive Meaningful name with which a backup job can access this device
Type iSCSI Device type
Host name or IP address: 192.168.192.192 Host name or IP address of the drive or server where the iSCSI Target was created
Current Target: Value is determined and entered automatically
UUID: Value is determined and entered automatically
Change Target Searches for iSCSI targets under the specified host name or IP address
iSCSI Targets: Please select an iSCSI target Since it is possible to set up multiple iSCSI targets on a target drive, the desired target must be selected here.
Register Establishes the connection and enters the UUID
Authorization method: CHAP If an authentication method was configured, the access data for the target can be stored here.


Windows Share

Backup Windows Share

A Windows share is a shared drive or folder accessible over a network using the SMB (Server Message Block) protocol, usually on a Windows server or on a NAS.

It is important that the correct share name is entered.

Caption Value Description
Name WindowsShare-Device Meaningful name with which a backup job can access this device
Type Windows Share Device type
Share Name backup The name of the shared folder
Host name or IP address: 192.168.192.192 Host name or the IP address of the device on which the share was set up
Folder uma If you want to save in a subdirectory of the share, enter the name of the corresponding folder here
  • Please note that on the UMA, due to the underlying Linux system, no backslash \ is used for addressing further subfolders, as is common on Windows systems, but a slash / .
  •     or

    /
    If you save directly to the release, the field can remain empty or contain a slash /.
    Username uma-backup-user Credentials on the target server for the backup
  • Only releases for which access data are available can be used.
  • Password •••••
    SMB Version SMBv1
    SMBv2
    SMBv3
    Used SMB version.
    Use deprecated NTLMv1 authorization: Enables the NTLMv1 authorization
  • The NTLMv1 protocol is often still used on the shares for authorization. If it is not clear whether this is still in use, it should be activated for use on the UMA.


  • The user must have write permission in the share.
  • The port used for this is 445

  • Windows Share (Signed)

    Uses SMB signatures for the connection.
    The same settings apply as for Windows Share
    exception:

    • No SMB version is specified
    • NTLMv2 is always used for authorization


    FTP

    Backup FTP
    If an FTP server (File Transfer Protocol) is available, it can also be used for backing up the UMA archive.
    When using FTP, the data will not be transferred encrypted.

    Please note for which folders FTP has been shared with the user on the server.
    .

    Caption Value Description
    Name FTP-Device Meaningful name with which a backup job can access this device
    Type FTP Device type
    Host name or IP address: ftp.anyideas.de Host name or IP address of the ftp server
    Folder /Backup/UMA/ When sharing the entire host and a folder structure Hostname/Backup/UMA
        or

    /
    If only the UMA folder is shared in a Hostname/Backup/UMA folder structure, the field may remain empty or contain a / slash.
    Username uma-backup-user Credentials on the target server for the backup
    Password •••••
    The port used for this is 21


    SFTP

    Backup SFTP

    The complete path must be entered here in any case.

    Caption Value Description
    Name SFTP-Device Meaningful name with which a backup job can access this device
    Type SFTP Device type
    Host name or IP address: sftp.anyideas.de Host name or IP address of the sftp-server
    Absolute Path: /Backup/UMA/ When sharing the entire host and a folder structure Hostname/Backup/UMA
    / When sharing only the UMA folder in a Hostname/Backup/UMA folder structure, the field must contain a / slash.
    The field Absolute path must not be left empty.
    Username uma-backup-user Credentials on the target server for the backup
    Password •••••
    The port used for this is 22


    USB

    Backup USB

    A USB drive is always practical when a backup is to be created "just quickly". Both hard disks and flash memory such as USB sticks are supported here.

    Always disconnect USB devices from the UMA before rebooting.
    An inserted USB device could be recognized by the BIOS as a boot drive and then block the restart of the UMA.

    The following settings must be made in the UMA:

    • Choose a meaningful name
    • select backup type USB Device
    • Via the button Change Device the connection is established and the information about the target is requested
    • Complete the process by pressing the Register button
    • After completing the registration, the created backup device must be saved using the Save Devices button
    • Finally a test should be performed using the Test Device button, which should of course be confirmed with a success message from the UMA
    Caption Value Description
    Name USB Backup Device Meaningful name with which a backup job can access this device
    Type USB device Device type
    Current device Value is determined and entered automatically
    UUID: Value is determined and entered automatically
    Change device Triggers a search of the connected USB devices
    Available devices: Please select an USB device If several USB devices are connected, the desired device can be selected
    Register Establishes the connection and enters the UUID


    Test device

    After saving the created backup device, the connection to this device must be tested. To do so, press the Test Device button, which will trigger a success message after a short time.


    Backup Jobs

    A backup job controls when, on which device and with which backup format a backup should be created. Furthermore, it is defined here how many backups are to be kept for the restore process.

    First, the job is given a name and a device is selected on which the backups are to be stored.

    Schedule

    Backup Job Scheduling
    For scheduling, it is important to consider some of the features of the UMA.

    If a backup is performed, a snapshot of the archive is created first.
    Before creating this snapshot, some services on the UMA will be stopped.

    These include, among others:

    • Dovecot:

      This checks the user name and email address, the filter rules and initiates the indexing of incoming emails

    • LTA-Push:

      This service takes care of the transport from the LTA folders to the XML long-term archive

    • LTA service:

      Converts the emails into XML format, creates a "hash tree" and retrieves the qualified timestamp.
      This is fetched daily from 22:00 on.


    Please note the following when scheduling:
  • No emails are checked or indexed during the backup. Therefore, it is not advisable to perform a backup during the time when users need to access the archive.
  • Backup jobs should not start on the hour because the UMA automatically starts its own cron jobs on the hour as well. Due to the collection of the qualified timestamp and the subsequent creation of the "hash tree", no backup can be created between 10:00pm and 00:00am.
  • backup jobs should not start on the hour because the UMA automatically starts its own cron jobs on the hour as well.
  • The days Monday to Sunday are available for scheduling. This means, for example, that once a week, on every Sunday, a backup will be performed on the specified device.
    Furthermore, the backup can be performed every working day (Monday - Friday) or every day.
    After the backup is completed, a confirmation email will be sent to the address specified under System Settings / System Users / System Administrator.

    Number of retained Backups

    Number of backups

    Besides the creation of a single backup, it is also possible to keep several of different days. You can choose between the last one (1) and the ten last ones (10).

    It is also possible to keep all backups, but this is only useful when using the Time Machine backup format.
    For the format Mirror there is always only one backup.


    Backup Format

    Backup Formats

    To be selected here:

    Caption Description
    Mirror (recommended)
    Mirror (recommended)
    Creates an incremental backup using rsync.
    This method is particularly stable and tolerant of disconnections.
    Requires an encrypted drive
    and can therefore only be used with the backup devices iSCSI and USB
    Tar
    Tar
    With this archive format a complete backup file is always created
    Time Machine
    Time Machine
    An incremental format that saves only the changes after an initial full backup.
    You can select any point in time when restoring.
    Requires an encrypted drive
    and can therefore only be used with the backup devices iSCSI and USB

    Create Backup

    With the button of the same name the Run Backup Job Manually can be started at any time


    Checking the backup

    If the first backup was created, it must be ensured that it can be restored. This can be done with the button Restore.
    A specific backup can be selected depending on the number of backups held: Choose a backup to restore

    Desaster Recovery

    To ensure that the backup can also be restored on newly installed hardware, a disaster recovery test is always included in a full backup.
    For example, a UMA can be installed on a virtual machine. The previously backed up UMA configuration file is then imported on this virtual machine. Using the installation wizard or under System Settings / Archive Storage the mounted archive hard disk is initialized and then the backup is restored via Restore.

    Once the backup is successful, it can be assumed that it works.


    Restore Backup

    Restoring a backup is only possible with the configuration that was active during the backup run, since the backup depends on the configuration ID.
    Backup list

    Since the backup jobs have different formats and/or different locations, the function is inserted with the individual jobs.
    A backup must be selected beforehand: Select a backup to restore

    The Update will update the list of backups and a click on Restore will start the restore.


    Delete Backup

    UMAv3.3 Wartung Backup Backup-löschen-en.png

    To be able to delete a backup that is no longer needed, under Backup Jobs at Select a backup to restore select the backup to be deleted.

    The pop-up message

    If the Delete Backup button is clicked without a backup selected, a pop-up message will appear.

    The warning window for deleting a backup
    When the Delete Backup button is clicked, a window with a confirmation prompt appears.
    This serves to query whether this backup should really be deleted.

    The deletion process may take some time.



    Final information

    Contained are in an archive backup

    • all emails
    • Email attachments
    • Documents
    • and backup information (e.g. the encryption key)

    Not included are

    • Index databases
      These must be recreated again.
      This usually happens when the user wants to access his documents via the UMA user interface for the first time after restoring a backup.
      The first login will then take a little longer than usual, because the index database for this user has to be created again first.