4 - Learn About Acronis

Acronis Cyber Backup
Cloud
Using Acronis Cyber Backup Cloud
Dual headquarters
in Switzerland and Singapore
Dual headquarters
in Switzerland and Singapore © Acronis #CyberFit Academy 2020 1
Module Outline
1. Planning for Backup & recovery

2. Creating Backups
3. Performing Recovery
4. Other Operations
Dual headquarters
Planning for Backup &
Recovery
What can be backed up & recovered
Dual headquarters
How to Plan for Backup
§ Understand your data environment and what needs to be backed up, e.g., for
recovery and/or for archival
• Entire machine/disks/volumes/VMs or individual files/folders/databases?
• Application-aware backup and need for granular recovery?
• Regulatory/audit compliance? Legal obligations?
• Size of data and length of backup window?
§ Determine the backup strategy (retention period and replication?) and most suitable type
of storage for storing and retrieving the backup
• D2D2D (remoted disk storage) or D2D2C
• Local, network storage and/or cloud? Staging to cloud for replication or archival?
Dual headquarters
§ Determine Recovery Point Objective (RPO) and Recovery Time Objective

(RTO) for each service/system to be backed up, use revenue or cost per hour as
a guide
• RPO or frequency of backup is determined based on maximum acceptable loss of data in
case of a service disruption or outage
• RTO or maximum time allowed for recovery is determined based on avoiding
unacceptable consequences associated with a service disruption or outage
Dual headquarters
1
3 2 3
1
§ Have multiple versions of your backup, follow the 3-2-1 rule:

• Eliminate single point of failure
• Leverage on different types of storage for maximizing capacity/performance vs. price
§ Align with backup needs (recovery or archival), backup strategy and RTO/RPO
requirements
§ Formulate and document a disaster recovery plan for each service and an overall
business continuity plan and test often
Dual headquarters
How to Plan for Recovery
§ Understand your outage and what needs to be recovered, e.g., RTOs and
RPOs? Impact on productivity, revenues, normal operations?
• Entire machine/disks/volumes/VMs or individual files/folders/databases/application items?
§ Determine the backups available and the most suitable method/location for
recovery:
• From local, network or cloud storage?
• Recovery method? Recover to live system or use bare metal recovery? Use Acronis
Instant Restore or Acronis Cyber Disaster Recovery Cloud?
• Follow and if necessary adapt disaster recovery plan and business continuity plans to
perform recovery
Dual headquarters
Protecting Physical Machines
§ Windows, Linux and Mac physical machines1 can be backed up using:

• Entire machine backup: includes all non-removable disks of the machine
• Disks/volumes backup: 1 or more disks and volumes can be selected
• Files/folders2 backup: 1 or more files and folders can be selected
§ What can be recovered to live machines:
• 1 or more disk/volumes and files/folders can be recovered from disk-level backups such
as Entire machine or Disk/volume backups
• 1 or more files/folders can be recovered from file-level backups
1 A VM with Agent installed can be backed up similar to a physical machine

2 Files/folders backup can also be used to back up network folders on file servers and NAS devices
Dual headquarters
Protecting Physical Machines
§ Additionally, bare metal recovery can be used when original machine is non-
operational, e.g., hardware or OS failure:
• Requires bootable media for booting up hardware (physical or virtual) to be used for recovery
• Disk-level backups containing an OS can then be selected for system (1 or more disks/volumes)
recovery
• For recovery to dissimilar hardware for Windows or Linux systems, Universal Restore
can be used after bare metal recovery
Dual headquarters
Protecting Applications
§ Microsoft SQL and Microsoft Exchange can be protected as follows:

• Application-aware backup: Disk-level backup of entire server and application metadata
• Database backup: File-level backup of the database and associated metadata
§ Both types of backup can be used to recover:
• Database to live application
• Database as files
• Granular recovery of application items
§ For Microsoft Exchange 2010 SP1 or later, Mailbox backup is also possible and
can be used for mailbox and mailbox item recovery
Dual headquarters
§ For Microsoft Exchange, recovery can be performed to original or new Exchange

server of the same version:
• Target Exchange server and machine performing the recovery (with Agents installed) must
belong to the same AD forest and requires either membership in Exchange Organization
Administrators role group (Exchange 2007) or Sever Management role group (Exchange 2010
and above)
§ For Microsoft SQL, recovery can be performed to original or new SQL server of
the same or higher version for user databases and same version for system
databases:
• Requires membership in Backup Operators or Administrators group on the machine
and sysadmin role in target SQL instance
Dual headquarters
§ Exchange cluster backup support:

• DAG is supported for Exchange Server 2010 and above, other clustering configurations
are not supported
• Agent for Windows + Agent for Exchange must be installed on each node of the
Exchange cluster and Backup option > Cluster backup mode has to be enabled
§ SQL cluster backup support:
• AAG is supported for SQL Server 2012 and above, other cluster configurations are not
supported
• Agent for Windows + Agent for SQL must be installed on each node of the WSFC cluster
and Backup option > Cluster backup mode has to be enabled
Dual headquarters
§ To recovery DAG (Exchange cluster) or AAG (SQL cluster):

• Requires that the DAG or AAG is backed up (not individual databases or items)
• Select the clustered database for recovery from the Backup Storage tab; target node for
recovery is automatically selected by the Agent when creating the Recovery Task
• For DAG, after recovery is complete, manually configure or resume replication on the
cluster
• For AAG, target database to be recovered (if live) must be excluded from the AAG prior to
recovery as a database in an AAG cannot be overwritten
Dual headquarters
§ Microsoft SharePoint farm can be protected as follows:

• Backup all database servers (Microsoft SQL based) with SQL application-aware backup
• Backup all unique front-end and application servers with normal disk-level backup
• Backups of all servers should be performed using the same schedule
§ For recovery:
• Database servers can be recovered using recovery methods for Microsoft SQL
• Other servers can be recovered using disk-level or bare-metal recovery
• SharePoint content such as sites, libraries and documents can be recovered using
Acronis SharePoint Explorer
Dual headquarters
§ Microsoft Active Directory can be protected as follows:

§ For recovery:
• A non-authoritative restore is performed and USN rollback will not occur after recovery
Dual headquarters
§ Oracle Databases on Windows and Linux can be protected as follows:

• Database backup: File-level backup (a.k.a. RMAN backup) of the Oracle database and
Archived Logs using RMAN scripts
§ RMAN scripts can be found in the following locations after installing Agent for
Oracle and parameters in the scripts can be customized
• In Windows: %ProgramFiles%\Acronis\Oracle
• In Linux: /usr/lib/Acronis/Oracle
• Refer to the Help file for more details
Dual headquarters
§ The table belows shows the differences between application-aware (server backup)
and database backup for Oracle databases:
Comparison Server Backup Database Backup
RTO in case of entire server failure Less More
Run as virtual Oracle Server (Run as VM) Yes, on ESXi or Hyper-V hosts No
Support for raw partitions/ASM No Yes
Support for databases spread over several volumes Yes Yes
Necessary to configure separate backup

Backup is fully configured in the GUI,
Ease of use plans for full backup of database and
knowledge of RMAN not necessary
archived logs
Oracle Explorer can be used for granular,

Scripts can be used to customize recovery
Database recovery point-in-time recovery of Oracle data
for advanced scenarios
directly from backup
Dual headquarters
§ SAP HANA databases on Linux can be protected as follows:

• Disk-level backup with Pre/Post data capture scripts: Disk-level backup of entire
server with scripts to prepare SAP HANA databases for backup
§ Scripts can be downloaded from:
• https://dl.managed-protection.com/u/SAPHANA/SAP-HANA-modules.tar
§ After the scripts are downloaded, access to the database needs to be configured
for the scripts before using them
§ For recovery:
• Recover entire server or use SAP HANA Studio to revert a database to a snapshot
Dual headquarters
§ Application-aware and database backup requires the following:

• For agent-based/guest-level backup of physical machines/virtual machines:
a) Agent for Windows/Linux + Agent for Exchange/SQL/Active Directory/Oracle is installed on the physical or
virtual machine
• For agentless backup of VMware VMs:

a) Agent for VMware (Virtual Appliance or Windows) is installed for the ESXi host with VMs to be backed up
b) VMs have to meet the requirements for application-consistent quiescing (refer to VMware KB)
c) VMware Tools is installed and up-to-date
d) UAC has to be disabled on Windows-based VMs, if not, a built-in domain administrator credentials have to be
specified when enabling application backup
Dual headquarters
• For agentless backup of Hyper-V VMs:

a) Agent for Hyper-V is installed for the ESXi host with VMs to be backed up
b) Hyper-V Integration Services must be up-to-date and running in the VM
c) In order to avoid VM going into "saved" state during backup, make sure that the Integration services -> Backup
(Volume checkpoint) option is enabled in VM settings in Hyper-V Manager
d) There must be network connection from Agent for Hyper-V to guest VM network, since application data is read over
WMI which requires network connection to guest OS
e) No Windows dynamic disks present in the guest OS.
f) UAC has to be disabled on Windows-based VMs, if not, a built-in domain administrator credentials have to be
specified when enabling application backup
§ Exchange and SQL transaction logs are truncated after each successful backup
Dual headquarters
Protecting VMs and Virtualization Hosts
§ For VMware vSphere:

• VMs can be backed up and recovered with Agent for VMware (agentless backup)
• ESXi configuration can also be backed up which allows recovery to bare metal
• Backup of ESXi configuration includes:
a) Bootloader and boot bank partitions of the host
b) Host state (configuration of virtual networking and storage, SSL keys, server network settings and local user
information)
c) Extensions and patches installed or staged on the host
d) Log files
• Requires SSH to be enabled in the Security Profile of the ESXi host configuration
Dual headquarters
§ For Hyper-V:
• VMs can be backed up and recovered with Agent for Hyper-V (agentless backup)
• Entire Hyper-V server can be backed up with Agent for Windows via disk-level backup:
a) Requires Hyper-V Integration Services to be installed and updated on the VMs
b) Hyper-V VSS writers must be working (check using vssadmin list writers)
§ For all other supported virtualization platforms, Windows Azure and Amazon
EC2 cloud instances
• VMs can be backed up from inside guest OS (agent-based backup) similar to how physical
machines can be backed up, i.e., using Agent for Windows or Linux
Dual headquarters
• Recovery is similar to physical machines except for Windows Azure and Amazon EC2
VMs
• Windows Azure and Amazon EC2 cloud instances cannot be booted from bootable
media, hence bare metal recovery is not possible; recovery have to be performed to
existing VM:
a) Create new VM from image/template in Azure or EC2 with same disk configuration as machine to be recovered and
install Agent for Windows or Linux on the new VM
b) Recover backed up machine as disk-level recovery to the new VM
Dual headquarters
Protecting Office 365
§ Microsoft Office 365 can be backed up as follows:

• Using Local Agent:
a) Install Agent for Office 365 on a Windows machine
b) Supports backup of Office 365 Exchange Online mailboxes to local, network and cloud storage
• Using Cloud-to-Cloud (C2C) a.k.a Cloud Agent backup:

a) No agent installation required, add Microsoft Office 365 for Business from Add button in cloud console
b) Supports backup of Office 365 Exchange Online mailboxes, OneDrive for Business and SharePoint Online
sites
§ Requires Global Administrator role credentials
Dual headquarters
Feature Local Agent Cloud-2-Cloud Backup

Exchange Online: user, shared, and group
mailboxes
OneDrive: user files and folders
Data items that can be backed up Exchange Online: user and shared mailboxes
SharePoint Online: classic site collections, group
(team) sites, communication sites, individual data
items
Backup of archive mailboxes (In-

No Yes
Place Archive)
Backup Schedule User-defined Once a day (automatically) or manually started
Backup Locations Cloud Storage, local folder, network folder Cloud Storage only
Automatic Protection of new Office Yes, by applying a backup plan to the All users,
No
365 users, groups, sites All groups or All sites groups
Dual headquarters
Feature Local Agent Cloud-2-Cloud Backup
Protecting more than one O365

No Yes
organization
Granular recovery Yes Yes
Recovery to another user within one

Yes Yes
organization
Recovery to another organization No Yes
Recovery to an on-premise
No No
Microsoft Exchange Server
Maximum number of manual backup

No 10 manual runs during an hour
runs
Dual headquarters
§ To recover:
• Granular recovery can be performed from Office 365 backups:
a) Mailboxes and mailbox items can be recovered to Office 365, downloaded as files or sent as email as a form of
recovery
b) OneDrive content can be recovered to existing OneDrive, including Sharing permissions recovery or download as
files
c) SharePoint Online sites can be recovered to existing site, as document library or single document or download as
files
§ Preview, browsing and search of backed up content possible for quick access to
backed up data
Dual headquarters
Protecting G Suite
§ Google Suite can be backed up as follows:

• Using Cloud-2-Cloud (C2C) backup:
a) No agent installation required, add G suite from Add button in cloud console
b) Supports backup of Gmail mailboxes, Calendars, Contacts, Google Drives and G Suite Shared drives
§ Requires Super Admin credentials

§ To recover:
• Granular recovery can be performed from G suite backups:
a) Mailboxes and mailbox contents can be recovered to G suite
b) Google Drive content can be recovered to existing google Drive as entire drive or as files/folders
Dual headquarters
Protecting Websites
§ A website can be backed up via SFTP or SSH protocol (no Agent required):
• Website content files: All files accessible to the account specified for SFTP or SSH
connection
• Linked databases (if any) hosted on MySQL servers: All databases accessible to the
specified MySQL account
• Both website files and databases (if any) should be backed up to enable consistent
recovery
§ Limitations:
• Websites can only be backed up to cloud storage
• Each website must have its own Protection Plan
Dual headquarters
Acronis Bootable Media
§ Bootable media a.k.a. Rescue Media is used for booting up the hardware of a
physical or virtual machine used for bare metal recovery
§ There are 3 types of bootable media:
• Linux-based: Can be downloaded as ISO from Cyber Protection service console, used
for recovering Windows and Linux machines
• WinPE-based: Requires installation of Bootable Media Builder from Acronis Cyber
Backup installer (https://kb.acronis.com/content/59611) and other files, used when Linux-
based media is unable to detect disks, network adapters or other hardware of the
recovery machine
• Mac-based: Create using Rescue Media Builder that’s included with Agent for Mac,
used for recovering macOS machines
Dual headquarters
Universal Restore
§ Acronis proprietary technology that enables:

• Bare metal recovery of Windows or Linux-based systems to dissimilar hardware
• P2P, P2V, P2C, V2V, V2P, V2C, C2C, C2P, C2V migrations
• Hardware independent deployment of supported OS
§ Works by swapping required systems drivers for OS startup in the recovered OS
to match the hardware of the machine used for recovery
§ Available as Apply Universal Restore in bootable Agent on bootable media
§ Universal Restore can be performed multiple times without having to perform
recovery repeatedly
Dual headquarters
Universal Restore in Windows
§ The following locations will be scanned recursively when using Automatic driver
search for suitable drivers:
• Windows default driver folder in the recovered OS – make sure OS is detected when
using Apply Universal Restore for the 1st time after bare metal recovery
• Removable media, network folders or other folders – If Windows default driver folder
doesn’t contain suitable drivers, i.e., OS startup fails after Apply Universal Restore,
download drivers (HDD controller and chipset) from vendor website and place them in any
of the above locations
• Drivers have to be provided as .inf files, extract them from .exe, .cab or .zip using a 3rd
party app if they are downloaded as such
Dual headquarters
Universal Restore in Windows
§ Mass storage drivers to install anyway:

• Used when Automatic driver search cannot locate suitable drivers in any of the
locations that were specified
• If a specific mass storage controller such as RAID or fiber channel adapter is required
• Be careful with specifying Mass storage drivers to install anyway as mistakes will render
the recovered OS inoperable and you will have to redo the bare metal recovery
§ If Universal Restore cannot find a compatible driver in the specified locations, it
will display a prompt about the problem device; choose either to Ignore or Retry
after adding drivers to specified locations to be searched
Dual headquarters
Universal Restore in Linux
§ Universal Restore can be used for Linux OS with kernel version 2.6.8 or above
§ When working in Linux, Universal Restore updates the initial RAM disk (initrd):
• Adds modules for new hardware to initrd
• Search for necessary modules in /lib/modules
• If required modules cannot be found, records the module’s name into the log
• Original initrd is not modified and a copy is saved to the same directory with the same
filename followed by _acronis_backup.img and can be reverted to if necessary
• Universal Restore may modify the configuration of the GRUB loader to ensure system
bootability but will never modify the Linux kernel
Dual headquarters
Acronis Instant Restore
§ Disk-level backups containing an OS can be Run as VM for quick recovery:

• A temporary VM is created and virtual disks are emulated from the backup and linked to
the temporary VM
• Can be deleted (all changes will be discarded) or Finalized (converted) as a regular VM without
downtime
§ Can be used for:
• Disaster recovery: Instantly bring a copy of a failed machine online
• Testing of backups: Run the machine from backup to ensure that guest OS is functioning
• Accessing application data: Extracting application data using native tools
Dual headquarters
Acronis Instant Restore
§ Pre-requisites:
• Requires Agent for VMware or Agent for Hyper-V and corresponding host
• Agent for VMware/Hyper-V must be able to access the backup file:
a) Backups stored on network folder (SMB) or cloud storage
b) Backups stored on local storage of the VMware ESXi or Hyper-V host
c) Backups stored on SFTP, Tape and Secure Zone are not supported
• Backups must contain entire machine or all volumes required for OS to start
• Backups of physical and virtual machines except for Virtuozzo containers can be used
• Backups that contain Linux LVM must be created by Agent for VMware or Hyper-V and
the same type of Agent must be used for Run as VM
Dual headquarters
VM Replication
§ Only available for VMware ESXi VMs

§ Creates an exact copy or replica of a VM to the same or another ESXi host
which can be maintained in sync with the original VM
§ Replication can be started manually or on schedule with the 1st replication being
a full copy and subsequent replications being incremental
§ Replication vs. Backup:
• Replica keeps only the latest state of a VM
• Replication will consume space on datastore whereas backups can be stored on other
storage
• Powering on a replica is much faster than recovery and faster than Run as VM
Dual headquarters
VM Replication
§ Replica can be used for testing and failover/failback to/from local or remote site
§ The following types of VMs cannot be replicated:
• Fault-tolerant VMs on ESXi 5.5 and lower
• Run as VM
• Replicas
Dual headquarters
Creating Backups
Configuring the Protection Plan – Backup module
Dual headquarters
Selecting Machines for Backup
Select sub-group
Select machine to backup Configure Backup
Select from built-in group
Dual headquarters
Selecting Machines for Backup
§ Machines can be selected for backup from any of the built-in device groups and
sub-groups if available
§ Types of sub-groups:
• Built-in such as the Machines with agents > All group
• Manually added Static or Dynamic custom group
§ The selection determine what can be selected for backup, e.g., SQL databases
can only be selected for backup by browsing from the Devices > Microsoft SQL
built-in device group and not from Devices > All devices
Dual headquarters
Device Groups
§ Device groups are designed for convenient management of large numbers of

registered machines
§ Built-in groups:
• Once a machine is registered, it will appear in the built-in group(s) that correspond to its
type, e.g., Exchange server will appear in the Devices > Microsoft Exchange built-in
group
§ Custom groups:
• Groups that are manually created within a built-in group and can be nested
• Typically used for grouping similar machines for group backup
• A machine can be a member of more than 1 custom group
Dual headquarters
Device Groups
§ Types of custom groups:

• Static groups: Contains machines that were manually added to them, membership never
changes unless explicitly added or removed from the group
• Dynamic groups: Contains machines added automatically according to the search
criteria specified when creating the group, membership updated automatically based on
machines that meet the criteria
§ Protection Plans can be applied to a group:
• New devices added to the group “gains” applied plans
• Devices “loses” applied plans when removed from a group but retains plans that were
applied specifically to the device
Dual headquarters
Creating a Static Group
Select built-in Device group
Add new Static group
Dual headquarters
Creating a Static Group
Configure new Static group
Dual headquarters
Creating a Dynamic Group
Type in search criteria Save as new

Dynamic group
Dual headquarters
Device Groups
§ To create a Static group:

1. Choose the built-in group to create the Static group in and click on + New group
2. Type in the name and comments for the new Static group and click OK
3. Select the newly created Static group to add machines to the group
§ To create a Dynamic group:
1. Enter a search criteria1 in the search box, click Search and then Save as
2. The newly created Dynamic group will contain all machines that match the search
criteria; search criteria can be modified after the group has been created
3. Newly added machines that match the criteria will be automatically added to the group
1 Refer to the Help file for details on all available search criteria
Dual headquarters
Protection Plan – Backup
Protection Plan with Backup,

Active Protection and Vulnerability
assessment modules
Dual headquarters
Backup settings
Dual headquarters
§ The Protection Plan is a plan that combines several protection modules:
• In Cyber Backup & Cyber Protect editons: • In Cyber Protect editions only:
a) Backup: Configure backup settings for the machine a) URL Filtering: Enable URL filtering
or group
b) Windows Defender Antivirus/Microsoft Security
b) Active Protection/Anti-malware Protection: Essentials: Configure Windows Defender/Microsoft
Configure Active Protection (Cyber Backup edtions) Security settings
and Anti-malware scanner settings (Cyber Protect
editions) c) Patch Management: Configure patch installation
settings
c) Vulnerability Assessment: Configure vulnerability
assessment scans d) Data Protection Map: Configure data protection map
scans
Dual headquarters
Configuring Backups
§ Select the machine or group to be backed up

§ Plan and decide:
• What to back up: Entire machines, disk/volumes, files/folders, ESXi configuration?
• Where to back up: Cloud, Local, Network storage? Physical Data Shipping?
• Schedule: Backup scheme – monthly, weekly, daily, hourly?
• How long to keep: Retention rule – By backup age, By number of copies?
• Replication: Enable replication? From where to where?
• Encryption: Turn on AES encryption for backups?
• Backup options: Email notification, Error handling, Pre/Post commands?
Dual headquarters
Backup Cheat Sheet
ITEMS TO BACK UP
WHAT TO BACK UP WHERE TO BACK UP SCHEDULE HOW TO KEEP
Selection methods
Cloud
Direct selection Local folder
Disks/volumes
Policy rules Network folder
(physical machines)
File filters NFS
Secure Zone
Always incremental (single-file)
Cloud Always full By backup age
Disks/volumes Policy rules Local folder Weekly full, daily incremental By number of backups
(virtual machines) File filters Network folder Monthly full, Weekly differential, By total size of backups
NFS Daily incremental (GFS) Keep indefinitely
Custom (F-D-I)
Cloud
Files
Policy rules Network folder
(physical machines only)
File filters NFS
Secure Zone
Dual headquarters
Backup Cheat Sheet
ITEMS TO BACK UP
Selection methods
Always incremental (single-file)

Always full
Local folder
Weekly full, daily incremental
ESXi configuration Network folder
Monthly full, Weekly differential,
NFS
Daily incremental (GFS)
Custom (F-D-I) By backup age
By number of backups
Website (files and MySQL Direct selection
Cloud - By total size of backups
databases) Keep indefinitely
System State
Cloud Always full
SQL databases Local folder Weekly full, daily incremental
Network folder Custom (F-D-I)
Exchange databases
Dual headquarters
Backup Cheat Sheet
ITEMS TO BACK UP
Selection methods
Cloud
Mailboxes
Local folder Always incremental (single-file)
(local agent)
Network folder
Direct selection
Mailboxes
By backup age
Microsoft Public By number of backups
Office 365 folders By total size of backups
Keep indefinitely
Cloud -
OneDrive
files Direct selection
Policy rules
SharePoint
Online data
Dual headquarters
Backup Cheat Sheet
ITEMS TO BACK UP
Selection methods
Cloud
Gmail
mailboxes
Network folder By backup age
By number of backups
G suite Google Drive -
By total size of backups
files Direct selection Keep indefinitely
Cloud
Policy rules
Shared drive
files
Dual headquarters
What to back up
§ Selection available depends on machine/group1 selected:

• Entire machine: All non-removable disks will be backed up with option of enabling
Application backup
• Disks/volumes: 1 or more disks and volumes can be selected
• Files/folders: 1 or more files and folders can be selected
• System state: Windows Vista and later only, backs up system state data
• ESXi configuration: Backs up the ESXi configuration
• Exchange/SQL databases: 1 or more Exchange/SQL database can be selected
1 For Office 365 and G suite, selection will be based on the items available in the account, e.g., 1 or more mailboxes, OneDrive or Google Drive, SharePoint Online sites can be selected
Dual headquarters
What to back up
§ Application backup selection is available when Entire machine is selected for

What to back up:
• Microsoft SQL Server | Microsoft Exchange Server | Microsoft Active Directory |
Oracle Database can be enabled for application-aware backup
• Machine has to meet requirements for application-aware backup
• If any requirements are not met, an error message with the missing requirement will be
shown to assist in meeting the requirements
Dual headquarters
What to back up
§ Besides selecting items to be backed up directly, items can also be selected

using policy rules:
• Disks/volumes: Conditional rules such as [All volumes], [Fixed volumes] for volumes
on SCSI, ATAPI, ATA, SSA, SAS and SATA devices and on RAID arrays,
[BOOT+SYSTEM] for system and boot volumes, etc. and specific rules such as C:\,
/dev/hda1, etc.
• Files/folders: Conditional rules such as [All Files], [All Profiles Folder] and
%PROGRAMFILES% and specific rules such as C:\Users, /home, or otherwise type in a
file/folder path such as /dev/hda1/file.txt
§ When a backup using policy rules is applied to multiple machines and no data
matches at least 1 of the rules, backup will fail on that particular machine
Dual headquarters
Where to back up
§ The following backup destinations are available:

• Cloud Storage: Backups will be stored in Acronis or Service Provider cloud storage
• Local folders: Backups will be stored locally on the machine being backed up such as
internal/external disk or removable media
• Network folder, NFS folder: Backups will be stored on SMB/CIFS/DFS or NFS1 shared
folder accessible from the machine being backed up
• Secure Zone: Backups will be stored in a secure partition on the local disk of the machine
being backed up, can be created from Details > Create Secure Zone
• Defined by a script: Backups will be stored in a folder (local or network) defined by a script
written in Jscript, VBScript or Python 3.52
1 It is not possible to back up to an NFS folder protected with a password
2 Scripts written in Python cannot create folders on network shares
Dual headquarters
Secure Zone
§ Secure Zone is a secure partition that can be created on a local disk of the
machine being backed up:
• Offers a cost-effective and handy method for protecting data from software malfunction,
virus attack and human error
• Eliminates the need for a separate media or network connection to backup/recover data
• Can be used as a “staging” storage prior to replication of backups
§ Limitations:
• Cannot be created on a Mac
• Does not protect against physical failure of the local disk
• Does not support single-file backup format
Dual headquarters
Secure Zone
§ To create a Secure Zone, perform the following steps:

1. Go to Details > Create Secure Zone and click Select to select a local disk on which to create the
secure zone
2. Enter the Secure Zone size or drag the slider
3. [Optional] Enable Password protection switch and specify a password
4. Click Create
§ Creating a Secure Zone will change the layout of the volumes on the disk and will
require a reboot if space is taken from existing volumes:
• Secure Zone will always be created at the end of the disk and unallocated space will be used if any to
create the new volume. If there isn’t any unallocated space or if it’s insufficient, free space from existing
volumes will be taken instead to create the new volume resulting in existing volumes being resized
Dual headquarters
Schedule
§ Select a Backup Scheme:

• Always incremental (single-file) | Always full | Weekly full, Daily incremental |
Monthly full, Weekly differential, Daily incremental (GFS) | Custom
§ Select a schedule type:
• Schedule by time: Choose from Hourly, Daily, Weekly, Monthly scheduling or pre-
defined, depending on the backup scheme chosen
• Schedule by event: Choose from Upon time since last backup | When user logs on/off
the system | On system startup/shutdown | On Windows Event Log event
§ Additionally, Start conditions and options can be selected to modify the behavior
of the schedule
Dual headquarters
Schedule
§ Options:
• Run the plan within a date range | If the machine is turned off, run missed tasks at the
machine startup | Prevent the sleep or hibernation mode during backup | Wake up from
the sleep or hibernation mode to start a scheduled backup
§ Start conditions:
• User is idle | The backup location’s host is available | Users logged off | Fits the time
interval | Save battery power | Do not start when on metered connection | Do not start
when connected to the following Wi-Fi networks | Check device IP address
§ If more than 1 condition is selected, all selected conditions have to be met
simultaneously before backup will start
Dual headquarters
Types of Backup
§ Full Backup
F F F F
• Stores all data selected for the backup and forms the base for
subsequent incremental and differential backups
§ Incremental Backup
• Stores the changes to the data since the most recent backup F I I I
• Creates a “chain” of backups, requires the corresponding full + all
subsequent incrementals to restore data
§ Differential Backup
• Stores changes to the data since the most recent full backup
F D D D
• Creates “links” to the full backup, requires corresponding full +
differential to restore data
Dual headquarters
How long to keep
§ Select a Cleanup rule:

• By backup age (default): Specify how long in terms of days, weeks and months to keep
backups
• By number of backups: Specify the maximum number of copies to keep
• By total size of backup: Specify maximum total size of backups to keep, not available
with Always incremental (single-file) backup scheme or when backing up to cloud storage
• Keep backup indefinitely: Do not delete backups
§ Select when to start the cleanup:
• After backup (default): Retention rule is applied after a new backup is created
• Before backup: Retention rule is applied before a new backup is created
Dual headquarters
How long to keep
§ For cleanup by backup age, by default, backups are grouped into monthly,
weekly, daily and hourly sets:
• Monthly set: 1st backup created after a month starts
• Weekly set: 1st backup created on the day specified in Backup option > Weekly backup which by
default is Monday
• Daily set: 1st backup created after a day starts
• Hourly set: 1st backup created after an hour starts
• E.g., Keep 6 months, 4 weeks, 7 days = keep 1st backup created every month for last 6 months
including current month, keep Monday backup created every week for last 4 weeks including current
week, keep the 1st backup created every day for last 7 days including current day
• If switched to single rule for all backup sets, backups will be retained based on Month, e.g., Keep 7
months = keep all backups created for last 7 months including current month
Dual headquarters
Encryption
§ Encryption can be enabled to encrypt backups created with AES encryption

§ Once enabled, Encryption setting cannot be modified and a new Plan has to be
created to use different encryption settings
§ To enable, toggle the Encryption switch and specify a password and the AES
algorithm to be used
§ The password specified is not stored anywhere; the password hash is used for
verification purposes, i.e., required when selected an encrypted backup for
recovery
§ If the password is lost, it is irrecoverable and new backups will have to be created
Dual headquarters
Replication
§ Up to 4 locations for replication is available

§ Backups can be replicated from:
• Local folder, network folder, Secure Zone
§ Backups can be replicated to:
• Local folder, network folder, cloud storage
§ If earlier backups were not replicated, the Agent will attempt to replicate all
missing backups since the last successful replication
§ If replication fails halfway, the next replication will attempt to continue from where
it was stopped previously to reduce time required
Dual headquarters
Notarization
§ Notarization can be enabled to notarize files being backed up and is available in

Cyber Backup and Cyber Protect Advanced and Disaster Recovery editions
§ Available for file-level backup only and not available when:
• Backup format is set to Version 11
• Backup destination is Secure Zone or encryption is enabled
§ To enable, toggle the Notarization switch
Dual headquarters
Backup Options
§ Backup options are settings that can modify the behavior of the Backup
§ Availability of Backup options depends on:
• The environment the Agent operates in (Windows, Linux, OSX)
• The type of data being backed up (disk, files, VMs, application data)
• The backup destination (cloud, local or network storage)
§ Refer to the Help file for more details of each Backup option
Dual headquarters
Browsing Backups
Add
locations
Backup storage locations
Dual headquarters
Browsing Backups
§ Backups can be browsed from the Backup Storage tab

§ All locations currently in use by all plans will be shown
§ New locations can be added by selecting Add location:
• When adding a location, machine to browse from can be specified in order to ensure
that a specific machine (with appropriate agent installed) is used to access the location, e.g.,
using a machine with Agent for SQL to browse backups of SQL databases
§ Backups can be then selected for recovery and Run as VM as well as manually
deleted from a location
Dual headquarters
Browsing Plans
Selected Plan
Available actions
Types of Plans
Dual headquarters
Browsing Plans
§ Plans can be browsed and managed from the Plans tab

§ All plans of a specific type will be show in each section:
• Protection: Shows all available Protection Plans
• Cloud applications backup: Shows Microsoft Office 365 and G suite Backup Plans
• VM replication: Shows VM replication plans
§ Actions available with Plans:
• Create Plan | Import | Details | Edit | Activities | Alerts | Clone | Export | Disable | Delete
Dual headquarters
Performing Recovery
Configuring the Protection Plan – Backup module
Dual headquarters
Configuring Recovery
§ Determine:
• What to recover: Entire machine, disks/volumes, VMs or individual files/folders,
databases or application items?
• Location of backup: Local folder, network folder or cloud?
• Recovery method: Using web interface, bootable media or other methods
• Recovery point: Available backups to recover from?
• Where to recover: Original location, custom location, on-premises or in cloud?
• Recovery options: Validation, Error handling, File exclusions, etc.?
Dual headquarters
Recovery Cheat Sheet
What to recover Using web interface Using bootable media Others
Physical machines (Windows or Linux) -
Physical machine (Mac) -
Virtual machine (VMware or Hyper-V) -
Virtual machine or container (Virtuozzo) -
ESXi configuration -
Extract files from local backups

Files/Folders
Downloading files from cloud storage
System state -
SQL databases -
Exchange databases -
Exchange mailboxes -
Dual headquarters
Recovery Cheat Sheet
What to recover Using web interface Using bootable media Others
Websites -
Mailboxes (local agent) -
Mailboxes -
Microsoft
Public folders -
Office 365
OneDrive files -
SharePoint Online data -
Gmail mailboxes -
G suite Google Drive files -
Shared drive files -
Dual headquarters
Recovery Methods
§ Backups can be recovered on-premises using the following methods:

• Using web interface: Used for performing recovery of entire systems and select data
• Using bootable media: Used for bare metal recovery of entire systems and select data
• Other methods: Used for recovering files and folders
§ Additionally, the following can also be used:
• Acronis Instant Restore (Run as VM) on-premises
• VM Replication (VMware vSphere only) on-premises
• Acronis Cyber Disaster Recovery Cloud in cloud
Dual headquarters
Using Web Interface – Devices Tab
Select machine from appropriate

Devices built-in/custom group for
Recovery, then select Backup
location, recovery point to recover
from and type of recovery
Dual headquarters
Using Web Interface – Backup Storage Tab
Select a location, then select backup

> Show backups to view available
recovery points for recovery
Dual headquarters
Using Web Interface
§ To perform recovery using web interface, select backup to recover from via
Devices or Backup Storage tab:
• Devices tab: Select backed up machine/device/data from built-in or custom group under
Devices tab to recover from
• Backup storage tab: Select location to recover from
§ Browse for available Recovery points (backups) and:
• Select type of data to recover:
a) Entire machine: Disk-level recovery (for physical machines and VMs)
b) Files/folders, SQL/Exchange databases, O365 data, G suite data: File-level recovery
• Use Run as VM (if available)
Dual headquarters
Disk-Level Recovery
Choose to Recover to Physical or Virtual

machine, Target machine to recover to, Disk
or Volume mapping and Recovery options
Dual headquarters
File-Level Recovery
Search for files/folders/databases to recover
Expand to browse for files/folders/databases to recover
Browse for available recovery points
Dual headquarters
File-Level Recovery
Choose Original location or Custom

location and recovery options
Dual headquarters
Creating the Recovery Task
§ After selecting type of data to recover:

• For disk-level recovery, Recover to Physical or Virtual machine, Target machine to
recover to, Disk or Volume mapping and Recovery options can be configured
• For file-level recovery, browse or search for the data to be recovered and recovery can
be to Original or Custom location1 or downloaded/recovered as files
§ After creating the Recovery task, it will be executed immediately
1 Depending on the type of data being recovered, additional options may be available for the Recovery task, e.g., Target instance and State
Dual headquarters
Using Bootable Media
Boot from
bootable media
Dual headquarters
Start bootable agent
Dual headquarters
Configure recovery task
Dual headquarters
Select what to recover
Dual headquarters
Browse for Location
Dual headquarters
§ To perform recovery using bootable media, prepare the bootable media to be

used:
• Recovering Windows & Linux: Download the Linux-based bootable media ISO and use
it directly or create bootable USB1/CD/DVD from it, alternatively, create and use WinPE-
based bootable media
• Mac: Create and use Mac-based bootable media
§ Using Linux-based bootable media:
• Boot the physical or virtual machine to be used for bare metal recovery, select Manage
this machine locally and select Recover to configure the recovery task
• Click Select data to browse for Location to recover from
1 Use ISO to USD or RUFUS to create bootable USB if you need to boot UEFI machine, Win32DiskImager for BIOS and in Linux, use dd utility
Dual headquarters
Browse for backups
Hide Archives and backups

panel to view contents of backup
Dual headquarters
Select What to recover
Dual headquarters
Configure Where/How
to recover
Dual headquarters
§ After selecting location and backup to recover from:

• Select 1 or more disks/volumes and MBR to recover
• Configure Where/How to recover selected disks/volumes
• Start recovery
§ Bootable agent will start the recover immediately and after recovery is complete,
reboot or perform Apply Universal Restore if recovering to dissimilar hardware
Dual headquarters
Extract Files from Local Backups
Directly browse local backups

to view available recovery
points to extract files
Dual headquarters
Extract Files from Local Backups
§ Backups stored on local folders can be browsed directly to extract files for
recovery:
• Only available in Windows using File Explorer
• Agent for Windows must be installed on the machine used for browsing
• Backed up file system must be FAT16/32, NTFS, ReFS, ext2/3/4, XFS or HFS+
• Backup must be stored in a local folder or network share (SMB/CIFS)
1 Use ISO to USD or RUFUS to create bootable USB if you need to boot UEFI machine, Win32DiskImager for BIOS and in Linux, use dd utility
Dual headquarters
Downloading Files from Cloud Storage
Select More ways to recover… >

Download Files to download files
from backups stored in Cloud Storage
Dual headquarters
Downloading Files from Cloud Storage
§ Files can be downloaded from backups stored in cloud storage:

• Select More ways to recover… > Download files to open a new browser window and
login to view all backups stored in cloud storage
• Browse for Backups to select files for download
§ Limitations:
• Backups of system state, SQL databases and Exchange databases cannot be browsed
• Download no more than 100 MB at a time to avoid slowdown
Dual headquarters
Run as VM
Select machine from

appropriate Devices built-
in/custom group, click Recovery,
then select Backup location and
recovery point to Run as VM
Dual headquarters
Run as VM
Select VMware or Hyper-V

host for Run as VM
Dual headquarters
Run as VM
Configure Run as VM settings
Dual headquarters
Run as VM
Finalize temporary VM
Temporary VM
Dual headquarters
Run as VM
§ To perform Run as VM, select backup from Devices or Backup Storage tab:
• Select whether to use VMware ESXi or Microsoft Hyper-V to host the temporary VM
• Configure Run as VM settings such as storage to use, VM settings and Power state
§ After the temporary VM has spun up, it will appear in the service console:
• If connection to agent or backup location is lost, the temporary VM will become unusable
• Select Finalize to convert it to a regular VM after which it can be backed up and the
backup created can be used for recovery
• Alternatively, select Delete to delete the temporary VM
Dual headquarters
VM Replication
Create VM Replication Plan
Dual headquarters
VM Replication
Replica actions
Dual headquarters
VM Replication
§ Select the VMware VM to replicate and click Replication to create a VM

replication plan:
• Target machine and schedule for replication can be configured
§ After the replica has been created, the following actions are available:
• Test replica: Start the replica for testing, replication is suspended while testing is in
progress
• Replica actions > Failover: Failover to replica, replication is suspended while failover is in
progress
• Replica actions > Stop failover: Stop the failover, replication will resume
Dual headquarters
VM Replication
• Replica actions > Permanent failover: Removes the “replica” flag from the VM,
replication is no longer possible to the VM and replication plan should be edited to use
this VM as source if desired
• Replica actions > Failback: Failback to the original or new VM, replication will resume
once failback is complete
Dual headquarters
Other Operations
Performing other operations in Acronis Cyber Backup Cloud
Dual headquarters
Active Protection
Dual headquarters
Protection Plan – Active Protection
§ Uses behavioral heuristics to protect against ransomware and cryptomining

malware
§ Represented as a module in a Protection Plan:
• Different Protection Plan can have different Active Protection settings
• Available for Windows 7 and Windows 2008 R2 and later and requires Agent for
Windows to be installed on the machine
§ Consists of the following settings:
• Action on detection: Notify only | Stop the process | Revert using cache (default)
Dual headquarters
• Self-protection: On by default, protects against unauthorized changes to Acronis

software processes, registry records, executable and configuration files and backups
located in local folders
• Network folder protection: On by default, protects network folders mapped as local
drive
• Server-side protection: Off by default, protects network folders shared from the local
machine from modifications (incoming connections) by other servers
• Cryptomining process detection: On by default, protects against cryptomining
malware, default action is to stop the process
• Exclusions: Configure exceptions to the protection rules, specify full path to processes,
folders and files as Trusted or Blocked
Dual headquarters
Active Protection settings
Dual headquarters
Protection Plan – Vulnerability Assessment
Vulnerability assessment settings
Dual headquarters
Vulnerability
Assessment
Dual headquarters
§ Scans a machine for vulnerabilities to OS and installed 3rd party products:

• List of supported products: https://dl.managed-protection.com/u/baas/help/9.0/user/en-
US/index.html#44465.html
• Currently supported for Windows and Linux (CentOS, Virtuozzo and Acronis Cyber
Infrastructure) machines
• Scanning can be scheduled or manually started and results will be shown in Software
Management > Vulnerabilities tab and selected widgets in Dashboard and Reports
• Found vulnerabilities are categorized by Severity and can be selected for patching
(requires Cyber Protect editions)
Dual headquarters
List of vulnerabilities found for all machines scanned
Dual headquarters

4 - Learn About Acronis

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4 - Learn About Acronis

Uploaded by

Copyright:

Available Formats

Acronis Cyber Backup

1. Planning for Backup & recovery

§ Determine Recovery Point Objective (RPO) and Recovery Time Objective

§ Have multiple versions of your backup, follow the 3-2-1 rule:

§ Windows, Linux and Mac physical machines1 can be backed up using:

1 A VM with Agent installed can be backed up similar to a physical machine

§ Microsoft SQL and Microsoft Exchange can be protected as follows:

§ For Microsoft Exchange, recovery can be performed to original or new Exchange

§ Exchange cluster backup support:

§ To recovery DAG (Exchange cluster) or AAG (SQL cluster):

§ Microsoft SharePoint farm can be protected as follows:

§ Microsoft Active Directory can be protected as follows:

§ Oracle Databases on Windows and Linux can be protected as follows:

Support for raw partitions/ASM No Yes

Support for databases spread over several volumes Yes Yes

Necessary to configure separate backup

Oracle Explorer can be used for granular,

§ SAP HANA databases on Linux can be protected as follows:

§ Application-aware and database backup requires the following:

• For agentless backup of VMware VMs:

• For agentless backup of Hyper-V VMs:

§ For VMware vSphere:

§ Microsoft Office 365 can be backed up as follows:

• Using Cloud-to-Cloud (C2C) a.k.a Cloud Agent backup:

§ Requires Global Administrator role credentials

Feature Local Agent Cloud-2-Cloud Backup

Backup of archive mailboxes (In-

Backup Schedule User-defined Once a day (automatically) or manually started

Feature Local Agent Cloud-2-Cloud Backup

Protecting more than one O365

Granular recovery Yes Yes

Recovery to another user within one

Recovery to another organization No Yes

Maximum number of manual backup

§ Google Suite can be backed up as follows:

§ Requires Super Admin credentials

§ Acronis proprietary technology that enables:

§ Mass storage drivers to install anyway:

§ Disk-level backups containing an OS can be Run as VM for quick recovery:

§ Only available for VMware ESXi VMs

Select from built-in group

§ Device groups are designed for convenient management of large numbers of

§ Types of custom groups:

Select built-in Device group

Add new Static group

Configure new Static group

Type in search criteria Save as new

§ To create a Static group:

Protection Plan with Backup,

§ The Protection Plan is a plan that combines several protection modules:

§ Select the machine or group to be backed up

Always incremental (single-file)

§ Selection available depends on machine/group1 selected:

§ Application backup selection is available when Entire machine is selected for

§ Besides selecting items to be backed up directly, items can also be selected

§ The following backup destinations are available:

§ To create a Secure Zone, perform the following steps:

§ Select a Backup Scheme:

§ Select a Cleanup rule:

§ Encryption can be enabled to encrypt backups created with AES encryption

§ Up to 4 locations for replication is available

§ Notarization can be enabled to notarize files being backed up and is available in

Backup storage locations