Blue Moon Backup Documentation

Protected Item types 

Overview 

Cloud Backup supports a range of different types for your Protected Item configuration, including file, application, system, and VM backup types.

"Files and Folders" items 

The "Files and Folders" option lets you back up files and folders on the PC.

Use the Plus button to browse files and folders for backup. You can also drag-and-drop files and folders into the Cloud Backup client to select them.

The "Choose files" dialog displays a live estimate of the selected filesize (before compression and deduplication).

Filesystem snapshots 

On Windows, the "Take filesystem snapshot" option creates a VSS snapshot.

This enables Cloud Backup to back up files that are currently in-use. It also provides disk-wide "crash-consistency", as all files for backup will originate from the precisely same timestamp.

Non-Windows platforms do not currently require the use of this feature to back up in-use files, however, they also do not benefit from the disk-wide consistency.

Current versions of Cloud Backup cannot take filesystem snapshots of a Protected Item located on a network share; be sure to disable the "Take filesystem snapshot" option on the Protected Item.

Windows supports taking VSS snapshots of NTFS and ReFS filesystems. Cloud Backup can snapshot these filesystems for backup.

Windows does not support taking VSS snapshots of FAT or exFAT filesystems. Protected Items backing up these filesystems must not use the "Take filesystem snapshot" option.

This feature is enabled by default for new Protected Items.

Network shares 

Cloud Backup supports backing up Windows network shares (SMB / CIFS). However, you should prefer to install Cloud Backup directly on the network device; this will offer increased backup performance.

On Windows,

  • The "Choose Items" dialog lets you browse through mapped network drive letters. You can also use the "Options > Browse UNC Path" option to directly browse a UNC path.
  • Cloud Backup supports entering custom Windows Network Authentication credentials via the "Log in to network share" option. If you select a network share for backup, you may need to enter custom credentials in order for the service user account to access the network share.
  • Because mapped network drives are private to a user session, Cloud Backup automatically converts mapped network drive letters into their UNC path equivalent, so that it can still be accessed by the service user account.

Current versions of Cloud Backup cannot take (VSS) filesystem snapshots of a Protected Item located on a network share; be sure to disable the "Take filesystem snapshot" option on the Protected Item.

On non-Windows platforms,

  • You should mount the network share locally before backing it up.

Encrypted files (Windows EFS) 

EFS is a Windows feature that allows you to encrypt individual files on disk. Cloud Backup supports backing up EFS-encrypted files on Windows. The files will be silently decrypted if possible (e.g. if Cloud Backup is running as the encryption user, or if Cloud Backup is running as the EFS Recovery Agent user).

If it is not possible to automatically decrypt the file for backup, Cloud Backup will back up the file in its encrypted form, and will only be able to restore it in its encrypted form. EFS-encrypted files are displayed with green text in the Restore browser dialog in Cloud Backup.

If you have a PC failure, the EFS encryption keys may be lost. In this situation, the EFS-encrypted files may be unusable, even after restoring from backup. Cloud Backup warns you about this situation by adding a warning message in the backup job log.

In order to safely prepare for this scenario, you should export the PC's EFS encryption keys, so that the files can be accessed after a PC failure. On Windows, you can do this via certmgr.msc; or on Windows Server, taking a System State backup may be sufficient.

Once you have safely backed up the PC's EFS encryption keys, you can suppress the warning in Cloud Backup by enabling the "I confirm EFS keys are exported" option in the Protected Item settings.

If you have only a partial PC failure (e.g. files lost, but OS installation and user accounts remain intact) the EFS-encrypted files will be restorable without any further attention to the EFS keys.

Finding files using EFS 

You can use the cipher /u /n command to list all files on the local PC that are EFS-encrypted.

Finding the certificate used to encrypt a file 

You can use the cipher /C C:\path\to\file.txt command to display the user accounts and certificates that are able to decrypt a file. This may indicate which user originally encrypted the file and/or which EFS certificates are necessary for backup.

Windows Server Deduplication 

Windows Server 2012 and later have a data deduplication feature that is separate- and unrelated- to Cloud Backup's own deduplication, that can be used to increase free disk space on NTFS volumes. A scanning process runs in the background to find and merge duplicate file content. By default, the scanning process runs overnight.

Deduplicated files look and behave like normal files; however, they are stored on disk in a special format, that can only be read by Windows Server (and Linux). Non-Server versions of Windows are entirely unable to read these files from disk.

When backing up deduplicated files with Cloud Backup, it backs up the full (rehydrated) file content, and then applies its own deduplication to it. This means that Windows Server deduplicated files can be safely restored to non-Server versions of Windows.

When restoring deduplicated files from Cloud Backup, the files are restored in their full (rehydrated) format, and are not re-deduplicated until Windows runs its next background scanning pass. This means that you may not have enough free disk space to completely restore a backup to the same source drive.

Exclude filters 

You can exclude a range of files from the backup job. An exclusion filter checks whether to exclude each file from backup, using either a glob pattern or a regular expression (regex).

There is no limit to the number of exclusion filters you can add to a single Protected Item.

Glob pattern match 

Cloud Backup can exclude files based on a glob pattern. Any files matching the glob pattern will be excluded from the backup job.

The expression is tested against the full disk path to the file. Your glob expression can be a partial match (e.g. *.txt) or a fully anchored match (e.g. C:\path\to\file.docx).

Some special characters and wildcards are allowed:

  • A star (*) skips zero or more characters within a filename
  • A double-star (/**/) skips any number of directory components
  • A question-mark (?) skips a single character within a filename
  • Square brackets denote a character class (e.g. [0-9]) within a directory or file name

Regular expression match 

Cloud Backup can exclude files based on a regular expression (regex). Any files matching the regular expression will be excluded from the backup job. The specific syntax flavour is that of the Go regexp library.

The regular expression is tested against the full disk path to the file. This enables filtering by path component, or (on Windows) drive letter.

By default, the regular expression is

  • case-sensitive. You can perform a case-insensitive match by adding an (?i) expression
  • non-anchored. You can restrict your regex to the start- or end- of the file path by using the ^, $, \A and/or \z expressions.

Forwardslash (/) is not a special character and does not require escaping with \/.

An invalid regular expression will prevent a backup job from running.

System exclusions 

The Cloud Backup system automatically excludes certain folders.

On Windows, Cloud Backup skips

  • The $RECYCLE.BIN and System Volume Information directories in any drive root
  • The C:\Recovery directory
  • The C:\pagefile.sys, C:\hiberfil.sys, and C:\swapfile.sys files
  • The MicrosoftEdge.exe file
    • This is intended to work around an issue with The file cannot be accessed by the system messages affecting Windows 1803 and later.
  • Invalid .DFSFolderLink files

On Linux, Cloud Backup skips

  • The /proc directory
  • The /sys directory
  • The /selinux directory
  • The /dev directory (as of Cloud Backup 18.11.0)

On macOS, Cloud Backup skips

  • The /dev directory (as of Cloud Backup 18.11.0)
  • The /Users/.../Library/VoiceTrigger/SAT directory (as of Cloud Backup 19.9.6)
    • This is a protected AF_DATAVAULT directory that is inaccessible with SIP enabled (the default).

Rescan unchanged files 

In a regular "Files and Folders" backup, Cloud Backup will skip over files that have the same file size and modification time as the last backup job. If these properties are the same, Cloud Backup will refer to previous chunks and not re-chunk the file. This dramatically improves performance.

If you are working with certain types of files that change content without updating their modification time attribute on the filesystem - for instance, applications that use direct disk I/O instead of filesystem functions; some database data files; or VeraCrypt container files - then the above is obviously unsatisfactory for ensuring backup integrity. In this case, you can enable the "Rescan unchanged files" feature to cause Cloud Backup to chunk every encountered file. This has some performance penalty but does ensure backup integrity in the presence of such files.

"Program Output" items 

The "Program Output" backup type backs up the stdout (Standard Output) stream of any command execution. This stream data is saved as a virtual file within the backup job. You can choose the virtual file name.

The data is streamed directly to the backup destination and never touches the local disk. This has the consequence that no progress bar or ETA can be calculated or displayed during backup jobs.

If the target application produces any content on stderr (Standard Error), it will be logged in the job report, and the final job status will not be less severe than "Warning".

If the target application exits with a non-zero error code, the error code will be logged in the job report, and the final job status will not be less severe than "Error".

"Microsoft Exchange Server" items 

Using this Protected Item type may incur a Booster charge.

This Protected Item type backs up Microsoft Exchange Server databases. The underlying technology is VSS and is compatible with Microsoft Exchange Server 2007 and later, including Exchange Server 2016 (the latest version at the time of writing).

The appropriate VSS writer must be installed.

As Exchange Server can only be installed on Server SKUs of Windows, this backup type is only applicable when running on Windows Server.

Some forms of Exchange Server backup will cause log truncation to occur on the Exchange Server. For more information, please see the official Exchange Server documentation. If circular logging is enabled on the Exchange Server, the 'Incremental' and 'Differential' backup types have limited effect.

Exchange Server 2007 

By default, Exchange 2007 does not enable the VSS writer. The VSS writer may have been enabled by another backup system installed on the PC.

If you encounter error messages like Couldn't find Exchange Server installation on this device or Failed to perform VSS snapshot on a machine running Exchange 2007, the Exchange VSS writer (MSExchangeIS) may not be enabled.

  • You can confirm whether this is the case by checking for Microsoft Exchange Writer in the output of vssadmin list writers, or, in the Browse dialog for a new "Application Aware Writer" Protected Item.

You can manually activate the Exchange VSS writer by making the following steps:

  1. Open regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
  2. Change the Disable Exchange Writer value from 1 to 0
  3. Restart the Microsoft Exchange Information Store service

For more information on this issue, please see Microsoft's own documentation at http://support.microsoft.com/kb/838183/en-us .

Restore 

The Cloud Backup snapshot of Exchange Server includes the *.edb file, the *.log/*.stm/*.chk files, and/or other files.

To restore data, you can either

  • reinstate the Information Store files directly as a whole. This approach is suitable in a disaster recovery situation; or
  • recover individual items. This allows you to access individual mailboxes and messages without affecting the existing mounted database. This approach is suitable if you only need to access some small parts of past data that has since been deleted or corrupted, without affecting the current running Exchange Server state.

Full EDB Recovery 

One option for restoring the Exchange EDB is to replace the full EDB file.

You can replace the EDB and log files on the Exchange Server with the restored versions. This approach is suitable for disaster recovery.

In the Exchange Server console:

  1. Dismount the existing Exchange Server Store
  2. Replace files on disk with the restored copies.
    • The path must match the original copy because the transaction log files include an embedded path to the *.edb/*.stm files. If the EDB file was backed up from a different disk location, you should first use the "Move database" feature to update Exchange Server to look for the database files in their original location. For more information, see this Microsoft article.
  3. Mount the Exchange Server Store

Recovery Database mode 

Another option for restoring the Exchange EDB is to mount it as a recovery database (RDB).

Once mounted, you can attach Outlook to the recovery database, or use the New-MailboxRestoreRequest PowerShell command to extract a PST mailbox.

For more information, see this Microsoft article.

Extract EDB contents 

Another option for restoring the Exchange EDB is to use a third-party application to extract content.

Third-party applications can read the content of the EDB file to extract individual messages, contacts, or other mailbox items.

At the time of writing, the following programs were available:

"Microsoft Hyper-V" items 

Using this Protected Item type may incur a per-hypervisor Booster charge.

This Protected Item type backs up Microsoft Hyper-V virtual machines. The underlying technology is VSS and is compatible with all versions of Hyper-V running on Windows Server, including Windows Server 2016 (the latest version at the time of writing).

This backup type is only applicable when running on Windows Server. Hyper-V on Windows Desktop is not supported by this Protected item type.

Cloud Backup integrates with the Hyper-V VSS writer to perform a Hyper-V backup snapshot, including support for in-VM quiescence on supported guest operating systems.

Backing up a Hyper-V virtual machine with Cloud Backup includes, but is not limited to:

  • its configuration file
  • all attached virtual drives
  • the contents of memory (if the machine was running)
  • the full tree of saved checkpoints

You can select individual virtual machines for backup, or choose "All virtual machines".

Consistency and guest additions 

The following information applies to all products that perform Hyper-V backup.

When backing up a guest VM, it's important to get a consistent state of the VM. There are some different ways this happens.

If the guest OS has all necessary Hyper-V integration services installed, then the host can request for the guest VM to take a VSS snapshot. The snapshot is then exposed to Hyper-V on the host for Cloud Backup to back up. It shouldn't interrupt the guest OS. The VM backup is application-consistent. This is known as a "Production checkpoint".

If the host OS is running Server 2012 R2 or newer, but there are no integration services inside the guest OS, then Hyper-V will take a checkpoint of the VM; Cloud Backup will back up the checkpoint; and then the checkpoint will be removed. This kind of checkpoint does not interrupt the guest OS. The VM backup is crash-consistent. This is known as a "Standard checkpoint".

  • You can also achieve this behavior by disabling "Production checkpoints" in the Hyper-V settings for the VM.

If the host OS is older than Server 2012 R2, and there are no integration services inside the guest OS, then the VM will be paused; Windows will take a VSS snapshot of Hyper-V's files in paused state; the VM will be resumed and Cloud Backup will back up from the VSS snapshot. It would cause a short interruption to the guest OS. The VM backup is crash-consistent.

  • You can also achieve this behavior by disabling checkpoints in the Hyper-V settings for the VM.

Replica VM 

The following information applies to all products that perform Hyper-V backup.

If you are using Hyper-V replication, you can back up your virtual machines from either the primary or replica host.

A backup taken on the primary VM host is application-consistent (if possible), by quiescing a VSS snapshot inside the VM guest; or crash-consistent otherwise. However, a backup taken on the secondary VM host is only ever crash-consistent, because the replica VM is not running in order for guest integration services to take a VSS snapshot.

Current versions of Hyper-V do not allow backing up a VM that is currently replicating. If a VM is found to be currently replicating at the time of backup, Cloud Backup will retry the operation a few times. If you repeatedly see errors of the form The virtual machine '...' cannot start a backup operation because it is currently executing a conflicting operation. Try the backup again., and you are running backups from the replica VM host, you could consider

  • scheduling the backup job to run at a time when it's more likely that the VM replication is up-to-date; or
  • using Before / After commands in Cloud Backup to temporarily stop VM replication while the backup job is running.

For more information about backing up a replica VM, see https://blogs.technet.microsoft.com/virtualization/2014/04/24/backup-of-a-replica-vm/

Pass-through disks 

The following information applies to all products that perform Hyper-V backup.

Hyper-V supports passthrough disks, to attach a physical disk from the host directly into the guest VM. This unmounts it from the host OS.

Hyper-V itself does not support backing up passthrough disks (nor does it support replicating them). A Hyper-V backup of the guest machines can be taken from the host, but does not include any data from passthrough disks.

You can work around this issue by either

  • installing Cloud Backup inside the guest VM, and backing up the extra data at a file level (this will use an extra Device license); or
  • changing your passthrough disks to be a real disk containing a large .vhd or .vhdx file. The "New Virtual Disk Wizard" in Hyper-V Manager has an option to convert an existing disk to a .vhd or .vhdx file.

For more information about backing up passthrough disks in Hyper-V, see https://blogs.technet.microsoft.com/virtualization/2009/03/03/working-around-the-pass-through-limitations-of-the-hyper-v-vss-writer/

"Microsoft SQL Server" items 

Using this Protected Item type may incur a Booster charge.

This Protected Item type backs up a Microsoft SQL Server database. The underlying technology is VDI and is compatible with SQL Server 2005 and later, including SQL Server 2019 (the latest version at the time of writing).

No data is spooled to the local disk. As per the "Program Output" type, no progress bar or ETA appears during a Microsoft SQL Server backup.

Databases are backed up one-at-a-time. If you require point-in-time consistency across multiple databases, please use the "Application-Aware Writer" option instead.

Connection details 

Connection details should be supplied before selecting databases. Cloud Backup will only connect to SQL Server running on the local machine. You must enter the instance name, or leave the field blank to use the default instance.

Address 

The address is always localhost, but Cloud Backup does not use TCP addresses or TCP ports to connect to SQL Server instances. Cloud Backup uses "Shared Memory" to connect to SQL Server instances.

Cloud Backup's use of "Shared Memory" connection does improves performance for some operations, at the expense of only working on the local machine; but Cloud Backup's use of VDI requires it to run against the local machine anyway.

If you encounter issues connecting to your SQL Server, you must ensure that "Shared Memory protocol" is enabled in SQL Server Configuration Manager.

Driver 

OLE DB and ODBC are data access methods that use pluggable "drivers" / "providers" for connecting to databases like SQL Server. The following drivers for OLE DB / ODBC support SQL Server:

Driver TLS 1.2 Support Notes
MSOLEDBSQL Yes Included with SQL Server 2016 and 2017; Optional download from https://www.microsoft.com/en-us/download/details.aspx?id=56730
SQLNCLI11 Yes Included with SQL Server 2012 and 2014; Optional download from https://www.microsoft.com/en-us/download/details.aspx?id=50402
SQLNCLI10 No Included with SQL Server 2008
SQLNCLI No Included with SQL Server 2005
SQLOLEDB No Included with SQL Server (all versions); Included with Windows since XP / Server 2003

Cloud Backup has been upgraded over time to support trying additional drivers:

Cloud Backup Version Preferred driver Fallback driver(s)
>= 18.9.6, >= 18.8.6 MSOLEDBSQL SQLNCLI11, SQLOLEDB
18.9.5 MSOLEDBSQL SQLOLEDB
18.9.4, 18.8.5 and older SQLOLEDB None

You can list your installed drivers

Authentication 

Cloud Backup allows you to connect to SQL Server using either Windows authentication (running as the backup service account - usually NT SERVICE\backup.delegate or SYSTEM), or native SQL Server authentication.

  • If you are using Windows Authentication, the connection occurs as the backup service account.
    • You can assign this Windows user account to have sysadmin rights within SQL Server.
  • If you are using SQL Server authentication, you must enter a valid username and password to connect to SQL Server.

Impersonation is not currently available for Windows authentication. Future versions of Cloud Backup will support impersonation for Windows authentication.

Multiple instances 

Cloud Backup supports backing up multiple instances from SQL Server. You can select an instance for backup, by entering the instance name in the "Instance Name" field. Leave this field blank to use the default instance.

Cloud Backup automatically lists available instances for selection in the drop-down menu.

A future version of Cloud Backup will make the instance dropdown list available for remote administration in Cloud Backup Server.

Backup mode 

By default, Cloud Backup opts to make a full database export from SQL Server, and then uses its own deduplication system to optimise the stored/uploaded data.

This is the "Full (copy only)" option. It is equivalent to the BACKUP WITH COPY_ONLY T-SQL statement.

Because Cloud Backup can efficiently deduplicate full image backups, it is normally sufficient to only take full backups of SQL Server in Cloud Backup.

Base images 

You have the option to use SQL Server's own differential/log backup system. This may be more efficient, but it does require additional administrative work, and complicates the process of restoring data.

The SQL Server maintains one single point-in-time reference, from which it can produce differential backups and/or log-based backups. When you take a new "Full (base image)" backup, the point-in-time reference is moved forward, so that any future differential and/or log-based backups are based on the last base-image backup.

To use SQL Server's own differential/log backup system, you must create multiple Protected Items (each with a different schedule) in order to capture both a base image and a differential/log backups. By creating multiple Protected Items, you can individually schedule, report-on, and manage retention policies for both base and differential/log backups.

If you are using Cloud Backup alongside another product for SQL server backups, you should ensure that only one product is taking base-image backups. Otherwise, it's possible that a chain of differential/log backups would be incomplete.

Differential 

Cloud Backup can use SQL Server's own systems for differential backup. In this mode, you can regularly make "differential base" backups, and then a series of small "differential increment" backups, each containing the difference from the last base backup. These operations are equivalent to the BACKUP and BACKUP WITH DIFFERENTIAL T-SQL statements respectively. Cloud Backup will still deduplicate multiple base backups that are sent to the same Storage Vault.

This is the "Differential increment" option.

Log 

You can opt to use SQL Server's own systems for log backup. In this mode, you must periodically take full (base image) backups, and regularly take log backups.

You have the choice of whether to apply log truncation. These operations are equivalent to the BACKUP LOG and BACKUP LOG WITH NO_TRUNCATE T-SQL statements respectively. Cloud Backup will still deduplicate all data that is sent to the same Storage Vault.

To use SQL Server's own log system, you must create multiple Protected Items (each with a different schedule) in order to capture both full and log backups.

This mode requires that the database Recovery Model is set to "Full" or "Bulk Logged" in SQL Server. For more information, please see https://msdn.microsoft.com/en-us/library/ms189275.aspx .

Recommendations 

In general, we would recommend using the default "Full" backup technique.

SQL Server's native differential/log systems may be used if you experience performance issues with the default mode, however, you must ensure that

  1. No other backup systems are resetting the last base backup;
  2. Whenever the differential/log backs up successfully, that the base has also recently backed up successfully;
  3. Base backups are performed regularly to minimise differential overhead; and
  4. Retention is carefully managed to ensure that recovery is possible

Alternative ways to back up Microsoft SQL Server 

You can use the "Application-Aware Writer" type to back up SQL Server using the VSS Writer. Compared to Cloud Backup's standard VDI approach, this option enables more detailed progress information, and can take a consistent point-in-time snapshot of multiple databases at once; but offers more limited control over SQL Server features such as log truncation. The resulting files also must be restored in a different way.

You can use Cloud Backup's "Commands" feature to call osql/sqlcmd to run a T-SQL BACKUP statement against the database, and then back up the resulting spooled file with the "Files and Folders" type. This option requires more temporary disk space than the built-in system above.

You can use the "Files and Folders" type to back up individual database files if the "Take filesystem snapshot" option is selected. However, the "Files and Folders" backup type does not invoke SQL Server's VSS writer, so this would (at best) produce a "crash-consistent" backup and is not recommended.

"MySQL" items 

This Protected Item type backs up a MySQL database. It is also compatible with MySQL-compatible servers such as MariaDB and Percona Server. It works at the logical (SQL) level.

No data is spooled to the local disk. As per the "Program Output" type, no progress bar or ETA appears during a MySQL backup.

Databases are backed up one-at-a-time. Point-in-time consistency is only preserved on a per-database basis.

Connection details 

Connection details should be supplied before selecting databases. Fill in the fields at the bottom of the dialog window.

Selecting databases 

Use the plus button on the right to open a database browser, allowing you to select individual databases for backup. Use the dropdown-plus button to add a custom property.

Custom mysqldump 

MySQL support works at the logical (SQL) level using mysqldump. A copy of this program must be found on the device in order for the backup job to run.

The mysqldump binary is selected as follows:

  • If a custom path to mysqldump has been set, this binary is used.
  • Otherwise, if there is a version of mysqldump installed (e.g. you are backing up a MySQL server from the server itself), the local version of mysqldump will be used to ensure maximum compatibility.
  • Otherwise, if no copy of mysqldump can be found, the Windows version of Cloud Backup bundles a recent mysqldump binary in compliance with its license.
  • If no suitable mysqldump binary is found, the MySQL backup job will fail with an error message Couldn't find 'mysqldump' anywhere. This failure can be detected via the backup job's status or its log entries.

On Linux, you can install a copy of mysqldump as follows:

Distro Command
Debian, Ubuntu apt-get install mysql-client
CentOS, RHEL yum install mysql

System databases 

Cloud Backup supports backing up the built-in system databases if desired.

  • The mysql database contains server configuration, including user accounts and grants. It should only be restored to the same major release of MySQL.
  • The information_schema database is a set of read-only views and does not need to be restored.
  • The performance_schema database is a set of aggregated statistics and does not need to be restored.
  • The sys database (in MySQL 5.7.7 and higher) is a set of performance statistics and does not need to be restored. If your version of MySQL does not successfully back up this table, it is safe to exclude it from the backup settings.

Isolation modes 

Cloud Backup allows you to select the isolation mode used when reading data from MySQL. You should select the most appropriate isolation mode for your MySQL engine type.

The following options are available:

Isolation Mode InnoDB MyISAM Detail
Transaction Consistent Inconsistent Wrap all read access in a single transaction, so that the read data is consistent
Lock tables (default) Consistent, but slow Consistent, but slow Lock access to database before reading it, so that the read data is consistent. This requires that the MySQL user account has been granted the LOCK TABLES permission
None Inconsistent Inconsistent Do not take a transaction and do not lock tables.

"MongoDB" items 

Using this Protected Item type may incur a Booster charge.

MongoDB is a general purpose NoSQL database developed by MongoDB, Inc.

MongoDB databases are supported as a Protected Item type.

No temporary disk space is required: database content is streamed directly from the MongoDB server into Cloud Backup's chunking deduplication engine without requiring any temporary disk space. All backup jobs require only incremental storage using Cloud Backup's chunking technology.

Backing up data from your MongoDB server will cause some additional load on the MongoDB server for the duration of the backup job.

Version support 

The underlying technology is mongodump. Cloud Backup will use your system installed mongodump version for best compatibility with the exact feature set of your MongoDB server. This is the officially supported mechanism for backing up a MongoDB database.

This technology is also compatible with MongoDB forks, variants and cloud services, including but not limited to

Cloud Backup will search the PC for the system installed mongodump and mongo shell binaries. If your binaries are installed in a normal system location, Cloud Backup will find and use the most recent available binary. If you have special requirements, or if Cloud Backup is unable to automatically detect the binary path, you can override the binary path to use a custom mongodump and mongo shell binary.

Connection details 

Connection details should be set before picking databases for backup. Enter your MongoDB connection details in the lower part of the window.

Cloud Backup supports connecting to MongoDB in different ways:

  • Direct connection
    • Enter a hostname and port for the MongoDB server (mongod / mongos). The default port is 27017.
  • Direct connection through SSH tunnel
    • Cloud Backup will open an SSH tunnel to the remote server, and then run the locally installed mongodump binary against the forwarded port connection. The use of SSH as a transport layer is independent of whether SSL is also enabled (described below).
  • Replica set
    • You must specify the name of the replica set (e.g. rs0)
    • Add the hostname and port for each of the replica set members that are reachable from the Cloud Backup device.
    • When using Replica Set connection in Cloud Backup, Cloud Backup will only read data from one of the members. You can use the "read preference" option to choose which MongoDB server Cloud Backup will prefer to back up from.
      • Primary
        • Cloud Backup will attempt to back up from the primary. If the primary server is unreachable, the backup job will fail.
      • Primary preferred
        • Cloud Backup will attempt to back up from the primary, but will back up from the secondary if the primary is unreachable.
      • Secondary
        • Cloud Backup will attempt to back up from the secondary. If the secondary server is unreachable, the backup job will fail.
      • Secondary preferred
        • Cloud Backup will attempt to back up from the secondary, but will back up from the primary if the secondary is unreachable.
      • Nearest
        • This option will back up data from the server in the replica set that has the lowest latency (ping) to the Cloud Backup device.

Cloud Backup supports the following transport layers:

  • Plain
  • SSL (TLS)
    • If your MongoDB server is using self-signed certificates, you can choose whether to trust an invalid SSL certificate from the MongoDB server.

Authentication 

Cloud Backup supports the following authentication mechanisms:

  • Unauthenticated
  • Username/password (SCRAM)
    • You must specify the authentication database for looking up the credentials inside MongoDB. The default authentication database is admin.
  • Client certificates (MONGODB-X509)
    • This option is only available if the MongoDB server connection is going over an SSL (TLS) transport layer.
    • To use this feature, you should have a .pem file that contains the client SSL (TLS) certificate, intermediates, and private key in text X.509 format.
    • A private key password is optionally supported.

Other authentication mechanisms are not currently supported in Cloud Backup (e.g. neither Kerberos / LDAP when using MongoDB Enterprise; nor, custom authentication mechanisms used by MongoDB software variants).

Sharding 

Cloud Backup can backup a MongoDB replica set with a consistent point-in-time snapshot.

Cloud Backup can back up a sharded MongoDB cluster, but depending on your MongoDB server version, there are some limitations:

  • In MongoDB 4.2 and later, the backup may not be point-in-time consistent, unless writes are temporarily suspended to the MongoDB cluster (e.g. by running custom Before and After commands on the Cloud Backup Protected Item configuration).
  • If you are using a variant MongoDB engine (e.g. Amazon DocumentDB or Azure CosmosDB), different consistency guarantees may apply to sharded backups. You should check with your vendor for additional information.

To back up a sharded cluster in Cloud Backup, enter the mongos front-end server in the Cloud Backup connection details.

When backing up from a mongos server, Cloud Backup cannot make use of the "read preference" selection as data is proxied through mongos. The backup will read from the primary replica set member of each shard replica set.

Selecting databases 

Use the plus button on the right to open a database browser, allowing you to select individual MongoDB databases for backup.

Cloud Backup will back up all MongoDB collections within the selected MongoDB databases.

Restore 

Cloud Backup's MongoDB Protected Item type produces a .bson file for each selected MongoDB database. You can restore all databases, or selected databases only.

When restoring, you can choose to either

  • restore back to a .bson files on disk, and then import them into your MongoDB server; or
  • you can use the Program Input restore type to pipe the restore data directly back into your MongoDB server

"Windows Server System State" items 

Cloud Backup integrates with Windows Server System State to support backing up System State .vhd files using the wbadmin technology. This feature is only available on certain versions of Windows Server with the "Server Backup Role" feature enabled.

A Windows Server System State backup may include Active Directory, boot files, the COM+ registration, the system Registry hive, and/or other system files.

A local path must be used for spooling temporary data. Spooled temporary data will be removed once the backup job completes. The selected path

  • must be a bare root drive, and
  • must support VSS, and
  • must have at minimum 10GB free space, and
  • on Server 2008 and Server 2008 R2, must not reside on a "critical" volume
  • must appear to Windows as fixed, not removable - regardless of whether it is physically an internal or external drive
    • You can work around this issue for a removable drive by sharing a folder on the drive, and setting its UNC path as the spool directory.

For more information about Windows Server System State backups, please see

Restoring 

Once you restore the .vhd file with Cloud Backup, you can use the wbadmin start systemstaterecovery command to apply a System State .vhd backup to an installed copy of Windows Server.

Alternative ways of backing up System State 

Note that because wbadmin is used, spool space is required. As an alternative, you can back up System State by using the "Application-Aware Writer" Protected Item type. This produces a similar result, but

  • no spool space is required; and
  • the files are not collected in a .vhd file. This may produce better deduplication at the expense of missing bootloader files.

"Windows System Backup" items 

Cloud Backup integrates with Windows System Backup to support backing up entire system volumes as .vhd / .vhdx files using the wbadmin technology.

Choose volumes to back up, and/or choose "all critical volumes".

  • You can choose a volume by its drive letter (e.g. C:\), or by a qualified Windows volume reference for volumes without a drive letter (see the output of fsutil volume list).

A local path must be used for spooling temporary data. Spooled temporary data will be removed once the backup job completes. The selected spool path

  • must be a bare root drive, and
  • must not be included as one of the selected volumes, and
  • must appear to Windows as fixed, not removable - regardless of whether it is physically an internal or external drive
    • You can work around this issue for a removable drive by sharing a folder on the drive, and setting its UNC path as the spool directory.

Restoring (Data drive) 

Once you restore the .vhd file with Cloud Backup, it can be mounted in Windows, or it can be browsed (e.g. in 7-Zip), or it can be attached to a virtual machine, or it can be written out to a physical volume. This will allow you to access and extract individual files and folders within the backup.

Restoring (Bootable Operating System) 

If you included the OS drive in the backup, it is possible to restore the OS to a bootable state, provided some additional conditions are met:

The following method of restoring the OS requires that you included the "System Reserved" partition in the backup job; either by manually including the volume, or by choosing "All Critical Volumes" in the volume selection.

If you do not include the "System Reserved" partition in the backup job, the resulting .vhd / .vhdx is a data-only file. In that situation you may need to manually recreate an NTLDR bootloader (using the bootsect and bcdedit commands) before the machine can be booted.

If you are backing up a machine that booted via EFI, you may also need to backup and restore the EFI System Partition (ESP).

Note that Windows OS installations do specialize themselves for the current hardware, and backup images are not automatically pre-prepared for hardware independence. An operating system image may only boot on identical- or highly-similar hardware. This issue originates from the wbadmin "Windows System Backup" technology and is not specific to Cloud Backup's implementation. You may find more information online.

Using Windows Recovery 

Once you restore the .vhd / .vhdx file(s) with Cloud Backup, you can boot into either Windows Recovery or the Windows install media, and choose the "System Image Recovery" option.

It may be mandatory to keep the files in the WindowsImageBackup subdirectory on the root drive, in order for the "System Image Recovery" GUI to find the files. "System Image Recovery" is only able to restore a system image if the backup included the "System Reserved" partition.

  • In this dialog, you can click the "Select a system image" option to find the .vhd / .vhdx file, so that Windows can write it back to your physical disk.

  • More information is available online, including a visual walkthrough:

  • Later versions of the Windows install media are able to recover vhd files of older versions of Windows, and may have better driver support. For instance, if you experience problems recovering a .vhd file using the Server 2008 install media, consider trying with install media from a newer version of windows.

Using wbadmin 

You can use the wbadmin start recovery or wbadmin start sysrecovery commands to restore the OS without using the Windows "System Image Recovery" GUI.

Using qemu-img 

The .vhd file can be manually written out to a physical volume using qemu-img (e.g. qemu-img convert -f vpc image.vhd /dev/sda) or any similar tool.

Using the hypervisor 

The .vhd file can be attached to a virtual machine and booted as-is.

Alternative ways of backing up Windows System Backup 

Note that because wbadmin is used, spool space is required. It may be preferable to use the "Files and Folders" backup type instead, that does not require spool space. However, backing up a Windows OS installation in this way does not result in a bootable image.

"Application-Aware Writer" items 

Using this Protected Item type may incur a Booster charge.

About 

VSS is a technology for taking a consistent point-in-time snapshot of a disk volume. A VSS Writer is an extra software plugin that detects when this action is taking place and ensures that application-specific files are in a safe state on disk. Cloud Backup's "Application-Aware Writer" feature allows you to invoke a single VSS Writer, or a sub-component of a single VSS Writer, and back up only the files that it was protecting.

This is also an important third-party integration point for application vendors. If your third-party application includes a VSS Writer, you can use this Protected Item type to back it up using Cloud Backup.

Some products that can be backed up with this Protected Item type are:

  • Oracle DB;
  • MailStore Server;
  • Microsoft Dynamics CRM;
  • Microsoft Sharepoint;
  • Pervasive PSQL;
  • other products natively supported by Cloud Backup, including Microsoft Exchange Server, Microsoft Hyper-V, and Microsoft SQL Server;
  • and other products.

NOTE: This Protected Item type is intended for integration with specific custom applications. If you want to back up normal files with a VSS snapshot, use the "Files and Folders" Protected Item type with the "take filesystem snapshot" option enabled.

Selecting components 

In Cloud Backup, click the Edit button (pencil icon) to browse the available VSS Writers installed on your device.

You can select the top-most checkbox to include all components within the VSS Writer, or you can select individual components within the VSS Writer. For instance, the Microsoft SQL Server VSS Writer allows you to select individual databases for backup.

The VSS Writer itself may mark some components as non-selectable. This is shown in Cloud Backup as a grey subcomponent without a checkbox.

VSS Mode 

You can perform the operation in "VSS Full", "VSS Copy", "VSS Incremental", or "VSS Differential" modes. If a specific VSS Writer does not support the selected backup mode, it will perform the backup in "Full" mode.

The actual behavior of these modes is specific to each VSS Writer. For more information, consult the documentation for your VSS Writer.

Backing up Oracle Database 

Cloud Backup can back up the contents of any installed VSS Writer using the "Application Aware Writer" option. Oracle Database officially supports backup via its installed VSS Writer.

You may need to install the Oracle VSS Writer separately. It is available with Oracle Database 11g and later (including 12c and 18c); newer versions of the Oracle VSS Writer can be installed separately to back up a 10g or 9i database.

You should use the "Application Aware Writer" option and select the Oracle VSS Writer - ORCL component. Inside this option, you can select individual tablespaces for backup, or select the entire component.

The Oracle VSS Writer reads the database with SYSDBA privileges.

The Oracle VSS Writer supports log, copy, full, differential, and incremental backups:

  • if you take "full" or "copy" backups at the VSS component, Cloud Backup will deduplicate them together, producing its own incremental backups
  • if you take "incremental" backups at the VSS component, it may be slightly more space-efficient than Cloud Backup's incremental system as Oracle has more specific understanding of the file formats. However, when restoring, you must take care to restore the full backup and all incremental/log backups too, that adds complexity.

More information about the Oracle VSS Writer is available in Oracle's documentation.