Question about FTP backups
I am trying to devise a ransonware-proof backup scheme. FTP backup to a NAS-based server seems like a good choice, but I have some questions.
In a web posting for an earlier version of TI I saw the comment " For data to be recovered directly from an FTP server, the backup must consist of files no greater than 2GB each". I don't understand "directly from an FTP server".
Does that mean that ATI will create larger backups, but I will have to use (for instance) a Windows-based FTP client to pull the backup from the server and then point ATI to the "downloaded" file to do the restore?
And does that restriction imply that only file/folder backups can use FTP? I am interested in doing disk/partion backups.
Hmm. I think I haven't thought this out very well. I assumed that if TI could create a backup over an FTP connection that it could also restore over the FTP connection - not recovering the system drive, but create a cloned copy of the backed up drive(s). In my case I'm talking about a 300+GB "Entire PC" backup of 2 drives.
I'm currently running a trial FTP backup of it so I assume creating the backup is allowed. I assume Acronis will create over 150 2GB files for that backup. Is there nothing I can do with that backup? Assume at the very least I will have a cleanly reinstalled Windows with TI 2016 on it to work with. I'm not counting on using a bootable Recovery Media drive.
Yes, you'd end up with approximately 150 2GB files in this case. They would be a backup, not a clone. A backup is a proprietary archive file that stores the exact state of the system when the backup is taken. However, it can only be restored via Acronis software - either in Windows or your offline recovery media. You'll need offline recovery media if Windows fails to boot so you should learn how to use this before you have such a need.
A clone is an exact replica of the system to another drive. If your main drive fails, then you swap it with the clone drive. YOu're not supposed to leave "cloned" drives attached to the system as it shares the same UUID of the original hard drive and the bios can get confused and possibly overwrite the bootloader of one, or both drives if it's not sure which one to boot. Or, it could accidentally boot the second "clone" drive at some point, leaving changes to both discs that you may not have anticipated. And... as a safety precaution, if you get malware or ransomware on your main drive, having your clone connected at the same time, leave it open to being attached too.
I apparently didn't word my question/statement very well. I probably should have said "copy" rather than "clone". And I see I misunderstood the comment Steve quoted. I thought it said the FTPed copy could not be used for recovery, but that apparently is only if I try FTPing a .TIB file larger than 2GB. If Acronis TI does the FTPing, I guess the backup can be used in recovery.
So now I have a different flavor of the same question I asked before. I assume now that I can do a full system recovery using the bootable recovery media. But you say I can also use TI under Windows, and I'm not sure how to do that. With a disk or partition backup on a local drive I can mount the backup as a new drive but I assume I cannot do that with an FTP backup. I hopefully can't restore to the original drives - certainly not to the Windows system partition. Can I do a restore to another set of drives?
I'm pretty sure this is a bonehead question, but the only partition recoveries I've done has been with bootable recovery media.
No worries. Yeah, you can backup with Acronis (in Windows) and select FTP as an option. This will allow you to back up to an FTP source and will break the Acronis backup .tib files into 2TB chunks automatically. You can then restore those through the GUI or copy them back via FTP and then restore with your offline recovery media (which would probably be faster, but either way would work).
This video tutorial will show you how you can use Acronis in Windows. https://www.youtube.com/watch?v=5wRghwdrpR4
Not sure if mounting across FTP would work or not. If you can map the FTP share in Windows File Explorer as mapped drive, then technically it should work. However, I imagine it would be extremely slow and not very responsive.
You can restore a backup to any drive you want. If the drive is going in the same computer and has an OS on it, it will boot. If it has an OS on it and you plan to put it in another machine, you'd probably have to run universal restore to generalize drivers and licensing could be an issue if the OS is an OEM license that was registered to specific hardware.
If you're not familiar with the product, feel free to contact technical support for questions. You can download a free 30 day tria (has some limitations). You also have 30 days to ask for a refund if not satisfied.
Your best protection for a ransomware attack was answered by Steve Smith in his first post in the this thread. Buy yourself an external hard drive, using the bootable recovery media create a full disk or Entier PC backup to that disk, disconnect it from the machine and store safely until needed. I do this myself and have a large number of machine backups on such disk from which to restore any of my 7 or 8 machines at any time. My only suggestion in doing this is that you create individual distinctly named folders on the external drive for each machine and each backup within those folders so that you know what each backup file contains. Makes it easier to figure out whcih one you need when the time comes.
If you're not familiar with the product, feel free to contact technical support for questions. You can download a free 30 day tria (has some limitations). You also have 30 days to ask for a refund if not satisfied.
Well, I've been using Acronis TI for about 8 years, but I still consider myself a neophyte. And this is the first time I've looked at the FTP support. (I didn't even notice that TI had FTP support until very recently. Anyway, theres no hope of getting a free trial - I'm a paying customer.
Grab free virtual box for running a virtual OS install and then install Acronis temporarily in trial mode. You an run Win 10 unlicensed for a few days for testing different products this way. And if you purchase and don't like something or something isn't working, you can request a refund within 30 days.
Your best protection for a ransomware attack was answered by Steve Smith in his first post in the this thread. Buy yourself an external hard drive, using the bootable recovery media create a full disk or Entier PC backup to that disk, disconnect it from the machine and store safely until needed.
That is, of course, the best solution. I have no shortage of external drives, but they are always connected (and therfore vulnerable to ransomware). A 1 TB portable external drive could easily hold Entire PC backups of my 2 desktops and one laptop plus 100GB of important data from my external drives. But I can guarantee that I wouldn't do those backups very often and some of the stuff on the external drives would get stale very fast. That was why I was thinking about FTP backups to a share on a NAS - a share that Windows does not have credentials for (unless ransomware can get the FTP credentials from the Acronis registry entries).
You say I should use the bootable recovery media to create the backups on the external drive. Is a backup from TI running on Windows not reliable? Or not compatable with the recovery media? I've done two recoveries using backups created from TI on Windows with no problem. (One of them may have used the Acronis WinPE recovery tool. I don't remember.)
If a backup file created on Windows is ok for a recovery, would it work to just copy the .TIB files (or chain of .TIB files) to the removable external drive? On my "primary" PC I'm taking these backups regularly to a USB-attached external drive, and those backups include the important NAS-based files.
delete - sorry, wrong thread.
Patrick, backups taken in Windows are generally just fine. HOWEVER, because they are done while the disk is running and the OS is active, they are susceptible to Windows working correctly, third party applications interfering (like antivirus) and malware.
When you take backups offline, you seperate your backup from these third party areas - particularly malware or ransomeware that is designed to run from within Windows. When you boot to your Linux media, there is a very, very, very small chance that a malware program written to run in Windows could somehow startup from the disk and start going to town on the data. As a result, it's just safer practive to take the offline backups - at least from time to time, and not plug that drive in when Windows is running, should malware or ransomware decicde to activate at that time and could grab hold of any drives or data that the Windows OS has opened up to it.
Yes, you can copy tibs that were already created to another drive and can always restore those from the offline media. Just keep in mind that if doing this in Windows, any drive you attach is open to any lurking malware or ransomware too. You're also replicationg the exact same backups so if there is a problem generated from within Windows, that problem is replicating to wherever else you copy it. When you take a new backup offline, at least you have a second, different one to fall back on, in the event the one in Windows doesn't work for whatever reason.
Ultimately, it comes down to security and reliability. Don't put all of your eggs in one basket (and don't necessarily use the same eggs and copy them to different baskets - if the egg is rotten, then it doesn't matter how many different places you copy it to).
Consider the IT recommended backup solution 3-2-1 as a minimum backup scheme for data backup and retention. Anything above that might be overkill, but if you value your data and/or don't feel inclined to rebuild an OS from scratch, having an extra backup or two, might be worth the effort.
Ok. I think I will create one backup for each system on a removable device using the bootable recovery medium as a last-resort solution. I don't yet have a 3-2-1 scheme implemented, but I've got 3-2. (If multiple generations of backups count as "copies", it's more like 6-2.) I think that covers me for data corruption and single device failure. The removable device would sort of give me a 3-2-0.5 solution. Not off-site and not current. Maybe more of a 3-2-0.1. FTP to a NAS share unacceble from Windows (except via FTP) will I think be closer to 3-2-.5: not offsite, but more current.
The offline or offsite copy is protected from ransomware corruption ... as long as the curruption was not present at time of backup. Now I'll have to address that (in another thread).