Win: In the same folder as Retrospect Client MSI file. Mac: In the same folder as "Retrospect Client Installer".
How to Set Up Remote Backup
Remote backup with Retrospect enables organizations to protect both employees in the office and remote employees across the world.
Remote backup is designed specifically for endpoint protection. Please note that remote backup is not supported for server protection.
To enable remote backup, the administrator must:
Enable port forwarding for two ports to forward from the server-side public-facing IP on the router/NAT/firewall to the Retrospect engine.
Set up the Retrospect engine to accept remote backups.
Set up the Retrospect client to send periodic backup requests to the engine.
We’ll walk through each step.
Server-Side Network Configuration
Port forwarding redirects connections on specific ports from one IP to another. Retrospect requires two ports:
Port 497: multicast and remote backup broadcast
Port 22024: on-demand requests
The administrator must set up their public-facing router/NAT/firewall to forward these ports to the IP address of the computer running the Retrospect engine. With this networking change, a remote computer running Retrospect will be able to make a connection to the Retrospect engine, even though the computer running the Retrospect engine is running on the internal network.
For guidance on enabling port forwarding, please refer to the hardware’s manual.
You can verify that the ports are open using https://www.yougetsignal.com/tools/open-ports/. Remote backup will not work unless the ports are open.
Server-Side Retrospect Engine Configuration
Retrospect supports remote backup for two scenarios:
To enable remote backup for a ProactiveAI script, select the "Remote Backup Clients" item on Volumes and save on Windows or on Mac, select the "Remote Backup Clients" tag under Sources and save that selection. When a remote client contacts the Retrospect engine for a backup, the running ProactiveAI script will accept the connection and begin a backup, assuming the destination is available.
Scheduled scripts and Immediate executions (Windows-only) are not supported because of their serialized scheduling process. ProactiveAI scripts can schedule backups for any client that is available, including remote clients.
Finally, the Retrospect engine must be set up with a public/private keypair, and the administrator must deploy the client with the public key. When the Retrospect engine launches and detects the keypair, it begins listening for remote connections and automatically creates the "Remote Backup Clients" tag.
Note that if that group/tag were to be renamed or deleted, Retrospect will re-recreate it whenever a new remote client reports and is auto-added. If you manually create a tag named "Remote Backup Clients" before Retrospect, this will be used automatically.
On-Demand backups and restores for a remote client work exactly the same way as they do for local clients. The administrator can enable the option in Volumes on Windows and Sources on Mac.
Again, the Retrospect engine must be set up with a public/private keypair, and the administrator must deploy the client with the public key.
Public/Private Key encryption is a secure authentication mechanism used by Retrospect to automatically identify clients and log them into the Retrospect Server without a password through matching encryption key pairs.
Client-Side Retrospect Client Configuration
The Retrospect Client on the remote computer will periodically reach out to an admin-supplied DNS/IP address.
For easier deployment, the administrator can create a "server.txt" file with the public DNS/IP address of the Retrospect engine and place it next to the client installer. The client installer will look for it and read it in during installation:
To roll out remote backup for existing client installations, the administrator will need to place the text file in the following location on the machine running the Retrospect client:
Win: C:/ProgramData/Retrospect Client/server.txt Mac: /Library/Preferences/server.txt
After placing that file, the Retrospect client needs to be relaunched.
Switching Between Local and Remote Backup
Clients can seamlessly switch between network backup on a local network to remote backup over the internet. You do not need to set up the remote backup initially. You can transition to it and back again.
For instance, you can do the initial full backup on the local network for performance reasons and then transition to a remote backup configuration for subsequent incremental backups.
If remote backup is not working, here are a number of troubleshooting steps:
Verify the Retrospect engine has a running ProactiveAI script with the "Remote Backup Clients" tag selected under Sources (Mac) or Volumes (Windows).
Verify the client shows up under "Remote Backup Clients" on Windows or has the "Remote Backup Clients" tag set on Mac.
Verify the remote backup address in the client is a publicly-available IP address.
Verify the public key is on the client and that the client has been relaunched since adding the public key:
Win: C:/ProgramData/Retrospect Client/pubkey.dat Mac: /Library/Preferences/pubkey.dat
Public networks can block certain ports. It’s possible only well-known ports (i.e. port 80) are open to connect. You can verify the ports are open using https://www.yougetsignal.com/tools/open-ports/.
Customers using non-English languages will need to manually create the "Remote Backup Clients" tag. This bug will be fixed in the next update.
If the Retrospect Client software is installed on the same machine as the Retrospect engine, the engine will be unable to receive packets from remote backup clients, as the two bind to the same port.
Last Update: November 20, 2018