Remote Data Protection

VPN Backup

Optimized for remote employees on VPN that you want to protect with an on-site Retrospect Backup instance.

Retrospect Backup works seamlessly with VPNs. If your VPN supports multicast, Retrospect Backup will automatically discover and protect servers and endpoints that are connected over the VPN. If multicast is not supported, you can add servers, desktops, and laptops by their IP address. You can quickly onboard new remote employees using Automatic Onboarding on Retrospect Management Console.

Let’s walk through the steps with Automatic Onboarding on Retrospect Management Console.

Retrospect Backup for Windows: Onboard a new server or endpoint

Retrospect Backup for Mac: Onboard a new server or endpoint

  1. In the backup server’s page, scroll down to see "Deploy Retrospect clients for endpoint protection". Note that servers are supported now as well.

    Automatic onboarding example 3 license

  2. Upload the server’s public key. Retrospect Backup 17 enables you to automatically upload it to Retrospect Management Console. Simply go to Preferences. The public key file is located on the engine under /Library/Application Support/Retrospect/pubkey.dat on Mac and C:/ProgramData/Retrospect/pubkey.dat on Windows. Find it with "Upload Key" and then click "Upload".

    Automatic onboarding example 4 pubkey+

  3. Under "Retrospect client installers", there is a link to share with end users. They can download the Retrospect Client for Windows, Retrospect Client for Mac, or Retrospect Client for Linux installers with the public key and remote backup address bundled in.

    Automatic onboarding example 5 clients

Your Retrospect Client agents are now set up to connect to your Retrospect Backup instance. Now we need to set up the Retrospect Backup instance to automatically add them and protect them.

Let’s walk through setting these up in Retrospect Backup without Retrospect Management Console.

  1. Under Preferences > Clients, create a public/private keypair.

  2. Locate the public key file.

  3. Copy the public key file into the Retrospect Client installer’s "public_key" folder. You can download the Retrospect Client installer from Retrospect Downloads.

  4. Compress the new installer and send it to your remote employee to install.

Now that the Retrospect Client agent can connect to the Retrospect Backup instance, let’s create a ProactiveAI backup script.

  1. In Retrospect Backup, go to Preference then Clients and check "Automatically add clients using public keys".

  2. Create a ProactiveAI script. This is under ProactiveAI on Windows and under Scripts on Mac.

  3. Add a backup set as a destination. This can be either local storage or a cloud storage location.

  4. Add "Automatically Added Clients" as the source. This is under Volumes on Windows and under Tags on Mac.

  5. After you save, Remote Backup will be configured.

If you encounter any issues, please see further details in our User’s Guide: Retrospect Backup for Windows or Retrospect Backup for Mac.

Remote Backup

Optimized for remote employees outside of VPN that you want to protect with an on-site Retrospect Backup instance.

With Remote Backup, remote employee endpoints can be automatically added to a Retrospect Backup instance inside the corporate firewall and protected with a ProactiveAI script. There are no router changes needed on the employees side, and the IT administrator can make a simple change on the corporate firewall to forward inbound connections to Retrospect Backup. Remote employees are able to use on-demand restore to get files fast without assistance. Automatic Onboarding is a great way to deploy the Retrospect Client agent to your remote employees.

Remote Backup is designed specifically for endpoint protection and is not supported for server protection.

For Remote Backup to work, the Retrospect Client agent needs to be able to make a network connection the Retrospect Backup instance.

  • Enable port forwarding for two ports to forward from the server-side public-facing IP on the router/NAT/firewall to the Retrospect engine.

  • Set up the Retrospect engine to accept remote backups.

  • Set up the Retrospect client to send periodic backup requests to the engine.

We’ll walk through each step.

Server-Side Network Configuration

Port Forwarding is a standard mechanism to redirect connections on a specific port from one IP to another. Retrospect Backup requires two ports:

  • Port 497: multicast and remote backup broadcast

  • Port 22024: on-demand requests

You need to set up your public-facing router/NAT/firewall to forward these ports to the IP address of the computer running your Retrospect Backup instance. With this networking change, a remote endpoint running the Retrospect Client agent will be able to make a connection to the Retrospect Backup instance, even though the computer running the Retrospect Backup instance is running on the internal network.

For guidance on enabling port forwarding, please refer to the hardware’s manual. The process varies by manufacturer.

You can verify that the ports are open using https://www.yougetsignal.com/tools/open-ports/. Remote backup will not work unless the ports are open.

Retrospect Backup Configuration

Retrospect Backup utilizes the following features for Remote Backup:

  • Public/Private Keypair Authentication: This authentication automatically and securely identifies the remote endpoint as a trusted client without a password.

  • ProactiveAI Backup: This backup script will automatically starts a backup for any remote endpoint that notifies the Retrospect Backup instance of its availability.

  • On-Demand Restore: This restore workflow allows remote employees to restore files themselves without IT assistance.

Let’s walk through the steps with Automatic Onboarding on Retrospect Management Console.

Retrospect Backup for Windows: Onboard a new server or endpoint

Retrospect Backup for Mac: Onboard a new server or endpoint

  1. In the backup server’s page, scroll down to see "Deploy Retrospect clients for endpoint protection".

    Automatic onboarding example 3 license

  2. Upload the server’s public key. Retrospect Backup 17 enables you to automatically upload it to Retrospect Management Console. Simply go to Preferences. The public key file is located on the engine under /Library/Application Support/Retrospect/pubkey.dat on Mac and C:/ProgramData/Retrospect/pubkey.dat on Windows. Find it with "Upload Key" and then click "Upload".

    Automatic onboarding example 4 pubkey

  3. Enter the IP address or DNS name of the Retrospect Backup server under "Remote Backup", so that remote computers can connect to the port-forwarded public IP/DNS address.

  4. Under "Retrospect client installers", there is a link to share with end users. They can download the Retrospect Client for Windows, Retrospect Client for Mac, or Retrospect Client for Linux installers with the public key and remote backup address bundled in.

    Automatic onboarding example 5 clients

Let’s walk through setting these up in Retrospect Backup without Retrospect Management Console.

  1. Under Preferences > Clients, create a public/private keypair.

  2. Locate the public key file.

  3. Copy the public key file into the Retrospect Client installer’s "public_key" folder. You can download the Retrospect Client installer from Retrospect Downloads.

  4. Create a file called "server.txt" in the following location with the public DNS/IP address of the Retrospect Backup instance.

    Win: In the same folder as Retrospect Client MSI file.
    Mac: In the same folder as "Retrospect Client Installer".
    Sample `server.txt` File
    backup.example.com
  5. Compress the new installer and send it to your remote employee to install.

Now that the Retrospect Client agent can connect to the Retrospect Backup instance, let’s create a ProactiveAI backup script.

  1. In Retrospect Backup, go to Preference then Clients and check "Automatically add clients using public keys".

  2. Create a ProactiveAI script. This is under ProactiveAI on Windows and under Scripts on Mac.

  3. Add a backup set as a destination. This can be either local storage or a cloud storage location.

  4. Add "Remote Backup Clients" as the source. This is under Volumes on Windows and under Tags on Mac.

  5. After you save, Remote Backup will be configured.

On-demand restore will automatically work using public key authentication.

If you encounter any issues, please see further details in our User’s Guide: Retrospect Backup for Windows or Retrospect Backup for Mac.

Cloud Backup

Optimized for remote employees that you want to bypass corporate network and back up to the cloud.

With Cloud Backup, remote employees can use Retrospect Backup to back up their corporate data to a cloud storage provider. Retrospect Management Console supports Automatic Onboarding to deliver a Retrospect Backup download and license to remote employees, and IT administrators can then configured a Shared Script on Retrospect Management Console to automatically deploy to those new instances. The endpoint will use the script to back itself up to a per-configured cloud storage location. Retrospect Backup Solo Premium is a great subscription license for this scenario, covers a computer and any connected device.

Let’s walk through setting up a new Retrospect Backup server and then using Shared Scripts to deploy a cloud backup sript to it.

l'Onboarding automatico

Retrospect Backup for Windows: Onboard a new backup server

Retrospect Backup for Mac: Onboard a new backup server

  1. Under Settings > Organizations, you will see our new Onboarding Assistant. Click "Onboarding Assistant".

    Automatic onboarding example 1 overview

  2. Enter a name for your new backup server.

    Automatic onboarding example 2 add

  3. Click "Add License…​", type in your license, and click "Add".

    Automatic onboarding example 2x5 no license

  4. Your custom installer should now be visible. Click "Download".

    Automatic onboarding example 3 license

  5. Unzip the download.

  6. For Mac, run "Install Retrospect". At the end, Retrospect will be launched.

  7. For Windows, run "Install Retrospect" and select "Install Retrospect". After it completes, launch Retrospect.

  8. Retrospect is now licensed and connected to Retrospect Management Console under your account.

Distribuzione di uno script condiviso

La console di gestione Retrospect supporta la distribuzione di massa degli script tramite il flusso di lavoro Script condivisi. Con gli script condivisi, gli amministratori IT oi partner possono aggiornare una serie di motori Retrospect Backup 16 con uno script ProactiveAI comune su una singola destinazione cloud. Vedi la seguente guida passo-passo.

  1. Accedi al tuo account Retrospect Console di gestione e fai clic su "Impostazioni" per accedere al tuo account nella parte in alto a destra dello schermo.

    Physical+%2b+virtual+monitoring+with+retrospect+management+console

  2. Clicca su "Script". Verrà visualizzato un elenco di script condivisi con un riepilogo di ciascuno, incluse le distribuzioni.

    Management console shared scripts 0 view

  3. Clicca su "Nuovo script condiviso". Sarà possibile selezionare i contenitori di origine che si desidera includere, la destinazione cloud e la pianificazione.

    Management console shared scripts 1 create

  4. Per "Destinazione", è possibile selezionare tra fornitori compatibili Amazon S3 e B2. Per una destinazione cloud B2, immettere il nome bucket. Per un fornitore compatibile Amazon S3, utilizzare l'intero URL con nome bucket.

    Management console shared scripts 2 destinations

  5. Dopo aver salvato lo script, selezionare le opzioni di distribuzione di tale script. Seleziona i motori su cui desideri distribuire questo Script condiviso e fai clic su "Salva". Lo script verrà quindi distribuito su quei motori.

    Management console shared scripts 3 deployment

  6. Tutti gli script condivisi utilizzano la crittografia AES-256. Troverai la chiave di crittografia nella scheda "Distribuzioni" in "Codice di sicurezza". Ogni set di backup sarà denominato 'Nome destinazione-Nome motore' per garantire che i gruppi di archiviazione separati non utilizzino lo stesso percorso di destinazione.