Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Malcolm McLeary

    Retrospect Management Console

    David, I have been very clear in that its the "Desktop Experience" requirement that I have issues with, which could have and should have been changed a long time ago. I don't need a version by version summary of under the hood changes since v7.7. I have always said Retrospect has some great features under hood. Yes ... presently Backup Set Encryption is optional and disabled by default on a Set by Set basis. It really needs to be a global Security Preference and perhaps mandatory for Cloud Backup Sets. That is fundamentally why my "exploit" works ... once one has access to the Retrospect Management Console you can add a Cloud Backup Set on any S3 Compatible target and have the "backup server" diligently use it (without encryption). Being a cloud service 2FA is industry best practice if not essential. Yes I was noting that there is a Heroku presence in APAC and you identified how simply Retrospect can make it happen. Still I'd prefer self hosting on premise. Drop Bears are a story passed around to keep visitors away, however some of the most deadliest creatures on the planet do live here.
  3. DavidHertzberg

    Retrospect Management Console

    Malcolm McLeary, First, the "stagnation" between Retrospect Windows 7.7 and 17 was only in the UI. Starting here is a version-by-version listing of the enhancements in the "backup server" between Retrospect Windows 8—which included user-initiated backups and restores introduced with Retrospect Mac 9—and Retrospect Windows 12. Retrospect Windows 15 (which directly followed 12, in order to restore version number parity with Retrospect Mac) enhancements included e-mail protection, what is now called ProactiveAI, Remote Backup, data hooks, and the beta of the Management Console. Retrospect Windows 16 enhancements included Storage Groups, deployment tools, and the features of the Management Console Add-On. Retrospect Windows 17 enhancements—as I'm sure you know—included Automated Onboarding for the Management Console, speeded-up ProactiveAI, and Restore Preflight. The latest peer thought you have elicited from me (definitely not an illicit—a different word— thought 🤣 ) on Management Console security is that your Support Case should suggest adding a "Backup Sets Must Be Encrypted With AES-256" preference to the Security Preferences listed on page 327 of the Retrospect Windows 17 User's Guide. You can already specify encryption for a particular Backup Set per pages 98-99 of the UG, but this enhancement would be a simple way—pending a 2FA enhancement that might be hardware-dependent—of plugging the security hole you have pointed out up-thread. As for the Management Console having issues with time zones, I think you may have missed the point of this link in my preceding up-thread post. Heroku may have a presence in APAC, but AFAICT console.retrospect.com defaults to a Retrospect Console app either in Heroku's "virginia" region or in its "us" region. Replicating the Retrospect Console app in Heroku's APAC region would probably solve both the time zone and responsiveness problems. Lastly, in December 2003 I spent two weeks in Australia—including a total of three nights at the house of one of my ex-bosses in Ferntree Gully in the state of Victoria. That house was (I hope it hasn't burned down) hard up against the western border of the Ferntree Gully National Park, whose eucalyptus trees seem like they'd be a prime habitat for drop bears. However the only nighttime "assault" I experienced was some kind of opossum relieving itself on the back porch railing, and I was not bothered overnight by any frightening cries. I also took a walk in a fragment of bush forest to the south (?) of the coastal road between Melbourne and Adelaide, although that was during the afternoon. If you insist that drop bears are real, you should start by editing the Wikipedia article on the subject—which states that they are a hoax (as both my Aussie ex-bosses also told me at the time). I must warn you, from personal experience, that other Wikipedia editors will immediately revert your changes unless you include very reliable references. 🤣
  4. Last week
  5. Malcolm McLeary

    Retrospect Management Console

    David, I can't explain the "stagnation" between v7.7 and v17.0 as I stopped using Retrospect at v7.7 when the writing was on the wall that EMC intended to kill the product, only to return recently to see next to nothing had changed. Don't get me wrong, Retrospect has some great features under hood ... shame about the look and feel (of the Windows version). Presently I've posted my concerns about the security of the Management Console here to illicit peer group thoughts and advised APAC Sales, but the next step is Tech Support although I have already raised a feature request for 2FA without indicating my underlying concern ... just that its best practice for cloud services. I must say that my previous post is not simply theory ... its pretty straight forward to demonstrate that once you have access to the Management Consoles you can add a Cloud Backup Set and the add a script or modify a script to send company data to that Backup Set. You can then recatalog that Backup Set on a separate machine and hence "restore" anything. Its irrelevant that the Management Console can't access data ... it can instruct a "backup server" to save data to a "foreign" Cloud Backup Set. The weak link is access control. Apart from 2FA the situation could be improved/resolved by enforcing backup set encryption where ONLY the "backup server" knows the secret key. This exploit works because the additional "foreign" Cloud Backup Set is not encrypted by default. Strong passwords are a myth ... no-one cracks strong passwords ... users are tricked into revealing them or they are stolen. A "random" 6 digit PIN which changes every 30 seconds and is generated by an independent device is a simple to implement fix. Leveraging a hardware token like a Yubikey would gain massive street cred. I have raised a support case about the Management Console having issues with time zones ... status is hours behind reality most likely because APAC is in the future compared to the US. This is quite different to simply "response" and "refresh". AWS has a presence in APAC ... and so does Heroku https://blog.heroku.com/private-spaces-sydney-region but realistically I'd prefer to run a Management Console on premise ... not in the cloud. Presently Retrospect is hard coded to post status updates to console.retrospect.com ... it would be better if this was user definable (aka self hosted). Drop Bears are real ... if you have ever gone camping in the Aussie bush you may have heard the males at night ... truely frightening. 😉
  6. DavidHertzberg

    Retrospect Management Console

    Malcolm McLeary, (The disclaimer at the top of this up-thread post applies here.) Let me reference from another thread my thanks to you for shooting down my hypothesis that the Retrospect Engine doesn't initially listen on port 22024. That leaves me with only a purely marketing explanation—discussed in the last paragraph of the linked-to post—for the puzzling fact that Retrospect Inc. has never implemented a Retrospect Windows LAN Console equivalent to the Retrospect Mac LAN Console. But the engineers are now developing a simplified Retrospect Windows Console. AFAICT you're spot-on about the security flaw in the Management Console you discuss in the preceding post. Unless the forthcoming Retrospect Windows Console can be limited to use from the LAN the Engine is on, as the existing Retrospect Mac LAN Console is, it would have the same security flaw. I urge you to file a Support Case for a 2FA enhancement to the Management Console. In the same Support Case, or in one you have already filed, you could add an Additional Note requesting that the Management Console be replicated in Heroku's Australian region—which should make it more responsive for you I've pointed out in this up-thread post that the Management Console was developed as part of Retrospect Inc. Product Management's evidently-unsuccessful "go big or go home" strategy. I'l bet they never though about the possibility of an Australian consultant using it. Do you drop from trees onto clients? 🤣
  7. Malcolm McLeary

    iOS App Compatibility with Retrospect v17

    Sorry for the confusion over "Does a Drobo NAS include S3 as a service ... ?" ... I was using the same terminology as is used on a FreeNAS box. There are Knowledge Base articles which describe how to use Docker to run MinIO on Synology or QNAP ... not seen anything regarding Drobo. It would be good if it was builtin just like it is in FreeNAS. Anyway ... I don't take anything Marketing says for granted until I've actually seen/experienced it. "Marketing" would have you believe that Retrospect for iOS works with Retrospect for Windows v17 because there is a download link with all the other v17 downloads and its covered in the v17 Users Guide.
  8. DavidHertzberg

    iOS App Compatibility with Retrospect v17

    Malcolm McLeary,  (The disclaimer at the top of this up-thread post applies here.) It wasn't clear to me from your up-thread post that "Does a Drobo NAS include S3 as a service ... ?" meant "Does a Drobo NAS have an S3 interface?" I don't know anything about Drobo-provided software, but my Google search indicates it doesn't—at least for interfacing with MiniO and Basho. That's surely another reason why StorCentric acquired Retrospect Inc., though S.Reitshamer's non-client-server backup app (I'll call it A) has an S3 interface. Thanks for doing a port scan, which shoots down my hypothesis that the Retrospect Engine doesn't initially listen on port 22024. That leaves me with only a purely marketing explanation for the puzzling fact that Retrospect Inc. has never implemented a Retrospect Windows LAN Console equivalent to the Retrospect Mac LAN Console, resulting in what you refer to as the "Desktop Experience". That explanation revolves around the maxim that, paraphrasing H.L. Mencken, "Nobody ever went broke underestimating the flexibility of some backup administrators." The first implication of that maxim is that many Retrospect Windows administrators are still wedded to Auto Launching, despite the suffering described in this Knowledge Base article; a basic element of that suffering is that Windows UAC would prohibit a LAN Console interfacing with the Engine when the Engine is Auto Launched. The engineers eventually came up with the built-in Dashboard as a partial work-around, but this and its linked-to threads say how unsatisfactory it is. The second implication is the consternation experienced by many Retrospect Mac administrators over the drastic simplifying UI change in Retrospect Mac 8. Not only did the terminology change, but the separate Immediate mode was eliminated—meaning an administrator had to define a schedule-less script before hitting the Run button. 🙄 I guess Retrospect Inc. Product Management feared a backlash of Auto-Launch insistence and UI-change consternation from inflexible Retrospect Windows administrators, and therefore never introduced a LAN Console.
  9. Malcolm McLeary

    iOS App Compatibility with Retrospect v17

    David, Realistically Retrospect does a great job performing backups to S3. What I was asking was if Drobo provides an S3 Compatible service ... can it be used as a "private" S3 Target. That is what I can do with FreeNAS as it has MinIO built in. Various Retrospect KB discuss installing MinIO on platforms so as to use them as an alternative to Amazon S3. Does Retrospect for Windows v17 listen on port 22024 ... yes it does ... just do a port scan and it will respond. Retrospect for iOS uses this port to connect to the MacOS engine and will also connect to the Windows version and work, but but then it breaks. According to Tech Support the API behind port 22024 has been changing since v7.7 but Retrospect for iOS hasn't been updated since 2017 and in fact hasn't been tested against later versions ... although its listed with the v17 downloads and is included in the v17 User Guide. See page 486 of the Retrospect for Windows v17 Users Guide. UAC really has nothing to do with a given service listening on a given port ... what the service then tries to do may cause "conflicts". The backup engine does not listen on port 497 ... do a port scan and see. 497 is the port the client listens on. The backup engine listens on port 22024. For remote backups to work the client can't simply broadcast its existence ... it needs to "call out" to the "backup server" at its IP address or FQDN on 22024 and then wait for the "backup server" to call back on port 497 (just as it does a LAN after discovery). Clearly the remote user will need to have port 497 port forwarded through their firewall. Node.js and Ruby are very common coding languages and supported an MacOS, Windows and Linux. The programming language is not really the issue ... its more about accessing the API behind the listening port. The API should be based on industry standards rather than some in-house propriety protocol. I'd suggest very few Administrators are using Retrospect for iOS or the new Retrospect Management Console. Retrospect for iOS may work for MacOS installs, but Retrospect changed the API in the Windows versions so its now broken. Retrospect Managements Console is most likely the future but it has issues. I've come back from the "wilderness" and have higher expectations based on experience with other products ... not backup related ... see what Ubiquiti is doing with monitoring/management of their network infrastructure. They have iOS and Android apps, web based consoles which can be cloud or locally installed plus CLI on most devices. My biggest beef with Retrospect for Windows is that it still requires a "Desktop Experience" to operate and that prevents it from being taken seriously in any environment larger than home users or small business.
  10. DavidHertzberg

    iOS App Compatibility with Retrospect v17

    Everyone except Malcolm McLeary, First read this post in the ongoing Retrospect Management Console thread; I'm sure Malcolm McLeary already has. It is necessary background for this post, and I'm not going to repeat that background. Malcolm McLeary, (The disclaimer at the top of this up-thread post applies here.) According to this reseller article, "The simple addition of a VM into the existing infrastructure is all that is needed to connect [Drobo iSCSI SAN storage] to Amazon S3." Another blogger says she uses a non-client-server backup application—which I'll here call A because it's a competitor to Retrospect Solo Edition—to backup her Drobo 5N NAS to Amazon Glacier. In regard to the second part of your immediately-above post, how do you actually know that the Retrospect Windows Engine initially listens on port 22024? As the next-to-last paragraph of the post I linked to at the top of this post says, the Retrospect Mac Engine listens to the Retrospect Mac LAN Console, but AFAIK Windows UAC made this impossible for the Retrospect Windows Engine. If it weren't impossible, the Retrospect engineers would have implemented an instantly-updating-the-Engine Retrospect Windows LAN Console years ago. Another reason I have for doubting initial listening on port 22024 is in this section of the Knowledge Base article on Retrospect's Remote Backup feature. As I explained in the first three paragraphs of this post in a Retrospect Mac 9+ thread, the Engine initially listens on port 497 when doing Remote Backup—because it can't poll a Remote "client"—as it can for a "client" defined with Using Multicast or Using Subnet or Add Source Directly (Direct Access on Retrospect Windows)—whose IP address it cannot know. But the KB article says "With this networking change [fowarding ports 497 and 22024 to the machine running the Engine], a remote computer running Retrospect will be able to make a connection to the Retrospect engine, even though the computer running the Retrospect engine is running on the internal network." The same KB article says port 22024 is used for Remote Backup on-demand backup/restore requests. Maybe that's also true for non-Remote Backup on-demand backup/restore requests, in which case my hypothesis in the Management Console post is wrong and your hypothesis in the immediately-above post in this thread is correct. Why don't you settle this by asking the question about Engine initial listening on port 22024 as an Additional Note in one of your Support Cases? In regard to the last three paragraphs of your immediately-above post, first note that applications running on Heroku are likely written in Node.js or Ruby. What makes you think that the Retrospect Management Console could be easily converted—as opposed to being totally rewritten—to a faceless service running on something other than Heroku? And how about Retrospect for iOS, which unquestionably uses iOS facilities? Second, I simply don't understand how doing such conversions would help the experience of a typical Retrospect administrator. As proven by the fact that you are the first to report problems with the Management Console, and by the fact that that there have been so far 432 views but no replies to my OP question in this Retrospect for iOS thread, typical Retrospect administrators simply aren't using those two apps. IMHO the Retrospect "Inc." engineers are making much better use of their time by developing Console replacement(s)—which will reportedly be Web-based—for the Retrospect Windows GUI.
  11. Malcolm McLeary

    Retrospect Management Console

    Its been said that the Retrospect Management Console is adequately secured and besides it doesn't contain any actual data. Further its "mainly" a reporting tool which passively receives status information from "backup servers". Apart from the performance aspects of this thing running in the US, I'd prefer to be running it "in-house" because I believe that presently there is a fairly significant security flaw which could be exploited to exfiltrate data on a large scale. Please tell me I'm wrong ... The attack vector requires first gaining a username/password combination for Retrospect Management Console. Given that accounts are compromised all the time lets assume that an Advanced Persistent Threat (APT) exists for a given organisation and they have the means to obtain credentials for what is an external publicly visible system which does not enforce 2FA. Now although the Retrospect Management Console does not contain any data, it does have the ability to edit backup scripts and even create new scripts. For these new scripts, or existing scripts, you can set up "Other Destinations" ... including Other Cloud Storage. So having gained access to the Retrospect Management Console (as its only secured by username/password) the actor simply adds an extra Amazon S3 destination with a new 20 char Access Key and 40 char Secret Key and have Retrospect send out "everything" ... essentially untraceable as the Access Key and Secret Key don't provide any information as to which Amazon Account owns the S3 Bucket. Then the actor simply Recreates the Catalogue for this exfiltrated Storage Set, on another machine running Retrospect and restores whatever they want. It seems that the actor can even cover their tracks by deleting the created script after they've gotten what they want. There is no need to mount an attack on Amazon or any encrypted backups which may be stored there. There is no need to penetrate the target site and copy data directly or remove encrypted backup media which may be laying around ... just add a Cloud Storage Backup Set to one or more existing Scripts (or add one) and have Retrospect diligently do all the work. Who is going to notice that "extra" Backup Set or that "extra" script in a large installation? The only problem I see at the moment is that you can't turn off verification on this new Cloud Storage Set so the additional download may be noticed but as most organisations download way more than they upload this overhead may go unnoticed. Just putting it out there that any cloud based service which is only secured by username/password is just asking to be compromised and in this case becomes an avenue for massive data theft.
  12. Malcolm McLeary

    Scanning incomplete, error -1101 (file/directory not found)

    I have often said ... "the only backup you ever really need is the one you don't have". Hence I tend to backup everything, except the things I know I don't need, rather than backup just the things I think I may need or may get "lost". In this case I'm being overly cautious (and just testing things out) as realistically the only stuff I need to backup are; /home/ /backup/Backups/ Database backups are stored in /backup/Backups/ so short of complete disk failure everything I need is on a disk in the machine. Retrospect's job is to maintain backups off the machine. Its not unreasonable to define the sub volumes I really want to backup to elsewhere as presently I use SAMBA to publish appropriate "shares" and back them up as if the machine was a fileserver. Its just that using the Retrospect client I can backup the whole machine quite easily. Whether I should is a different question. To rebuild the machine I just boot from the CentOS install image, install, update, add a few packages stored in /home/sysadmin/ configure FileMaker Server and restore the most recent backup from /backups/ (which is a separate drive which may have been restored).
  13. DavidHertzberg

    Retrospect Management Console

    Malcolm McLeary, (The disclaimer at the top of this up-thread post applies here.) Late Tuesday afternoon Silicon Valley time I reached the head of North America Sales by phone; he's been selling Retrospect since the EMC days. He checked the Support Case system using his magical Salesperson privileges, and says you have several current Cases. He's vaguely heard of Costinel, whom he thinks is new, and says the European Tech Support organization has recently physically moved. I told the head of North America Sales you're a potential Partner (he Googled the nature of your business), and he's agreed to bring your current problems to the the attention of the head of Retrospect Technical Support in Silicon Valley. Despite my limited understanding of communications technology, I've used what you wrote in the post directly above to come up with a new hypothesis as to the cause of your two problems. One of the glories of Retrospect has been its Proactive backup capability, but this was substantially improved in March 2018 and renamed ProactiveAI (the improvement is really a decision tree, using linear-regression backup speed predictions, rather than true AI). Steps 3 and 4 in that Knowledge Base article describe the "backup server" Engine "reaching out" to every "client" machine in a running Proactive script, and my guess is that that improved "reaching out"—which was made more frequent in Retrospect 17.0.0—interferes with the existing "reaching out" the Engine's been doing to make Management Console and Retrospect for iOS possible. The latest version of Retrospect for iOS was released in September 2017, and it's consistent with the engineers' habitually-limited alpha-testing (a characterization that the Sales guy said was very charitable 🤣 ) that they wouldn't have retested Retrospect for iOS since then. The Management Console released in March 2019 was originally described as being updated once a minute, although I was surprised to see in a Retrospect webinar I was invited to attend on 3 April 2020 that the updating seemed to be more frequent than that—so maybe an engineer had hobbled the ProactiveAI "reaching out" for that demo. I told the Sales guy my hypothesis; we'll see if it's correct. The key point about the existing Retrospect Mac LAN Console is that the Mac LAN Console "reaches out" to a "listening" Engine, not the other way around. That enables the Mac LAN Console to update the Engine's stored scripts/sources/destinations/etc. instantly, which is surely a capability that the Retrospect engineers wanted for a Retrospect Windows LAN Console back in 2008. Windows UAC made that impossible, and IMHO it makes sense that the engineers wouldn't settle for a less-than-instantly-updating Windows LAN Console—so they've never developed one. The Sales guy says the engineers intend to try to create a simplified Windows LAN Console—not requiring a Drobo "backup server"—as part of the effort I described in the fifth-from-last and third-from last paragraphs of this up-thread post, but IMHO it'll have to be less-than-instantly-updating. BTW the Sales guy says that engineering effort has slipped for COVID-19-related reasons, so it's not going to get done by August or September 2020.
  14. DavidHertzberg

    Scanning incomplete, error -1101 (file/directory not found)

    Malcolm McLeary, When Nigel Smith says "define the ones you want as volumes", he probably means Retrospect-specified Subvolumes. Described on pages 349–351 of the Retrospect Windows 17 User's Guide, they were renamed Favorite Folders in Retrospect Mac 8. I use a Favorite Folder in a Backup script; it works. However Retrospect Windows also has defined-only-in-Retrospect Folders, which are described on pages 348–349 of the UG as a facility for grouping source volumes. The description doesn't say so, but you can possibly move defined Subvolumes—even on different volumes—into a Folder. Since the Folders facility was removed in Retrospect Mac 8, I didn't know it even existed until I read about it 5 minutes ago. That's to say Your Mileage May Vary (YMMV), as we say in the States (in a phrase originally used in auto ads). If they work as groups of Subvolumes, they may simplify your backup scripts.
  15. Nigel Smith

    Scanning incomplete, error -1101 (file/directory not found)

    Retrospect doesn't do a UNIXy tree-walk, not bothering to look at anything "/backup/FileMaker/Progressive/" or lower. Instead it scans *every* file of a volume and applies its selectors to decide what to do. I'd assume from the errors that it is getting partway through scanning those directories' contents when, suddenly, they vanish. Whilst annoying in a simple case like you describe, it's also part of what makes the selectors so powerful -- for example, being able to exclude files on a path *unless* they were modified in the last 2 hours -- and why all the metadata needs to be collected via the scan before a decision can be made. Two ways round this. If you want to exclude most paths, define the ones you want as volumes and only back those up -- we only back up "/Users" so that's what we do, which also greatly reduces scan time. If you want to back up most but not all, which I guess is what you're after, use the "Privacy" pane in the client to designate those paths to exclude.
  16. Nigel Smith

    'Restore --> Find Files' yields 0 files found

    Only think left I can think of is an indexing issue with the set's database -- and that's assuming that there's a database, that the database is indexed, and the index is used when searching... I'm guessing all the "missing" .nef files were backed up in the same session? You could always try a catalog rebuild and see if the problem persists -- but make sure your original catalog is safe and you don't overwrite it in the process!
  17. I'm using a new install of Retrospect for Windows v17.0.2 and I have created a Custom Selector so as to NOT backup files in some specific directories because I know the content changes every 5 minutes and I don't need a backup of them. Linux path /backup/FileMaker/Progressive/ and subfolders Linux path /home/FileMaker/Progressive/ and subfolders Linux path /opt/FileMaker Server/FileMaker/Data/Progressive/ and subfolders Depending on my configuration only 1 of these will be in play and contain files. The backup runs but records hundreds of errors because my progressive backups "change" during the backup. --Log-- +Normal backup using Immediate - Lenovo at 07/07/2020 9:09 AM (Execution unit 1) * Resolved container Lenovo to 3 volumes: /backup on Lenovo /home on Lenovo / on Lenovo 07/07/2020 9:09:41 AM: Finished scanning backup set data files To Backup Set Lenovo 002... - 07/07/2020 9:09:40 AM: Copying /backup on Lenovo While scanning volume backup, Folder /backup/FileMaker/Progressive/IncrementalBackup_2020-07-07_0900/Additional/RC_Data_FMS/PacificStone/Files/PacificStone/Secure/01/, Scanning incomplete, error -1101 (file/directory not found) Folder /backup/FileMaker/Progressive/IncrementalBackup_2020-07-07_0900/Additional/RC_Data_FMS/PacificStone/Files/PacificStone/Secure/02/, Scanning incomplete, error -1101 (file/directory not found) (snip) 07/07/2020 9:13:38 AM: Found: 102,106 files, 395,298 folders, 59.7 GB 07/07/2020 9:13:42 AM: Finished matching 07/07/2020 9:14:04 AM: Selector "All Files Except Progressive Backups" was used to select 81,592 files out of 102,106. 07/07/2020 9:14:16 AM: Copying: 0 files (zero KB) and 0 hard links 07/07/2020 9:14:29 AM: Building Snapshot... 07/07/2020 9:14:29 AM: Copying properties for 395,298 folders 07/07/2020 10:54:17 AM: Finished copying properties for 395,298 folders and 0 files 07/07/2020 10:54:27 AM: Copying Snapshot: 2 files (132.5 MB) 07/07/2020 10:54:30 AM: Snapshot stored, 132.5 MB 07/07/2020 10:54:30 AM: Comparing /backup on Lenovo 07/07/2020 10:54:32 AM: 257 execution errors Duration: 01:44:52 (01:44:43 idle/loading/preparing) It seems that the File Selector is being applied too late in the process. I would have thought that if I've identified paths NOT to be included in the backup then by definition they'd be excluded from the scan. Why waste time scanning paths (and recording errors for files) which are going to be excluded?
  18. Malcolm McLeary

    Retrospect Management Console

    David, There is a difference between running a "web server" and simply leveraging web technologies. A "web server" in most peoples minds conjures up being able to access fully formatted and structured pages of information but it doesn't have to be that way. The "service" could respond simply with XML or JSON formatted data to an appropriately crafted request (which also contains an Access Token previously obtained). The "service" could process appropriately formatted XML or JSON data which is in the payload of a http POST. Commonly if the host does have a "web server" then it handles the routine "web" traffic, but appropriately crafted requests are passed to the "service". This way the "service" can leverage an existing installation of Apache, IIS, nginx, etc. I suspect the Retrospect Management Console works like this where the "engine" does an http POST to the "console" periodically to give it status updates and polls for "commands". It would be appropriate if port 22024 on the "engine" worked like this as well where the Retrospect for iOS sends a http POST and gets back appropriate data which it processes, caches and presents. Security is provisioned by using https rather than simply http. If you keep it all "in house" then self signed certificates are fine, but if you get standard browsers involved when rendering the "console" then you need to have properly signed certificates. This can be problematic for Home users but seldom an issue for Business users as its best practice to buy a wildcard certificate and use it everywhere its needed. An alternative is Let's Encrypt https://letsencrypt.org which is an option provided by most NAS vendors. None the less it can be tedious because you need to have DNS entries and expose port 80 and 443 to the internet so Let's Encrypt can validate the endpoint. Anyway, Windows 10 can run IIS ... its simply not installed by default. MacOS has Apache and so does Linux (even if its not part of a minimal install). Retrospect don't need to include a "web server" ... its most likely already there, BUT if they persist in maintaining backward compatibility with Vista/7/8, etc, for a "backup server" then things probably get complicated, however I'm only talking about a "backup server" ... not clients.
  19. Malcolm McLeary

    iOS App Compatibility with Retrospect v17

    David, Full circle, and back to where I started. Retrospect is attractive because the clients are treated equally (MacOS, Windows and Linux). I've been in the "wilderness" and although Synology does have a neat solution it conveniently overlooks MacOS ... however that's a trend because Apple provide TimeMachine so many vendors just provide a TimeCapsule compatible service. It works, but that is not what I want. As an alternative to TimeMachine, Synology also provides Synology Drive which is sort of an on premise version of DropBox, GoogleDrive, OneDrive, etc but with the ability to schedule backup tasks. Its a client but more active, however I'd prefer to have centralised management ... hence Retrospect. I also tend to use CCC rather than TimeMachine. Web (or browser) based management (e.g. Retrospect Management Console) doesn't necessarily mean in the cloud. Sure it is now, but I'm suggesting that it should be able to be hosted anywhere ... localhost, separate host or cloud service. Just like when you leverage Cloud backups (e.g Amazon S3) you need to provide a "Path" which starts with the FQDN of the server it should be possible for "Management Preferences" to include the FQDN of a Management Console as a variable and not just be hard coded to "console.retrospect.com". FreeNAS includes S3 as a built in service (based on MinIO) ... just turn it on ... so instead of an Amazon FQDN I can simply enter the the FQDN of my server (which may be onsite, different building or offsite). Does a Drobo NAS include S3 as a service or does it just do SMB, AFP, and NFS? Anyway back to Retrospect for iOS ... it works over port 22024 which may or may not use SSL and it may or may not be http based (but it should). If it was http based you could put a reverse proxy in front of it and hence not have to open a hole in the firewall for it to work. The listener on port 22024 appears to be passive in that the iOS App sends it commands for it to respond with details or do something. Sounds like the basis for a Management Console to me. The actual Retrospect Management Console (hosted) receives https traffic from Retrospect for MacOS and Retrospect for Windows. Presumably it queues up commands and managed machines poll the queue periodically as it works without inbound firewall adjustments. So fundamentally the architecture I desire is where the Retrospect "engine" runs as a faceless background service and listens on port 22024 (as it does today) for commands from the iOS App. The Retrospect Management Console listens on a different port (could be https 443 as it does today) but is essentially a custom web server such that a browser on local host or a remote host can access it. It could get its details from the "engine" by sending commands to port 22024 (just like the iOS App does). The "engine" could actively send the "console" status details as it does now but not hard coded to "console.retrospect.com" ... it could be localhost or a specified host. The existing Retrospect for Windows UI could be retained for local management if desired/required by abstracting the UI such that it communicates with the "engine" via the same mechanisms as the Remote Management Console (and doesn't need to be left running). Is there precedence for this? Sure ... just look at FileMaker Server. Its comprised of multiple faceless background services which are task specific. The clients (i.e. FileMaker Pro for MacOS/Windows) and FileMaker Go (for iPhone and iPad) access hosted databases on port 5003. Web clients can access hosted databases on port 80/443 as there is a service which actively (on the fly) converts layouts into html/css/javascript and talks to the database engine on behalf of the clients. There is also ODBC access on port 2399. The Administration Console can be accessed either from localhost or a workstation via a browser on port 16000. A very different port is used here such that it can be easily firewalled if you want to limit access. Customised access is possible via two published APIs ... the Data API and the Admin API ... both are accessible via 80/443 such that "anyone" can build their own app be it for accessing a hosted database or to monitor/manage the server. Further you can leverage Zabbix to monitor/manage the whole host and even manage FMS by scripting its CLI. For scaleability you can add additional "worker" machines which essentially just run the webdirect service such that web clients are offloaded from the "master" machine. Each of these "worker" machines handle the browser client interaction and communicate with the database engine on their behalf. Sounds like a lot of moving parts, but having multiple moving parts is much better than a monolithic application which requires a "Desktop Experience" to run because a given part can fail and be restarted without impacting the whole. You can even have a "helper" service which checks that all the services are running and restart them if necessary. Further ... moving from a "Desktop Experience" to say CentOS (without GUI) or a NAS (without screen, keyboard or mouse) is straight forward because none of the services depend on a GUI ... you don't even need a GPU. Although Retrospect for iOS is listed with the rest of the downloads for Retrospect for Windows v17 it hasn't been updated since 2017 and the documentation only mentions "partial" support for Retrospect for Windows 7.7. Perhaps the documentation has never been updated. Perhaps it did work with Retrospect for Windows in 2017, but 3 years later it appears that "partial" is now "broken". Is it unreasonable to expect that if if its listed with v17 it should work with v17? Tech Support Advice ... check port 497 is open.
  20. If you got the simple restore to work and saved the job, you should be able to toggle back over to the advanced restore and look for differences. I don't do a whole lot of restoring. The most fun I've had with this type of thing was to define my Downloads directory and exclude it from being backed up. I took several runs at that before I could get it to work.
  21. Thank you again for you help and suggestions. Thank you for the tip. When I search "all files" both folders appear, but no .nef files are found in "2016-04-01 - Watercolor". Another good idea! When I use the duplicate script the entire "2016-04-01 - Watercolor" folder gets backed up. I then search for "Ends with .nef" and the 69 nef files show up: When I just do a simple restore and drill down to the "2016-04-01 - Watercolor" folder and restore it, the entire folder, including all of the.nef files, are restored. So they are getting backed up. And I can restore other folders using the "ends with .nef". The 2 folders that I "modified" with Windows Explorer are the '*Watercolor*" folders in which I copied the files from one folder to the new "*Watercolor*" folder. In both cases only the .nef (and .raf) raw files were copied. All the other files in the (new) folders (.xmp, jpg, .cos,...) were created as I edited the raw files in my image editing software and those all show up in every search. I really appreciate your help. I can and did restore the .nef files using the simple restore. But, for me, it is now a matter of figuring out why the "Find Files" method does not work. Greg
  22. Nigel Smith

    'Restore --> Find Files' yields 0 files found

    So "Watercolor" is on your D:\ drive, contains "*.nef" files, but those files don't appear when you search your backups for them. Almost sounds as if they haven't been backed up -- have you checked for any exclusions in your backup scripts? You can also browse the entire Backup set by doing a search with no criteria -- IIRC, on Windows it defaults to "Include everything" and "Exclude nothing" -- then browsing the results. It'll probably be a long list, you'll get every backed version of every document, but you'll at least be able to drill down to "2016-04-01 - Watercolor" and see what's in there. If you still don't see the .nef files that strongly suggests they were never backed up for some reason. I'd be inclined to do a quick test. Duplicate the backup script you've been using, define "2016-04-01 - Watercolor" as a volume, change the duplicate script to back up only that volume and ideally the destination to be somewhere new (stick, HD, share, cloud -- doesn't matter, it just pays to play safe and keep it separate from your "real" backups). Run it and see what happens -- do the .nef files get backed up?
  23. Thank you for you help Nigel. When I start with "filename ends with .nef" the deleted folder "2016-04-Florida" appears and my current folder "2016-04-01 - Watercolor" does not: I am searching the whole set but when I look at the Backup Set I can only browse snapshots within it. Every snapshot has the "2016-04-01 - Watercolor" folder in it and none of them have the "2016-04-Florida" folder: If I search "filename contains florida" both folders appear but no .nef files are found in the "2016-04-01 - Watercolor" folder. Thanks again, Greg
  24. Nigel Smith

    'Restore --> Find Files' yields 0 files found

    If I were you, I'd start again from scratch, but coming from the opposite direction. And remember that it pays to be as explicit as possible with selectors -- so files don't end with "nef", they end in ".nef". So start with only the "filename ends with .nef" selector. If that picks up all you expect, add "and Windows file or folder path starts with D:\Greg\" (remember -- explicit! Include the trailing backslash). Then, maybe a "Windows path of folder contains..." to get just your subfolder. But you may not need to even go that far if you can manually remove/select what you want from the results of the first filter. Selectors can be tricky beasts, which don't always behave the way you'd expect -- or the way selectors anywhere else would! But they work well once you master their own particular logic. If they then don't show what you expect it's usually a wrongly-chosen snapshot or similar, so search the whole set.
  25. DavidHertzberg

    iOS App Compatibility with Retrospect v17

    Malcolm McLeary, Disclaimer: Anything I may say about the intentions of Retrospect "Inc." in this or any other post is merely the result of "reading the tea leaves", the "tea leaves" being documentation and public announcements supplemented by an occasional morsel from Retrospect Sales. I have never been paid a cent by Retrospect "Inc." or its predecessors, and I pay for my upgrades. Any judgements expressed are—obviously—mine alone. The same is true of Retrospect's history, especially here. My guess is that you do have two Support Cases on Retrospect "Inc."'s system; it's just that you're confused by that somewhat-perverted system. IMHO the perversion is a result of Retrospect Inc.'s long-ago marketing decisions, which include not allowing an ordinary customer to view any Cases except his/her own. The e-mail they send you for each submitted Case contain a link to the Portal and a case number. You have to click the link and then click the itty-bitty "Log in" item on the right. Since the system knows from the link who you are, you then merely have to click a larger Sign In button to be presented with the main Portal Dashboard. That Dashboard was designed to also offer you several other sales-oriented options, so you have to click its Support button to be taken to a page having a single-line listing of each Support Ticket you've ever submitted—in inverse sequence by date-submitted. Unless you want to click the Number for your very-latest Case, you may then have to use the Ticket Number on the e-mail to aid you in finding the one you want to look at. Each Case is organized in latest-note-first sequence, so your original Problem Description is at the bottom. That Description and each Additional Note is limited to about 2000 characters, with automatic creation of Additional Notes if you exceed the limit. The Retrospect for iOS app is read-only, except for a Pause/Unpause/Stop button added a few years later for use if the iOS app reveals an imminent backup problem. The Retrospect Management Console is read-only if you don't buy the Management Console Add-On, but AFAICT (only Partners get to see whatever documentation exists for that Console) you can't restrict a particular user of the Management Console to read-only. I'm sorry my Windows 10 release "2004" hypothesis isn't correct; maybe there's now a bug in some underlying code for Retrospect Windows 17—other administrators already spotted an annoying debugging display inadvertently left in the Proactive "AI" code for the evidently-hurried 17.0.0 initial release. Thank you for bringing Synology's ABfB application to my attention; it explains the competitive reason for StorCentric's buying Retrospect Inc.. For (well-founded) fear of triggering deletion of my post(s) by the head of Retrospect Tech Support, I don't want to discuss Synology's backup products any further on these Forums. However solely in this post I will use them to "read the tea leaves" about what StorCentric must be trying to develop—a competitor for both ABfB and Hyper Backup: ABfB has the built-in capability of backing up virtual machines; Retrospect used to have that capability as an Add-On, but moved it to the separate R. V. product a couple of years ago (I'm not permitted to mention the full name of R. V. on these Forums; IMHO that prohibition is part of the Partner-oriented "go big or go home " strategy). Another administrator suggested that R. V. was developed under the management of someone other than a Walnut Creek CÅ-based engineer; if so, it would be difficult to merge that product into the ordinary Retrospect product. However the Retrospect Management Console can monitor and control both products. AFAICT ABfB doesn't have a non-Management Console, and Hyper Backup has a simplified Web-based Synology Drive Client. The Retrospect non-Management Console Preview may only be for exhibiting the proposed GUI for a simplified Web-based Retrospect Web Console, but it's not clear how that could be used for an installation using solely Windows-based "backup servers" without using Heroku as the webserver. That may be satisfactory if the problem you experienced with the Management Console is due solely to a bug in version 17, except that Retrospect "Inc." has a U.S. military customer that Sales says is using Retrospect Mac because its LAN-only Console avoids security problems by not using the Web. Neither ABfB nor Hyper Backup can back up Macintosh computers; that IMHO is what the second 'B' in ABfB emphasizes—"Business". It is worth noting that the competing client-server backup applications NB and BE used to have Mac "agent" or "client" programs, but dropped those at least two years ago.
  26. Malcolm McLeary

    iOS App Compatibility with Retrospect v17

    David, Thanks for the feedback. I have logged a Support Case ... would like to provide the Case No but nothing gets listed in my Portal even though I get an acknowledgement email and a link (which just gets me to the login screen). Shouldn't really discuss competing products, however I use Hyper Backup to backup the Synology itself. The product I haven't mentioned is "Active Backup for Business" ... https://www.synology.com/en-au/dsm/feature/active_backup_business If a Drobo NAS was to have Retrospect integrated, then I'd see this as a product the marketing boys would want to benchmark against. I'm actively looking at Retrospect again because it does have advantages over the competition. Its just unfortunate that some capabilities I'd like to be able to leverage are incomplete. The iOS App for example would give local staff visibility of status without having to physically access the backup server. Similarly with the Retrospect Management Console as its also at arms length of the backup server. It would be nice for both to have "read only" access just for monitoring. The FileMaker Server 19 for Linux Developer Preview does have the advantage in that its been running on CentOS at AWS for several years so the base is solid, its just that now they have made it available for on premise installation there are lots of new variables to be concerned about and there are some differences between the Cloud option and on premise so capabilities are being added such that it is feature equivalent to the MacOS/Windows versions. Hardware is probably the biggest variable, I'm testing various VMs which are themselves hosted on various NAS platforms including Synology and FreeNAS, while others are going down the Docker path. Many new deployments to the previous AWS only. Although Claris is owned by Apple they are a separate business unit and expected to perform as if independent. To a degree Claris (aka FileMaker) is similar to Retrospect in that both started doing a Mac only product then diversified as the Windows market was bigger. A big difference is that FileMaker for Windows looks and behaves the same as FileMaker for MacOS. There are some platform specific differences, but by and large they are the same product. Claris at one stage managed many products but then became FileMaker Inc with only 1 product. Recently reborn as Claris (again) with the opportunity to expand the product portfolio. Occasionally Apple tosses them a curve ball like "Claris Connect" where the parent bought a capability and assigned it to Claris to make it work. Claris Connect is not about FileMaker its about connecting a diverse range of apps via APIs. Where Retrospect can with some effort talk to Slack, Claris Connect promises to make this much easier to do and not be limited to just Slack ... basically anything in the ecosystem. Currently my biggest issue is cost and the fact that it relies on US Hosts. No doubt Retrospect has staffing challenges with respect to dev/test, which is why I believe they are making it harder than it needs to be by supporting legacy platforms. Ok ... they can't drop support completely, but I think the client is where legacy support should be focused. Customers don't have to upgrade their entire fleet of workstations/servers if they don't want to, they just need to maintain the "backup server" if they want to run the latest release and in return Retrospect just need to focus on Retrospect for Windows working on currently supported OSes (which in turn only runs on supported hardware) and legacy support is available by ensuring the various platform clients work with the current version of Retrospect. Just looked at the 3 Windows 10 "backup servers" I'm working with and they are all Windows 10 Release 1909. All three are fully patched and say they are waiting for 2004. I don't run Retrospect on any Windows Server machines directly. They are also fully patched and all running 2019. Don't have any Vista/7/8 machines at all. I'd have to create a VM to test that and I don't have any motivation to go there.
  27. DavidHertzberg

    iOS App Compatibility with Retrospect v17

    Malcolm McLeary, Is it possible this is the result of a Windows 10 "improvement" in an updater to its "2004" version? A lot of Ars Technica Windows forum posters have been plagued with such things. Can you—or another administrator—access a Retrospect 17 "backup server" installed on a Windows Vista/7/8 machine? BTW you said in a post in another thread: If you're talking about Synology Hyper Backup, AFAICT that only backs up individual files from Synology NASes—not from "endpoint" computers. Also, in another post in that other thread you praised the quality of a Linux Developer Preview of FileMaker Server 19. As I'm sure you're aware, FileMaker Inc. happens to be a subsidiary of Apple, so it surely doesn't lack for money to pay alpha-testers—which is probably still tight at Retrospect "Inc.".
  1. Load more activity
×