Jump to content

Malcolm McLeary

  • Posts

  • Joined

  • Last visited

Everything posted by Malcolm McLeary

  1. Retrospect can leverage Amazon S3 Storage for cloud backups but has anyone tried installing the Retrospect Linux client on a Linux instance running at AWS and pulling back backups rather than simply trust the AWS infrastructure? Perhaps its more than trusting the resilience of AWS infrastructure ... perhaps its more of a case of wanting a copy of the data "in-house" in case I want to host elsewhere. One of the points Retrospect make about their Cloud Backup option is that you are not locked into a given provider as you can always "transfer" your backups to another S3 Compatible Storage provider. I'm sure that may take a while, but it can be done. In this case I'm thinking about keeping backups of a hosted machine "in-house" such that the data could be restored to another service provider should I choose.
  2. No ... just saying that I've never had much luck getting DRD to work. I've found its generally simpler to just reinstall the OS. The DRD process is designed to use FAT32 so its not going to have any files bigger than 4G anyway. Yes its a "waste" to use 32G when you could get away with 8G or less but nobody makes "small" flash drives these days. Just use the whole media.
  3. David, I have been very clear in that its the "Desktop Experience" requirement that I have issues with, which could have and should have been changed a long time ago. I don't need a version by version summary of under the hood changes since v7.7. I have always said Retrospect has some great features under hood. Yes ... presently Backup Set Encryption is optional and disabled by default on a Set by Set basis. It really needs to be a global Security Preference and perhaps mandatory for Cloud Backup Sets. That is fundamentally why my "exploit" works ... once one has access to the Retrospect Management Console you can add a Cloud Backup Set on any S3 Compatible target and have the "backup server" diligently use it (without encryption). Being a cloud service 2FA is industry best practice if not essential. Yes I was noting that there is a Heroku presence in APAC and you identified how simply Retrospect can make it happen. Still I'd prefer self hosting on premise. Drop Bears are a story passed around to keep visitors away, however some of the most deadliest creatures on the planet do live here.
  4. David, I can't explain the "stagnation" between v7.7 and v17.0 as I stopped using Retrospect at v7.7 when the writing was on the wall that EMC intended to kill the product, only to return recently to see next to nothing had changed. Don't get me wrong, Retrospect has some great features under hood ... shame about the look and feel (of the Windows version). Presently I've posted my concerns about the security of the Management Console here to illicit peer group thoughts and advised APAC Sales, but the next step is Tech Support although I have already raised a feature request for 2FA without indicating my underlying concern ... just that its best practice for cloud services. I must say that my previous post is not simply theory ... its pretty straight forward to demonstrate that once you have access to the Management Consoles you can add a Cloud Backup Set and the add a script or modify a script to send company data to that Backup Set. You can then recatalog that Backup Set on a separate machine and hence "restore" anything. Its irrelevant that the Management Console can't access data ... it can instruct a "backup server" to save data to a "foreign" Cloud Backup Set. The weak link is access control. Apart from 2FA the situation could be improved/resolved by enforcing backup set encryption where ONLY the "backup server" knows the secret key. This exploit works because the additional "foreign" Cloud Backup Set is not encrypted by default. Strong passwords are a myth ... no-one cracks strong passwords ... users are tricked into revealing them or they are stolen. A "random" 6 digit PIN which changes every 30 seconds and is generated by an independent device is a simple to implement fix. Leveraging a hardware token like a Yubikey would gain massive street cred. I have raised a support case about the Management Console having issues with time zones ... status is hours behind reality most likely because APAC is in the future compared to the US. This is quite different to simply "response" and "refresh". AWS has a presence in APAC ... and so does Heroku https://blog.heroku.com/private-spaces-sydney-region but realistically I'd prefer to run a Management Console on premise ... not in the cloud. Presently Retrospect is hard coded to post status updates to console.retrospect.com ... it would be better if this was user definable (aka self hosted). Drop Bears are real ... if you have ever gone camping in the Aussie bush you may have heard the males at night ... truely frightening. 😉
  5. Sorry for the confusion over "Does a Drobo NAS include S3 as a service ... ?" ... I was using the same terminology as is used on a FreeNAS box. There are Knowledge Base articles which describe how to use Docker to run MinIO on Synology or QNAP ... not seen anything regarding Drobo. It would be good if it was builtin just like it is in FreeNAS. Anyway ... I don't take anything Marketing says for granted until I've actually seen/experienced it. "Marketing" would have you believe that Retrospect for iOS works with Retrospect for Windows v17 because there is a download link with all the other v17 downloads and its covered in the v17 Users Guide.
  6. David, Realistically Retrospect does a great job performing backups to S3. What I was asking was if Drobo provides an S3 Compatible service ... can it be used as a "private" S3 Target. That is what I can do with FreeNAS as it has MinIO built in. Various Retrospect KB discuss installing MinIO on platforms so as to use them as an alternative to Amazon S3. Does Retrospect for Windows v17 listen on port 22024 ... yes it does ... just do a port scan and it will respond. Retrospect for iOS uses this port to connect to the MacOS engine and will also connect to the Windows version and work, but but then it breaks. According to Tech Support the API behind port 22024 has been changing since v7.7 but Retrospect for iOS hasn't been updated since 2017 and in fact hasn't been tested against later versions ... although its listed with the v17 downloads and is included in the v17 User Guide. See page 486 of the Retrospect for Windows v17 Users Guide. UAC really has nothing to do with a given service listening on a given port ... what the service then tries to do may cause "conflicts". The backup engine does not listen on port 497 ... do a port scan and see. 497 is the port the client listens on. The backup engine listens on port 22024. For remote backups to work the client can't simply broadcast its existence ... it needs to "call out" to the "backup server" at its IP address or FQDN on 22024 and then wait for the "backup server" to call back on port 497 (just as it does a LAN after discovery). Clearly the remote user will need to have port 497 port forwarded through their firewall. Node.js and Ruby are very common coding languages and supported an MacOS, Windows and Linux. The programming language is not really the issue ... its more about accessing the API behind the listening port. The API should be based on industry standards rather than some in-house propriety protocol. I'd suggest very few Administrators are using Retrospect for iOS or the new Retrospect Management Console. Retrospect for iOS may work for MacOS installs, but Retrospect changed the API in the Windows versions so its now broken. Retrospect Managements Console is most likely the future but it has issues. I've come back from the "wilderness" and have higher expectations based on experience with other products ... not backup related ... see what Ubiquiti is doing with monitoring/management of their network infrastructure. They have iOS and Android apps, web based consoles which can be cloud or locally installed plus CLI on most devices. My biggest beef with Retrospect for Windows is that it still requires a "Desktop Experience" to operate and that prevents it from being taken seriously in any environment larger than home users or small business.
  7. Its been said that the Retrospect Management Console is adequately secured and besides it doesn't contain any actual data. Further its "mainly" a reporting tool which passively receives status information from "backup servers". Apart from the performance aspects of this thing running in the US, I'd prefer to be running it "in-house" because I believe that presently there is a fairly significant security flaw which could be exploited to exfiltrate data on a large scale. Please tell me I'm wrong ... The attack vector requires first gaining a username/password combination for Retrospect Management Console. Given that accounts are compromised all the time lets assume that an Advanced Persistent Threat (APT) exists for a given organisation and they have the means to obtain credentials for what is an external publicly visible system which does not enforce 2FA. Now although the Retrospect Management Console does not contain any data, it does have the ability to edit backup scripts and even create new scripts. For these new scripts, or existing scripts, you can set up "Other Destinations" ... including Other Cloud Storage. So having gained access to the Retrospect Management Console (as its only secured by username/password) the actor simply adds an extra Amazon S3 destination with a new 20 char Access Key and 40 char Secret Key and have Retrospect send out "everything" ... essentially untraceable as the Access Key and Secret Key don't provide any information as to which Amazon Account owns the S3 Bucket. Then the actor simply Recreates the Catalogue for this exfiltrated Storage Set, on another machine running Retrospect and restores whatever they want. It seems that the actor can even cover their tracks by deleting the created script after they've gotten what they want. There is no need to mount an attack on Amazon or any encrypted backups which may be stored there. There is no need to penetrate the target site and copy data directly or remove encrypted backup media which may be laying around ... just add a Cloud Storage Backup Set to one or more existing Scripts (or add one) and have Retrospect diligently do all the work. Who is going to notice that "extra" Backup Set or that "extra" script in a large installation? The only problem I see at the moment is that you can't turn off verification on this new Cloud Storage Set so the additional download may be noticed but as most organisations download way more than they upload this overhead may go unnoticed. Just putting it out there that any cloud based service which is only secured by username/password is just asking to be compromised and in this case becomes an avenue for massive data theft.
  8. I have often said ... "the only backup you ever really need is the one you don't have". Hence I tend to backup everything, except the things I know I don't need, rather than backup just the things I think I may need or may get "lost". In this case I'm being overly cautious (and just testing things out) as realistically the only stuff I need to backup are; /home/ /backup/Backups/ Database backups are stored in /backup/Backups/ so short of complete disk failure everything I need is on a disk in the machine. Retrospect's job is to maintain backups off the machine. Its not unreasonable to define the sub volumes I really want to backup to elsewhere as presently I use SAMBA to publish appropriate "shares" and back them up as if the machine was a fileserver. Its just that using the Retrospect client I can backup the whole machine quite easily. Whether I should is a different question. To rebuild the machine I just boot from the CentOS install image, install, update, add a few packages stored in /home/sysadmin/ configure FileMaker Server and restore the most recent backup from /backups/ (which is a separate drive which may have been restored).
  9. I'm using a new install of Retrospect for Windows v17.0.2 and I have created a Custom Selector so as to NOT backup files in some specific directories because I know the content changes every 5 minutes and I don't need a backup of them. Linux path /backup/FileMaker/Progressive/ and subfolders Linux path /home/FileMaker/Progressive/ and subfolders Linux path /opt/FileMaker Server/FileMaker/Data/Progressive/ and subfolders Depending on my configuration only 1 of these will be in play and contain files. The backup runs but records hundreds of errors because my progressive backups "change" during the backup. --Log-- +Normal backup using Immediate - Lenovo at 07/07/2020 9:09 AM (Execution unit 1) * Resolved container Lenovo to 3 volumes: /backup on Lenovo /home on Lenovo / on Lenovo 07/07/2020 9:09:41 AM: Finished scanning backup set data files To Backup Set Lenovo 002... - 07/07/2020 9:09:40 AM: Copying /backup on Lenovo While scanning volume backup, Folder /backup/FileMaker/Progressive/IncrementalBackup_2020-07-07_0900/Additional/RC_Data_FMS/PacificStone/Files/PacificStone/Secure/01/, Scanning incomplete, error -1101 (file/directory not found) Folder /backup/FileMaker/Progressive/IncrementalBackup_2020-07-07_0900/Additional/RC_Data_FMS/PacificStone/Files/PacificStone/Secure/02/, Scanning incomplete, error -1101 (file/directory not found) (snip) 07/07/2020 9:13:38 AM: Found: 102,106 files, 395,298 folders, 59.7 GB 07/07/2020 9:13:42 AM: Finished matching 07/07/2020 9:14:04 AM: Selector "All Files Except Progressive Backups" was used to select 81,592 files out of 102,106. 07/07/2020 9:14:16 AM: Copying: 0 files (zero KB) and 0 hard links 07/07/2020 9:14:29 AM: Building Snapshot... 07/07/2020 9:14:29 AM: Copying properties for 395,298 folders 07/07/2020 10:54:17 AM: Finished copying properties for 395,298 folders and 0 files 07/07/2020 10:54:27 AM: Copying Snapshot: 2 files (132.5 MB) 07/07/2020 10:54:30 AM: Snapshot stored, 132.5 MB 07/07/2020 10:54:30 AM: Comparing /backup on Lenovo 07/07/2020 10:54:32 AM: 257 execution errors Duration: 01:44:52 (01:44:43 idle/loading/preparing) It seems that the File Selector is being applied too late in the process. I would have thought that if I've identified paths NOT to be included in the backup then by definition they'd be excluded from the scan. Why waste time scanning paths (and recording errors for files) which are going to be excluded?
  10. David, There is a difference between running a "web server" and simply leveraging web technologies. A "web server" in most peoples minds conjures up being able to access fully formatted and structured pages of information but it doesn't have to be that way. The "service" could respond simply with XML or JSON formatted data to an appropriately crafted request (which also contains an Access Token previously obtained). The "service" could process appropriately formatted XML or JSON data which is in the payload of a http POST. Commonly if the host does have a "web server" then it handles the routine "web" traffic, but appropriately crafted requests are passed to the "service". This way the "service" can leverage an existing installation of Apache, IIS, nginx, etc. I suspect the Retrospect Management Console works like this where the "engine" does an http POST to the "console" periodically to give it status updates and polls for "commands". It would be appropriate if port 22024 on the "engine" worked like this as well where the Retrospect for iOS sends a http POST and gets back appropriate data which it processes, caches and presents. Security is provisioned by using https rather than simply http. If you keep it all "in house" then self signed certificates are fine, but if you get standard browsers involved when rendering the "console" then you need to have properly signed certificates. This can be problematic for Home users but seldom an issue for Business users as its best practice to buy a wildcard certificate and use it everywhere its needed. An alternative is Let's Encrypt https://letsencrypt.org which is an option provided by most NAS vendors. None the less it can be tedious because you need to have DNS entries and expose port 80 and 443 to the internet so Let's Encrypt can validate the endpoint. Anyway, Windows 10 can run IIS ... its simply not installed by default. MacOS has Apache and so does Linux (even if its not part of a minimal install). Retrospect don't need to include a "web server" ... its most likely already there, BUT if they persist in maintaining backward compatibility with Vista/7/8, etc, for a "backup server" then things probably get complicated, however I'm only talking about a "backup server" ... not clients.
  11. David, Full circle, and back to where I started. Retrospect is attractive because the clients are treated equally (MacOS, Windows and Linux). I've been in the "wilderness" and although Synology does have a neat solution it conveniently overlooks MacOS ... however that's a trend because Apple provide TimeMachine so many vendors just provide a TimeCapsule compatible service. It works, but that is not what I want. As an alternative to TimeMachine, Synology also provides Synology Drive which is sort of an on premise version of DropBox, GoogleDrive, OneDrive, etc but with the ability to schedule backup tasks. Its a client but more active, however I'd prefer to have centralised management ... hence Retrospect. I also tend to use CCC rather than TimeMachine. Web (or browser) based management (e.g. Retrospect Management Console) doesn't necessarily mean in the cloud. Sure it is now, but I'm suggesting that it should be able to be hosted anywhere ... localhost, separate host or cloud service. Just like when you leverage Cloud backups (e.g Amazon S3) you need to provide a "Path" which starts with the FQDN of the server it should be possible for "Management Preferences" to include the FQDN of a Management Console as a variable and not just be hard coded to "console.retrospect.com". FreeNAS includes S3 as a built in service (based on MinIO) ... just turn it on ... so instead of an Amazon FQDN I can simply enter the the FQDN of my server (which may be onsite, different building or offsite). Does a Drobo NAS include S3 as a service or does it just do SMB, AFP, and NFS? Anyway back to Retrospect for iOS ... it works over port 22024 which may or may not use SSL and it may or may not be http based (but it should). If it was http based you could put a reverse proxy in front of it and hence not have to open a hole in the firewall for it to work. The listener on port 22024 appears to be passive in that the iOS App sends it commands for it to respond with details or do something. Sounds like the basis for a Management Console to me. The actual Retrospect Management Console (hosted) receives https traffic from Retrospect for MacOS and Retrospect for Windows. Presumably it queues up commands and managed machines poll the queue periodically as it works without inbound firewall adjustments. So fundamentally the architecture I desire is where the Retrospect "engine" runs as a faceless background service and listens on port 22024 (as it does today) for commands from the iOS App. The Retrospect Management Console listens on a different port (could be https 443 as it does today) but is essentially a custom web server such that a browser on local host or a remote host can access it. It could get its details from the "engine" by sending commands to port 22024 (just like the iOS App does). The "engine" could actively send the "console" status details as it does now but not hard coded to "console.retrospect.com" ... it could be localhost or a specified host. The existing Retrospect for Windows UI could be retained for local management if desired/required by abstracting the UI such that it communicates with the "engine" via the same mechanisms as the Remote Management Console (and doesn't need to be left running). Is there precedence for this? Sure ... just look at FileMaker Server. Its comprised of multiple faceless background services which are task specific. The clients (i.e. FileMaker Pro for MacOS/Windows) and FileMaker Go (for iPhone and iPad) access hosted databases on port 5003. Web clients can access hosted databases on port 80/443 as there is a service which actively (on the fly) converts layouts into html/css/javascript and talks to the database engine on behalf of the clients. There is also ODBC access on port 2399. The Administration Console can be accessed either from localhost or a workstation via a browser on port 16000. A very different port is used here such that it can be easily firewalled if you want to limit access. Customised access is possible via two published APIs ... the Data API and the Admin API ... both are accessible via 80/443 such that "anyone" can build their own app be it for accessing a hosted database or to monitor/manage the server. Further you can leverage Zabbix to monitor/manage the whole host and even manage FMS by scripting its CLI. For scaleability you can add additional "worker" machines which essentially just run the webdirect service such that web clients are offloaded from the "master" machine. Each of these "worker" machines handle the browser client interaction and communicate with the database engine on their behalf. Sounds like a lot of moving parts, but having multiple moving parts is much better than a monolithic application which requires a "Desktop Experience" to run because a given part can fail and be restarted without impacting the whole. You can even have a "helper" service which checks that all the services are running and restart them if necessary. Further ... moving from a "Desktop Experience" to say CentOS (without GUI) or a NAS (without screen, keyboard or mouse) is straight forward because none of the services depend on a GUI ... you don't even need a GPU. Although Retrospect for iOS is listed with the rest of the downloads for Retrospect for Windows v17 it hasn't been updated since 2017 and the documentation only mentions "partial" support for Retrospect for Windows 7.7. Perhaps the documentation has never been updated. Perhaps it did work with Retrospect for Windows in 2017, but 3 years later it appears that "partial" is now "broken". Is it unreasonable to expect that if if its listed with v17 it should work with v17? Tech Support Advice ... check port 497 is open.
  12. David, Thanks for the feedback. I have logged a Support Case ... would like to provide the Case No but nothing gets listed in my Portal even though I get an acknowledgement email and a link (which just gets me to the login screen). Shouldn't really discuss competing products, however I use Hyper Backup to backup the Synology itself. The product I haven't mentioned is "Active Backup for Business" ... https://www.synology.com/en-au/dsm/feature/active_backup_business If a Drobo NAS was to have Retrospect integrated, then I'd see this as a product the marketing boys would want to benchmark against. I'm actively looking at Retrospect again because it does have advantages over the competition. Its just unfortunate that some capabilities I'd like to be able to leverage are incomplete. The iOS App for example would give local staff visibility of status without having to physically access the backup server. Similarly with the Retrospect Management Console as its also at arms length of the backup server. It would be nice for both to have "read only" access just for monitoring. The FileMaker Server 19 for Linux Developer Preview does have the advantage in that its been running on CentOS at AWS for several years so the base is solid, its just that now they have made it available for on premise installation there are lots of new variables to be concerned about and there are some differences between the Cloud option and on premise so capabilities are being added such that it is feature equivalent to the MacOS/Windows versions. Hardware is probably the biggest variable, I'm testing various VMs which are themselves hosted on various NAS platforms including Synology and FreeNAS, while others are going down the Docker path. Many new deployments to the previous AWS only. Although Claris is owned by Apple they are a separate business unit and expected to perform as if independent. To a degree Claris (aka FileMaker) is similar to Retrospect in that both started doing a Mac only product then diversified as the Windows market was bigger. A big difference is that FileMaker for Windows looks and behaves the same as FileMaker for MacOS. There are some platform specific differences, but by and large they are the same product. Claris at one stage managed many products but then became FileMaker Inc with only 1 product. Recently reborn as Claris (again) with the opportunity to expand the product portfolio. Occasionally Apple tosses them a curve ball like "Claris Connect" where the parent bought a capability and assigned it to Claris to make it work. Claris Connect is not about FileMaker its about connecting a diverse range of apps via APIs. Where Retrospect can with some effort talk to Slack, Claris Connect promises to make this much easier to do and not be limited to just Slack ... basically anything in the ecosystem. Currently my biggest issue is cost and the fact that it relies on US Hosts. No doubt Retrospect has staffing challenges with respect to dev/test, which is why I believe they are making it harder than it needs to be by supporting legacy platforms. Ok ... they can't drop support completely, but I think the client is where legacy support should be focused. Customers don't have to upgrade their entire fleet of workstations/servers if they don't want to, they just need to maintain the "backup server" if they want to run the latest release and in return Retrospect just need to focus on Retrospect for Windows working on currently supported OSes (which in turn only runs on supported hardware) and legacy support is available by ensuring the various platform clients work with the current version of Retrospect. Just looked at the 3 Windows 10 "backup servers" I'm working with and they are all Windows 10 Release 1909. All three are fully patched and say they are waiting for 2004. I don't run Retrospect on any Windows Server machines directly. They are also fully patched and all running 2019. Don't have any Vista/7/8 machines at all. I'd have to create a VM to test that and I don't have any motivation to go there.
  13. The Web Hooks documentation may be what I'm looking for with respect to API documentation. https://github.com/retrospectinc/datahooks but it refers to v15 ... is it still supported in v17 (and beyond)? If the iOS App leverages web hooks in order to do its thing, the the answer is probably Yes for MacOS but No for Windows.
  14. Is there a definitive statement of the compatibility of Retrospect for iOS? All the information I have found is quite dated. Appears to be working with v17 for MacOS but currently not working with v17 for Windows, although it did for a couple of connections but now just “Connecting …”. Same thing on my iPad. Have tried with both a local server and an offsite server ... appropriate firewall rules have been implemented. Perhaps its confused that I’ve asked it to talk to 1 x MacOS backup server and 2 x Windows backup servers concurrently. The UI supports adding multiple servers so I expected this to work. Also, are the details of the API the iOS App uses documented somewhere? Is it https based but using port 22024? If it is a standard http based API I’d like to build my own “Management Console” with FileMaker (as the existing Retrospect Management Console is less than satisfactory). I could then have my server "checkin" with various backup servers and present consolidated stats reports. Wait … I have an old copy of v16.6 Solo running on a Microsoft Surface … it works with the iOS App! Does this mean Retrospect broke v17 for Windows. Scratch that ... v16.6 for Windows is unreliable as well ... works once, but then gets listed in Pending as "Connecting ..." but doesn't ... even after a reboot.
  15. David, I'd answer "No" and "Probably not, but one can hope" to your questions. It has potential, but Retrospect Management Console doesn't really work. It should only be available for testing ... a Limited Preview. I'm currently trialing a Developer Preview of FMS 19 for Linux and so far I can't break it. Its as stable as the release versions for MacOS and Windows ... feature for feature its the same product (accepting a few capabilities yet to be implemented) running on a different OS. IMHO Retrospect need to do same. Not only leverage common code, but also the exact same UI and workflows. Deploy the client as appropriate and run the server on what is most appropriate for the environment. The experience should be the same. I'd be interested in what they do with a Drobo NAS. I've used a Drobo for personal storage for years but only a direct connect version. Yes, the Windows market is bigger but unfortunately the users are generally comfortable with using slapped together, poor quality software ... its simply consistent with the OS. It doesn't have to work ... it just has to sell. I gave EMC a chance when they took over Dantz Development Corp. but it was apparent to me that they were a Windows company and product quality was going to suffer so I moved on. Perhaps I should forget about this little misadventure back to Retrospect and stick with Synology based options.
  16. Well isn't that interesting, accessing the Retrospect Management Console with Chrome (for MacOS) displays the missing dates, but they don't show when same is viewed with Safari (for MacOS). Similarly my missing dates appear in Microsoft Edge (Chromium Edition) on Windows. I would have thought that a Mac first, Windows second company would ensure that web interfaces work with the default MacOS browser or at least have a popup which says that some features are only supported if using Chrome. Goes a long way to explaining why the Retrospect Management Console renders poorly on an iPhone. As far as deployment goes, it would be better to have options for Retrospect Management Console ... cloud, independent host, or localhost. The standard web interface should adapt to screen size of the connected browser so as to make the user experience appropriate for the device but for an even better experience the iOS app would use it as a single backend for all the managed servers rather than having to connect to each independently (and possibly open additional holes in firewalls). Goes without saying that the Retrospect Management Console should support/require 2FA.
  17. Its not relevant what you believe the Retrospect Management Console was intended for as its clearly available and promoted on the website. There is no indication that its for "Parters" or US Residents ONLY. I have a reasonable expectation that available products will simply work. Retrospect Management Console appeals to me because it will remove the need to VPN into multiple sites just to confirm backup status or monitor completion emails. Similarly I use Zabbix to monitor the status of critical systems/services and Unifi/UNMS to monitor/manage network infrastructure across multiple sites. In the case of Zabbix I run a host on my premise, UNMS is a cloud service and Unifi runs on dedicated devices (some on client sites, some sites on my multi-site host). The VoIP solutions I deploy all utilise a cloud based PBX which has a web based Management Console. Most of my FileMaker clients have on-premise servers, but FileMaker does have an AWS based option with v2 planned to provide a Partner Console where we can manage multiple clients via s single console. Performing on premise backups still has a role to play as not everything can or should be hosted in the cloud. This doesn't mean I should be limited to local monitoring/management as Costinel has suggested.
  18. I've just bought a couple of licences and hence I'm using v17.0.2.102. I used Retrospect seriously on both Mac and Windows up to v7.5 then lost faith when it looked likely that EMC would kill the product. I called APAC Tech Support this morning but got some message about only being open during Business Hours CET. I've now realised what that means for AEST so in fact I called 45min before they were "open for business" and now they are closed. I have filled in a Tech Support Request, essentially a copy and paste of my posts above, but I think the system is broken. I received an acknowledgement email with a link to the Case, but it does not work. I've logged into my Portal but it says I have no Cases open. I created a new Ticket from that interface and received another acknowledgement email, but still no indication of an Open Case. I have subsequently received a response from support@retrospect.com requesting screenshots.
  19. In the past I've never gotten this to work well at all, but things may have gotten better. In a corporate environment we don't backup Windows laptops/desktops at all. For every model being used we prepare an imaging USB such that if there are issues with a machine requiring a restore we just re-image it to "factory", let SCCM deploy the application suite and then let the user login. All corporate data is on various shares and user's homes (i.e. personal data, configurations, etc) are "networked" so its accessible from any machine one authenticates on. Laptops will sync "homes" to the local drive such that any offline changes will be synced back to the server when next on the LAN. Home drive quotas are enforced to reduce sync time and discourage storing personal stuff on corporate servers. If appropriate Onedrive is encouraged for storing large amounts of personal data. Backup is all about the server farm and being able to quickly and reliably restore data to shares or replace failed VMs. In a small business environment we try to achieve similar by focusing data on servers or cloud services and just replace or rebuild user devices as necessary. If user accounts are local to the "personal" machine we will leverage client-server backup strategies but don't stress about a DRD apart from having something which can put the OS back, then put the core applications back, the backup client, the user account and finally user data. Small businesses tend not to buy desktops/laptops in batches so its generally not possible to have a common imaging USB and SCCM is rarely available. In general we have found that the time invested building and testing a specific DRD simply isn't worth it. Personal/Home machines ... that may be a different issue as you may have more motivation to have a DRD to recover your machine should it crash and burn. None the less, I've not had much success making it work when actually needed. I have wasted many hours trying to get it to work only to find that it would have been faster to just do a fresh install. The Windows 10 provided "Recovery" partition sort of encourages this strategy by restoring Windows and leaving your "personal" data in place, but that isn't going to work if the disk is dead. I recommend taking a similar/simplistic approach and focus on storing your data on reliable network storage or in the cloud, having a backup strategy for stuff on your machine, archiving your application installers so apps can be reinstalled and build a generic Windows 10 installer USB rather than a purpose built DRD. Its not just the Retrospect DRD, I've had issues with every alternative solution I've tried. For me the issue always stems from dissimilar hardware. Well may it be the same machine but in these situations its the HD or SSD which has needed replacement. All works when you restore to the original "disk" but minor changes like disk manufacturer or a 250G SSD rather than a 256G SSD tends to kill the restoration even before you get to "restore" the backup and you won't know this until you actually need to do it. Then you want to make it work, because you invested the time building the DRD in the first place and waste more time. I focus on my backup strategy and being comfortable with "typical" restores, then if/when disaster strikes a Windows box I just download the latest Windows 10 media from Microsoft and install from scratch, then move forward with apps, backup client and restore user data. Never encountered problems doing a clean install with standard install media.
  20. Seems that it takes an "over night" before any data appears, but its not very current. At least I now know my machines are actually talking to the Management Console. I've just scheduled a run once backup for now + 10min and although it ran no details have appeared in the console ... it still says the last backup was 19 hrs ago. Past Activities "may" list the backup activity but its hard to say as it doesn't show any dates. Backup Sets doesn't show any dates either so I can't see which was used when. What time zone does Retrospect Management Console work in? Is it a bit confused because my backup servers are running in +10 and its not dealing with "future" timestamps?
  21. My bad ... "office" is such a generic term which can mean anything from a Govt Department to a desk in the corner of the family room. You can also set a bios password on the machine and change the boot priority such that USB is perhaps not available but the point remains ... auto login to the "Desktop Experience" is a major minus for Retrospect for Windows as it effectively undermines all other security if physical access is gained. In the past I've had potential clients refuse to consider the product on that fact alone. After a while I moved on. I think part of the problem is documented here ... https://www.retrospect.com/en/support/kb/system_requirements_win17 The time to cut away legacy support has long passed ... move on. The list of supported Window OSes should be limited to Windows 10 and Windows Server 2016 and 2019. How much engineering effort is being wasted on limiting functionality/capability because it has to run on Vista, etc? Perhaps its a marketing thing ... need to have a bigger list of supported systems than the competition, but really ... who is the product being marketed to? New installations or at consumers who don't want to upgrade anyway? Not seen a new installation of Microsoft Windows SBS 2003 in a really long time. Yes I had one of them ... it even had a DVD Writer and a builtin VXA tape drive as target devices but both were replaced with removable 3.5" HDs. That system is long gone to ewaste. If support for legacy systems is required then put the effort into providing a suitable client such that customers can backup these legacy systems if they need to, but the "Backup Server" must be on a current OS. If a customer is still running Vista or Server 2003 and expects to be able to run Retrospect, then let them run the version which supported their OS. If the customer doesn't want to move on to a current OS then why should they expect to leverage features of the latest version of Retrospect? I'm presently getting my iMac replaced because it can't run Mojave (let alone Catalina or Big Sur) as Claris FileMaker 19 requires Mojave or later ... so out with the old and in with the new. FileMaker Server 19 for Windows now requires Windows Server 2016 or 2019, so Windows Server 2012 is now dead to me (although I do have a Govt client still using Windows Server 2008 and FileMaker 14). FileMaker Server 19 for MacOS similarly requires Mojave (hence the spare Mac mini as its stuck on FMS 18 on High Sierra). FileMaker Server used to support clients plus/minus 2 version but this is now moving to plus/minus 1 version and iOS clients must be running iOS 13 or later. FileMaker 19 is likely to be the last annual release as Claris is moving to a rolling quarterly release cycle of whatever new features/capabilities are ready. Licensing has been annual subscription for ages. In the past perpetual licences made it too easy to be left behind and this created support issues. Coincidently I had a client of 2004 call me last night as due to COVID he'd not used the app this year and had forgotten how to do something. Sorted the issue by referring to the documentation, but over the years he has been buying old Palm Pilots on eBay just to keep his system operational. Been using it almost daily since 2004 and it works for him so he has no motivation to change even though its unsupported. I'm pleased that a 16 year old custom development is still working but would have liked the opportunity to migrate him to an iPhone or iPad a long time ago. Would have saved him sourcing Palms and maintaining a legacy PC in his office just to sync data and process it. Things have changed since Vista ... its not my area of expertise but I suspect the road blocks which force Retrospect for Windows to require a "Desktop Experience" are legacy issues. Cut the list of supported OSes to only current OSes and the path may be clear to remove this limitation.
  22. I've just setup Retrospect Management Console and on the surface it looks pretty promising, however it doesn't appear to be updating. Presently I have 2 Windows Backup Servers on 2 different sites and have added both to the new Console but only 1 has uploaded any data and although backups have subsequently run the details have not appeared. The 2nd Backup Server says it has contacted Retrospect Management Console but the Console hasn't acknowledged this. How often does the Backup Server contact Retrospect Management Console? I read it was supposed to be at least hourly when idle and ever minute when actively performing backups. Does this work with existing servers or is it necessary to download the "installer" from Retrospect Management Console? Is there a plan for this to run on premise? On a VM hosted on ESXi, FreeNAS, Synology or QNAP?
  23. Hmmm ... I didn't provide details ... just that I'm using a HP Microserver. It lives in the server room with 2 others, a Synology NAS a FreeNAS host, 3 Mac minis, a Lenovo (with the same form factor), a Shuttle (with the same form factor) and a NUC running Zabbix. All are headless and none of which require physical access to manage on a day to day basis. The user desktops are in an open plan office. The Mac mini "size" machines all run FileMaker Server, be it on MacOS, Windows Server 2019, or CentOS. Just saying that the Retrospect for Windows box is the only one which requires a "Desktop Experience" in order to do its job.
  24. DavidHertzberg, Yes I followed your links and read the referenced material. Thanks for the recap. Nigel Smith, Its nice to be able to simply have services resume after a restart. Deploying updates either manually or have Microsoft do it, either way you have to login and start Retrospect. Same goes if the UPS shuts down the host ... when it comes back online you just want it to work. Sure you can set the machine to auto login and set Retrospect as a startup item but its not best practice to have machines auto logon. It depends on what you mean by "properly secured" ... for me, anything which does an auto login to a desktop environment is not "properly secured" its "insecure" by definition ... its like leaving the logon details on a note stuck to the screen. Having the machine in a locked room helps, but anyone with physical access could arrange for the machine to restart and then gain access to it as it would auto login and present the desktop. In my Office, Retrospect is installed on a HP Microserver which is headless. I control it via RDC and leave it running with a locked "desktop". Just saying that this configuration is not best practice ... just necessary given the application's design. Yes its been a long time since I seriously used Retrospect, and at the time I really thought it was best of breed. Been reading all the referenced material in order to catch up on whats happened and it appears that lots of history has occurred, but at the same time core features have not progressed at all. I've been using a Synology for backups ... its headless by nature and all administration is via a web interface. It has apps which can backup entire desktops, fileserver shares, etc, however I'm looking for a better way to backup FileMaker Server be it for MacOS, Windows or Linux. Based on previous experience I'm of the opinion that the Retrospect client is the most elegant solution and it will allow me to have a platform agnostic backup strategy. Presently I'm prepare to live with Retrospect for Window's need for a "Desktop Experience" as MacOS is more valuable to me for doing real work. Mind you I do have an old Mac mini which is stuck at High Sierra and no longer of much use so perhaps it and its attached Drobo could be repurposed.
  25. To be honest I've only just returned to using Retrospect ... long time user of the Dantz product but lost faith when EMC bought the product. Was hoping that there would have been some improvements in the Windows UI but it seems to be exactly as I remember it from v7.5 ... how sad. I was hoping that Proactive backups would be a faceless background service but you are telling me its still yet to be implemented? I'm sure the MacOS version is pretty and powerful but for backup I don't see the point of wasting a Mac on such a "service" when a Windows box will do. I feel the same about running FileMaker Server which is my main requirement for backups. Now that Claris are once again coming out with a Linux version of FMS (been nearly 10 years) I'm keen to get off Server 2019 and onto CentOS for hosting FileMaker on premise. Similarly it would be very nice if a Retrospect Backup Server could be built on CentOS, or perhaps on a Synology, QNAP or FreeNAS box.
  • Create New...