Vi værdsætter dit privatliv

Vi bruger cookies til at tilpasse din brug af vores websted. Dette omfatter tredjepartscookies, som vi bruger til annoncering og analyse af websteder. Se vores Erklæring om beskyttelse af personlige oplysninger og Politik om cookies for at få flere oplysninger om, hvordan vi indsamler og bruger data.

Cookie-indstilling
OK
Videnscenter

Back up personal computers

To back up Windows PC and Mac computers, you will need to install a dedicated agent on each endpoint to facilitate the backup process. ActiveProtect allows you to simultaneously deploy multiple endpoints, meeting large-scale implementation requirements.

How backup works

ActiveProtect employs image-based backup, providing the flexibility to back up an entire system or specific volumes.

Windows PC backup

ActiveProtect uses Windows Volume Shadow Copy Service (VSS) to ensure that backups are consistent and accurate by taking snapshots of the data before backing up. The use of snapshot and bitmap comparisons enables incremental backups.

The ActiveProtect agent does the following to create backups from snapshots:

  1. Once a protection plan starts, the ActiveProtect agent sends a request to the Windows operating system to generate a built-in snapshot in the form of a new LUN using the default VSS provider.
    If the VSS provider can't create the snapshot, the ActiveProtect agent will resort to generating the snapshot using the system's default VSS provider. Learn more about Volume Shadow Copy Service (VSS) and its limitations
  2. The snapshot LUN created connects to the computer where the ActiveProtect agent is installed to complete the VSS process and record storage metadata.
  3. The ActiveProtect agent reads the snapshot LUN and transfers data from the computer to the ActiveProtect appliance.
  4. The ActiveProtect agent completes the backup process and deletes snapshot metadata from the device.

Mac backup

ActiveProtect leverages the Apple File System (APFS) snapshot and replication technology to provide point-in-time consistent backups and block-level incremental backups.

Limitations on a Mac

When ActiveProtect performs a backup, Apple Software Restore (ASR) data is first processed through a block driver before going through the ActiveProtect agent kernel extension. To achieve optimum speed and performance, read/write operations between these spaces should ideally go uninterrupted.1.png

By Apple's design, in ASR, reads must be performed on a certain amount of data before the backup data can be written. Thus, read operations are heavily involved in the backup process and responses can be obtained from any of the following three locations in this order:

  1. Return from the Kernel Space (Response time: 10 μs)
  2. Return from the User Space (Response time: 100 ms)
  3. Return from the ActiveProtect appliance (Response time: 10 s)

This means that if a read operation doesn't get any hits from either the Kernel or User Spaces, then the request will go directly to the ActiveProtect appliance, which will result in a longer overall response time and delay of the backup process.2.png

Optimizing ActiveProtect for macOS

To process read requests as quickly as possible, we implemented read-before-write technology to check the value of a data block before modifying it. To do this, we used bitmap indexing for the Kernel Space. A bitmap index is an array of binary data that is used to record whether or not a space has already been written to.

The bitmap index helps the system easily find out which blocks already have data on them and which don't. The system can then quickly reply with the "empty" data blocks, helping the backup process go more smoothly and cutting down on the time it takes to finish.

In conclusion, we were able to overcome Apple's limits through rigorous trial and error during development, allowing us to create a backup solution for macOS that exceeds expectations and surpasses rival programs, including Mac's very own built-in services.

Authentication

In ActiveProtect Manager (APM) you can configure connect keys, used as templates, to automatically establish connections between agents and backup servers at their chosen site. These connect keys also automate the application of the respective protection plan, ensuring a smooth backup process.

When adding a physical device to APM, it needs to go through the following steps:

  1. The client connects to the management server using the connect key and server information via port 443.
  2. Upon verification, the client receives backup destination connection and authentication details from the management server.
  3. The client uses this information to authenticate and connect to the backup destination.
  4. The client receives backup destination and protection plan information.
  5. Workload information syncs with the management server.3.png

Certificate

The agent initiates the connection with the management server to obtain backup server connection details. The following validation process for both the client and backup appliance involves the use of a certificate:

  1. The agent connects to the management server via port 443.
  2. Upon authentication, the agent receives the backup destination's IP or external access list and the certificate generated by APM.
  3. The agent connects to the backup destination via port 8443 using the IP list and APM certificate.
  4. The agent receives backup destination and protection plan information.4.png

Data Deduplication

ActiveProtect uses global source deduplication to optimize data transfer and reduce backup duration. You need to install APM's dedicated agents on each endpoint to run backups.

Changed Block Tracking (CBT)

Changed Block Tracking (CBT) is an incremental backup technology widely used in various backup solutions. Incremental backup specifically backs up data that has been modified or created since the latest backup. CBT enhances incremental backups by capturing only the altered data blocks instead of backing up the entire dataset, saving both time and resources. Consequently, the backup data transfer size, which is the amount of data transmitted through the backup application, is significantly smaller than the original data size on the backup source.

ActiveProtect has included this feature into its architecture for backing up PCs/Macs, physical servers, and virtual machines. It employs forever-incremental backup for each backup task, ensuring a maximum number of available backup versions while minimizing storage usage for backup retention. This is achieved by selectively backing up only the modified data following a full backup.5.png

Deduplication processes

During a backup, ActiveProtect captures a snapshot of the device being backed up. Then, it compares the current device's data with the data stored on the backup appliance. The agent identifies and excludes duplicate files, only uploading those that haven't been previously backed up.6.png

In this section

Download PDF
How backup works
Windows PC backup
Mac backup
Authentication
Certificate
Data Deduplication
In this section