Configuration
- It’s highly recommended to make automated daily backups. In case of data loss or hardware damage this allows to reinstall and restore within < 30 minutes.
- Backups can only be restored within the same major version.
- Backups created during or leading up to hardware failure could be inconsistent and should therefore not be used.
Backups can be created and restored both locally or via a remote server in the WebAdmin System / Backup menu.
Both manual and automatic backup creation can be set up.
Supported protocols
| Protocol | Security | Description |
|---|---|---|
| FTP | Insecure | Plain unencrypted FTP. Use this protocol only in your local network or over tunnels. |
| FTPS | TLS | FTP over TLS. Secured FTP with the disadvantage that you need to manage a TLS certificate for your server if not already present. Self-signed certificates are possibe with a disabled certificate validation which gives you a secure but untrusted connection. |
| SFTP | SSH | SSH based file transfer protocol (do not confuse this with FTP* protocols) allows to have a secure and simple backup transport. A server with openssh installed suppports this out-of-the-box. |
| S3 | HTTPS | S3 (Simple Storage Service) invented by Amazon/AWS is now a well supported storage protocol. It’s also supported by many other cloud providers and works with local NAS or self hosted S3 apps like MinIO. S3 can be treated like any other HTTPS traffic and is based on established TLS security with x509 certificates. |
Content of a backup
Following data will be saved with the backup file:
- All settings made in WebAdmin
- Tickets
- Ticket-Templates
- Login pages and themes incl. custom extensions and custom translations
- License information
Create / Restore a Backup
All Backup actions can be found in the WebAdmin System / Backup Menu.
Download will create and download a backup locally while Remote Backup will send the created backup file to a fileserver right away.
The file is compressed and the filename contains the registration number,version, date and time of creation.
For example: YOUR_SYSTEM_2022012509_20220812155027_V21.0.21004.bkp
To restore a backup, select it via the upload file selector and if applicable, choose the encryption method that was used to create the backup and click on Restore Backup.
Restore on different hardware / new VM
A IACBOX license is bound to one of the available MAC addresses. If a backup is restored on a different/changed hardware or new VM the MAC addresses may have changed and the license will not be valid.
You can unlock a license yourself by logging into your partner portal, navigate to the overview of your licenses and then right-click on the according license and select unlock license. Afterwards manually perform the online registration, in WebAdmin menu System / License, to lock the license to the new system.
If you don’t have an account for our partner portal, please send an email to our support.
Encrypted Backups
Added in Version
v21.0 p21336Automated backups can be encrypted to store them safely on untrusted storages. Encrypting your backups also keeps you GDPR compliant as they contain PII (Personally Identifiable Information).
Choose one of these modes:
| Mode | File extension | Description |
|---|---|---|
| No encryption | xxxx.bkp | Unencrypted backup. Everyone with access to this file can extract it. |
| Encrypt with License | xxxx.bkp.li.enc | The final encryption key is derived with a secure KDF (key deriving function) from your license data. This keeps away the burden from you to store the key externally and our support will always be able to help you. |
| Encrypt with custom key | xxxx.bkp.ck.enc | If you need 100% control over your key you can set a custom key here. Note that it’s within your responsibility to store this key externally. If this key is lost, the backup cannot be restored anymore. |
Cryptographic properties
A modern and highly secure AEAD cipher is used (XChaCha20/Poly1305) with a 256bit key. It offers roughly the same level of security as an AES-256-GCM cipher but does not depend on CPU support to be fast. This cipher is nowadays also the default of SSH connections and one of the 5 cipher suites of TLS 1.3.
Restore encrypted Backups
Added in Version
v21.0 p21336To restore an encrypted backup choose the used encryption mode.
- Encrypted with license: Enter registration number and key
- Encrypted with custom key: Enter your secret key
If an encrypted backup needs to be restored on a fresh v21.0 you’ll first need to license and update your IACBOX to get the possibility to restore the encrypted backup.
Automatic remote backup
On the tab Remote Backup the automated, daily backup can be set up. Choose the backend type and enter all necessary credentials and settings for the wanted backup service. Immediatly after saving, a connection will be established and reports back if it worked. With a click on Start Remote Backup you can manually trigger a remote backup to verify that everything works just fine. After the backup has been sent the file listing should show the backup.
- If you have configured a weekly restart in System / Services, the restart will be delayed until the automatic backup has finished on that day.
- It’s suggested to set the automatic backup to a time at which there is low user activity on the system.
Optional backup content
These parts are optional because they only contain historic data which is not needed to restore a system and these logs can get quite big. If encryption is enabled this files are encrypted too.
- Connection tracking: All TCP and UDP connections with time, source and destination ip+port and volume
- HTTP Proxy logs: Connections passing the transparent proxy on port 80 and 8080
- Application Control logs: Historic data of applications used (max 14 days). This option is only visible when the Application Control module is licensed and active.