Configuration
Backups can be downloaded manually in WebAdmin menu System / Backup or uploaded automatically to a remote backup server on a daily base.
- Backups can only be restored on a system with the same major version,
excluding the patchlevel version. For example: If your system is on version
21.0.21004 (p21280), then you can import any backup created with version21.0.21004, no matter the patchlevel version - Backups which were created while or before a hardware failure could be inconsistent and should therefore not be used.
Content of a backup
Following data will be saved with the backup file:
- All settings made in WebAdmin
- Tickets
- Ticket-Templates
- Login pages and themes incl. custom extensions and custom translations
- License information
Creating a Backup
A backup can be created in the WebAdmin menu System / Backup. Click on download to create and save a backup file to your local computer. The filename contains the registration number, version, date and time of creation.
For example: YOUR_SYSTEM_2022012509_20220812155027_V21.0.21004.bkp
Encrypted Backups
Added in Version
v21.0 p21336Automated backups can be encrypted to store them safely on untrusted storages. Encrypting your backups also keeps you GDPR compliant as they contain PII (Personally Identifiable Information).
Choose one of these modes:
| Mode | File extension | Description |
|---|---|---|
| No encryption | xxxx.bkp | Unencrypted backup. Everyone with access to this file can extract it. |
| Encrypt with License | xxxx.bkp.li.enc | The final encryption key is derived with a secure KDF (key deriving function) from your license data. This keeps away the burden from you to store the key externally and our support will always be able to help you. |
| Encrypt with custom key | xxxx.bkp.ck.enc | If you need 100% control over your key you can set a custom key here. Note that it’s within your responsibility to store this key externally. If this key is lost, the backup cannot be restored anymore. |
Cryptographic properties
A modern and highly secure AEAD cipher is used (XChaCha20/Poly1305) with a 256bit key. It offers roughly the same level of security as an AES-256-GCM cipher but does not depend on CPU support to be fast. This cipher is nowadays also the default of SSH connections and one of the 5 cipher suites of TLS 1.3.
Restore a Backup
To restore a backup open the WebAdmin menu and navigate to System / Backup. Click Restore and browse for the backup-file on your local computer, then hit start.
- Please note that the major version of the backup and the target system must match.
- Perform system updates right afterwards, otherwise data can be inconsistent.
Restore on different hardware / new VM
A IACBOX license is bound to one of the available MAC addresses. If a backup is restored on a different/changed hardware or new VM the MAC addresses may have changed and the license will not be valid.
You can unlock a license yourself by logging into your partner portal, navigate to the overview of your licenses and then right-click on the according license and select unlock license. Afterwards manually perform the online registration, in WebAdmin menu System / License, to lock the license to the new system.
If you don’t have an account for our partner portal, please send an email to our support.
Restore encrypted Backups
Added in Version
v21.0 p21336To restore an encrypted backup choose the used encryption mode.
- Encrypted with license: Enter registration number and key
- Encrypted with custom key: Enter your secret key
If an encrypted backup needs to be restored on a fresh v21.0 you’ll first need to license and update your IACBOX to get the possibility to restore the encrypted backup.
Automatic remote backup
On the tab Remote Backup the automated, daily backup can be set up. Choose the backend type and enter all necessary credentials and settings for the wanted backup service. Immediatly after saving, a connection will be established and reports back if it worked. With a click on Start Remote Backup you can manually trigger a remote backup to verify that everything works just fine. After the backup has been sent the file listing should show the backup.
- If you have configured a weekly restart in System / Services, the restart will be delayed until the automatic backup has finished on that day.
- It’s suggested to set the automatic backup to a time at which there is low user activity on the system.
Optional backup content
These parts are optional because they only contain historic data which is not needed to restore a system and these logs can get quite big. If encryption is enabled this files are encrypted too.
- Connection tracking: All TCP and UDP connections with time, source and destination ip+port and volume
- HTTP Proxy logs: Connections passing the transparent proxy on port 80 and 8080
- Application Control logs: Historic data of applications used (max 14 days). This option is only visible when the Application Control module is licensed and active.
Supported protocols
| Protocol | Security | Description |
|---|---|---|
| FTP | Insecure | Plain unencrypted FTP. Use this protocol only in your local network or over tunnels. |
| FTPS | TLS | FTP over TLS. Secured FTP with the disadvantage that you need to manage a TLS certificate for your server if not already present. Self-signed certificates are possibe with a disabled certificate validation which gives you a secure but untrusted connection. |
| SFTP | SSH | SSH based file transfer protocol (do not confuse this with FTP* protocols) allows to have a secure and simple backup transport. A server with openssh installed suppports this out-of-the-box. |
| S3 | HTTPS | S3 (Simple Storage Service) invented by Amazon/AWS is now a well supported storage protocol. It’s also supported by many other cloud providers and works with local NAS or self hosted S3 apps like MinIO. S3 can be treated like any other HTTPS traffic and is based on established TLS security with x509 certificates. |