The configuration of the backups (data backup) is determined by the administrator backuser and the execution is also carried out via this role.
Independent of the settings for backup targets and encryption, the backup files always are additionally saved locally on the TightGate-Pro in the directory /home/backuser/backup of the administrator backuser unencrypted. They remain there until they are either manually deleted or the expiry date is reached.
USB mass storage devices or backup servers located in the network can be selected as additional storage locations. In addition to the time-controlled call, the creation of backups can also be triggered manually via the menu item Backup, whereby the settings made in the configuration menu are applied.
If backups are to be transferred manually, please note the information in the FAQ on TightGate-ProHow can I transfer backups manually?
Here's how
Menu item | Description |
---|---|
Lifetime | The lifetime of a backup is specified as an integer between 0 and 60. It describes after how many days the files are automatically deleted from the local directory /home/backuser/backup of the TightGate-Pro server. Here, 0 means that every previously stored backup is deleted. This mechanism only applies to local backups on TightGate-Pro. If backups are stored on external servers or storage media, other measures must be taken to delete obsolete data. |
Frequency | For the time-controlled creation of data backups, you can set whether the cycle should be Daily, Weekly, Monthly (at 4 a.m. each day) or Individual. Within the scope of the individual settings, the day of the week, hour and minute (5min window) can be precisely determined, whereby more than one selection is possible. |
Backup type | The backup type decisively determines which data can be restored later. To facilitate the selection, see the following Overview. |
Backup Extra Name | A specific name for this TightGate-Pro (node) can be used here. Adding the specific name changes the naming of the backup for this server from back-date to back-extraname-date. |
Import SSH key | Import the SSH key for the backup server to be able to upload backups via SCP or SFTP. Please note that the key must first be stored in the "Keys" directory of the administrator backuser . |
Log files are created for subsequent analysis of automatic backup runs. These can be viewed via the menu item Show last log. No log is created for manually triggered backup runs.
In addition to the local backup on TightGate-Pro, it is recommended to store an additional backup on a remote server or a USB storage medium.
This is required
This is how it works
Recommendations from m-privacy GmbH
To save a backup to a USB hard disk, some preliminary work is necessary. First, a label name must be assigned for the USB hard disk.
If several hard disks are used, they must all be given the same label name. Each USB hard disk must be formatted with the ext (extended) file system for use with TightGate-Pro Server. Since this is a Linux-based file format, the following instructions for preparing the hard disks refer to a Linux distribution. After preparing the hard disks (see below), set up TightGate-Pro Server.
The following steps require logging in as backuser . In the menu configuration the following operations are to be carried out:
It is recommended to check the correct data backup on the USB hard disk manually.
For hard disk preparation under Linux, root -rights are required. The following steps are carried out on the console.
To perform the following actions and commands, you need administrator access (root rights). For the following actions, please open a console.
Partitioning the USB hard disk
Please create a partition that is of the type Linux:
fdisk /dev/sdb*
*please specify the exact drive name (usually sdb).
Then perform the following actions:
- p (display the current partition table)
- d (delete the partition)
- n (create the partitions)
- w (write the table and quit fdisk)
Formatting and Partitioning the USB Hard Drive
To format the hard disk, enter the following command:
mke2fs -j -L TG-Backup /dev/sdb1*
*please specify the exact partition (usually sdb1)
ATTENTION: In case several hard disks are used, they must all have the same label name!
Switch off hard disk check
Please switch off the hard disk check for the USB hard disk with the following command:
tune2fs -i 0 /dev/sdb*.
*please enter the exact drive name (usually sdb)
To protect data backups on external media from unauthorised access, we recommend encrypting the backups with GnuPG.
This is how it works
Hint:
For the individual backup types, a new complete backup with different scope is written in each case. The following table describes the scope of the respective backup types:
Type / scope | System configuration | Bookmark archive | User IDs | User profiles | User profiles (optimised) | Transfer directories |
---|---|---|---|---|---|---|
System only | X | – | – | – | – | – |
System, bookmark archive | X | X | – | – | – | – |
System, user, bookmarks | X | X | X | – | – | – |
System, user, no transfer | X | X | X | X | – | – |
System and user data | X | X | X | X | X | X |
System, ben., opt., no transfer | X | X | X | – | X | – |
System, user data optimised | X | X | X | – | X | X |
Basically, the backup does not include:
Legend:
System configuration
Backup of system configuration (network connections, proxy etc.) to restore TightGate-Pro. No user IDs or profiles are backed up.
Bookmark archive
Backup of the bookmark archive to restore bookmarks for individual user IDs.
In order for the bookmark archive to be saved in the backup, the administrator config must be switched on under System Preferences > Bookmark Archive = Yes and the number of days a bookmark is to be kept in the archive must be specified under System Preferences > LZ Archive Lifetime.
User IDs
Backup of user IDs, including user attributes such as (transfer authorisation, audio, clipboard etc.) as well as login data (passwords, certificates etc.).
User profiles
Backup of the complete user profiles.
User profiles (optimised)
Backup of an optimised version of the user profiles, which only contains the usual data to be able to restore a user from a backup.
Transfer directories
Backup of the complete transfer directories of all users.