Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Backup Service protects your information at every stage, from initial backup to final deletion. Our approach includes encryption at rest, secure transmission, and protocols for irrevocable removal, safeguarding your data throughout its lifecycle.
Encryption at Rest involves encrypting data stored on physical media. It protects data from unauthorized access when the data is not actively being used.
Server-side Encryption: Uses AES-256 to encrypt data on storage devices, preventing unauthorized access outside the server.
Customer-Side Encryption: Enables customers to encrypt each backup plan using a password, which is then converted into an encryption key for the AES-256 encryption method. Neither Acronis nor IONOS stores the encryption key, and if you forget the password, the backups will be irretrievable.
For the same reason, backups cannot be exported using the Bulk Export procedure, as a password is required to download and decrypt each backup.
Backup Service encrypts all transferred data in real-time using secure protocols (HTTPS, TLS) and strong encryption algorithms. It ensures secure cryptographic key exchange with Diffie-Hellman and RSA.
Secure deletion is achieved by using customer-provided passwords for each backup.
If no password is set, data is still securely deleted when it leaves the Acronis's perimeter.
Acronis manages the physical infrastructure. When drives or equipment need repair or decommissioning, Acronis ensures complete data erasure from disks and internal memory according to NIST SP 800-88rev1. If erasure is not possible, equipment is physically destroyed to prevent data recovery.
Our technology partner Acronis will migrate two features from the regular backup service offering into two advanced packs from January 7th, 2025. The following are the key updates:
the feature Vulnerability Assessment will become part of the extension Advanced Management. Baseline Windows Vulnerability assessment will continue to be included with the regular backup service offering.
the feature Active Protection will become part of the extension Advanced Security.
Currently, both features are configuration elements in the standard Protection Plan that can be configured via the Backup Console.
The backup plans that were in place at the time of the transition and that have these features activated will remain valid and active. However, the respective feature will no longer be executed within the backup plan. If you would like to continue benefiting from the features after the transition, you need to add the desired advanced packs to your backup plan.
Each advanced pack is charged in addition to the regular backup service fee. Please refer to your respective price list for current prices.
Note: If your protection plan has Advanced Management or Advanced Security already enabled, you have no further actions for the respective feature that will be migrated into the correlated advanced pack. Once the feature is migrated into the already activated pack, it will be applied automatically.
If neither of these advanced packs is active on your protection plan, you are not consuming any additional security extension that comes with these advanced packs yet. It is not required to have both advanced packs enabled to use one of the two features affected by the change. Follow the steps to enable the required feature that will add the respective advanced pack to your account automatically:
Log in to the DCD with your credentials.
Follow the instructions to open the Backup Console.
In the left navigation bar, go to Management > Protection plans. This will show you the list of all protection plans currently configured in your account.
Select the protection plan you want to manage. This will open an Actions dialog at the right side of the screen.
Select Edit from the list of options. This will open the protection plan details in an editable mode.
To enable Vulnerability Assessment of 3rd party Windows applications again, go to Vulnerability Assessment, check that the slider is set so it is marked green, and click on the arrow next to the slider. Then, click on the list of elements applied to the Vulnerability assessment scope.
Select Windows third-party products if you want to re-enable this feature.
Click Done at the lower right of this dialog to confirm the setting.
You may see a notification pop-up that requests a confirmation for adding the Advanced Management pack to your account (if it is not activated yet). Confirm this dialog to activate the Advanced Management pack.
Press Save on the top of the details settings dialog or continue with enabling Active Protection if required.
To enable Active Protection again, go to Antivirus & Antimaleware protection, and check that the slider is set so it is marked green. Click on the arrow next to the slider and click on Off next to the entry Active Protection.
Activate Active Protection by setting the slider so it appears green. This will provide you a set of actions that shall be applied in case of suspicious activities are detected. Select the option that fits your needs.
Click Done at the lower right of this dialog to confirm the setting.
You may see a notification pop-up that requests a confirmation for adding the Advanced Security pack to your account. Confirm this dialog to activate the Advanced Security pack.
Press Save at the top of the details settings dialog to save the configuration or continue with enabling Vulnerability Assessment of 3rd party Windows applications if required.
Result: Once you have re-enabled one or both features in the protection plan, the change will be applied to all devices that have this protection plan assigned. If the features had been activated in multiple protection plans you need to repeat the steps for each protection plan individually.
IONOS works with Acronis, a special provider specializing in backup and recovery solutions.
Backups can be set up in three ways:
1) Automatically (before provisioning new servers).
2) Semi-automatically (during deployment of multiple servers).
3) Manually (adding a backup solution to an existing server).
The DCD's Backup Unit Manager creates, manages, and saves server data in the Backup Units. Furthermore, you can also assign names and passwords to the units. The external Backup Management Console enables you to manage your backups and their schedules. You can log in to the console with the username and password specified in the Backup Unit Manager.
To create backups for a server, install a backup agent that communicates with the backup system and assigns backups to the respective Backup Unit.
The communication between the server, backup agent, and backup system requires an internet connection. Backups are charged per Backup Unit; hence, they are compressed before storage to reduce expenses.
IONOS Cloud Backup Service is a fully integrated backup function offering secure data storage in IONOS Cloud data centers for all data backup application scenarios. Consult our user guides, reference documentation, and FAQs to support your hosting needs.
Our technology partner Acronis will migrate two features from the regular backup service offering into two advanced packs from January 7th, 2025. We have summarized the key updates for you here:
the feature Vulnerability Assessment will become part of the extension Advanced Management. Baseline Windows Vulnerability assessment will continue to be included with the regular backup service offering.
the feature Active Protection will become part of the extension Advanced Security.
For additional information, refer to the Changes to Acronis Backup Offering documentation.
Create data backups within the Data Center Designer.
Manage Backup Units with an external application.
Learn how to encrypt your backups.
A graphical user interface, the Backup Management Console, is available for managing your backups. Therein, you can organize your backups and backup plans, activate backup agents, and generate tokens.
The Backup Management Console only allows you access to Backup Units for which you are authorized. The login is possible at one click (single sign-on) directly from the DCD, or manually using the corresponding URL provided you know the login credentials of the required Backup Unit.
The Backup Management Console is available in 25 languages.
Prerequisites: Make sure you have the appropriate permissions and that your browser allows popups. Only contract owners, administrators, or users with the Create Backup Units privilege can use the Console. Other user types have read-only access.
Start from the DCD Menu > Storage by selecting the required Backup Unit in Backup Console:
Alternatively, go to Menu > Storage > Backup Unit Management
Finally, you may enter the following URL: https://backup.ionos.com and the credentials set when the Backup Unit was created.
The Backup Management Console is created. You can now manage the backups and backup plans of the selected Backup Unit or add further devices.
The Backup Management Console provides detailed information and instructions on installing backup agents and managing backups.
1 - Acronis Web Help 2 - IONOS Cloud User Guide
After provisioning, you may open the Backup Management Console and check the registration of the VM and the activation of automated backups.
You may run a backup right away:
The backup system sends out a status report e-mail regularly:
You may change the default backup schedule at any time.
It is possible to set up automated backups on an existing server, even on servers that have been provisioned with images other than IONOS. The details of the procedure depend on the operating system used.
Prerequisites: Make sure you have the appropriate privileges. Only contract owners, administrators, or users with the Create Backup Unit privilege can set up automated backups. Other user types have read-only access and can't provision changes.
1. If no Backup Unit is available, create one.
2. Connect to the required server.
3. Open the Backup Management Console.
4. Download the backup agent for your OS.
5. Install the backup agent and follow the instructions.
6. If this has not been done automatically, register the backup agent in the Backup Management Console using the code generated during installation.
7. Enable backups for the VM.
Automated backups are set up according to the default backup schedule. You may run a backup right away and change the default backup schedule at any time. The backup system sends out a status report e-mail regularly.
1. Create a Backup Unit if none is available.
2. Download the backup agent in the Backup Management Console.
3. Select Add > Add Devices
4. Start the installation process and follow the instructions of the installation wizard.
5. In the Backup Management Console, register the VM with its backup agent.
The VM is registered. Now, you can enable backups for the VM.
Automated backups have been set up for the selected VM.
The Backup Management Console provides detailed information and instructions on installing backup agents and managing backups.
1 - Acronis Web Help 2 - IONOS User Guide
Setting up automated backups requires the creation of Backup Units in which the backups of a group of servers are contained.
You will need to assign a unique Name and a Password for each Backup Unit. The Backup Unit is generated in the following format: <Contract number>-Name, for example: 31898953-Backup001.
Backup Units can be shared with other Users and Groups like other resources.
Prerequisites: Make sure you have the appropriate privileges. Only contract owners, administrators, or users with the Create Backup Units privilege can create a backup unit. Other user types have read-only access and can't provision changes.
1. Open the Backup Unit Manager: Menu > Storage > Backup Unit Management.
2. Click + Create to create a new Backup Unit.
3. In the dialog, enter a unique Name, a Password, and an E-mail address to which the backup systems may send status reports.
4. Confirm your entries by clicking Create Unit.
The Backup Unit is now created and added to the list on the right inside of the Backup Unit Manager.
If you no longer need a backup unit and its backups, you can delete them to save costs and space. Deleting a Backup Unit also deletes all backups it contains.
When you delete a server and its storage devices or an entire data center, their backups are not deleted automatically. Only when you delete a Backup Unit will the backups it contains be deleted, too.
If you no longer need the backups of deleted VMs and want to save costs, you need to delete them manually in the Backup Management Console.
1. Open the Backup Unit Manager: Menu > Storage > Backup Unit Management.
2. Select the required Backup Unit. Click Delete.
3. In the dialog that appears, confirm your action by entering your Password and clicking OK.
The selected item is deleted and cannot be restored. The Backup Unit and the backups it contains are deleted.
The automatic setup of backups can only be applied to new servers prior to their first provisioning with an image provided and supported by IONOS. The default backup schedule may be changed any time after installation.
Prerequisites: Make sure you have the appropriate privileges. Only contract owners, administrators, or users with the Create Backup Units and Create Internet Access privilege can create a backup unit automatically. Other user types have read-only access and can't provision changes.
1. Create a new Server in the DCD.
2. Add a boot drive to the Server.
3. Select an IONOS image: Inspector > Images > IONOS Images.
4. In the Backup Unit field, select a backup unit to which you wish to assign the server.
Alternatively, When no Backup Unit is available, you may create one.
5. Inspector > Backup Unit > + Create Backup Unit and assign it to the server.
6. When a Backup Unit is chosen, the Initialize Backup window opens. Click OK to finalize.
Once the Backup Unit is chosen for your Server, you can continue by adding Internet access or further modifying the DCD.
7. When ready, Provision Changes.
The server is provisioned, the backup agent is installed and the default backup plan activated.
The Backup Service includes features that cover most of the cyber security threats. You can use these features without an additional fee. In addition, you can enable advanced features to boost the protection of your workloads. The Advanced protection features appear in protection plans marked with the Advanced feature icon:
If at least one feature is enabled from an Advanced pack, you will be charged for the corresponding Advanced protection pack for each workload (a virtual machine, a server or a workstation).
Protects your workloads continuously and ensures that even last-minute changes of your work will not be lost.
One-click recovery
Continuous data protection
Backup support for Microsoft SQL
Server clusters and Microsoft Exchange clusters – Always On Availability Groups (AAG) and Database Availability Groups (DAG)
Backup support for MariaDB, MySQL, Oracle DB, and SAP HANA
Data protection map and compliance reporting
Off-host data processing
Remote operations with bootable media
Protects your workloads continuously from all malware threats.
Antivirus and antimalware protection with local signature-based detection (with realtime protection)
Exploit prevention
URL filtering
Endpoint firewall management
Forensic backup, scan backups for malware, safe recovery, corporate allowlist
Smart protection plans (integration with CPOC alerts)
Centralized backup scanning for malware
Remote wipe
Microsoft Defender Antivirus
Microsoft Security Essentials
Allows you to patch vulnerabilities on the protected workloads.
Patch management
Disk health
Software inventory
Fail-safe patching
Cyber Scripting
Remote assistance
File transfer and sharing
Selecting a session to connect
Observing workloads in multi-view
Connection modes: control, observe, and curtain
Connection via the Quick Assist application
Remote connection protocols: NEAR and Screen Sharing
Session recording for NEAR connections
Screenshot transmission
Session history report – 24 monitors
Threshold-based monitoring
Anomaly-based monitoring
The Managed Backup name is changed to Backup Service to standardize our product terminology. Previously, it was referred to as Managed Backup, Backup as a Service, or Backup by Acronis across different platforms. This new unified name ensures consistency in our communications and branding, service calalog and pricelist.
In the , the product resides under Storage > Backup Service (previously named as Backups).
In the , the name changed from Backup as a Service to Backup Service.
In the , the product is renamed from IONOS Cloud Backup to Backup Service.
Metering descriptions in the billing API call that returns a stay intact. For example, 30d per 1GB Backup Storage for Win. or Linux Server Backup.
In the , the product is renamed from Backup units to Backup Service.
Rest assured, the service itself remains unchanged.
Ensure that the following firewall rules are configured to allow the backup agent to communicate effectively:
The availability of our data centers is 99.95%. The maximum number of maintenance hours is four in three months.
Our entire storage system ensures maximum redundancy for all hardware components. All storage volumes are replicated synchronously on additional storage servers, which are physically located in separate fire zones of the same modular data center. Additionally, all communication connections and devices are implemented with a minimum of single redundancy protection. In the event of a physical failure of a server with a VM, the VM restarts on another physical server.
You can create snapshots or backups of your storage within the Data Center Designer.
Reliable performance and security are ensured, to a large extent, by storing the data in duplicate, meaning in two separate zones of the data center. Reliability and security would only be marginally improved by mirroring mass storage devices, such as RAID 1.
Striping with RAID 0, or using RAID 5 to boost speed and reliability, would also have hardly any effect; the same holds true for DRBD storage systems.
We do not recommend striping as it interferes with additional security measures that we apply in order to ensure data integrity over parallel storage blocks.
To enhance the integrity of your data, consider using the ZFS file system.
Under its Managed Services offering, IONOS Cloud regularly updates the entire Backup service platform and the corresponding Backup Agent. To avoid compatibility issues, we recommend regularly updating the Agent software on your VMs, workstations, or other backed-up devices. You can either use the Console to update the agents individually or set an automatic update for all machines.
If your Agent is already set to automatically update during the default maintenance window, you have to take no further action. However, if you have disabled the automatic update option, you should arrange for your Agent to be updated either manually or during maintenance. Otherwise, the software might cause compatibility issues in the future.
Note: To find the Agent version for a particular machine, under All devices select the machine, and then click on the Details icon. A tab will expand from the right, showing the device’s Agent version.
Prerequisites: Updating to a new version of the software requires VM disk space. Please ensure that you have at least 5 GB left on the VM volume, otherwise the update might fail.
When an Agent is out of date, the system will provide a small alert under Settings. The circled number shows how many Agents require updating.
In the DCD, go to Storage > Backup Console, and log in to one of the backup consoles in the list.
In the backup console, go to Settings > Agents. The software displays the list of machines. The machines with outdated agent versions are marked with an orange exclamation mark.
Select the machines that you want to update the agents on. The machines must be online.
Click Update Agent for an individual machine or Update all outdated Agents for all machines.
In the Update agent window, click Update.
You will be notified that the process has started. The selected machines will be updated with the current Agent version.
Note: During the update, any backups that are in progress will fail.
In the Backup Service web console, go to Settings > Agents. The software displays the list of machines. The machines with outdated agent versions are marked with an orange exclamation mark.
Select the machines that you want to update the agents on. The machines must be online.
Activate the Automatically update agents tab. This aligns the update with IONOS Cloud’s regular maintenance.
Activate Maintenance window and set a timeframe below.
Click Apply. The selected machines will be updated regularly with the current Agent version during the chosen timeframe.
Acronis Backup Agent facilitates the backup and recovery of data on Linux systems. It allows users to protect and restore their data efficiently. The Acronis Agent is installed on individual machines and servers to enable seamless integration with the Acronis Backup infrastructure, providing features such as scheduled backups, recovery options, and data protection in various environments.
Ensure that you have the following:
Appropriate permissions for installation.
Your browser allows pop-ups.
A backup unit to download the installer.
Internet connectivity for the Virtual Machine (VM) and all its ports are open:
Only contract administrators, owners, and users with the Create Backup Units privilege can use the Backup Console.
For Ubuntu and Debian, update the package list using:
sudo apt-get update
For CentOS, Rocky, and Alma, update the package list using:
sudo yum makecache
Make sure to install wget using either of these:
sudo yum install wget
sudo apt install wget
In the DCD, go to Menu > Storage > Backup Console.
Select a backup unit from the drop-down menu for which you want to download the backup agent installer.
In Add Devices window, scroll down to SERVERS and then select Linux.
Note:
You can cancel the download if you only need the URL.
Open the Download Folder on your browser and copy the link address. Delete everything after .bin to get the download URL directly. Now you can use the URL to download the backup agent installer on your target machine. Example: wget https://backup.profitbricks.com/download/u/baas/x.0/<agent-version>/name_of_your_agent.bin
Result: The Backup Agent Installer is now downloaded.
To make the downloaded binary file executable, use:
chmod u+x name_of_your_agent.bin
Run the installer file by executing the following command:
./name_of_your_agent.bin
The Acronis Agent setup will now be initiated. Select the components that you want to install from the Component Selection list. You can choose Agent for Linux and then select Next.
To install the required packages automatically, select Continue; otherwise, select Skip.
The installation of the required packages will begin.
Once the installation is completed, a prompt to register the machine will be displayed. To get the registration information, select Show registration info and hit Enter.
You will see a Registration link and a Registration code. Use the Registration Code to register a machine in the Backup Console.
To register a machine in the console devices, go to console DEVICES > + Add > REGISTRATION VIA CODE. Click REGISTER.
Result: The Backup Agent is now installed and registered in the console devices.
The installation of Acronis Backup Agent, for which you do not need to select options or provide input for each step, you can use either of the following methods:
For unattended installation, you need to generate a token first:
In the Backup window, go to DEVICES and click +Add.
Scroll down to REGISTRATION TOKEN > GENERATE.
Run the following command:
./name_of_agent.bin -a --rain="https://backup.xyz.com" --token=XXXX-XXXX-XXXX
Result: The installation will be completed using token and without being prompted for additional information.
Run the following command:
./name_of_agent.bin -a --rain="https://backup.xyz.com" --login=contractnumber- backupunitname --password=xxxxx
Result: The installation will be completed using backup unit credentials and without being prompted for additional information.
By default, the Backup Service uses AES-256 server-side encryption for storage devices, preventing unauthorized access outside the server. This document describes how to apply customer-side AES-256 encryption to a protection plan using a password.
Prerequisites:
Make sure that your browser allows popups.
Only contract owners, administrators, or users with the Create Backup Units privilege can manage Backup Units.
In the DCD, go to Menu > Storage and select the required Backup Unit in Backups:
Backup encryption can be enabled only during creation of the new protection plan.
Navigate to MANAGEMENT > Protection plans.
Click on the + Create Plan in the right pan.
Click on the Specify password link in the Encryption section.
Enter a strong encryption password and confirm it to ensure there are no typos. Make sure to store this password securely, as it will be required to restore the backups.
Configure any additional settings for your protection plan.
Assign this protection plan to your devices.
Result: The backups are encrypted with the specified password, ensuring that the data is secure and can only be restored using this password.
Note: Backup agents on your devices encrypt data locally before sending it to the Backup Service. If you lose your encryption password, you won't be able to restore your data. Store this password securely.
Tutorial: Learn how to within the DCD.
A Backup window will open up with the . Go to DEVICES > +Add.
To allow downloads on the , confirm your action by selecting Allow.
Management servers
85.215.127.12
85.215.127.13
85.215.127.14
85.215.127.15
TCP ports 443 and 8443 are used to access the service console, register the backup agents, download the certificates, obtain user authorization, and download files from the cloud storage. The backup agents use the whole range from 7770-7800 to communicate with the management server.
Storage servers
85.214.7.152
85.214.7.153
TCP port 44445 is used by backup agents for data transfer during backup and recovery.
Management servers
85.215.127.12
85.215.127.13
85.215.127.14
85.215.127.15
TCP ports 443 and 8443 are used to access the service console, register the backup agents, download the certificates, obtain user authorization, and download files from the cloud storage. The backup agents use the whole range from 7770-7800 to communicate with the management server.
Storage servers
85.214.7.0/24
85.215.126.0/24
TCP port 44445 is used by backup agents for data transfer during backup and recovery.
