ACRONIS Cyber Protect Cloud 23.07 User manual

Cyber Protection

23.07

R E V I S I O N : 7 / 2 1 / 2 0 2 3

User Guide

acronis.com

Table of contents

Getting started with Cyber Protection 18

Quick start guide 18

Activating the account 18

Password requirements 18

Two-factor authentication 18

Privacy settings 20

Accessing the Cyber Protection service 21

Software requirements 22

Supported web browsers 22

Supported operating systems and environments 22

Supported Microsoft SQL Server versions 28

Supported Microsoft Exchange Server versions 28

Supported Microsoft SharePoint versions 29

Supported Oracle Database versions 29

Supported SAP HANA versions 29

Supported MySQL versions 29

Supported MariaDB versions 29

Supported virtualization platforms 30

Compatibility with encryption software 37

Compatibility with Dell EMC Data Domain storages 38

Supported protection features by operating system 39

Supported operating systems and versions 39

Supported file systems 47

Installing and deploying Cyber Protection agents 51

Preparation 51

Step 1 51

Step 2 51

Step 3 51

Step 4 51

Step 5 52

Step 6 53

Which agent do I need? 53

Agent-based and agentless backup 57

Which backup type do I need? 57

System requirements for agents 57

2 © Acronis International GmbH, 2003-2023

Linux packages 60

Are the required packages already installed? 60

Installing the packages from the repository 61

Installing the packages manually 62

Proxy server settings 63

In Windows 63

In Linux 65

In macOS 66

In bootable media 67

Installing protection agents 67

Downloading protection agents 67

Installing protection agents in Windows 67

Installing protection agents in Linux 70

Installing protection agents in macOS 72

Granting the required system permissions to the Connect Agent 73

Changing the logon account on Windows machines 75

Dynamic installation and uninstallation of components 76

Unattended installation or uninstallation 77

Unattended installation or uninstallation in Windows 77

Unattended installation or uninstallation in Linux 84

Unattended installation and uninstallation in macOS 89

Registering and unregistering workloads manually 99

Passwords with special characters or blank spaces 103

Changing the registration of a workload 103

Autodiscovery of machines 104

Prerequisites 104

How autodiscovery works 104

How remote installation of agents works 106

Autodiscovery and manual discovery 107

Managing discovered machines 111

Troubleshooting 112

Deploying Agent for VMware (Virtual Appliance) 113

Before you start 113

Deploying the OVF template 114

Configuring the virtual appliance 114

Deploying Agent for Scale Computing HC3 (Virtual Appliance) 117

Before you start 117

3 © Acronis International GmbH, 2003-2023

Deploying the QCOW2 template 118

Configuring the virtual appliance 119

Agent for Scale Computing HC3 – required roles 121

Deploying Agent for Virtuozzo Hybrid Infrastructure (Virtual Appliance) 122

Before you start 122

Configuring networks in Virtuozzo Hybrid Infrastructure 123

Configuring user accounts in Virtuozzo Hybrid Infrastructure 124

Deploying the QCOW2 template 126

Configuring the virtual appliance 127

Deploying Agent for oVirt (Virtual Appliance) 130

Before you start 130

Deploying the OVA template 131

Configuring the virtual appliance 132

Agent for oVirt – required roles and ports 135

Deploying Agent for Synology 136

Before you start 136

Downloading the setup program 137

Installing Agent for Synology 137

Updating Agent for Synology 138

Deploying agents through Group Policy 139

Prerequisites 139

Generating a registration token 139

Creating the transform file and extracting the installation packages 142

Setting up the Group Policy object 143

Accessing virtual appliances via the SSH protocol 143

Updating agents 144

Updating agents manually 145

Updating agents automatically 147

Preventing unauthorized uninstallation or modification of agents 149

Uninstalling agents 150

Protection settings 151

Automatic updates for components 151

Updating the Cyber Protection definitions by schedule 152

Updating the Cyber Protection definitions on-demand 153

Cache storage 153

Changing the service quota of machines 153

Cyber Protection services installed in your environment 155

4 © Acronis International GmbH, 2003-2023

Services installed in Windows 155

Services installed in macOS 155

Saving an agent log file 155

Site-to-site Open VPN - Additional information 156

License management for on-premises management servers 162

Defining how and what to protect 163

The Management tab 163

Protection plans 163

Backup plans for cloud applications 164

Backup scanning plans 164

Off-host data processing 165

VM heartbeat 172

Screenshot validation 172

Intermediate snapshots 179

Protection plans and modules 179

Creating a protection plan 180

Actions with protection plans 181

Resolving plan conflicts 185

Default protection plans 186

Individual protection plans for hosting control panel integrations 192

#CyberFit Score for machines 192

How it works 193

Running a #CyberFit Score scan 197

Cyber Scripting 199

Prerequisites 199

Limitations 199

Scripts 199

Script repository 205

Scripting plans 205

Script quick run 214

User roles and Cyber Scripting rights 215

Protection of collaboration and communication applications 217

Understanding your current level of protection 218

Monitoring 218

The Overview dashboard 218

The Activities dashboard 219

The Alerts dashboard 220

5 © Acronis International GmbH, 2003-2023

Alert types 221

Alert widgets 239

Cyber Protection 240

Protection status 240

Endpoint Detection and Response (EDR) widgets 241

#CyberFit Score by machine 245

Disk health monitoring 246

Data protection map 250

Vulnerability assessment widgets 251

Patch installation widgets 252

Backup scanning details 254

Recently affected 254

Cloud applications 255

Software inventory widgets 256

Hardware inventory widgets 257

Remote sessions widget 258

Smart protection 258

The Activities tab 264

Cyber Protect Monitor 265

Reports 267

Actions with reports 268

Reported data according to widget type 270

Managing workloads in the Cyber Protect console 272

The Cyber Protect console 272

What's new in the Cyber Protect console 273

Using the Cyber Protect console as a partner administrator 273

Workloads 277

Adding workloads to the Cyber Protect console 279

Removing workloads from the Cyber Protect console 284

Device groups 287

Built-in groups and custom groups 288

Static groups and dynamic groups 288

Cloud-to-cloud groups and non-cloud-to-cloud groups 289

Creating a static group 290

Adding workloads to a static group 291

Creating a dynamic group 292

Editing a dynamic group 307

6 © Acronis International GmbH, 2003-2023

Deleting a group 308

Applying a plan to a group 308

Revoking a plan from a group 309

Working with the Device control module 309

Using device control 312

Access settings 318

Device types allowlist 323

USB devices allowlist 324

Excluding processes from access control 328

Device control alerts 330

Wiping data from a managed workload 333

Managing the isolation of workloads 334

Isolating a workload from the network 334

Managing network exclusions 336

Viewing workloads managed by RMM integrations 337

Linking workloads to specific users 338

Find the last logged in user 338

Managing the backup and recovery of workloads and files 340

Backup 340

Protection plan cheat sheet 342

Selecting data to back up 344

Selecting entire machine 344

Selecting disks/volumes 345

Selecting files/folders 348

Selecting system state 350

Selecting ESXi configuration 350

Continuous data protection (CDP) 351

How it works 352

Supported data sources 353

Supported destinations 354

Configuring a CDP backup 354

Selecting a destination 355

Advanced storage option 356

About Secure Zone 357

Schedule 360

Backup schemes 360

Additional scheduling options 361

7 © Acronis International GmbH, 2003-2023

Schedule by events 363

Start conditions 365

Retention rules 371

What else you need to know 372

Replication 372

Usage examples 373

Supported locations 373

Encryption 374

Encryption in a protection plan 374

Encryption as a machine property 375

How the encryption works 376

Notarization 376

How to use notarization 377

How it works 377

Starting a backup manually 377

Default backup options 377

Backup options 378

Availability of the backup options 378

Alerts 381

Backup consolidation 381

Backup file name 382

Backup format 385

Backup validation 387

Changed block tracking (CBT) 387

Cluster backup mode 388

Compression level 389

Error handling 389

Fast incremental/differential backup 391

File filters (Inclusions/Exclusions) 391

File-level backup snapshot 393

Forensic data 393

Log truncation 402

LVM snapshotting 402

Mount points 403

Multi-volume snapshot 403

One-click recovery 404

Performance and backup window 409

8 © Acronis International GmbH, 2003-2023

Physical Data Shipping 412

Pre/Post commands 413

Pre/Post data capture commands 415

Scheduling 418

Sector-by-sector backup 418

Splitting 419

Task failure handling 419

Task start conditions 420

Volume Shadow Copy Service (VSS) 420

Volume Shadow Copy Service (VSS) for virtual machines 422

Weekly backup 423

Windows event log 423

Recovery 423

Recovery cheat sheet 423

Safe recovery 425

Recovering a machine 426

Prepare drivers 435

Check access to the drivers in bootable environment 435

Automatic driver search 436

Mass storage drivers to install anyway 436

Recovering files 438

Recovering system state 444

Recovering ESXi configuration 444

Recovery options 445

Operations with backups 453

The Backup storage tab 453

Mounting volumes from a backup 455

Validating backups 456

Exporting backups 457

Deleting backups 458

Operations with indexes in cloud-to-cloud backups 459

Protecting Microsoft applications 460

Protecting Microsoft SQL Server and Microsoft Exchange Server 460

Protecting Microsoft SharePoint 460

Protecting a domain controller 461

Recovering applications 461

Prerequisites 461

9 © Acronis International GmbH, 2003-2023

Database backup 464

Application-aware backup 469

Mailbox backup 471

Recovering SQL databases 473

Recovering Exchange databases 480

Recovering Exchange mailboxes and mailbox items 483

Changing the SQL Server or Exchange Server access credentials 489

Protecting mobile devices 489

Supported mobile devices 489

What you can back up 490

What you need to know 490

Where to get the Cyber Protect app 491

How to start backing up your data 491

How to recover data to a mobile device 491

How to review data via the Cyber Protect console 492

Protecting Hosted Exchange data 493

What items can be backed up? 493

What items can be recovered? 493

Selecting mailboxes 494

Recovering mailboxes and mailbox items 494

Protecting Microsoft 365 data 496

Why back up Microsoft 365 data? 496

Agent for Microsoft 365 497

Limitations 499

Required user rights 499

Microsoft 365 seats licensing report 500

Logging 500

Using the locally installed Agent for Office 365 500

Using the cloud Agent for Microsoft 365 505

Protecting Google Workspace data 534

What does Google Workspace protection mean? 534

Required user rights 534

About the backup schedule 535

Limitations 535

Logging 535

Adding a Google Workspace organization 536

Creating a personal Google Cloud project 537

10 © Acronis International GmbH, 2003-2023

Discovering Google Workspace resources 539

Setting the frequency of Google Workspace backups 540

Protecting Gmail data 541

Protecting Google Drive files 545

Protecting Shared drive files 549

Notarization 552

Protecting Oracle Database 553

Protecting SAP HANA 554

Protecting MySQL and MariaDB data 554

Configuring an application-aware backup 555

Recovering data from an application-aware backup 556

Protecting websites and hosting servers 560

Protecting websites 560

Protecting web hosting servers 563

Special operations with virtual machines 564

Running a virtual machine from a backup (Instant Restore) 564

Working in VMware vSphere 567

Backing up clustered Hyper-V machines 585

Limiting the total number of simultaneously backed-up virtual machines 585

Machine migration 587

Microsoft Azure and Amazon EC2 virtual machines 588

Creating bootable media to recover operating systems 589

Custom or ready-made bootable media? 589

Linux-based or WinPE/WinRE-based bootable media? 589

Creating physical bootable media 590

Bootable Media Builder 591

Recovery from the cloud storage 595

Recovery from a network share 595

Files of a script 595

Structure of autostart.json 596

Top-level object 596

Variable object 596

Control type 598

Connecting to a machine booted from bootable media 604

Local operations with bootable media 605

Remote operations with bootable media 606

Startup Recovery Manager 609

11 © Acronis International GmbH, 2003-2023

Implementing disaster recovery 611

About Cyber Disaster Recovery Cloud 611

The key functionality 611

Software requirements 612

Supported operating systems 612

Supported virtualization platforms 612

Limitations 613

Cyber Disaster Recovery Cloud trial version 614

Compute points 614

Setting up the disaster recovery functionality 615

Create a disaster recovery protection plan 616

Editing the Recovery server default parameters 617

Cloud network infrastructure 618

Setting up connectivity 619

Networking concepts 619

Initial connectivity configuration 630

Prerequisites 632

Network management 638

Prerequisites 653

Setting up recovery servers 654

Creating a recovery server 654

How failover works 657

How failback works 663

Working with encrypted backups 671

Operations with Microsoft Azure virtual machines 671

Setting up primary servers 671

Creating a primary server 672

Operations with a primary server 674

Managing the cloud servers 674

Firewall rules for cloud servers 675

Setting firewall rules for cloud servers 676

Checking the cloud firewall activities 678

Backing up the cloud servers 679

Orchestration (runbooks) 679

Why use runbooks? 679

Creating a runbook 680

Operations with runbooks 681

12 © Acronis International GmbH, 2003-2023

Configuring your antivirus and antimalware protection 684

Supported platforms 684

Supported features per platform 685

Antivirus and antimalware protection 687

Antimalware features 688

Scanning types 688

Antivirus and antimalware protection settings 689

Tips and tricks for the protection exclusions 700

Active Protection in the Cyber Backup Standard edition 701

Active protection settings in Cyber Backup Standard 701

URL filtering 707

How it works 707

URL filtering configuration workflow 709

URL filtering settings 709

Description 715

Microsoft Defender Antivirus and Microsoft Security Essentials 715

Schedule scan 716

Default actions 716

Real-time protection 717

Advanced 717

Exclusions 718

Firewall management 718

Quarantine 719

How do files get into the quarantine folder? 719

Managing quarantined files 720

Quarantine location on machines 720

Self-service custom folder on-demand 721

Corporate whitelist 721

Automatic adding to the whitelist 721

Manual adding to the whitelist 721

Adding quarantined files to the whitelist 722

Whitelist settings 722

Viewing details about items in the whitelist 722

Antimalware scan of backups 722

Limitations 723

Working with Advanced protection features 725

Advanced Data Loss Prevention 726

13 © Acronis International GmbH, 2003-2023

Creating the data flow policy and policy rules 727

Enabling Advanced Data Loss Prevention in protection plans 735

Automated detection of destination 738

Sensitive data definitions 739

Data Loss Prevention events 744

Advanced Data Loss Prevention widgets on the Overview dashboard 746

Custom sensitivity categories 747

Known issues and limitations 748

Endpoint Detection and Response (EDR) 749

Why you need Endpoint Detection and Response (EDR) 749

Enabling Endpoint Detection and Response (EDR) functionality 752

How to use Endpoint Detection and Response (EDR) 753

Viewing which incidents are currently not mitigated 757

Understanding the scope and impact of incidents 758

How to navigate attack stages 766

Assessing vulnerabilities and managing patches 799

Vulnerability assessment 799

Supported Microsoft and third-party products 799

Supported Apple and third-party products 801

Supported Linux products 802

Vulnerability assessment settings 802

Vulnerability assessment for Windows machines 803

Vulnerability assessment for Linux machines 804

Vulnerability assessment for macOS devices 804

Managing found vulnerabilities 805

Patch management 806

How it works 807

Patch management settings 808

Managing list of patches 811

Automatic patch approval 812

Manual patch approval 815

On-demand patch installation 815

Patch lifetime in the list 816

Managing your software and hardware inventory 817

Software inventory 817

Enabling the software inventory scanning 817

Running a software inventory scan manually 818

14 © Acronis International GmbH, 2003-2023

Browsing the software inventory 818

Viewing the software inventory of a single device 820

Hardware inventory 821

Enabling the hardware inventory scanning 821

Running a hardware inventory scan manually 822

Browsing the hardware inventory 822

Viewing the hardware of a single device 825

Connecting to workloads for remote desktop or remote assistance 827

Supported remote desktop and assistance features 828

Supported platforms 831

Remote connection protocols 832

NEAR 832

RDP 833

Screen sharing 833

Remote sound redirection 833

Connections to remote workloads for remote desktop or remote assistance 834

Connecting to remote workloads via RDP 835

Remote management plans 836

Creating a remote management plan 836

Adding a workload to a remote management plan 843

Removing workloads from a remote management plan 844

Additional operations with existing remote management plans 844

Compatibility issues with remote management plans 846

Resolving compatibility issues with remote management plans 846

Workload credentials 848

Adding credentials 848

Assigning credentials to a workload 849

Deleting credentials 849

Unassigning credentials from a workload 849

Working with managed workloads 849

Configuring RDP settings 850

Connecting to managed workloads for remote desktop or remote assistance 850

Connecting to a managed workload via a web client 852

Transferring files 853

Performing control actions on managed workloads 854

Monitoring workloads via screenshot transmission 855

Observing multiple managed workloads simultaneously 856

15 © Acronis International GmbH, 2003-2023

Working with unmanaged workloads 857

Connecting to unmanaged workloads via Acronis Quick Assist 858

Connecting to unmanaged workloads via IPaddress 858

Transferring files via Acronis Quick Assist 859

Using the toolbar in the Viewer window 860

Configuring the Connect Client settings 862

The remote desktop notifiers 863

Monitoring the health and performance of workloads 865

Monitoring plans 865

Monitoring types 865

Anomaly-based monitoring 865

Supported platforms for monitoring 866

Configurable monitors 866

Settings of the Disk space monitor 870

Settings of the CPU temperature monitor 873

Settings of the GPU temperature monitor 874

Settings of the Hardware changes monitor 876

Settings of the CPUusage monitor 876

Settings of the Memory usage monitor 878

Settings of the Disk transfer rate monitor 880

Settings of the Network usage monitor 882

Settings of the CPUusage by process monitor 885

Settings of the Memory usage by process monitor 885

Settings of the Disk transfer rate by process monitor 886

Settings of the Network usage by process monitor 887

Settings of the Windows service status monitor 889

Settings of the Process status monitor 889

Settings of the Installed software monitor 890

Settings of the Last system restart monitor 890

Settings of the Windows event log monitor 890

Settings of the Files and folders size monitor 892

Settings of the Windows Update status monitor 893

Settings of the Firewall status monitor 893

Settings of the Failed logins monitor 893

Settings of the Antimalware software status monitor 894

Settings of the AutoRun feature status monitor 894

Settings of the Custom monitor 894

16 © Acronis International GmbH, 2003-2023

Monitoring plans 895

Creating a monitoring plan 896

Adding workloads to monitoring plans 898

Revoking monitoring plans 898

Configuring automatic response actions 899

Additional operations with monitoring plans 901

Compatibility issues with monitoring plans 903

Resolving compatibility issues with monitoring plans 903

Resetting the machine learning models 904

Monitoring alerts 905

Configuring monitoring alerts 905

Monitoring alert variables 906

Manual response actions 909

Viewing the alert log of monitoring alerts 911

Email notification policies 912

Browsing monitor data 912

Monitor widgets 913

Additional Cyber Protection tools 916

Enhanced security mode 916

Limitations 916

Unsupported features 916

Setting the encryption password 916

Changing the encryption password 917

Recovering backups for tenants in the Enhanced security mode 917

Immutable storage 918

Immutable storage modes 918

Limitations 918

Enabling and disabling immutable storage 918

Accessing deleted backups in immutable storage 920

Glossary 921

Index 925

17 © Acronis International GmbH, 2003-2023

Getting started with Cyber Protection

Quick start guide

Activating the account

When an administrator creates an account for you, an email message is sent to your email address.

The message contains the following information:

lYour login. This is the user name that you use to log in. Your login is also shown on the account

activation page.

lActivate account button. Click the button and set the password for your account. Ensure that

your password is at least nine characters long. For more information about the password, refer to

"Password requirements" (p. 18).

If your administrator has enabled two-factor authentication, you will be prompted to set it up for

your account. For more information about it, refer to "Two-factor authentication" (p. 18).

Password requirements

The password for a user account must be at least 9 characters long. Passwords are also checked for

complexity, and fall into one of the following categories:

lWeak

lMedium

lStrong

You cannot save a weak password, even though it might contain 9 characters or more. Passwords

that repeat the user name, the login, the user email, or the name of the tenant to which a user

account belongs are always considered weak. Most common passwords are also considered weak.

To strengthen a password, add more characters to it. Using different types of characters, such as

digits, uppercase and lowercase letters, and special characters, is not mandatory but it results in

stronger passwords that are also shorter.

Two-factor authentication

Two-factor authentication provides extra protection from unauthorized access to your account.

When two-factor authentication is set up, you are required to enter your password (the first factor)

and a one-time code (the second factor) to log in to the Cyber Protect console. The one-time code is

generated by a special application that must be installed on your mobile phone or another device

that belongs to you. Even if someone finds out your login and password, they still will not be able to

login without access to your second-factor device.

To set up two-factor authentication for your account

18 © Acronis International GmbH, 2003-2023

You must configure two-factor authentication for your account when two-factor authentication is

enabled by an administrator for your organization. If two-factor authentication is enabled while you

are logged in to the Cyber Protect console, you will have to configure it when your current session

expires.

Prerequisites:

lTwo-factor authentication is enabled for your organization by an administrator.

To set up two-factor authentication for your account:

1. Install an authenticator app on your mobile device.

Examples of authenticator apps:

lTwilio Authy

lMicrosoft Authenticator

lGoogle Authenticator

2. Scan the QR code using your authenticator app, and then enter the 6-digit code displayed on the

authenticator app in the Set up two-factor authentication window.

3. Click Next. The instructions on how to restore your access to your account if you lose your 2FA

device or uninstall the authenticator app are displayed.

4. Save or print the PDF file.

Note

Make sure to save it in a safe place or print it for further reference. This is the best way to

restore your access.

5. Return to the Cyber Protect console login page and enter the generated code.

A one-time code is valid for 30 seconds. If you wait longer than 30 seconds, use the next

generated code.

When logging in the next time, you can select the check box Trust this browser.... If you do this, the

one-time code will not be required when you log in by using this browser on this machine.

Note

It is not recommended to select this check box, because you will lose the access to 2FA for your

account.

To restore two-factor authentication on a new device (2FA):

If you have access to the previously set-up mobile authentication app:

1. Install an authenticator app on your new device.

2. Use the PDF file that you saved when you set up 2FA on your device. This file contains the 32-

digit code that has to be entered in the authenticator app to link the authenticator app again to

your Acronis account.

19 © Acronis International GmbH, 2003-2023

Important

If the code is correct but it is not working, ensure that the time in the authenticator mobile app it

is synced with your device.

If you missed saving the PDF file during the setup:

a. Click Reset 2FA, and then enter the one-time password shown in the mobile authenticator app.

b. Follow the on-screen instructions.

If you have no access to the previously set-up mobile authenticator app:

1. Take a new mobile device.

2. Use the stored PDF file to link a new device (default name of the file is cyberprotect-2fa-

backupcode.pdf).

3. Restore access to your account from backup. Ensure that backups are supported by your mobile

app.

4. Open the app under the same account from another mobile device if it's supported by the app.

Privacy settings

Privacy settings help you indicate whether or not you give consent for the collection, use and

disclosure of your personal information.

Depending on the country in which you are using Cyber Protect Cloud and the Cyber Protect Cloud

data center that provides services to you, on the initial launch of Cyber Protect Cloud you may be

asked to confirm whether you agree to use Google Analytics in Cyber Protect Cloud.

Google Analytics helps us better understand user behavior and improve user experience in Cyber

Protect Cloud by collecting pseudonymized data.

If you enabled or refused to enable Google Analytics on the initial launch of Cyber Protect Cloud,

you can change your decision at any time later.

To enable or disable Google Analytics

1. In the Cyber Protect console, click Manage account.

2. Click the account icon in the upper-right corner.

3. Select My privacy settings. The My privacy settings window is displayed.

4. In the Google Analytics data collection section, click one of the following buttons:

lOn to enable Google Analytics

lOff to disable Google Analytics

5. In the How to delete cookies section, you can control and manage cookies directly in your

browser.

20 © Acronis International GmbH, 2003-2023

Page is loading ...

ACRONIS Cyber Protect Cloud 23.07 User manual

ACRONIS Cyber Protect Cloud 23.07 User manual

Related papers

Other documents