Skip to main content

Overview

Protected Items and Storage Vaults

A Protected Item is a description of the set of data that should be backed up.

A Storage Vault is a location where the backed-up data can be stored.
it's possible for the client software to back up to a local disk.

Devices

Multiple devices (e.g. different computers, servers or laptops) can use the same user account and password to access the same Storage Vaults. Each device will mantain its own private set of Protected Items, but they shares access to the same Storage Vaults. This allows you to deduplicate data between multiple devices.

Each device can also restore and delete each others' backed-up data, so it is important that multi-device accounts are only used in trusted contexts.

Encryption

We strongly recommend that users use strong passwords. Even the best security is foiled by a user choosing a weak or commonly-used password, such as 123456.

GREEN BACKUP always encrypts all user data before storing it, using strong AES-256-CTR with Poly1305 in AEAD mode with high-entropy random keys.

Encryption keys are automatically generated and managed by the client.
The encryption keys for the data are then encrypted with the user password and stored on the EXECloud servers. This means that:
(A) EXE.IT, as a service provider, is unable to decrypt data without the customer's password;
(B) in the event of a customer's PC loss, only the customer's password is required to log in to the account and restore data.

Commands

It is possible to register additional commands to be executed before or after any backup activity. For maximum flexibility, commands can be registered:

  • for a Protected Item (e.g. to dump a database), or

  • for a Storage Vault (e.g. to perform custom network authentication), or

  • for a Schedule (e.g. to shut down the computer after a backup).

During a backup operation, un processo di backup, commands are run in the following order:

  1. Schedule Before
  2. Protected Item Before
  3. Storage Vault Before
  4. Backup
  5. Storage Vault After
  6. Protected Item After
  7. Schedule After.

Shell built-ins can be used as part of the command execution: the specified command is passed to cmd.exe or /bin/sh as appropriate for the operating system.

Client Software

Application Structure

GREEN Backup client Software is split into two components;

  1. backup-tool is a command-line tool which implements all the software functionality.
  2. backup-interface is the graphical user interface.

Backup schedules will still run even if logged out of the GUI, as the background service will still be logged in.

Additionally, clients can remotely control their installed software by logging in to the GREEEN Backup Server web interface as a user.

On platforms without a desktop interface available (e.g. Linux server), is used only the backup-tool, and the application can be controlled through the web interface.

Device Registration

Every user can be used by multiple devices.

When you log in with the same user from another device, such as a laptop or tablet, you will see a private view of Protected Items but a public view of Storage Vaults.

  • It is not possible to view, modify, or use protected items configured by other devices.
  • You can restore data from the protected item of any device (hidden by default).
  • You can view activity logs from any device (hidden by default).

Backup Algorithm

Data backup is performed by first splitting it into variable-sized blocks, which are individually compressed, encrypted, and uploaded.
Data-dependent chunking is employed, efficiently splitting a file into consistent chunks, even in the face of random inserts.

A backup job consists of a list of files and which chunks would be needed to reconstruct them. Any successive incremental backup jobs, simply realize that chunks already exist on the server and do not need to be re-uploaded.

This chunking technique has the following properties:

  • Both the oldest and the most recent backup jobs can be restored with the same speed
  • Duplicate data does not require any additional storage, since the chunks are the same ("deduplication")
  • There is never a need to reload the entire file, regardless of the number of backup jobs
  • There is no need to trust the server to decrypt data

Customer WEB Portal

It's possible to log in into the Web interface with a user account to run backups and restores remotely. Additionally, you can modify the settings of Protected Item and Storage Vault, and view the process history.

install