#CyberFit Academy

Cyber Protect Cloud

Cloud Tech Professional

#CyberFit

#CyberFit Academy
Cyber Protect Cloud
Introductions

#CyberFit Academy
Course Summary

Instructor-led technical training

Course designed to help expand knowledge above the
fundamentals and associate level courses
Assessment:

20 MCQ questions 60 Minutes working 70% Passing Grade Two Attempts given Open Book
time

#CyberFit Academy
Target Persona

Tech Leader (along with employees on team)

Service Provider

• To expand knowledge from previous courses

(fundamentals and advanced pack trainings) and increase
self-dependency utilizing Acronis Cyber Protect Cloud
• Seeing different day in the life scenarios to assist resolving
common issues
• Gold/Platinum partners: course is part of the requirement

#CyberFit Academy
Learning Objectives

After finishing this instruction you will be able to:

Increase your technical knowledge above the current courses
available (Fundamentals and Advanced Packs)
• Scenario-based situations to have knowledge and apply to
create increased efficiency and effectiveness in supporting
clients

#CyberFit Academy
Course Modules

1. High Level Overview and Benefit Refresher

2. Planning Stage
3. Building Stage
4. Execution Stage

#CyberFit Academy
Certification Track

Cloud Tech Fundamentals

STEP

1 Already Should Have Taken

#CyberFit Academy
Certification Track

Cloud Tech Fundamentals

STEP

1 Already Should Have Taken

Cloud Tech Associate

STEP (Security/Backup/
2 Disaster Recovery)
Already Should Have Taken

#CyberFit Academy
Certification Track

Cloud Tech Fundamentals

STEP

1 Already Should Have Taken

Cloud Tech Associate

STEP (Security/Backup/
2 Disaster Recovery) Cloud Tech Professional
STEP
You Are Here
Already Should Have Taken 3

#CyberFit Academy
Certification Track

STEP
STEP Acronis #CyberFit Cloud Tech Certifications
23 Consists of the following courses (specializations) Let’s go here

Optional:

#CyberFit Academy
Earn digital badges with
The world’s largest digital credential network

Earn and share badges to showcase How do I share my badge?

professional achievements.
• Log into www.credly.com
</> • Got to Dashboard > select the badge >
click “Share”
• Connect your social media accounts
How do I earn a badge?
• Complete a certification training with the
Acronis #CyberFit Academy
• You’ll need to accept your first badge via email
• Badges are verifiable and valid for 12 months

#CyberFit Academy
Cyber Protect Cloud
High Level Overview and Benefits

#CyberFit Academy
 Best-in-breed backup combined
with integrated security and management

Protect every Best-in-breed backup Strengthens your AV Accelerate security

workload at no charge
#CyberFit Academy included against zero-day threats and manageability
 Add Advanced packs: Security, Management, Backup,
Disaster Recovery, Email Security, File Sync and Share

Optimize for every Easy to upsell Vendor consolidation

#CyberFit Academy workload
Cyber Protect Cloud
Planning Stage

#CyberFit Academy
Section Modules

1. Installation Considerations

2. Setting Up Dynamic Groups

3. RMM/PSA Integrations

4. Importing/Exporting Protection Plans

6. Setting up alerts/notifications and email settings

#CyberFit Academy
Section Modules

7. Backup Considerations

8. Vulnerability Assessment and Patching

9. Disaster Recovery

10. Overall Security

#CyberFit Academy
Cyber Protect Cloud
Installation Considerations

#CyberFit Academy
Agent and Free Space Considerations
Agent Install Notes

i Exchange:
• Agent checks for enough free space on
machine where it runs.
• Free space equal to 15% of biggest Exchange
database temporarily needed during granular
recovery

i Backup operations
• Require about 1GB of RAM per 1TB of backup
size.
• Memory consumption may vary (depends on
amount/type of data being processed by agent)
• Bootable media or disk recovery with reboot See required space for installation by agent
requires at least 1GB of memory

#CyberFit Academy
Download setup

1 Web installers for each

agent (Windows). 2 Storing setup programs
locally: 3 Internet and Visual C++:

1. Requires Internet
1. Small executable connection to register
1. Download package
downloaded for main machine (no Internet,
containing all agents for
setup program. installation fails)
Windows installation (both
Temporary file: deleted
32 and 64-bit available) 2. Requires MS Visual C++
after installation
2. Enables to customize list of 2017 redistributable. Make
components to install sure installed before
installing agent: restart
3. Packages also enable
suggested.
unattended installation
(Group Policy)
Update for Universal C
Runtime in Windows

#CyberFit Academy
Firewall Considerations

Outbound TCP ports to open

• 443 and 8443: Accessing service console,

registering agents, downloading certificates,
user authorization, downloading files from
cloud storage

• 7770 and 7800: Agents use to communicate

with backup management server

• 44445 and 55556: Agents use for data

transfer during backup and recovery

#CyberFit Academy
VMware Virtual Machines

TCP ports to open for backup and replication

Agent for VMware (Windows and Appliance)

• 443: Agent connects to port on ESXI host/vCenter server to perform
operations like:
• Create/Update/Delete VM’s on vSphere during backup, recovery and replication
operations

• 902: Agent connects to port on the ESXi host: establish NFC Connections to
read/write data on VM disks during backup, recovery and replication operations

• 3333: If Agent is running on the ESXi host/cluster that is target for VM replication,
VM replication traffic does NOT go directly to ESXI host on port 902.
• Traffic goes from source Agent for VMware to TCP port 3333 on the Agent for
VMware (Virtual Appliance) is located on the target ESXi host/cluster.

#CyberFit Academy
VMware Virtual Machines

Other side notes:

• Source agent for VMware that reads data from the original
VM disks can be anywhere else and can be of any type
(Virtual Appliance of Windows)
• Server responsible for accepting VM replication data on
target Agent for VMware (virtual application) is called
“replicate disk server”
• Responsible for WAN optimization techniques (traffic
compression and deduplication during VM replication
including replica seeding)
• If no agent for VMware (Virtual appliance) running on
target ESXi host, service not available (replica seeding
scenario not supported)

#CyberFit Academy
Downloader Component

Responsible for delivering updates to

computer and distributing to other instances

• Download agent downloads updates from Internet and serves

as source of update distribution to other computers. Requires
following ports to operate
• 6888: BitTorrent protocol for peer-to-peer updates
• 6771: Local peer discovery port
• 18018: Communication between updaters working in
different updates (Updater and UpdaterAgent)
• 18019: Local port, communication between the Updater and
Cyber Protection agent

#CyberFit Academy
Machine Installing Cyber Protect Agent

Ensure following local ports not used by

some other process

• NOTE: Do not have to open on the firewall just these

local ports:
• 127.0.0.1:9999
• 127.0.0.1:43234
• 127.0.0.1:9850
• Active Protection service listens at TCP port 6109 (make sure not used by
another process)
• If ports used by some other application and to avoid conflicts, change
default ports modifying the yaml file located at:
• \ProgramData\Acronis\Agent\etc\aakore.yaml

#CyberFit Academy
Proxy Server Settings If Needed

Man-in-the-middle proxies not supported

• Agents register in the cloud during installation. Proxy server

settings needed, must be provided during installation or in
advance
• Configure in Windows (Control panel > Internet
Options > Connections).
• Setup program reads proxy setting from registry and uses
automatically
• Can enter settings during installation or can specify in advance
using procedure on next slide

#CyberFit Academy
Proxy Server Settings in Advance
Create new text document (Notepad)
i
• Replace proxy.company.com with server host
name/IP address

Copy and Paste the following: • Replace 000001bb with hexadecimal value of port
number (side note: 000001bb is port 443)

Windows Registry Editor Version 5.00 • If proxy server requires authentication replace
proxy_login and proxy_password with server
[HKEY_LOCAL_MACHINE\SOFTWARE\Acronis
credentials: otherwise okay to delete those line
\Global\HttpProxy]
"Enabled"=dword:00000001
"Host"="proxy.company.com" • Save as proxy.reg
"Port"=dword:000001bb
"Login"="proxy_login" • Run file as administrator and confirm you want to
"Password"="proxy_password edit Windows registry

#CyberFit Academy
Proxy Server Settings in Advance
Edit aakore.yaml in text editor

Open the following file:

%programdata%\Acronis\Agent\etc\aakore.yaml
• Locate the env section (or create) and add the
following:
• env: http-proxy:
proxy_login:proxy_password@proxy_address:
port
• https-proxy:
proxy_login:proxy_password@proxy_address:
port
• Replace login and password with server
credentials
• Replace the proxy_address:port with address
and port number of proxy server
• Save it

#CyberFit Academy
Proxy Server Settings in Advance
Edit aakore.yaml in text editor

• Start menu: click Run, type cmd and

click OK
• Restart the aakore service
• Net stop aakore
• Net start aakore
• Restart agent
• Net stop mms
• Net start mms

#CyberFit Academy
Unattended Installation/Uninstallation (Windows)

i
Using Windows installed (msiexec program)

• Can install via transform file (.mst file)

• File with installation parameters

#CyberFit Academy
Creating Registration Token

i 1
Registration Token

Creating Tenant Registration Token

• Go to Devices
• Click “Add”
2
• Select Generate Token
• Determine token lifetime (1 minute to 12
months)
• Select user and protection plan to apply to
token

3
#CyberFit Academy
Creating Registration Token

i 1
Registration Token

• Click “Generate”
• Token generated and select “Copy”
• Put in file for reference as needed during
MSI setup

2
#CyberFit Academy
Unattended Installation/Uninstallation (Windows)

?
What To Install

#CyberFit Academy
Unattended Installation/Uninstallation (Windows)

i
Choose VMware Agent
Once though process: review/modify installation
settings to be added to mst file

Click proceed and select folder where .mst

transform will be generated
.MSI and .CAB installation packages will be
extracted
Click Generate

#CyberFit Academy
Unattended Installation/Uninstallation (Windows)

i
Choose Installation Path

Select settings for installation path and which users

#CyberFit Academy
Unattended Installation/Uninstallation (Windows)

i
Choose Account and Proxy Information
(if any)
• After install do not change this account to a
different one
• Add proxy settings if needed

#CyberFit Academy
Unattended Installation/Uninstallation (Windows)

i
Ensure settings

• Make sure all settings you desire and then hit

“Proceed”

#CyberFit Academy
Install Using .mst Transform
Command line and parameters manually
i
Template is: Example:

msiexec /i <package name> msiexec /i BackupClient64.msi

TRANSFORMS=<transform name> TRANSFORMS=BackupClient64.msi.mst

<package name> is name of .msi file

<transform name> is name of transform

#CyberFit Academy
Install Using .mst Transform
Command line
i
Template (installing) is: Template (uninstalling):

msiexec /i <package name><PARAMETER 1>=<value 1> ... msiexec /x <package name> <PARAMETER
<PARAMETER N>=<value n> 1>=<value 1> ... <PARAMETER N>=<value n>

<package name> is name of .msi file

.msi package must be same version as

product you want to uninstall

Parameters and values documentation is

located at:

Parameters and Values Documentation:

#CyberFit Academy
Using Autodiscovery - Tips

i
Check NetBIOS over TCP/IP is enabled (or
set to default)
• Start key then type “Control Panel”: click to open
• Click on Network and Sharing Center
• Left pane: select “Change Adapter Settings
• Select “Local Area Connection (or whatever the
connection name is): right click on “Properties”
• Select Internet Protocol Version 4 (TCP/IPv4) and
click “Properties”
• Click “Advanced Button” and in the new settings
box select WINS tab
• Make sure enabled or set to default
• If changed click “Apply” and exit

#CyberFit Academy
Using Autodiscovery - Tips

i
Turn on Network Discovery

• Control Panel\Network and Sharing

Center\Advanced sharing settings

• Turn on network discovery

• Check that the Function Discovery Provider Host

Service is running on machine that does
discovery and on the machines to be discovered

• Check that Function Discovery Resource

Publication service is running on the machines to
be discovered

#CyberFit Academy
Using Autodiscovery - Tips

i
Log on as Administrator

• Go to ”Control panel”, select ”Programs and

Features” (Add or Remove Programs in Windows
XP) > ”Acronis Cyber
Protection Agent > Uninstall”

• If Password protected agent need to specify

password and click “Next”

• (See IMPORTANT note on next slide!)

• Click Uninstall

#CyberFit Academy
Using Autodiscovery - Tips

IMPORTANT

• Remove the logs and configuration

settings check box:

• Planning to install agent again keep

this check box cleared.

• Selecting the check box, machine

could get duplicated in console
(backups of old machine may not
be associated with new machine)

#CyberFit Academy
Section Summary

• When planning for Acronis Cyber Protect Cloud, considerations such as

agent and free space, firewall, proxy setup are needed.
• There is the ability to create custom, unattended installation via transform
files where one can install via the registration token. Other customized
settings include what to install, where to install, proxy settings, and path to
ESXi host or vCenter Server.
• For auto discovery, you need to check the NetBIOS over TCP/IP is enabled
(or in the default setting) and network discovery is on.
• If uninstalling an agent from a machine, if you plan on reinstalling the agent at
a later time, do not remove logs and configuration settings (clear the check
box during the uninstall).

#CyberFit Academy
Cyber Protect Cloud
Dynamic Groups

#CyberFit Academy
Dynamic Groups
i
Create Groups Based on Criteria

• Cannot create on the “All Devices Group”

• Search for devices: multiple criteria/operators can be used
• Click “Save As” next to search field

#CyberFit Academy
Dynamic Groups
Examples of criteria/operators

Ram size in
Virtual machine Operating Comment for a
megabytes
with agent inside system name device search
example

insideVm = true osName LIKE Comment = memorySize>=5120

‘Windows 10’ ‘Executive Machine’
Devices/Details/Com
ments
Restarting Managed
Machine Service
Net start mms

List of criteria/operators go to:

#CyberFit Academy
Cyber Protect Cloud
RMM/PSA Integrations

#CyberFit Academy
RMM/PSA Integration

Partner Level

• Side menu select “Integrations”

• Choose integration

• Integration not there: option for creating

RESTful API (Application Programming
Interface)

• Depending on integration:

• Downloading of plugins/scrips/API
creation/setting up for accounts within
RMM/PSA tool

#CyberFit Academy
RMM/PSA Integration
Examples of Some Integrations

Integration with CloudBlue PSA

Integration Manual WHMOS

Connecting HostBill with Acronis

#CyberFit Academy
RMM/PSA Integration
Examples of Some Integrations

Acronis Cyber Cloud

Integration with Tigerpaw One

Integration Manual with Addigy

How to set up Integration with

ConnectWise Manage

How to set up Integration with

ConnectWise Automate

#CyberFit Academy
Cyber Protect Cloud
Import / Export / Clone Protection Plans

#CyberFit Academy
Exporting Protection Plan

JSON files

• Exporting:

• Go to “Plans” and then

“Protection”

• Select protection plan

• Go to Export

• JSON file created

#CyberFit Academy
Importing Protection Plans

JSON files

• Importing

• Go to “Plans” and then

“Protection”

• Select “Import”

• Choose JSON file and then Import

#CyberFit Academy
Cyber Protect Cloud
Alerts / Notifications and Email Settings

#CyberFit Academy
Alerts, Notifications and Email Settings

Settings for Alerts

• Go to upper right for “my

settings” as user

• Edit settings for different

notifications desired

#CyberFit Academy
Alerts, Notifications and Email Settings

Email Server Settings

• Parent Level

• Settings

• Branding

• Settings

• SSL or TLS option

• Test sending email message to

make sure works

#CyberFit Academy
Section Summary

• Dynamic Groups can put machines based on different criteria such as which
operating system, ram size, comments area, and if a virtual machines with an
agent inside exists. There are many operators that can be created and all
operators created must all exist in order to become part of that group.
• Acronis has many RMM/PSA integrations along with a restful API
(Application Programming Interface) for integrations currently not available
• Alerts and notifications can be sent via email and you need to test sending
emails to ensure you get these (SSL or TLS options are available)

#CyberFit Academy
Cyber Protect Cloud
Backup Considerations

#CyberFit Academy
CDP Backup (Advanced Backup)

i
CDP: Not application aware backup use

• Requires prior full/incremental backup

• Supported backup destinations:
• Local folder, Network folder, Cloud storage, Location
defined by the script
• Select files of specific applications or in specific folders, e.g.,
D:\Data\* to be continuously backed up

#CyberFit Academy
CDP - How it works

1 CDP started after plan

application to machine,
but pauses immediately
2 CDP is running:
3 Regular backup start:

1. Program saves file 1. CDP paused

if no archive (automatically or by 2. Regular backup
user’s request) completes
2. Driver tracks and notifies 3. CDP resumed
agent about changed file
4. New CDP backup
3. Agent reads entire file
created
and checks what has
changed 5. Previous CDP backup
deleted
4. Agent saves changes into
the backup

#CyberFit Academy
Backup Settings Most Often Discussed

i
Performance/Backup Window

• Three levels of backup performance

• Time windows when backups are allowed
• Process priority and output speed configurable
• Not available for backups done by cloud agents
(website backups or backups or servers located on
cloud recovery site)
• Configure each location specified in protection plan
• Effective for backup and backup replication process:
validations run regardless of option

#CyberFit Academy
Backup Settings Most Often Discussed

i
Performance/Backup Window

• Beginning of an hour when backups are blocked,

backup process automatically stopped (alert
generated)
• Scheduled backups blocked: backup can be started
manually (uses performance parameters of most
recent hour when backups were allowed)
• Can drag to change state of many areas
simultaneously

#CyberFit Academy
Backup Settings Most Often Discussed

i
Performance/Backup Window

• Decreasing backup priority: free more

resources to other applications
• Backup Process
• Windows: service_process.exe
• Linus and OS Xservice_process
• Output speed during backup: limits writing
speed of destination hard disk (backing up to
local folder) OR estimated max speed of
network connection(network share or cloud
storage (ONLY if agent running on Windows)

#CyberFit Academy
Backup Settings Most Often Discussed

i
File Filters

• Define while files/folders to skip during backup

process
• Available for (unless stated otherwise):
• Disk-level
• Entire machine
• File-level backups

#CyberFit Academy
Backup Settings Most Often Discussed

i
File Filters

• Backup up not matching following and state

C:\document.doc
• Only this file is skipped
• Can use both: last option overrides former
• Both fields have C:\document.doc file will
be skipped during backup
• Criteria is not case sensitive
• Wildcard allowed

#CyberFit Academy
Backup Settings Most Often Discussed

i
Compressions Level

• Preset is normal
• Depends on type of data being backed up
• Many multimedia files do not compress
much (already exist in a compressed state) like
JPG, MP3 and AVI)
• Compression depends on many things but
repetitiveness and variety within the data big
variable

#CyberFit Academy
Backup Settings Most Often Discussed

i
Volume Shadow Copy Service
• Windows on

• Defines whether VSS provider needs to notify

VSS-aware application that a backup is going
to start
• Consistent state of all data used by application
• Recommends choosing Use Microsoft
Software Shadow Copy provider when backing
up application servers
(Exchange/SQL/Sharepoint/Active Directory)

#CyberFit Academy
Backup Settings Most Often Discussed

i
Volume Shadow Copy Service

• Disable option if database not compatible with VSS

• Snapshots taken faster but data consistency of applications
where transactions not completed at time of taking snapshot
cannot be guaranteed (could use pre/post data capture
commands to ensure data backed up in consistent state)
• Option enabled for MS Software Shadow copy provider:
files/folders specified in following registry key not backed up
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\BackupRestore\FilesNotToSnapshot)
• .ost Outlook data files not backed up since specified in the
Outlook OST value of this key

#CyberFit Academy
Backup Settings Most Often Discussed

i
Error Handling

• Attempts stopped soon as operation is successful or number

of attempts performed (whichever comes first)
• Silent mode (default enabled) and ignore bad sectors (default
disabled)
• Skipping bad sectors not supported on Linux (backup system
with bad sectors in offline mode using bootable media builder
- please contact support for assistance).
• VM snapshot creation error handling available

#CyberFit Academy
Backup Settings Most Often Discussed

i
Backup File Name (protection plan area)

• File Name cannot end with a digit and not have certain
symbols or lines ending with \n or \t
• Use cases: want to distinguish backups when browsing
backup location with a file manager
• Protection plan applied to single machine: remove
machine/uninstall agent and configuration settings. Machine
added again/agent reinstalled: can force protection plan to
continue backup up same backup or backup sequence
• Backup options in protection plan click Backup file name and
then click select for the desired backup (select only available
when plan created and applied to single device)

#CyberFit Academy
Section Summary

• Continuous Data Protection (CDP) and regular backups cannot happen at

the same time. CDP is paused when regular backups are occurring. Once a
backup is completed CDP is resumed.
• Backups can have a window of when to occur and can also have settings for
CPU priority or output speed to help with processing priorities.
• Compression level is an option to help with size of files being backed up.
Many multimedia type files do not compress much while other types of files
will take advantage of compressional levels.
• Many options are available for backup including error handling and volume
shadow copy services (VSS)
• When a protection plan is applied to a machine and it is removed from the
console and with the configuration settings, when a machine is added again
or agent install, the backup file name option can assist with the same backup
sequence.

#CyberFit Academy
Cyber Protect Cloud
Vulnerability Assessment and
Patch Management

#CyberFit Academy
Vulnerabilities (Core Solution)

i CVE: Common Vulnerabilities and Exposures: glossary that

classifies vulnerabilities

i
CVSS Score (Common Vulnerability Scoring System)
• Assigns severity scores: assist to prioritize responses/resources

i
Maintained by MITRE (funded from US Homeland Security)

#CyberFit Academy
Vulnerabilities (Core Solution)

i NIST National Vulnerability Database (NVD). Performs analysis

on CVE’s and published to CVE Dictionary.

• CVSS is impact metrics while vulnerability types is CWE (common

weakness enumeration) and applicability (CPE: Common Platform
Enumeration)
• Low, Medium and High Severity Levels
• Low: CVSS score of 0.1 – 3.9
• Medium: CVSS score of 4.0 – 6.9
• High: CVSS score of 7.0 – 10.0

#CyberFit Academy
Vulnerabilities
i Example: Log4j2 December 2021 (CVE-2021-44228): modified January 2022
• Base Score: 10.0 Critical
• CWE-502 (Deserialization of untrusted data)
• CWE-400 (Uncontrolled resource consumption
• CWE-20 (Improper input validation)
Feel free to search: https://nvd.nist.gov/vuln/search

#CyberFit Academy
Patching Basic Primer

i
Need to have at least one vulnerability scan using a protection plan

i
Automatic or manual patch approval process

i How to install patches – schedule or on-demand

(on-demand has no roll back feature)
• Pre-update / roll back – takes incremental backup before installation
• No backup prior – full backup created
• Patch and backup modules need to be enabled for roll back
• Items to backup up – entire machine OR boot+system volumes

#CyberFit Academy
Patching Basic Primer

i
Dashboards/Reports – see patch installation history

i
We receive patches from manufacturer
• Ensure cryptographic hash same when received, scan for
malware and put into our CPOC

#CyberFit Academy
Section Summary

• Vulnerability Assessment utilizes a Common Vulnerability Assessment

Scoring System that assigns severity scores in order to assist in prioritization
of responses and resources to patch systems.
• The National Institute of Standards and Technology (NIST) publishes a
national vulnerability database (NVD) which is used to publish to a CVE
(Common Vulnerabilities and Exposures) dictionary.
• Acronis provides the ability to perform automatic or manual patching. If
utilizing a protection plan, a pre-update/roll-back option is available for
taking a backup prior to patching.

#CyberFit Academy
Cyber Protect Cloud
Disaster Recovery

#CyberFit Academy
Disaster Recovery (Advanced Pack)

i i
Cloud Only Site-to Site Open VPN

• No VPN appliance • Requires VPN appliance deployed on local site

deployment on local site • Allows to extend network to the cloud and retain IP
• Local and cloud networks are address
independent • Local site connects to cloud site via secure VPN tunnel
• Cloud servers on cloud site • Suitable if tightly dependent services on local site (like
accessible through the Point- webserver and database server)
to-site VPN and public IP • Partial failover where one server recreated on cloud and
address if assigned other stays on local site, able to communicate on VPN
tunnel

#CyberFit Academy
Disaster Recovery (Advanced Pack)

i
Multi-site IPsec VPN

• Requires local VPN device supporting IPsec IKE v2

• When configuring, automatically creates a cloud VPN gateway with public IP address
• Local sites connected to cloud site via secure IPsec VPN tunnel
• Suitable when one or several local sites are hosting critical workloads or tightly
dependent services
• Partial failover of one server, server recreated on cloud site while others remain at local
site: communicate via IPsec VPN tunnel
• Partial failover of one of the local sites: rest of the local sites still operational and able to
communicate though IPsec VPN tunnel

#CyberFit Academy
Disaster Recovery (Advanced Pack)

i
Point-to-site remote VPN

• Secure point-to-site remote VPN access to cloud and local site

workloads from outside using endpoint device

• Local site access: type of connection requires VPN appliance

deployed on local site

#CyberFit Academy
Disaster Recovery (Advanced Pack)

i
Automatic deletion of unused customer environments on cloud site

• Service tracks usage and if unused will automatically delete

• Criteria if tenant is active:
• AT least one cloud server or were cloud servers in last seven days OR
• VPN access to local site option enabled and either the site-site Open VPN tunnel is
established or data reported from VPN appliance for the last seven days
• Rest of tenants considered inactive. For those system performs:
• Deleting VPN gateway and all cloud resources related to tenant
• Unregisters VPN appliance
• Inactive tenants rolled back to state before connectivity was configured

#CyberFit Academy
Section Summary

• Disaster Recovery options include Cloud Only, Site-to-Site Open VPN, Point-
To-Site Remote VPN and Multi-site Ipsec VPN.

#CyberFit Academy
Cyber Protect Cloud
Overall Security

#CyberFit Academy
Acronis Secure Zone

Secure Zone: secure partition created

on local disk of machine being backed
up:
• Handy for protecting data from software
malfunctions, virus attacks and/or human error
• Eliminates need for separate media or network
connection to backup/recover data
• Can be used as “staging” storage prior to
replication of backups
• Secure Zone formatted with FAT32. Backup
larger than 4Gb, automatically split.
• Сan be encrypted

#CyberFit Academy
Acronis Secure Zone

Secure Zone:
Limitations
▪ Cannot be created on Mac
▪ Does not protect against physical failure of local
disk
▪ Cannot be organized on dynamic disk or created
as logical volume (managed by LVM)

#CyberFit Academy
Anti-Virus/Anti-Malware
? Utilizing third party and some Acronis features?

? Utilizing Acronis only but making a switch from another

vendor?

? If combined, who has first right of refusal?

EICAR test only detected when Advanced Antimalware

? option is enabled in protection plan (Advanced Security
pack). Does not affect capability though.

#CyberFit Academy
Anti-Virus/Anti-Malware

i Prevent compatibility / performance issues, real-time protection cannot

work parallel with other solutions that also utilize real-time protection

• If machine (Windows outside of Windows Server) already protected by another

solution, real-time protection automatically turned off
• Would need to disable/uninstall other solution to turn Acronis real-time protection
on
• Making the switch to Acronis as full replacement, need to disable/uninstall other
solution
• Acronis real-time protection can replace Microsoft Defender real-time protection
automatically
• NOTE: Windows Server O/S: Defender not turned off automatically when real-time
protection enabled: administrator must turn off Defender manually
• URL Filtering is another area if turning on to test for conflicts

#CyberFit Academy
MS Allocated Filter Altitudes

Activity Monitor

Command FLTMC
• File System Minifilter Drivers
• option drivers add value or modifies
behavior of a file system
• Rootkits can obfuscate their presence
(installing a minifilter driver and intercept
and filter calls between legitimate drivers
and the system). Good practice to
document known minidrivers installed on
systems.
• FLTMC display existing filters: can delete
malicious ones

#CyberFit Academy
MS Allocated Filter Altitudes

Activity Monitor

• 360000 – 389999 series

• Acronis – NgScan.sys 389310
• Continuous Backup
• 289000 (280000 – 289998 series)
• File_monitor.sys 289000
• File_tracker.sys – 281420
• Afcdp.sys – 281400

#CyberFit Academy
MS Allocated Filter Altitudes

Activity Monitor

• System Recovery
• file_protector.sys 227000 (220000 –
229999 series)
• Virtualization
• virtual_file.sys 132400 (130000 – 139999
series)
• Lower the altitude, closer to the file system

#CyberFit Academy
Anti-Virus/Anti-Malware
? I have third party solution running (real-time protection off
with Acronis) and other components of Acronis running
(Ransomware protection), who has first right of refusal?

• Run as administrator with command prompt

• Type fltmc instances (or fltmc if you know the filters)

• Look for ngscan and the altitude

• Other provider lower than ngscan, first right of refusal to

attempt to pick up bad/malicious type file

• Other information in the next sections of course

#CyberFit Academy
Anti-Virus/Anti-Malware

#CyberFit Academy
Section Summary

• Acronis Secure Zone is a secure partition created on a local disk of a

machine being backed up. This can be used as a staging storage area prior
to a replication of a backup. It is formatted in a FAT32 format. If files are larger
than 4GB, the file is automatically split. Another benefit is protecting data
from virus attacks, human error, and/or software malfunctions.
• In order to prevent conflicts with anti-virus/anti-malware solutions, when
creating a protection plan with real-time protection on, if another solution for
anti-virus/anti-malware is installed and actively running, it will be disabled
when trying to save the protection plan.
• In order to have Acronis real-time protection be active and running properly,
another anti-virus/anti-malware solution will need to be disabled or
uninstalled to properly function

#CyberFit Academy
Cyber Protect Cloud
Building Stage

#CyberFit Academy
Building Stage

1. Backup
2. Vulnerability Assessment and Patch Management
3. Service Names and Purpose
4. Disaster Recovery
5. Overall Security

#CyberFit Academy
Cyber Protect Cloud
Backup

#CyberFit Academy
Install VMware Agent from OVF Template

Default Appliance assigned 4GB Ram and 2 vCPU’s

• Increase to 8GB Ram and 4 vCPU’s if backup traffic bandwidth

over 100MB per second
• Occupies no more than 6GB (thick or thin format – does not
matter)

#CyberFit Academy
Install VMware Agent from OVF Template

Agents needed

• Best practice: one virtual appliance per vSphere cluster: or per

host if no cluster
• Faster since appliance can attach to backed up disks using
HotAdd transport
• Normal for both virtual appliance and Agent for VMware at the
same time
• Connected to same Vcenter Server OR connected to different ESXi
hosts
• Avoid one agent connected to ESXi directly and another agent
connected to vCenter Server managing the ESXi

#CyberFit Academy
Install VMware Agent from OVF Template

Not recommended using local attached storage if

more than one agent

• If virtual appliance deployed to vSphere cluster

• In cluster DRS settings; enable individual virtual machines automation
levels
• Set “automation level” for the virtual appliance to “disabled”

#CyberFit Academy
Install VMware Agent from OVF Template
i
Deploying OVF Template
1. Click “All devices > Add > VMware ESXi > Virtual
Appliance (OVF)

i
2. Zip archive (unpack archive). One .OVF file and two .vmdk files
3. Make sure files accessed from machine running vSphere Client

#CyberFit Academy
Install VMware Agent from OVF Template
i Start vSphere Client: log into vCenter
Server

1. Deploy OVF template

2. Select the OVF template via URL or local file (select
all three files)
3. Provide machine name and select destination
compute resource
4. Review details
5. Select storage (virtual disk format thin or thick –
does not matter)
6. Select networking source
7. Configure CPU and memory and other options
8. Power on machine
9. Agent can properly register in the cloud

#CyberFit Academy
Install VMware Agent from OVF Template

Network settings

• Configured automatically using DHCP (Dynamic Host

Configuration Protocol)
• Change default configuration under “Agent options” and in
eth0 click change and specify your network settings

#CyberFit Academy
Install VMware Agent from OVF Template

In vCenter/ESXi

• Under “Agent options” click change: specify vCenter Server name or IP

address
• Agent able to backup/recover any vm managed by vCenter Server
• No vCenter Server: specify name or IP address of ESXi host on virtual machines
you want to backup/recover
• Backups run faster when agent backs up vm’s hosted on own host
• Specify credentials agent use to connect to vCenter Server of ESXi
(recommend using account with “Administrator” role assigned)
• Click “Check connection”: make sure access credentials correct

#CyberFit Academy
Install VMware Agent from OVF Template

Management Server

• “Agent options” in “Management Server” click change

• Select “Cloud” in “Server name/IP” (do not change address
unless instructed by Acronis)
• Specify User Name and Password for Cyber Protection Service

#CyberFit Academy
Install VMware Agent from OVF Template

Time Zone

• Under “Virtual machine” and “Time zone” click change

• Select time zone of location: ensures scheduled operations
run at appropriate time

#CyberFit Academy
Install VMware Agent from OVF Template

Local Storage (optional)

• Can attach additional disk to virtual appliance: so agent can

back up to this local attached storage
• Add disk via editing setting of virtual machine: click “Refresh”
• “Create Storage” link becomes available: click link, select disk
and specify label

#CyberFit Academy
Cyber Protect Cloud
Vulnerability Assessment and
Patch Management

#CyberFit Academy
Vulnerability Assessment Scanning Considerations

When To Scan

• Reminder: Need to have at least one vulnerability

scan using a protection plan
• Most choose time (after hours or prior to Patch
Tuesday)
• Other options
• Prevent sleep/hibernation during a scan?
• Wake up from sleep/hibernate mode to scan?
• Think of options that benefit when you patch
systems and how environment is run

#CyberFit Academy
Automatic Patch Approval – Test/Production
Have two environments: test and production

Test environment:
Test patches beforehand, one can automatically
install good patches to production

Products want to update:

Read and accept license agreements (automatic will
not work if you do not choose)
• Software Management > Patches > Settings >
Automatically accept license agreements

#CyberFit Academy
Test Plan Setup

Group test machines and apply protection plan to

group (or single test machine)

• Create group for protection plan with patch management enabled

(VA Scan turned on to enable patch management module)
• Apply to machines in test group
• Patch approval status marked “Not Defined” (see Software
Management > Patches)
• By default: patches are listed as “not defined”
• Need to validate patches and make sure working after patching
• Can specify criticality/severity and what type of patches in plan!

#CyberFit Academy
Test Plan Setup
i • Patches with no issues: leave as not defined
• Patches with issues: set to declined!!!!
• Looks at number of days to set automatic
approval
• Patches still listed as not defined become
approved
• Based on these days, those patches “not
defined” become
• approved
• Think of when you want to test
• Microsoft Patch Tuesday – maybe Wednesday
for testing?
• Setting for automatic approval: three days

#CyberFit Academy
Production Plan Setup

Group production machines and apply protection plan

to the group (or a single production machine if applies)

• Create group for protection plan with patch management enabled

• Apply to machines in production group
• Patch approval status marked “approved”
• Option in Software Management > Patches (change approval status to
“Approved” for those want to patch to production)
• Needed to validate patches and make sure working after patching
• Can also specify criticality/severity and what type of patches in plan!
• Only patches approved get installed (and criteria for criticality/severity
etc…)

#CyberFit Academy
Best Practice – Setup Test Plan
Test system and protection plan

Plans > Protection > Create plan and enable patch

management (VA module on if patch module
chosen).
Pre update option desired: backup to be enabled
and entire machine or boot+system volumes

#CyberFit Academy
Best Practice – Setup Test Plan
Test system and protection plan

Define products to update and

approval status “not defined”

NOTE: while “not defined” Severity

“high” and “critical” selected along
with all products here!

#CyberFit Academy
Best Practice – Run Test Protection Plan

1. Run testing plan (scheduled or on-demand)

2. Check which patches are safe or not
3. Go to Software Management > Patches
4. Patches good – change to approval status
5. Patches bad – change to declined

#CyberFit Academy
Automatic Approval Discussion

Number of days:
Days listed starting from first attempt to patch

• Patch status “Not defined” approved

automatically

#CyberFit Academy
Automatic Approval Discussion

Example three days:

Sequence of events

• Testing plan performed. Patches broke?

Mark “decline”
• Other patches leave “not defined”
• Three days pass: patches not defined
become approved

#CyberFit Academy
Automatic Approval Discussion

Auto accept license agreements

no confirmation from user

• Check the box in order for automatic

patching to occur

#CyberFit Academy
Automatic Approval Discussion

Think of after hours and when testing

should start

• After Patch Tuesday?

• Production times scheduled: outside of
working hours?
• Reboot options (after update reboot?
Wait till backups are finished?)

#CyberFit Academy
Best Practice – Setup Production Plan
Production system and protection plan

Plans > Protection > Create plan and enable patch

management. Pre update option desired, backup to
be enabled and entire machine. Recommended to
have pre-update backup on for production rollout.

#CyberFit Academy
Best Practice – Setup Test Plan
Production system and protection plan

Define products to update and

have approval status
“approved”

NOTE: while “Approved”

severity “high” and “critical”
selected along with all
products here!

#CyberFit Academy
 Flowchart Cheat Sheet

#CyberFit Academy
Updater Role for Downloading Updates

• Minimize network bandwidth: select agents

to provide updates (peer-to-peer fashion)
• Non updater agents: connect to Internet if no
dedicated agent or if dedicated updater
agents cannot be established for
approximately five minutes
• Make sure machine(s) is (are) powerful
enough, enough disk space and stable high-
speed Internet connection to be assigned the
updater role.
• Antimalware, Vulnerability Assessment and
Patch Management updates 1. Settings > Agents
• Can setup a schedule for when to update 2. Select Machine to assign updater role
3. Click Details and select below

#CyberFit Academy
Updater Role for Downloading Updates

Firewall rules if selecting machine for updater role

• Incoming allow TCP ports 18018 and 6888 for all firewall
profiles (public, private, and domain)
• Incoming allow UDP port 6888 for all firewall profiles
(public, private, and domain)

Restart Acronis Agent Core Service and then restart firewall

service if modified
• If rules and firewall not applied, agents will download
updates from the cloud directly

#CyberFit Academy
Updater Role for Downloading Updates
• Updating on demand
1. Settings > Agents
2. Select machine to update definitions
and click update definitions
• Cache storage
• Locations (ensure to show hidden
items under view in explorer):
• Windows:
C:\ProgramData\Acronis\Agent\var\atp-
downloader\Cache
• Linux: /Opt/acronis/var/atp-
downloader/Cache
• Mac: /Library/Application
Support/Acronis/Agent/var/atp-
downloader/Cache

#CyberFit Academy
Section Summary

• Installing VMWare Agent from an OVF template is possible. The default

appliance is assigned 4GB Ram and 2 vCPU’s. Thick or thin format does not
matter and occupies no more than 6GB. If backup traffic bandwidth is over
100MB per second (and can apply), increase to 8GB Ram and 4 vCPU’s.
There is one OVF file and two .vmdk files.
• Having a test and production area for patch management is a good practice.
Testing patches beforehand can determine if patches will impact systems
negatively. Patches are marked “not defined” by default. Validate patches
and decline them or keep “not defined” which will move to approved after
the number of days you setup.
• Acronis Cyber Protect Cloud can allow you to specify severity/criticality and
what type of patches you want to patch.

#CyberFit Academy
Section Summary

• In your production protection plan, those patches ensure those are setup as
approved so only approved patches get applied to production systems and it
is advisable to have the pre-update backup turned on in the event
something happens to a production system during patching.
• Updater role allows for patches and definition files to be downloaded in a
peer-to-peer fashion to help minimize network bandwidth. In the event the
dedicated agent or dedicated update agent cannot be established in about
five minutes, machines will connect to the Internet. Ensure machines in the
updater role are powerful enough, have enough disk space and a stable
high-speed Internet connection.

#CyberFit Academy
Cyber Protect Cloud
Service Names and Purpose

#CyberFit Academy
Service Names and Purpose

Service name Purpose

Acronis Managed Provides backup, recovery, replication,

Machine Service retention, validation functionality

Acronis Scheduler2 Executes scheduled tasks on certain

Service events

Acronis Active Provides protection against ransomware

Protection Service

Acronis Cyber Provides antimalware protection

Protection Service

Acronis Agent Core Enables the Core Service for the Acronis
Service Agent. Communication between Agent
and management components

#CyberFit Academy
Services Information

Acronis Manage Acronis Scheduler2 Acronis Active

Machine Service (MMS) Service Protection Service

▪ Process is mms.exe and child ▪ Process is schedul2.exe and child ▪ Process is mms.exe and child
process is service_process.exe process is schedhlp.exe Process is
active_protection_service.exe
▪ Database: ▪ Logs:
C:\ProgramData\Acronis\Backup C:\ProgramData\Acronis\Schedul ▪ Database:
AndRecovery\MMSData\DML e2 C:\ProgramData\Acronis\ActivePr
otection
▪ Logs:
C:\ProgramData\Acronis\Backup ▪ Logs:
AndRecovery\MMS C:\ProgramData\Acronis\ActivePr
otection\Logs

#CyberFit Academy
Services Information

Acronis Cyber Acronis Agent Core

Protection Service Service

▪ Process is aakore.exe
▪ Process is cyber-protect-
service.exe ▪ Logs:
C:\ProgramData\Acronis\Agent\v
▪ Logs:
ar\log\aakore
C:\ProgramData\Acronis\CPS\Lo
gs ▪ Console shows agent offline even
after operating system started up:
restart this service

#CyberFit Academy
Cyber Protect Cloud
Disaster Recovery

#CyberFit Academy
Disaster Recovery

Technical side notes

• Cloud only mode can have up to 5 networks

• Cannot delete cloud network if at least one cloud server in there.
Delete cloud server then delete the network
• IP addresses assigned to local and cloud servers must be consistent
(otherwise you see exclamation mark next to network in “Disaster
Recovery > Connectivity)
• Common reasons happens:
• Recovery server migrated from one network to another
• Connectivity type switched (site to site to multi-site IPsec or vice
versa)

#CyberFit Academy
Considerations for Site-to-Site vs Multi-site IPsec
Site-to-site Open VPN Multi-site IPsec VPN

Local site support Single Single, Multiple

VPN Gateway mode L2 Open VPN L3 IPsec VPN

Network segments Extends the local network to the cloud Local networks and cloud network
network segments should not overlap

Supports Point-to-Site access to local site Yes No

Supports Point-to-Site access to cloud site Yes Yes

Requires public IP No Yes

#CyberFit Academy
Cyber Protect Cloud
Overall Security

#CyberFit Academy
Encryption

• 128, 192 or 256?

• 256 = military grade encryption
• Rounds: 10, 12, 14 respectively (larger size, long to encrypt
backups, yet “more secure”)
• AES in Cipher-Block Chaining (CBC mode)
• When utilizing encryption
• Encryption key randomly generated for every backup archive
• Backup encrypted with generated “session” key
• Session key encrypted with a key KDF function (PBKDF2)
• Based on PRF function (HMAC-SHA256)
• Applied many times
• Default is 218 and 210 in services where archive is not directly accessible
and password is checked on server side

#CyberFit Academy
Encryption

• Password hashes generally built on top of PRF

(Pseudo Random Functions) and usual form is
HMAC (hash based message authentication
code).
• Password hash needs salt (so identical
passwords will not map to same hash)
• Prevents rainbow tables – (precalculated
password hash/pairs) being used
• Don’t have this: attacker can test large amount of
possible passwords, use brute force or dictionary
attack)

#CyberFit Academy
Encryption

• Allows 10 login attempts and shuts down in order to

avoid brute force attack
• Error message right after 10th failed attempts
(lockout happens after 10th failed attempt)
• Lockout period is 5 minutes
• Attempt limit period is 15 minutes (limit gets reset
after timeout)
• Does Acronis salt passwords? Yes
• Passwords not stored on disk or in backups: password
hash used for verification.

#CyberFit Academy
Think Of Running Other Solutions

Key is real-time protection and URL

Filtering
• Have test environments in order to test
• All systems are different
• Examples:
• Quick scan and one vendor conflict yet another is ok
• One vendor detect and alert but another does not
• Key parts are real-time protection and URL filtering to test
against
• Test other parts but start with above as main causation

#CyberFit Academy
Section Summary

• Different services have different purposes and each has logs associated with
it and certain services have databases
• Disaster Recovery cloud only mode can have up to five networks. You
cannot delete cloud network if there is at least one cloud server. Delete
cloud servers and then delete the network. Site-to-site utilizes L2 Open VPN
while Multi-site Ipsec VPN utilizes L3 Ipsec VPN Gateway modes.
• 256 bit encryption is considered military grade encryption and 128, 192 and
256 bit encryption is available. Rounds are 10,12 and 14 respectively and
larger in size and longer to encrypt backups. To prevent rainbow table issues,
Acronis salts passwords and also provides brute force protection but locking
out logins after the 10th failed attempt with a lockout period of five minutes.
Passwords are not stored on disk or in backups.
• Ensure to test when working with two different anti-virus/anti-malware
systems on trying to work with different components.

#CyberFit Academy
Cyber Protect Cloud
Execution Stage

#CyberFit Academy
Execution Stage

1. Backup
2. Protection Plan Conflict Resolution
3. Support Tips

#CyberFit Academy
Cyber Protect Cloud
Backup

#CyberFit Academy
Cloud Applications Backup
i
Go to “Plans” > “Cloud applications backup”
1. Create plan
2. Choose “What To Backup Up” (M365 or OneDrive for Class Purpose)
3. Choose “Devices” to select which devices
4. Establish retention rules and other options desired (depending on select
of what to backup, different options appear)
5. Hit “Apply”

#CyberFit Academy
Backup/Recover M365 Data
i Recommended to backup up gradually in this
order:
1. Mailboxes
2. OneDrive items
3. SharePoint Online sites
First full backup can take awhile (up to several days)
depending on number of protected items and size

-
Limitations
• Mailbox backup includes only folders visible to users (ie…recoverable
items folder and subfolders not included in mailbox backup)
• Auto creation of users/public folders/groups/sites during recovery not
possible

#CyberFit Academy
Backup/Recover M365 Data
i
• Account must be assigned the global administrator role
• To backup/recover public folders, one admin account
must have mailbox and read/write rights to public folders
wanting to back up
• Cloud agent does not log into M365: agent gives
permissions directly by M365 (only need to confirm
granting permissions once). Agents do not store
credentials (not use them to perform backup/recovery).
• Changing password or disabling/deleting this account in
M365 does not affect agent operation

#CyberFit Academy
Backup M365 Data
i
Click “Microsoft 365” (multiple organizations, select
organization)

• Backup files of all users: Expand “Users” node, select “All users”, click
“Group Backup” (choose backup plan established already)

#CyberFit Academy
Backup M365 Data
i
• Backup of individual user: Expand “Users” node,
select “All users”, select users and click “Backup”
• Ensure Microsoft 365 mailboxes selected in “What
To Back Up” in protection panel
• If backup plan not created, option to create at this
time

#CyberFit Academy
Recover M365 Data
i
1. Click “Devices > Microsoft 365
2. Choose User and select “Recovery”
• Filter by content select “Microsoft 365 Mailboxes”
• Choose Recovery Point and hit “Recover”
• Select either “Entire mailbox” or “Email messages”
✓ If entire mailbox: select start recovery
✓ If email messages: select folder and emails to
recover
✓ Several emails: recover option only
✓ One email selected: “Show content”, “Send
as email” and “Recover” options

#CyberFit Academy
Backup/Recover OneDrive
?
What can be backup up?

• Entire OneDrive or individual files/folders

• Files backup up together with sharing permissions
• Advanced permission levels are NOT backup up (design, full, contribute)

?
What can be recovered?

• Entire OneDrive, any file/folder backed up

• Can use search to locate items
• Choose to recover sharing permissions or let files inherit permissions
• Sharing links for files/folders not recovered

#CyberFit Academy
Backup OneDrive
i

Click “Microsoft 365” (multiple organizations, select

organization)
• Backup files of all users: Expand “Users” node, select “All
users”, click “Group Backup”

#CyberFit Academy
Backup OneDrive
i
• Backup of files individual users: Expand “Users” node,
select “All users”, select users and click “Backup”
• Ensure OneDrive selected in “What to back up” in
protection panel (user needs OneDrive service of
course)
• In “Items to back up” options:
a) All, specify files/folders by adding names or paths (can use
wildcard characters)

b) Specify files/folders by browsing (browse links available only for

single user)

c) Can show exclusions in items to backup to skip during backup: if

file selected and added to exclusion: file skipped during backup.

#CyberFit Academy
Recover – Entire OneDrive
i Click “Microsoft 365” (multiple organizations, select
organization)
1. Expand “Users” node, select “All users”, Select User, click “Recovery”

2. User deleted: select “Cloud application backups and click “Show

Backups”

3. Search by name: wildcards not supported

4. Select recovery points (Recovery points only contain OneDrive files select
OneDrive in “Filter by content”

5. Click “Recover > Entire OneDrive (again multiple organizations, select

organization)

6. View, change or specify target user in “Recover to drive”

7. Select if to recover sharing permissions

8. Click “Start recover” (select “Overwrite existing files, Overwrite existing file
if older, or do not overwrite existing files”)

9. Click “Proceed”

#CyberFit Academy
Recover - OneDrive Files
i Click “Microsoft 365” (multiple organizations,
select organization)
1. Expand “Users” node, select “All
users”, select user, click “Recovery”
2. User deleted: select “Cloud
application backups and click “Show
Backups”
• Search by name: wildcards not supported

3. Select recovery points (Recovery

points only contain OneDrive files
select OneDrive in “Filter by content”
4. Click “Recover > Files/folders (browse
or search: if encrypted no search
capability)

#CyberFit Academy
Recover - OneDrive Files
i 1. Select files to recover (can show versions if not
encrypted)
2. Can download file and save if desired
3. Click “Recover” (again multiple organizations,
select organization)
4. View, change or specify user in “Recover to
drive”
5. View, change target folder in “Path”
6. Select to recover sharing permissions
7. Click “Start recovery” (select “Overwrite existing
files, Overwrite existing file if older, or Do not
overwrite existing files”
8. Click “Proceed”

#CyberFit Academy
Cyber Protect Cloud
Protection Plan Conflict
Resolution

#CyberFit Academy
Protection Plan Conflicts
I
Resolving plan conflicts

• Anti-Virus/Anti-Malware in one plan and another plan has Backup

I
Similar modules enabled in an applied
protection plan, will need to resolve the
conflict

#CyberFit Academy
Protection Plan Conflicts
I I Edit a plan on device(s) with already
Can apply different protection
applied plans that conflict with
plans to one device changes made, resolve in two ways

Creating a new plan on device(s) with 1. Save changes to plan and disable
already applied plans that conflict with all the already applied conflicting
new plan, two ways: plans
1. Create new plan, apply it, and disable
all the already applied conflicting plans 2. Save changes to the plan and
2. Create a new plan and disable disable it

#CyberFit Academy
Protection Plan Conflicts
I
Device plan conflicts with a group plan

Device included in a group of devices with assigned group plan (dynamic

groups example), trying to assign new plan to a device, system will ask to
resolve conflict by performing the following:
• Remove device from group and apply a new plan to that device
• Apply a new plan to entire group or edit the current group plan

#CyberFit Academy
Protection Plan Conflicts
I
Licensing thought:

Assigned quota on device must be appropriate for protection plan to be

updated, applied, or performed. Resolve license issue:
• Disable modules unsupported by assigned quota and continue using
protection plan
• Change assigned quota manually (Devices > (choose device) > Details >
Service Quota. Revoke existing quota and assign new one

#CyberFit Academy
Cyber Protect Cloud
Support and Resolution
Tips

#CyberFit Academy
Web Recovery Console
i
1. Choose any machine under All devices
2. Switch to Recovery tab → More ways to
recover…
3. Browse backups to find desired data,
choose files/folders needed to recover.
4. Click Download.

-
Limitations
• Only cloud backups listed
• Disk/Image recovery not possible
• Login to WR console possible only with customer user’s
credentials

#CyberFit Academy
 Log File Please
I
Collect system information

• Settings > Agents (select system) > Details > Collect System Information
• Devices > (select device) > Activities > Collect System Information

I
For offline agents see AcronisInfo utility:
http://kb.acronis.com/content/2707

I
Bootable Media

#CyberFit Academy
HAR File – Google Chrome
I
Press F12 to open Developer Tools windows: then click Network tab:

• Troubleshooting web console issues in Acronis solutions

I
To collect from machine trying to connect to web console

• Agent or Backup components not required for HAR log collection .

#CyberFit Academy
HAR File – Google Chrome
I
HTTP Archive Format

I
Press Clear to clean up current network log

#CyberFit Academy
HAR File – Google Chrome
I
Select “Preserve log” check box

#CyberFit Academy
HAR File – Google Chrome
I
• Reproduce issue
1. After reproducing issue, press Ctrl+A to
select all entries in log
2. Right-click (Windows) or Ctrl+click
(Mac) within the network table (menu
appears)
3. Select Save as HAR with Content
• Might say “Save All as HAR with
content”
4. Specify where to save and click “Save”.

#CyberFit Academy
Alerts and Support

See the alerts and then

choose “support”

Dashboards > Alerts

#CyberFit Academy
Alerts and Support
I
• Takes to the Knowledge Base
• Creating a ticket
• Go to account.Acronis.com
• Log in and then go to profile icon and
select support requests
• Submit new request and choose support
for service providers

#CyberFit Academy
Knowledge Base
I• Acronis Knowledge Base (kb.acronis.com): main
resource for official information about:
• product functionality
• product limitations
• known issues
• troubleshooting techniques
• support tools and usage
• other relevant support information
• Acronis Cyber Protect Cloud articles listed and
grouped by topics at
https://kb.acronis.com/acronis-cyber-protect-
cloud

#CyberFit Academy
Forums
I
Acronis Cyber Protect Cloud forum at:
https://forum.acronis.com/forum/solutions-service-
providers/acronis-cyber-protect-cloud-forum

#CyberFit Academy
Section Summary

• Acronis Cyber Protect Cloud provides the opportunity to backup and

recover Microsoft 365 and OneDrive (along with other cloud applications).
For Microsoft 365, the cloud agent does not log in. The Acronis agent does
not store credentials and changing the password or disabling/deleting the
account does not affect agent operation.
• OneDrive can back up an entire drive or individual files/folders along with
sharing permissions. Advanced permissions are not backed up (design, full,
contribute).
• One can apply different protection plans to one device however similar
modules enabled inside different protection plans for the same device, you
will need to resolve the plan conflict. This can be with a single device or
within group plans and there are few ways to resolve conflicts. An assigned
quota on a device needs to be appropriate for the protection plan to be
updated, applied, or performed.

#CyberFit Academy
Section Summary

• A HAR file (HTTP Archive Format) is a file for troubleshooting web console
issues. The agent is not required on the machine where collecting the HAR
log file.
• Acronis has various help available from a knowledge base, forums and
technical support. When you view an alert inside the console, you can hit the
support link that will bring you to the knowledge base where you can search
and/or log in to submit a new support request.

#CyberFit Academy
What’s Next?

#CyberFit Academy
Review the Materials

Download and review

the course materials

Re-watch the videos as

many times as you’d like

#CyberFit Academy
Take the Exam

20 Multiple-choice questions

60 Minutes working time

70% Passing grade

Two attempts given

Open book

#CyberFit Academy
Certification Track

#CyberFit Academy
Certification Track

Cloud Tech Fundamentals

STEP

1 Already Should Have Taken

#CyberFit Academy
Certification Track

Cloud Tech Fundamentals

STEP

1 Already Should Have Taken

Cloud Tech Associate

STEP (Security/Backup/
2 Disaster Recovery)
Already Should Have Taken

#CyberFit Academy
Certification Track

Cloud Tech Fundamentals

STEP

1 Already Should Have Taken

Cloud Tech Associate

STEP (Security/Backup/
2 Disaster Recovery) Cloud Tech Professional
STEP
Already Should Have Taken COMPLETED 3

#CyberFit Academy
Certification Track

STEP
STEP Acronis #CyberFit Cloud Tech Certifications
23 Consists of the following courses (specializations) COMPLETED

Optional:

#CyberFit Academy
Earn digital badges with
The world’s largest digital credential network

Earn and share badges to showcase How do I share my badge?

professional achievements.
• Log into www.credly.com
</> • Got to Dashboard > select the badge >
click “Share”
• Connect your social media accounts
How do I earn a badge?
• Complete a certification training with the
Acronis #CyberFit Academy
• You’ll need to accept your first badge via email
• Badges are verifiable and valid for 12 months

#CyberFit Academy
Other Acronis Resources

• Inside Sales
• Field Sales
• Partner Success Managers
• Solution Engineers
• Sales Enablement Team
• Partner Portal for More #CyberFit
Academy Training Courses and easy-to-
use Marketing materials

#CyberFit Academy
Supplemental Materials

The Evangelism Team at Acronis will be periodically releasing

new content
Please check back often
Check email for #CyberFit Academy Updates
https://kb.acronis.com/academy
Social Media Accounts
• Instagram: https://www.instagram.com/acronis
• Facebook: https://www.facebook.com/acronis
• Twitter: https://twitter.com/Acronis
• Reddit: https://www.reddit.com/r/acronis
• YouTube: https://www.youtube.com/user/Acronis

#CyberFit Academy
Cyber Foundation
Building a More
Knowledgeable Future

Create, Spread and Protect

Knowledge with Us!
www.acronis.org
Building New Schools
Publishing Education Programs
Publishing Books

#CyberFit Academy
 Appendix “A”
• MS Teams and Google Backup and Recovery
Processes

#CyberFit Academy
Backup/Recover MS Teams
i
What can be backed up?

• Entire Teams (includes team name, members list, channels and content, team mailbox and site)
• What can be recovered
• Entire team, team channels, channel files, Team mailbox
• Email folders and messages in team mailbox, meetings, team site
• You CANNOT recover conversations in team channels (but download as a single html file)
• Limitations
• Items NOT backup up
• Settings of general and custom channels (moderation preferences) due to Team API limitation
• Meeting notes, chat, stickers and praises
• Channel tabs backup and recover supported for Word, Excel, PPT, PDF and Document library

#CyberFit Academy
Recover MS Teams
i
Click “Microsoft 365 (multiple organizations, select organization)

• Two choices:
• Backup all teams in organization: expand “Teams” node, select “All teams”, click
“Group backup”
• Backup of individual teams: expand “Teams” node, select “All teams”, select teams
want to back up and then click “Backup”
• Can search teams by name: wildcards not supported
• Protection panel:
• “What to back up” select Microsoft Teams
• Selection “How long to keep and set cleanup options (optional)
• Enable encryption if desired (optional)

#CyberFit Academy
Selecting and Backing Up MS Teams
I
1. Click “Microsoft 365 (multiple organizations, select organization)
2. Expand “Teams” node, select “All teams”, select team want to recover, click “Recovery”
3. Can search teams by name: wildcards not supported
4. Select recovery point
5. Click “Recover > Entire Team (multiple organizations, select organization)
6. View, change or specify target team in “Recover to team”
7. Click “Start recovery” and choose overwriting options
8. Click “Proceed”

#CyberFit Academy
MS Teams Side Notes
i
Conversations recovered as single HTML file in “Files” tab of change

• Location based on following pattern

• <Team name>_<Channel name>_conversations_backup_<date of recovery>T<time
of recovery>Z.
• After recovering team or team channels
• Go to Microsoft Teams and select channels recovered. Click “Files” tab
• If you do not, subsequent backups of these channels will not include this tab’s
content: due to API limitation of Microsoft Teams
• If channel is deleted from MS Teams’ GUI, not immediately removed
• When you recover the whole team, channel’s name cannot be used and a postfix will
be added to it

#CyberFit Academy
Recover MS Teams Mailbox
I
1. Click “Microsoft 365 (multiple organizations, select organization)
2. Expand “Teams” node, select “All teams”, select team to recover, click “Recovery”
3. Can search teams by name: wildcards not supported
4. Select recovery point
5. Click “Recover > Email messages
6. Click “recover folders” icon, select root mailbox folder and click “Recover”
7. Can recover individual folders from selected mailbox
8. Click “Recover (multiple organizations, select organization)
9. View, change or specify target mailbox in “Recover to mailbox”
10. Click “Start recovery” and choose overwriting options
11. Click “Proceed”

#CyberFit Academy
Recover MS Teams Messages and Meetings
I 1. Click “Microsoft 365 (multiple organizations, select organization)
2. Expand “Teams” node, select “All teams”, select team, click “Recovery”
3. Can search teams by name: wildcards not supported
4. Select recovery point
5. Click “Recover > Email messages
6. Browse to item or use search (several search options available)
7. Select item to recover: click “Recover” (meetings in Calendar folder)
8. Can Show content and send as email to send to an email address
9. Multiple organizations, select organization
10. View, change or specify target mailbox in “Recover to mailbox”
11. Click “Start recovery” and choose overwriting options
12. Click “Proceed”

#CyberFit Academy
Recover MS Teams Site (or Items of Site)
I 1. Click “Microsoft 365 (multiple organizations, select organization)
2. Expand “Teams” node, select “All teams”, select team, click “Recovery”
• Can search teams by name: wildcards not supported
3. Select recovery point
4. Click “Recover > Team site
5. Browse to item or use search (if encrypted no search feature)
6. Select item to recover: click “Recover” (Multiple organizations, select organization)
7. View, change or specify target team in “Recover to team”
8. Select to recover sharing permissions
9. Click “Start recovery” and choose overwriting options
10. Click “Proceed”

#CyberFit Academy
Backup Gmail Mailboxes
i
What can be backed up

• User mailboxes (includes calendar and contact data)

• You can choose to backup shared calendars (optional)
i
What is skipped during a backup
• Birthdays, Reminders, Tasks calendars
• Folders attached to calendar events
• Directory folder in contacts
• Following calendar items skipped (due to API limitations in Google Calendar)
• Appointment slots
• Conferencing field of an event
• Calendar setting “All-day event notifications and “Auto-accept invitations (in calendars for rooms or
shared spaces

#CyberFit Academy
Backup Gmail Mailboxes
i
Following contact items skipped (due to API limitations in Google Calendar)

• Other contacts folder

• External profiles of a contact (Google profile, Directory profile)
• Contact field “File as”

#CyberFit Academy
Recover Gmail Mailboxes
i
What can be recovered

• Mailboxes
• Email messages and email folders (Labels are presented in backup software as folders)
• Calendar events
• Contacts
i
Can use search to locate items in backup (unless encrypted backup)
• When recovering mailboxes and items, select whether to overwrite items
• Limitations
• Contact photos not recover
• Out of Office calendar item is recovered as regular calendar event (due to API limitation with
Google Calendar)

#CyberFit Academy
Selecting Gmail Mailboxes
i
Selecting Mailboxes

1. Click “G Suite” (if multiple organizations added, select organization whose user’s data
want to back up)
2. One of the following to do:
• Back up mailboxes of all users: expand “Users” node, select “All users”, click “Group
backup”
• Back up individual user mailboxes: expand “users” node, select “All users”, select
users mailboxes want to backup and click “Backup”

#CyberFit Academy
Selecting Gmail Mailboxes
i
Selecting Mailboxes

3. On the protection panel

• Ensure Gmail item is selected in “What to backup”
• Enable “Include shared calendars” switch if wanting to backup calendars shared with selected users
• Want to have “full-text search” through backed-up email messages: click gear icon at “Backup
Options > Full-text search”
• Full-text search: defines if email messages are indexed by cloud agent. Enabled then can search
by content
• Encrypted backups are not supported for full-text search
• Index process not affect backup performance (different software component). First full backup
might take time
• 10-30% storage occupied by indexing (see “Backup storage > Cloud application backups” and
view the index size”

#CyberFit Academy
Recover Gmail Mailboxes
i
Selecting Mailboxes

1. Click “G Suite” (if multiple organizations added, select organization whose user’s data want to
back up)
2. Expand “Users” node, select “All users”. Select user mailbox want to recover and click “Recovery”
3. User deleted, select in Cloud applications backups section, click show backups (wildcards not
supported)
4. Select recovery point (can filter for recovery points containing mailboxes: select “Gmail” in Filter by
content”
5. Click “Recovery > Entire Mailbox (multiple organizations, specify target organization
6. View, change or specify target mailbox in “Recover to mailbox”
7. Click “Start recovery” (choose “Overwrite existing items” or “Do not overwrite existing items”
8. Click “Proceed

#CyberFit Academy
Recover Gmail Mailbox Items
I
Selecting Mailboxes
1. Click “G Suite” (if multiple organizations added, select organization whose user’s data want to back up)
2. Expand “Users” node, select “All users”. Select user mailbox want to recover and click “Recovery”
3. User deleted, select in Cloud applications backups section, click show backups (wildcards not
supported)
4. Select recovery point (can filter for recovery points containing mailboxes: select “Gmail” in Filter by
content”
5. Click “Recover > Email messages
6. Browse folder and different search options become available (wildcard not supported)
7. Select items to recover: selecting folder click on “recover folders” icon (can click “show content” to
view contents).
8. Click “Recover” (if multiple organizations, specify target organization”)
9. View, change or specify target mailbox in “Recover to mailbox”
10. View, charge target folder in “Path”
11. Click “Start recovery”: options (“Overwrite existing items” or “ Do not overwrite existing items”
12. Click “Proceed”

#CyberFit Academy
Backup GDrive
i
What can be backed up

• Entire Google Drive, individual files and folders (can choose to back up files share
with Google Drive user)
• Backup up with sharing permissions
i
What is skipped during a backup

• Shared file if user has commenter or viewer access to file (and file owner disabled options to download,
print, and copy for commenters and viewers)
• The “Computers” folder (created by backup and sync client)
• Some limitations
• Out of Google-specific file formats: Only Google docs, Google sheets, Google slides and Google
Drawings are backed up

#CyberFit Academy
Selecting GDrive Files
i
What can be recovered
• Entire Google Drive or any file/folder backed up
• Can use search to locate items in backup (unless encrypted)
• Choice to recover sharing permissions or let files inherit permission from a folder
which recovered
i
Limitations

• Comments in files not recovered

• Sharing links for files/folders no recovered
• During recovery the read-only “Owner stings” for shared files cannot be changed
• Ownership of shared folder cannot be changed during recovery (if “Prevent editors from changing
access and adding new people” option enabled for folder.
• Prevents Goggle Drive API form listing folder permissions: ownership of files in folder then recovered
correctly.
#CyberFit Academy
Recover GDrive
i Click “G Suite” (if multiple organizations added, select organization whose
user’s data want to back up)

• Two options
• Backup files all users: expand “Users” node, select “All users” and click “Group backup”
• Backup files of individuals: expand “Users” node, select “All users”, select users, click “Backup”

• Protection panel
• Select “Google Drive” in “What to backup”
• “Items to back up” several options (All, specify files/folders by adding names or paths). Can you
wildcard characters. Browse files/folders (only available when creating plan for single user)
• Can click “Show exclusions” to specify files/folder to skip during backup. If exclusion and file
selection same file: file will be skipped.
• Can enable “include shared files” to backup files shared with selected users
• Notarization switch to notarize all files selected for backup

#CyberFit Academy
Recover GDrive
I
Entire Google Drive
1. Click “G Suite” (if multiple organizations added, select organization whose user’s data want to back up)
2. Expand “Users” node, select “All users”, select user drive to recover, click “Recovery”
3. User deleted, select Cloud application backups and click “Show backups” Wildcards not supported
4. Select recovery points (recover points with Drive files, select Google Drive in “filter by content”
5. Click “Recover > Entire Drive
6. Again specify organization if multiple organizations were added
7. View, change, or specify target user (or target shared drive) in “Recover to drive”
8. Select to recover sharing permissions for files if desired
9. Click “Start recovery” (select “Overwrite existing files, Overwrite existing file if older, or Do Not overwrite
existing files”)
10. Click “Proceed”

#CyberFit Academy
Recover GDrive Files
I
Entire Google Drive
1. Click “G Suite” (if multiple organizations added, select organization whose user’s data want to back up)
2. Expand “Users” node, select “All users”, select user drive to recover, click “Recovery”
3. User deleted, select Cloud application backups and click “Show backups” Wildcards not supported
4. Select recovery points (recover points with Drive files, select Google Drive in “filter by content”
5. Click “Recover > Filers/folders (browse to folder or search to get list: encrypted backup not available
for search)
6. Not encrypted: click “show versions” to recover file version to recover
7. Can download file (select file and click “Download” and select location to save file and click “Save”
8. Click “Recover” (again specify organization if multiple organizations were added)
9. View, change, or specify target user (or target shared drive) in “Recover to drive”
10. View, change target folder in “Patch”
11. Select to recover sharing permissions for files if desired
12. Click “Start recovery” (select “Overwrite existing files, Overwrite existing file if older, or Do Not overwrite
existing files”)
13. Click “Proceed

#CyberFit Academy
 Appendix “B”
OVF Template and VMWare
Proxy Setting Up Information

#CyberFit Academy
Install VMware Agent from OVF Template
I • Configure appliance
• Display inventory in vSphere Client: right click appliance name and select Power > Power On
• Select “console” tab

• Proxy server enabled?

• Start command shell (CTRL+SHIFT+F2 while in virtual appliance interface)
• Open /etc/Acronis/Global.config in a text editor
• If proxy settings specific during agent installing find the following

• If not then copy/paste into file between <registry name=“Global”> and ,/registry> tags

#CyberFit Academy
Install VMware Agent from OVF Template
I
• Replace “ADDRESS” with new proxy server host
name/IP address, and PORT (decimal value for port
number)
• Require authentication? Replace LOGIN and
PASSWORD with credentials (otherwise delete lines)
• Save file

#CyberFit Academy
Install VMware Agent from OVF Template
I
1. Open %programdata%\Acronis\Agent\etc\aakore.yaml in text editor
2. Located env section (or create adding lines in photo):
3. Replace proxy_login and proxy_password with credentials
4. Proxy_address:port with address and port number for proxy server
5. Start menu: click Ran, type cmd and click ok
6. Restart aakore
• Net stop aakore
• Net start aakore

7. Restart agent
• Net stop mms
• Net start mms

8. No proxy server then of course do not do these steps

#CyberFit Academy