Last updated:
January 19th @ 85K downloads (multiple downloads from the same account within one week are deduplicated)
-
- Chief Product Officer
- Posts: 31523
- Liked: 7041 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
-
- Chief Product Officer
- Posts: 31523
- Liked: 7041 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Tips & Tricks
Script for automatic backup server hardening
Are you overwhelmed with the number of security hardening recommendations the new 12.1 Security & Compliance Analyzer has flagged? Implement them all with just a few key presses using the officially supported script! Please refer to the KB4525 for more information and to download the latest version of the script.
Exclude extensions from malware detection
Following your upgrade to 12.1, you may get a number of alarms about existing files with known malware extensions. Investigate the reported files, and if they appear to belong to legitimate line of business apps then just exclude these extensions from suspicious file system activity monitoring. This will tune our malware engine to the unique workloads of your business and have it guard your environment from over a thousand of OTHER ransomware strains without producing false positives alerts. While the attacks by malware strains using the excluded extensions will no longer be detected on the basis of file system activity, ransomware encryption activity can still be detected for such files by the inline entropy analysis.
Backup encryption hardening
Consider implications of encryption algorithm hardening on your recovery processes and test them. In particular, encrypted backups created by V12.1 cannot be decrypted by earlier product versions. For more information on updates made to the encryption algorithm, please refer to the What's New in 12.1 document.
Are you overwhelmed with the number of security hardening recommendations the new 12.1 Security & Compliance Analyzer has flagged? Implement them all with just a few key presses using the officially supported script! Please refer to the KB4525 for more information and to download the latest version of the script.
Exclude extensions from malware detection
Following your upgrade to 12.1, you may get a number of alarms about existing files with known malware extensions. Investigate the reported files, and if they appear to belong to legitimate line of business apps then just exclude these extensions from suspicious file system activity monitoring. This will tune our malware engine to the unique workloads of your business and have it guard your environment from over a thousand of OTHER ransomware strains without producing false positives alerts. While the attacks by malware strains using the excluded extensions will no longer be detected on the basis of file system activity, ransomware encryption activity can still be detected for such files by the inline entropy analysis.
Backup encryption hardening
Consider implications of encryption algorithm hardening on your recovery processes and test them. In particular, encrypted backups created by V12.1 cannot be decrypted by earlier product versions. For more information on updates made to the encryption algorithm, please refer to the What's New in 12.1 document.
-
- Chief Product Officer
- Posts: 31523
- Liked: 7041 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Known Issues
The following is the list of top V12.1 issues either resulting in a significant number of repeating support cases.
#1: Invalid length parameter passed to the RIGHT function [FORUM TOPIC]
Scope: Backup servers with unexpected configuration database entries
Symptoms: Upgrade to 12.1 fails with the "Invalid length parameter passed to the RIGHT function. The statement has been terminated. Guests hosts fingerprints have been updated to SHA256." error.
Cause: Unexpected null values for the current Linux host fingerprints in the Backup.Model.HostSshFingerprint table.
Status: Fixed in the ISO version 20231206 or later.
#2: Restoring a Cloud Director VM to a non-original location overwrites the original VM [FORUM TOPIC]
Scope: Full VM restores through Cloud Director self-service portalю
Symptoms: Performing an "Entire VM Restore" with the option "Restore to a new location, or with different settings" performs a restore over the original VM despite a new name and vApp is selected by user.
Cause: The custom specification is not passed correctly into the restore task.
Status: Fixed in build 12.1.1.56 > KB4510
#3: Transaction log backup jobs prevent SureBackup jobs from starting [FORUM TOPIC]
Scope: Image-level backup jobs configured to perform transaction log backups for one or more included machines.
Symptoms: SureBackup jobs cannot start due to active primary backup job.
Cause: Regression in SureBackup job pre-flight checks.
Status: Fixed in build 12.1.1.56 > KB4510
#4: High CPU usage by CatalogDataService [FORUM TOPIC]
Scope: Rare condition that depends on a number of parameters, more likely to happen in larger environments.
Symptoms: CatalogDataService consumes all the CPU cycles it can get.
Cause: Resource scheduling bug in the index scan engine of the malware detection functionality.
Status: Fixed in build 12.1.1.56 > KB4510
#5: IBM storage snapshots integration [FORUM TOPIC]
Scope: Backup jobs processing VMs from two or more datastores backed by IBM SVC or derivative storage with FlashCopy snaphots enabled.
Cause: Regression in storage connections cache.
Status: Fixed in build 12.1.1.56 > KB4510
#6: Some File to Tape jobs backup nothing after the upgrade. [FORUM TOPIC]
Scope: Existing File to Tape jobs with a Windows or SMB folder as source + no inclusion or exclusion filters on a folder.
Symptoms: Existing File to Tape jobs backup nothing after the upgrade.
Cause: Regression due to adding advanced inclusion and exclusion filtering functionality. For newly created jobs, every object has an associated filter (. by default if a user does not assign a filter).
Status: Fixed in build 12.1.1.56 > KB4510
#1: Invalid length parameter passed to the RIGHT function [FORUM TOPIC]
Scope: Backup servers with unexpected configuration database entries
Symptoms: Upgrade to 12.1 fails with the "Invalid length parameter passed to the RIGHT function. The statement has been terminated. Guests hosts fingerprints have been updated to SHA256." error.
Cause: Unexpected null values for the current Linux host fingerprints in the Backup.Model.HostSshFingerprint table.
Status: Fixed in the ISO version 20231206 or later.
#2: Restoring a Cloud Director VM to a non-original location overwrites the original VM [FORUM TOPIC]
Scope: Full VM restores through Cloud Director self-service portalю
Symptoms: Performing an "Entire VM Restore" with the option "Restore to a new location, or with different settings" performs a restore over the original VM despite a new name and vApp is selected by user.
Cause: The custom specification is not passed correctly into the restore task.
Status: Fixed in build 12.1.1.56 > KB4510
#3: Transaction log backup jobs prevent SureBackup jobs from starting [FORUM TOPIC]
Scope: Image-level backup jobs configured to perform transaction log backups for one or more included machines.
Symptoms: SureBackup jobs cannot start due to active primary backup job.
Cause: Regression in SureBackup job pre-flight checks.
Status: Fixed in build 12.1.1.56 > KB4510
#4: High CPU usage by CatalogDataService [FORUM TOPIC]
Scope: Rare condition that depends on a number of parameters, more likely to happen in larger environments.
Symptoms: CatalogDataService consumes all the CPU cycles it can get.
Cause: Resource scheduling bug in the index scan engine of the malware detection functionality.
Status: Fixed in build 12.1.1.56 > KB4510
#5: IBM storage snapshots integration [FORUM TOPIC]
Scope: Backup jobs processing VMs from two or more datastores backed by IBM SVC or derivative storage with FlashCopy snaphots enabled.
Cause: Regression in storage connections cache.
Status: Fixed in build 12.1.1.56 > KB4510
#6: Some File to Tape jobs backup nothing after the upgrade. [FORUM TOPIC]
Scope: Existing File to Tape jobs with a Windows or SMB folder as source + no inclusion or exclusion filters on a folder.
Symptoms: Existing File to Tape jobs backup nothing after the upgrade.
Cause: Regression due to adding advanced inclusion and exclusion filtering functionality. For newly created jobs, every object has an associated filter (. by default if a user does not assign a filter).
Status: Fixed in build 12.1.1.56 > KB4510
Who is online
Users browsing this forum: eblack and 163 guests