run on client to backup server (concept against Looky ?)
having Acronis Backup Advanced 11.5 for Windows Server. Want to know if such scenario as discribed below is possible from Acronis side. It is an idear to prevent potential Looky virus (or similar) to access the backup files for encryption.
Preparing a physical client with Windows 10 pro 64 bit. NOT joined to the domain. NO user account from local computer matches to domain accounts. Install Acronis Backup Advanced 11.5 for Windows Server on that client. Connect to network (only IP, NOT joining the domain). Map all drives of Server as network share on the client with a domain account having all rights on the server.
Then running the backup tasks to backup all server drives to local drives in the client.
Target: having a one way access from client to server but NOT from server to client. So if Looky would be on the server it could not encrypt the backups.
Interested to hear your opinions
If I understand correctly you plan to backup network drives to a local drive?
I wouldn't recommend this because you won't be able to snapshot a mounted network drive correctly.
It would make a lot more sense to install the agent on the server you want to protect, install an "Acronis Storage Node" on the end-point where you want to keep the backups and then backup the local server drives to a remote location.
This will result in the same thing -- server backups will be isolated from the server so they won't be encrypted -- but the process will be much more efficient and reliable.
thank you for the hint to storage nodes. Actually all is done on the SBS 2011 Server, backups are first done on additional local drives and copied to a second location which is periodically exchanged with hardware from different location. All is in the domain and allways online. So if such encription virus would occour he could reach everything. So happend to two of my clients, even their backup files where encrypted.
I read the help about storage nodes. If I understand it correctly mainly is that the service for this runs on a second machine, but is able to use the original machine capabilities as snapshot. From chapter user rights for storage node I learned typically both machines are in the domain, and (at least some) windows users are valid on both. As I learned a virus finds a way to access administrtive rights. If I am right: What would prevent a virus to do something with the files on the storage node server? What I am looking for is a way to make the (second) store not beeing accessible from the original machine.
So modified Idear would be:
Backup is done as now, with this exception: Copying to the second store is done from the independent machine (one way access only). Snapshot and shadow copy do not matter for this, second machine could be a low energy machine, may be even a none windows system.
Did I understand "storage node" correctly?
Pretty much, yes.
The Storage Node has its own communication protocol over port 9876 and can work even through WAN links.
I'm not sure how the virus access remote machines, but this would have to be something like RDP, open shares or some other protocol that you can turn off on the Storage Node server.
Theoretically, the virus could connect through our own custom protocol as well, but this would be very unlikely as this is our own proprietary protocol.