Urbackup server & client in the same exploitation system

Hello Every one,

I have a small company with 1 computer (laptop win10pro 64b).
Later I will have 1 or 2 computer more with windows 11 pro 64b.
First is it possible to install Urbackup Client & server on the same machine (same disque C:) ?
Many thanks for your help and best wishes.
Phil

Yes. That’s precisely how I installed my initial client-server instance. Then I proceded to put clients on other machines that shared the same LAN.

It was a cinch getting the first machine set up. The second was a nightmare, not because of UrBackup itself, but because the wireless access point that controls my LAN would not allow the typical automatic detection of the new client by the server, which normally happens in seconds. I still have no idea why that was. My workaround was to connect those two machines, temporarily, to another wireless access point that I have that has no internet connection anymore, but allows me to create an “internet-less” LAN. They recognized each other in mere moments, then I switched both back to my usual wireless access point/LAN and they continued to know about one another. I have been told that this is a very unusual circumstance, and I am using a T-Mobile Wireless Access Point as my main LAN with internet connectivity at this time. Everyone else I know who had/has a server on one machine and a client or clients on other machines in the same LAN had the two recognize each other almost immediately.

Hello Brian,

Thank you very much.

I will try URbackup ! seems good.

And before running the backup should I desactivate the bitlocker on my disk C: I hope not because is a long time process :blush:

Best wishies

Phil

You do not have to disable BitLocker in order to use UrBackup.

That being said, given my personal experiences (and observations from other repair techs - and I am one) I would seriously consider disabling BitLocker and kicking it off before going to bed or to work for the day and just letting the decryption take place when you’re not waiting on it to finish.

The amount of heartache I’ve seen when it comes to data recovery, if needed, from drives where BitLocker is active is just huge.

If you don’t want to turn off BitLocker, then, for heaven’s sake have your key recorded somewhere like your password manager as well as verifying that it is associated with the Microsoft Account that was used when setting up the machine on which it’s active. If you do not have your BitLocker key, and you need it, you will get absolutely, positively nothing back from recovery.

Thank you !

I will desactivate bitlocker process the backup and reactivate bitlocker.

Yes that will take time but isn’t for a daily backup …

How do the people who need a daily or weekly backup?

They should use an other backup software than Urbackup?

-------- Message d’origine --------

Just to be clear, I am not proposing that you deactivate BitLocker if your intent is just to reactivate it again. That makes no sense and is unnecessary for using UrBackup.

I simply despise BitLocker (and device encryption in general) except in instances where there are clearly things that need to be encrypted, and those are typically easy to identify.

Device encryption causes absolute nightmares if/when the time comes where data recovery from a failed device is needed, and in certain other instances as well.

Think carefully about whether you believe that all content on your computer needs to be encrypted or not. If you truly believe it does, then use BitLocker on the entire drive. If you don’t, then disable BitLocker at the drive level and, if necessary, create an encrypted folder or selectively encrypt certain files.

You should not be turning drive level encryption on and off like a light switch, ever. Assess your situation and decide whether it’s something you need or not. For myself, on my computer, it’s a hard “no.”

If you do not have your BitLocker key, and you need it, you will get absolutely, positively nothing back from recovery.

Just to be clear - if you loose both your BitLocker key or password and recovery key then it is exactly the situation when you want to restore your files from a backup solution like UrBackup. It will work just fine, UrBackup doesn’t know or care about Bitlocker in case of doing and restoring file backups, they are on different layers.

@Fidu I don’t know where and on what data you company operates, but you might as well be REQUIRED to have a hard drive encryption turned ON.

EDIT:
@britechguy I’ve just realized you are probably talking about a situation where your client and server are on the same encrypted drive - that would be a disaster, never do that unless you replicate your backup destination to other media.

I wasn’t, per se. I already stated that UrBackup itself is utterly agnostic with regard to whether BitLocker is active or not. My concerns arise from what I’ve witnessed in the field with regard to lost keys, somehow nothing in the MS Account, and where data recovery is wanted or needed. I realize that we here are all backing things up to avoid just that sort of circumstance, but it needs to be mentioned.

With regard to the client and server being on the same encrypted drive, that makes no difference, either. What’s critical is that the backup repository used by the server is not on that same drive. I’ll admit that it was my presumption that anyone here knows that you never store your backups on the same physical media as what’s being backed up, even if that media/drive is partitioned into several logical drives. Backups are ALWAYS stored on physical media that is separate from whatever it is that’s being backed up. If you don’t do that, then it’s really not a backup in any meaningful sense, as if the physical media “goes up in smoke” everythign that’s on it is gone (or at least would require data recovery to attempt to retrieve, which may not work, and is what one is trying to avoid by having backups in the first place).

Me too, but it was the only way I was able make sense out of your sentence I’ve quoted earlier. If you lock yourself out of your encrypted data then you recover your data from a backup, I just don’t understand what you mean by saying “you get nothing back from recovery”. To me it sounds like saying you won’t recover your data from UrBackup which is obviously wrong. But then I’m not a native English speaker so probably I’ve missed something:)

@Michal

What I’m saying is this: If you have an encrypted drive (whether just sitting there or re-created via a UrBackup Recovery) if you are somehow not in possession of the encryption key, you’ve got nothing you can use.

An encrypted device without the key needed to decrypt it is useless. I’ve seen people lose their keys more than once, so I suggest that unless you have data of such sensitivity that an entire drive must be encrypted, that you don’t encrypt it. Selective encryption based on need for files/folders requires people to think about why and when they’re choosing to do that. Many believe, incorrectly, that drive level encryption is a way to avoid having to make those determinations. It carries many issues of its own which are, in my opinion, worse than having a drive unencrypted.

This is such a bad advice from a security standpoint. People are simply not able to get things right. Even if they did, they would need to constantly reevaluate these rules.
Let’s say you know that only one file needs to be encrypted. How on earth are you able to know which other programs or system services are going to index or cache this file? And what is the location of these indexes or cache? Is your editor making a temporary copy? Where? If not, is the next version of it going to implement such feature? There is so many ways it can and does go wrong. And we’re not even touching on system security and integrity - if you have data you are required to encrypt then full drive encryption is the only sane way to do it.

We’re simply going to have to agree to disagree. When you’ve seen as many instances of I have (and we’re talking the residential and micro-business markets here) where people have lost a lifetime of data because:

  1. They didn’t have a backup. (Yes, they should, but should doesn’t matter).
  2. Something goes wrong with their drive.
  3. The BitLocker key is required for recovery, and isn’t available.

you don’t support encryption of the full system by default. And the fact is, even in businesses, most data just doesn’t need it.

I’d far rather have unencrypted drives with other reasonable security measures in place to prevent intrusion.

Since this has nothing to do with the original question, though, this is where I’ll stop on this topic.

Oh dear, this is why GDPR is such a blessing on my side of the globe.

Since this has nothing to do with the original question

Well it very much does so since you just talked him out of Bitlocker.

But you are right that the best we can do is agree to disagree :+1:

Many thank for this master opinion sharing.

Very appreciated and very useful to consolidate a strategy or a point of view.

Most of time we should protect or data (private) against the physical loss (laptop staying in the restaurant and when we realized is too late, someone take it…) in this case the photos etc. Should be encrypted but finally the exploitation system not really…

And is the same for the customer data for a micro or small company.

Now to answer of one of your question about the target of the backup when is installed on the same lecter C: urbackup client + server:

Yes the target is always on a different and separate HDD.

Sorry ifvI wasn’t clear about this basic.

-------- Message d’origine --------

@Fidu also keep in mind that your setup will most probably fail in case of a ransomware attack i.e. you will loose both your original data and backup copy.

Normally not the backup because that is on a separate hard disk physically from the laptop.

Isn’t it ?

Also I just want to add a small thing about the digital nomade workers for them best is to activate bitlock on the C:

Even for private data…

But isn’t the initially purpose, I know

-------- Message d’origine --------

@Fidu I haven’t seen malware which discriminates drive D, E etc doesn’t matter if it’s internal, external and so on. It will encrypt everything it can access.

Naturally you could physically disconnect that second disk after each job, but it’s not how UrBackup normally works.

Yes perfect.

Thanks!

-------- Message d’origine --------

The issue with ransomware is an ugly one, that’s for sure. With UrBackup, if used as I’d expect it would typically be, if the server machine gets hit with ransomware it’s virtually certain that the backup drive (which I expect will be attached and active, with a drive letter assigned by Windows) is almost certain to get hit.

If it were a client machine that is a different machine from the server, then you’d be OK.

For setups like UrBackup where you pretty much want a server consistently “at the ready” and clients able to call on it (or vice versa) at any time, this is a risk you pretty much must take.

If you were using other software just to take things like a file backup or system image backup at some interval entirely of your own choosing, then you can and should never have your backup media connected except to take a backup or restore from one. This is what I’ve been telling my residential and very small business clients (and they’re not using UrBackup) for a very long time now. You need to have a backup protocol in place and you are responsible for setting the interval where you connect, run backup, and disconnect by hand. For those who don’t trust themselves to be able to follow-through on that then I recommend setting up automatic backup with their backup software and accepting the risk of a ransomware attack. Ransomware doesn’t “sneak on” to a computer, the end user needs to take a number of steps to invite it in. The risks associated with being without a backup are much higher than the risk of a ransomware attack.

Yes agreed.

I will make different configuration and stay active bitlocker for my case.

Thank for all and very efficient community with Urbackup

-------- Message d’origine --------