Flexshare is a flexible and secure collaboration utility which integrates four of the most common methods of accessing files or content:

• Web (HTTP/HTTPS)
• FTP (FTP/FTPS)
• File Shares (Samba)
• E-mail (SMTP/MIME/SMIME)

It is an extremely powerful and versatile tool that has many uses. The example below (a hypothetical engineering consulting firm Eng-123 and its client OEM-XYZ) describes a Flexshare and a typical working environment.

A Flexshare might be defined on a server owned by Eng-123 after successfully bidding on an engineering project for OEM-XYZ. CAD files (engineering drawings) associated with the project's design are centrally located on the server and should be accessed only by the users included in Eng-123's engineering group. The file-sharing (Samba) Flexshare definition is used to allow restricted access to this directory from the Local Area Network (LAN) or over Virtual Private Network (VPN) tunnels in the event engineers work remotely.

By adding Flexshare's FTPS (secure FTP) access and configured to require a username/password for read-only permission, the project manager of OEM-XYZ can have access to the drawings at any time from anywhere on the Internet. The increase in productivity by allowing real-time access to the CAD drawings keeps the project on track and negates having to e-mail CAD files which are often large and not ideal for e-mail transfers.

In the event Eng-123 and OEM-XYZ want to track schedule 'snapshots' of an OpenOffice Calc document or notes on the design phase in PDF format, Eng-123's administrator configures Flexshare's email upload access. Both companies can now send signed/encrypted emails to a single email address where the attachment (a .ods or .pdf file extension in this case) is automatically stripped from the email and stored on the server. These same files can then be accessed by web, FTP or file share and provides the added benefit of having a historical view of the entire project.

Nearing the completion of the project, OEM-XYZ's sales/marketing team make a request to have an assortment of images created from the CAD software's rendering engine from 3D wire-frame. Flexshare's web access, set-up with unrestricted access, gives the sales team the images they need to begin pre-selling - with just a browser and a URL provided.

The above illustrates just one possible use of Flexshares. Much simpler Flexshare's can be created for every-day tasks common to any small business such as hosting and updating a website, creating user-restricted file shares or using e-mail as a simple file transfer utility.

If you did not select this module to be included during the installation process, you must first install the module.

You will also need to install one or more of the following modules to enable functionality for the following services:

• Web access - cc-httpd
• FTP access - cc-proftpd
• File access - cc-smbd
• E-mail upload - cc-postfix, cc-cyrus

Once the system user has been updated with the password provided, you will be presented with the Flexshare Overview.

The first table lists the shares you have currently defined, allowing you to quickly view which access methods are enabled in addition to overall Flexshare status (either enabled or disabled). You can Edit, Delete and Toggle the status of each Flexshare using the Action links in the right hand column. Of course, if no Flexshares are defined, the Action links will not be visible.

The second table allows you to define (create) a new Flexshare. See Creating a New Flexshare below.

To define a new Flexshare, fill out the Name and Description fields and select a Unix group to represent the share owner in the Add a new Flexshare form. A Flexshare template will be created (with no access and disabled by default). The Editing a Flexshare form will be displayed, allowing you to customize the share options and enable access options.

You can make edits/changes to any defined Flexshare at any time. A newly created Flexshare will have no access points enabled, so you will want to configure at least one service (Web, FTP, Filesharing or E-mail) to take advantage of the share you have created.

To begin editing a Flexshare, you'll need to select which access point you want to modify.

Select the appropriate tab and use the help sections below to guide you through each type of access point and the options that are available.

Configuring Flexshare's Web access enables anyone (or authorized users only) to use a web-browser to navigate to a website in order to view content, interact with a dynamic web page (for example - a PHP or CGI enabled online store) or download files from an index listing.

The rest of this section will describe the different settings that will modify the behaviour of a Web accessible Flexshare.

Indicates the current status of the Web Access for a Flexshare. Note, even though the Web Access point is enabled, the overall Flexshare must also be Enabled in order to work.

Use the Enabled/Disabled link at the bottom of the form to toggle the status..

A timestamp indicating the last time a change was made to the Web Flexshare configuration.

The server name (domain name) that will be used to access this Flexshare. If the default ports are being used (ie. 80 for HTTP or 443 for HTTPS), this parameter is locked to the Server Name field defined in the Web Server configuration. If custom ports are used, you can set this parameter to take advantage of Apache's Virtual Host capability.

This field (actually a hyperlink for convenience) indicates the URL which will be used to access the share.

Accessibility allow you to restrict which interfaces incoming requests to the share are allowed from. Setting this field to LAN Only essentially makes your Flexshare accessible from your Intranet only.

If Show Index is set to Yes, browsers will display a listing of all files if there is no index page (ie. index.html, index.php etc.). This is normally only desirable if using the Flexshare as a file access service (similar to FTP). If you are running a website, this option should definately be set to No.

If Follow Symoblic Links is set to Yes, symbolic links leading to directories outside the document root will followed.

If Allow Server Side Includes is set to Yes, standard includes will be allowed. By default, execution of code on a SSI will not occur for security reasons. To override this behavior, please see the Flexshare API.

If Allow .htaccess Override is set to Yes, the presence of a file named .htaccess will permit users to change specific options inside the web directory. The default and recommended setting for this parameter is No, unless you have advanced knowledge of this Apache directive.

Determines the protocol to use - HTTP or HTTPS. If you have enabled authentication, you are advised to set this to Yes (use HTTPS) since users will be required to provide their username/passwords to authenticate to the server. Using HTTPS ensures this sensitive data is encrypted.

In some cases (for example, an ISP that blocks port 80), you may want to run the server on a non-standard port. In this case, set this field to Yes and supply a valid port for the service to bind to.

If set to Yes, upon first connecting to the server, a user (ie. web client) will be prompted with a login dialog pop-up where they will enter their username/password. Before gaining access to the Flexshare, the username/password will be confirmed as a valid account on the server. In addition, the user must belong to at least one group that has been given access to the share as defined in the Group Access field (see below).

Indicates to the person logging in what realm they are attempting to access. The only time the value of this field is displayed in during the authentication process. In the screenshot above, the text “Sales Team Secure Flexshare” is the Web Domain (Realm) entry.

Displays a list of all user-defined groups on the system (note, not system groups). A user requiring authentication must belong to at least one group that is enabled to access the Flexshare (checkbox in a checked state) in order to gain access to the share.

Enables the execution of PHP script on the server. Any file with a .php/php4/php5 extension will be parsed by the PHP engine rather than by Apache directly.

Similar to the PHP field above, but pertaining to CGI script. CGI script, however, is isolated to the /cgi-bin sub-directory (ie. http://beaker.lan/flexshare/sales/cgi-bin/store).

Configuring Flexshare's FTP access enables anonymous or authorized users only (or both) to use an FTP-client to connect via File Transfer Protocol in order to upload and/or download files to the server. The FTP protocol, while outdated, is still a prominent service today and is particularly useful for handling large files.

Indicates the current status of the FTP Access for a Flexshare. Note, even though the FTP Access point is enabled, the overall Flexshare must also be Enabled in order to work.

Use the Enabled/Disabled link at the bottom of the form to toggle the status.

A timestamp indicating the last time a change was made to the FTP Flexshare configuration.

The FTP URL (or domain name) used to access the service. This parameter is defaults to the Server Name field defined in the ProFTP Server configuration. If you are having difficulty accessing the Flexshare, see the troubleshooting section at the end of this section.

Determines the protocol to use - FTP or FTPS. If you have enabled authentication, you are advised to set this to Yes (use FTPS) since users will be required to provide their username/passwords to authenticate to the server. Using FTPS ensures this sensitive data is encrypted.

Flexshare FTP/FTPS uses port 2121/2120 and 2123/2122 as the default ports (see bubble below for an explanation). You can override these standard ports by setting this parameter to Yes and entering the custom ports in the fields that will appear upon changing the override drop-down.

Allowing passive connections can improve the experience/usability of FTP access to clients accessing the service outside the local network. However, care must be taken to open or forward appropriate ports to your network for the port range you designate for passive exchange. For more information on Active vs. Passive connections, see the links section below.

If set to Yes, non-anonymous authentication is required. Before gaining access to the FTP Flexshare, the username/password will be confirmed as a valid account on the server. In addition, the user must belong to the group that owns the share.

A greeting that is displayed once when a user authenticates and has access to the FTP Flexshare.

Deprecated in 4.2 and above

Displays a list of all user-defined groups on the system (note, not system groups). A user requiring authentication must belong to at least one group that is enabled to access the Flexshare (checkbox in a checked state) in order to gain access to the share.

Deprecated in 4.2 and above Files uploaded via FTP to the server require to constraints:

• Ownership (user and group)
• Permissions (user, group and world)

For authenticated connections, the first constraint is satisfied by using the username of the user logged in and the default system group Flexshare. This allows tracking who originally uploaded the folder, yet the generic Flexshare allows anyone who has access to the share to be able to read (and possibly overwrite) the file.

The second constraint is dealt with by setting FTP's UMASK directive. This setting is handled by the Group Upload Attributes parameter.

Deprecated in 4.2 and above Allows you to set FTP's UMASK directive, which sets the file permissions on upload. This field consists of three drop-down boxes, each with the same permissions options.

• List 1 - User permissions
• List 2 - Group permissions
• List 3 - World permissions

The options contained in each drop-down box contain three characters. The characters are defined as:

• Hyphen - No permissions
• r - Read
• w - Write
• x - Execute

Allows anonymous FTP access. Users only have to provide the username anonymous and (usually) their e-mail address to gain access to the share. Use anonymous when you are not providing access to restricted files and you do not want/need to create individual accounts on your server to authenticate against.

Same as Group Greeting except applied to the anonymous login.

Same as Group Permissions except applied to the anonymous login.

Deprecated in 4.2 and above

Same as Group Upload Attributes except applied to the anonymous login.

Configuring Flexshare's File access (SAMBA) enables public or authorized users only (or both) to connect via file sharing in order to move files from desktop to the server and vice-versa.

Indicates the current status of the File Access for a Flexshare. Note, even though the File Access point is enabled, the overall Flexshare must also be Enabled in order to work.

Use the Enabled/Disabled link at the bottom of the form to toggle the status..

A timestamp indicating the last time a change was made to the File Flexshare configuration.

Allows a comment or description of the fileshare to be displayed to other computer clients accessing the share.

Set Public Access field to Yes if you want to allow anyone on the Local Area Network (LAN) access to the Flexshare.

Deprecated in 4.2 and above Displays a list of all user-defined groups on the system (note, not system groups). A user requiring authentication must belong to at least one group that is enabled to access the Flexshare (checkbox in a checked state) in order to gain access to the share.

The Permissions field determines what type of access group members (or public if set) they have to files on the share.

If users have write permission to this Flexshare, setting this field will set all files copied to the server with the appropriate permissions. See Group Upload Attributes for information on these settings.

Configuring Flexshare's E-mail access allows the uploading of files to the server. This is accomplished by simply attaching one or more files to the an e-mail and sending it to the corresponding Flexshare e-mail address. To place restrictions on who can upload files, mandatory digital signatures combined with group lists and a separate Access Control List (ACL) are imposed.

Indicates the current status of the E-Mail Access for a Flexshare. Note, even though the E-Mail Access point is enabled, the overall Flexshare must also be Enabled in order to work.

Use the Enabled/Disabled link at the bottom of the form to toggle the status..If disabled, all email sent to the Flexshare will automatically be deleted, regardless of the Save Attachments setting.

A timestamp indicating the last time a change was made to the E-mail Flexshare configuration.

The e-mail address that users will use to upload files to the Flexshare.

Possible options are:

• Root Directory - files will be saved to /var/flexshare/shares/FLEXSHARE_NAME
• Mail Sub-Directory - files will be saved to the /mail sub-directory off the root directory
• Specify in Subject Heading - A user can specify the path they would like the file(s)

uploaded to by using the format Dir = PATH in their subject, where PATH is the directory path to use

Allows you to control overwrites if a file already exists.

Setting this field to Require Confirmation keeps messages (and their attachments) in the queue. Any file attachments will only be saved when confirmed.

Set this field to Automatically poll at 5 minute intervals to have the server initiate a check for new messages and save the attachments automatically to the server. These files will then be immediately accessible by the other Flexshare access methods.

If the Save Attachments field is set to Require Confirmation, use the Notify on Receive (e-mail) field to enter a valid e-mail address to send an alert upon receiving new e-mails contains file attachments.

Set this to Yes to match an address to a system user or the ACL.

Deprecated in 4.2 and above Displays a list of all user-defined groups on the system (note, not system groups). A user sending an e-mail with attachment(s) to the Flexshare address must belong to at least one group that is enabled to access the Flexshare (checkbox in a checked state) in order for the file(s) to be saved. If it is determined the e-mail sender does not have access to upload files, the e-mail will be deleted.

Add e-mails to the E-mail ACL (Access Control List) to allow non-system accounts access to upload files to the server via e-mail.

Signing e-mail using digital signatures is the only way to verify e-mail is originating from the address it claims to be sent from. Enabling this feature will discard any e-mails and the associated attachments which are not signed.

Saved files to the server originating from e-mail attachments will use the permissions set in this field. See Group Upload Attributes for information on these settings.

Deleting a Flexshare that is currently defined can be done from the Overview page. Click on the Delete link next to the share you wish to delete. A form similar to the one shown below will be displayed requesting you to confirm your intention to delete the share. Checking the Delete all files and remove share directory will do exactly that - make sure you no longer need any files in the share directory and all sub-directories or have backups located elsewhere.

In some cases, it is desirable to host a Flexshare in a location other than the default path (/var/flexshare/shares/SHARENAME). For example, a mounted USB Mass Storage Device or an encrypted filesystem. In this case, edit the file /etc/flexshare.conf using an editor or a utility like SCP. The parameter key is named FlexshareDirCustom. The format of the value is name:path. For multiple entries, each definition is separated by the pipe (|) character. The following is a valid entry example:

FlexshareDirCustom=Iomega:/mnt/dmcrypt/Iomega|USB:/mnt/usb 

The above would provide two additional paths to the drop down list of any Flexshare…The first (Iomega) mounts an Iomega REV drive with an encrypted file-system to the path /mnt/dmcrypt/Iomega. The second is an example of a mounted USB drive at /mnt/usb.

Remember to open up appropriate ports on your firewall if your intention is to allow access from outside your network. Some common ports for Flexshare access services are listed below.

If you have enabled FTP access and require authentication and you find that users are being sent to their home directories instead of the defined Flexshare, the solution is quite simple - the cause quite complex.

The problem stems from the fact that ProFTP does not support virtual domains and is attempting to resolve the system hostname in order to determine which configuration to use. If you have an entry in your /etc/hosts file mapping your system hostname to your internal IP, users logging in from outside the network will experience the problem described above. To fix the problem, use Webconfig and navigate to “Network Hosts and DNS Server”. Remove the entry that maps your server hostname to the internal address (ie. 127.x.x.x or 192.168.x.x or 10.x.x.x). Once you have done this, goto the ProFTP configuration and stop and then restart the service.

Not all access methods have the same capabilities because of the protocol/design of individual services. The table below illustrates the capabilities of the four access services available to the Flexshares you have created.

• ProFTPd home page
• List of Directives
• FileZilla - An Open-Source FTP client for Windows

The default configuration for ClarkConnect system allows read-only anonymous FTP to the /var/ftp directory and full access to valid user accounts. Advanced configuration of the FTP server can be done in one of two ways:

• Creating and configuring a Flexshare (Version 4.0 and up only)
• Editing the /etc/proftpd.conf configuration file. See the links section below for details.

• ProFTPd home page
• List of Directives
• FileZilla - An Open-Source FTP client for Windows

Your ClarkConnect system provides file serving capabilities for a Windows network. Among other tasks, you can use the software for backup file storage, and sharing printers.

If you did not select this module to be included during the installation process, you must first install the module.

The basic configuration for the Windows/Samba file server is straightforward – at the very least, you will want to change the Name, Workgroup and Comment. If you are using Windows PCs, you will be able to see your ClarkConnect box through your Network Neighborhood.

The name of the system as it appears on Windows Networks.

The Windows Network workgroup. If you are configuring your system as the primary domain controller (PDC) then this is also the name of the domain.

The comment is a short description for the system.

If you plan on using VPN or have more than two local networks, we strongly recommend that you enable a WINS server on your network. If you already have a WINS server, you can enter the IP address of the server in the WINS Server field. Alternatively, the ClarkConnect system can be configured as a WINS server on your network. Enable the WINS Support option.

If you would like your ClarkConnect system to act as a primary domain controller (PDC), you can configure the settings.

Toggle this field to enable/disable PDC mode.

Select a user account for PDC administration. This account will be used to add computers systems to the domain.

Review the Samba documentation for configuring the Logon fields.

• The homes folder contains private user folders.
• The printers icon will appear if you configure a shared printer.
• The shared folder is for public file sharing.
• The website folder contains the files for your web site.
• The ftpsite folder contains the files for your web site.

To add custom file shares, use the Flexshare tool.

For some installations, you may need to fine tune the Windows/Samba file sharing software. Please review the Samba documentation before changing these settings.

If you are using ClarkConnect as a PDC, this should be set to Domain, otherwise it should be set to User. If you want to disable user authentication, you can set this option to Share (not recommended).

If you do not have a Windows server running on your network, you may want the ClarkConnect system to act as the Domain Master (in other words, the “boss” of the Windows Network). You should also set the OS Level to 50 or higher.

In most cases, this should be set to Automatic.

See the Domain Master section.

Due to a feature in Microsoft networking, you may not see the ClarkConnect system in Network Neighborhood right away; sometimes it takes several minutes to appear. A quick way around this “feature” is to use the Find Computer tool and typing typing the IP address of the System.

Bacula is a network-based backup program. It allows an administrator to backup, recover and verify data on any number of systems on a local area network (and across VPN tunnels), on a variety of operating systems. Bacula supports various storage media devices, including file, tape, removable HDD.

If you did not select this module to be included during the installation process, you must first install the module.

ClarkConnect's implementation of the Bacula backup/restore software is customized to support a limited selection of hardware.

• The server's hard disk - obviously not recommended for server backup
• Iomega REV (35GB and 70GB) with the following interfaces:
• IDE/ATAPI
• USB
• SATA
• USB Mass Storage Device (USB drives, memory sticks etc.)
• Another workstation on the LAN
• DVD (beta)

Bacula's Webconfig overview provides links to actions and other reporting or configuration information that might be of interest. A status window displays the latest messages originating from the Bacula Director - the main daemon responsible for orchestrating backups and restores.

If you are a novice user and looking to use this module to simply make backups of the server to a supported storage media device, you can do everything you wish with the options listed in the Basic section.

As you become more familiar with the software you will quickly realize the full potential Bacula offers for complete network disaster recovery implementation. The advanced section provides links to some of the features that you will need in setting up new clients, creating new file sets, configuring schedules etc.

The Webconfig utility that provides the Graphical User Interface (GUI) is not the only method of interacting with the Bacula daemons. Bacula has its own, shell-based, console which advanced users will find extremely useful for situations where the GUI does not support a specific feature/function of Bacula.

This manual will describe the features and functionality of the Webconfig GUI that should provide the majority of users with the ability to backup, validate and restore files from any number of client machines on the local area network. For circumstances where it is necessary to access more advanced features, please refer to the Bacula console (or Webconfig's virtual console) and sections of the online Bacula manual.

This option will begin a wizard which will take the user through backing up the server to an appropriate device. Although a server backup can be done to the local hard disk, this option provides no disaster recovery and only provides a measure of safety against accidental deletion of files by the user/administration.

In addition to listing any removable devices like USB MSD or Iomega REV RRD's, an option to backup to a Windows desktop on the LAN is possible. Use this option to provide recovery in the event of a hard disk failure or loss of just the server. Similar to the file option, this does not protect against a disaster that the destruction or loss of both the server and client machine on the LAN (i.e. fire, theft etc.).

Kicks off a wizard that will take you through the backup of a client on the LAN.

Begin a wizard that will restore a full backup to the server provided you have the bootstrap file (BSR) and physical media containing the volume where the backup was stored to.

To restore a client on the LAN that has been backed up to the server, use the WX-Console (for Windows) or B-Console (for Linux/Unix) user interface to restore.

Used if you need to mount/unmount or eject removable media.

Use the auto hardware detection link to view possible physical media recognized by the Linux kernel that can be used as a storage medium.

Some devices like the Iomega REV drive will automatically be added and configured as a storage device. In this case, Update will be displayed under the Action column should an admin wish to make custom changes.

If a device needs user-intervention to configure the properties of the device properly, the device will be displayed in the list with Add under the Action column. Click on the Add link to add this medium and then configure it.

Enable the “Email on Edit” setting to automatically e-mail a set of your current Bacula configuration files to the admin contact (see “Director Daemon Settings” section below).

The configuration files can be saved to the backup medium just as any other file. However, having these files to start with greatly simplifies the recovery process should the files be lost in a hard drive failure or other incident. Having the latest configuration files avoids a sort of 'chicken and the egg' scenario.

Use the “Email all files” link to send all current configuration files immediately. You should make sure the mailserver setting is set correctly in the section below prior to attempting to mail out a set of files.

The director is the main Bacula daemon that directs all operations. It acts as the 'go-between' between a client resource and the storage device.

The director's name. We recommend adhering to the Bacula's convention of using the system name appended with ”-dir”. This directive should not require changing after the intial set-up.

The director's address. This should be changed to a fully qualified domain name or IP address. It should not be left as the default setting 'localhost' as client machines will fail on backup.

Examples of an address or FQDN include:

• 192.168.1.1
• gateway.lan
• mydomain.com (preferred)

The port the director daemon listens on. By default, port 9101.

This is the director's password that is used to authenticate to a client or storage device.

This address receives notifications for required interactivity - for example, replacing a removal media drive or labeling a tape.

This address receives all notifications relating to the general 'health' of the system.

If you do not run an SMTP server on the machine you have installed the Bacula director on, you will need to specify the mail server address in this field (for example, your ISP's mailserver). If you are running an SMTP locally, leave the default setting, 'localhost'.

Bacula uses a MySql back-end to track and manage files and directories that are backed up or restored. This field will change the password used to access this database.

The file daemon is responsible for providing files to the director or receiving files from the director during a backup or recovery, respectively. The file daemon is platform-dependent and needs to be installed, configured and running on each client to be included in the backup/recovery process.

The file daemon's name. We recommend adhering to the Bacula's convention of using the system name appended with ”-fd”. This directive should not require changing after the initial set-up.

The port the file daemon listens on. By default, port 9102.

The storage daemon is responsible for providing files to the director or receiving files from the director during a recovery or backup, respectively.

The storage daemon's name. We recommend adhering to the Bacula's convention of using the system name appended with ”-sd”. This directive should not require changing after the intial set-up.

The port the file daemon listens on. By default, port 9103.

Click on the “Configure Clients” link from the main menu to display and access the edit/add links for clients. A client is simply another computer on your network that you wish to have 'backed-up' to your storage device.

The screenshot above shows one client (the default server) with a new client about to be created (MP3-Collection-fd).

Select a client nickname (ie. MP3-Collection-fd) and click on the “Add” link. You will be taken directly to the “Edit Client” form to complete the remaining information that is required.</p> The next section describes each of the fields of the client resource exposed via the GUI.

The client's name. We recommend adhering to the Bacula's convention of using the system name appended with ”-fd”. This directive should not require changing after the intial set-up.

The client's address. See the Director's Address for recommended entries.

The port the client file daemon listens on. By default, port 9102.

This is the client's password that the director daemon uses to authenticate.

Defines the length of time that Bacula will keep File records in the Catalog database. When this time period expires, and if AutoPrune is set to yes Bacula will prune (remove) File records that are older than the specified File Retention period. Note, this affects only records in the catalog database. It does not effect your archive backups.

Defines the length of time that Bacula will keep Job records in the Catalog database. When this time period expires, and if AutoPrune is set to yes Bacula will prune (remove) Job records that are older than the specified File Retention period.

If auto prune is set to “Yes” (default), Bacula will prune the files and jobs from the catalog according to the retention times (see above). If disabled, your catalog will continue to grow in size on each backup, since older data will not be removed (pruned). After you add a client, you will need to download the Bacula Client specific for the Operating System (OS) running on the machine. For example, if you are running Windows(TM) XP, you will need to go to SourceForge and install the Win32 for the appropriate version.Note: To determine the version installed on your system, use “rpm -qi cc-bacula”.

The backup/recovery module allows you to backup multiple client machines on the LAN, across VPN tunnels or over the Internet, although this latter method is highly discouraged as data traffic is not encrypted during backup/restore. The director daemon requires a file daemon to be installed and configured properly on each machine to be backed. The remainder of this section will go through the installation and configuration of a Windows XP, Linux (Mandrake) and Mac OSX install.

Before you begin to download and install the client software, you'll need to determine what version you need. If you are familiar with command line Linux, you can query the RPM using the ”-qi” options. An alternative and simple method is to get your local backup server running, and click on the “Current Status” link.

Once the page updates with the current status information, look to the second line to get the version information.Windows XP

Now that we know which version we are looking for (in the case of the above example, version 1.36.2), we need to find the appropriate client download. Bacula is an Open Source Software package developed and maintained on the SourceForge listing - http://sourceforge.net/index.php.

A simpler way of searching for the correct packages might be to go directly to the Bacula Home Page and look for the “Current Files” link. This link will take you to the exact location - Bacula on SourceForge.net.

Scroll down to the Windows section (Win32), ensure you are looking at your version list (1.36.2 in our example), and click on the “Download winbacula-1.36.2.exe” link to start the download.

Depending on where you have your browser set to save downloads, find the file and run the executable by double clicking on the icon. Confirm the first few steps of the install wizard and pause when you are asked to select an install location. You can choose to install in any directory you wish, however, for the purposes of this manual, we are going to assume you create a new directory so that the location appears as “C:\Program Files\Bacula”.

As you continue on through the installation, two configuration files will be displayed. You will need to edit them according to the information you provided during the setup of the director and client - specifically:

bacula-fd

Director {                                
 Name =  Director's Name         
 Password =  Client's Password  
}                                             

FileDaemon
 {
 Name = Client's Name
 FDport = 9102
 WorkingDirectory = "C:\\Program Files\\Bacula\\working"
 Pid Directory = "C:\\Program Files\\Bacula\\working"
}

Note: WorkingDirectory and Pid Directory may differ from above, depending on the “Destination Folder” selected during install (see above).

Messages {
 Name = Standard
 director =  Director's Address = all, !skipped
}                                                                 

bconsole

Director {
 Name =  Director's Name
 DIRport = 9101 (by default  Director's Port)
 address =  Director's Address
 Password =  Director's Password
}                                                                   

wx-console

Director {
 Name =  Director's Name
 DIRport = 9101 (by default  Director's Port)
 address =  Director's Address
 Password =  Director's Password
}                                                                 

Once you have determined the Bacula version installed on your ClarkConnect server (see above), you'll need to download the client packages for your Linux distribution.

In this example, we will be installing/configuring the client on Mandrake 10.1 Community Edition. You only need the bacula-client package…not the full install, since the director and storage daemons will be running on ClarkConnect.Having downloaded the RPM, install it on your system (as root).

rpm -ivh bacula- client1.36.1-3.i586.mdk101.rpm
Preparing... ########################################### [100%]       
1:bacula-client ########################################### [100%]

Bacula will install the relevant configuration files in the /etc/bacula directory. You will need to edit the same two files listed in the Windows configuration section above, namely:

• bacula-fd.conf
• bconsole.conf

To start the client daemon, type:

# /etc/rc.d/init.d/bacula-fd start  

TODO

Scheduling jobs allows backups to be performed automatically without human intervention, provided the storage device is available to be written to. You can create as many schedule definitions as you wish. Once created, the schedule is available to be associated with a job, which will then be run automatically at the specified time(s).

To add a schedule, enter a unique schedule name and click 'Add'. A schedule default template will be created and the edit schedule form will be displayed (see Editing a schedule).

Each schedule definition can have an unlimited number of 'events' associated with it. An event is a combination of a backup level (Full, Incremental or Differential), a schedule definition (Every Saturday, Monday through Friday etc.) and a time.

A fileset instructs the Bacula director what directories and files to backup and which ones to leave alone. Generally speaking, you will probably have at least one unique fileset for each client machine. However, a fileset can be used in any job, for any client backup. This module ships with two default filesets, which are protected.

• Catalog
• Config

The Catalog fileset can not be edited nor deleted and is responsible for creating a database image of the Bacula catalog and backing up the resultant file.

The Config fileset can be edited but can not be deleted. It is responsible for saving important configuration files for the software and services than run on your server. It is recommended that you keep the default file/directory entries and add to this list in the event you add a package with custom edits to a configuration file.

The fileset list in the screen capture above shows the two default entries in addition to three uniquely named additions, one of which, the user has protected against deletion (the “Home” fileset).

Choose a unique name for your fileset that describes the sort of directories/files are reflected. For example, you might name a fileset WinXP-MyDocs for any Windows XP machine on the LAN where you wish to backup the owner's “MyDocuments” contents. You will be taken directly to the “Edit Fileset” form to complete the remaining information that is required.

The “Database” checkbox defines whether a backup represents a set of files/directories (off) or the data contained within a database (on). MySQL and PostgreSQL are currently supported.

The next section describes how to edit a fileset in order to achieve the desired backup results.

Filesets structures are extraordinarily flexible in defining directories and files to be backed up, however, this diversity comes at a cost: complexity. In the current Webconfig User Interface, only a fraction of the power of fileset building is exposed. Greater functionality/features will be added in future releases.

The Bacula webconfig UI has two 'modes' to edit filesets - Regular and Database.

The regular fileset mode allows you to add include and exclude statements in order to define which files you wish to back up and those you do not wish to backup. Any number of include statements are allowed within a fileset definition, but only one exclude. Each include statement can have unique options that work together to describe the files you wish to have backed up. The table below describes the directives supported bia the User Interface (UI).

Compression Use software compression (GZIP). If you are backup up to a device that supports hardware compression, you are advised not to enable software compression.

Signature Compute and store an MD5 or SHA1 signature with each file. Users are strongly advised to use MD5 or SHA1.

IgnoreCase When set to “Ignore”, all regular expressions and wildcards will ignore differences based on upper and lower case.

Exclude When set to 'Include', all wild-cards and regular expression matches will include files and directories to be backed up. If the 'Exclude' option is set, matching files and directories will not be selected.

Wild A wild-card string to match files or directories.

Wildfile A wild-card string to match files only.

Wilddir A wild-card string to match directories only.

Regex A regular expression string to match files or directories.

Regexfile A regular expression string to match files only.

Regexdir A regular expression string to match directories only.

Database Fileset The ClarkConnect LAN backup and recovery module allows you to backup two of the most popular open-source database engines available:

• MySQL
• PostgreSQL

Backing up data stored in an SQL database must be done by 'dumping' the contents of the database to file first. Backing up the files directly would result in data corruption as the content is dynamically being updated.

This module simplifies database backup by providing a separate interface when the database is enabled. This flag can only be enabled during the creation of a fileset (see “Adding a Fileset” section above). A typical database backup configuration form is shown below.

The Fileset name.

See above.

See above.

The SQL engine. Currently, MySQL and PostgreSQL are supported.

The IP address or hostname where the server is located. A database does not have to be running on the localhost in order to be backed up.

The name of the database

A username that has rights to access this database. Leave blank if there is full access to any user.

The database password. Leave blank if no password is associated with the database.

The port the SQL service is listening on. The default ports for the two supported engines are listed below.

• MySQL - 3306
• PostgresSQL - 5432

Jobs are collections of other resources (ie. a client, a fileset, a storage device etc.) that work tie together to backup (or restore) your data. Jobs can be scheduled to run automatically, removing the need for human intervention (except if you have removable storage device media, of course).

By default, ClarkConnect contains two jobs pre-defined

• BackupCatalog - backs up an image of the Bacula MySQL database
• Restore - a restore template

The restore template is unique in that Bacula only uses a single restore job which is then modified at run-time for specific recovery operations. This uniqueness is described in more detail in the “Type” section below.

Choose a unique name for your job that describes the action. You will be taken directly to the “Edit Job” form to complete the remaining information that is required.

A typical job edit form looks like the screen capture below. The following directives are supported by the Webconfig UI for the Bacula module:

A unique name for the job.

The job type. Valid options are:

Backup

Normally, you will have at least one backup for each client machine you backup. You will also have the pre-installed backup for the MySQL catalog.

Restore

The restore type is restricted (via the Webconfig UI) to a single job definition. Since a restore template is pre-defined, this option will not be available if you add a job if the restore template still exists.

Verify

Verifies that the information stored in the database (which maps to the actual backup file(s) matches that which resides in the directories at the current time, and reports differences, as evident.

Admin Runs an administrative (normally database related) job. See the Bacula manual for more information.

The level. Valid options are:

Full Includes all files defined with the associated Fileset, regardless of whether or not they have changed.

Differential Includes all files since the last successful full backup. In practice this means that a full restore requires just the last Full and the last Differential backup.

Incremental Includes all files since the last successful backup (either Full or Incremental) . As a result, a full restore requires the last Full backup and all successive incrementals.

A valid client resource.

A valid file set resource.

A valid schedule resource.

A valid storage device resource.

A valid pool resource.

Permits prioritization of jobs to determine which jobs run first. The higher the integer, the lower the job priority.

Creates a bootstrap (BSR) file associated with the job, permitting restore without a catalog.

Send the BSR file to the value in the administration email. Useful in cases where the Bacula database is lost, damaged, corrupt, stolen or otherwise rendered useless, but the backup image exists on the storage daemon or removable media. Sending this file to a Gmail account or other web-based email service provides another option in the event of data loss.

Pools are collections of volumes where your data is stored. Many installs will use a single (Default) pool. Or, you may wish to create and specify a unique pool for each client or job.

Choose a unique name for your pool that describes the client or job. You will be taken directly to the “Edit Pool” form to complete the remaining information that is required.

The following directives are supported by the Webconfig UI for the Bacula module:

A unique name for the pool.

The pool type. Currently, only backup pools can be configured.

Specifies the default for recycling Purged Volumes. If a Volume is recycled, all previous data written to that Volume will be overwritten.

If AutoPrune is set to yes, Bacula will automatically apply the Volume Retention period (see below) when a new Volume is needed and no appendable Volumes exist in the Pool. Volume pruning causes expired Jobs (older than the Volume Retention period) to be deleted from the Catalog and permits possible recycling of the Volume.

Defines the length of time job records associated with the Volume will be kept. When this time period expires, and if AutoPrune is set to yes, Bacula will prune (remove) job records that are older than the specified Volume Retention period.

The directives determines whether any volume will be accepted by the Bacula director to write to during a backup. If it is no only the first writable volume in the Pool will be accepted for writing backup data.

If the Label Media directive in the storage resource is set to 'Yes', the label format directive must be set and will automatically label the media during a backup with the specified format. For example, a value of “File-”, the following volumes will be created:

• File-0001
• File-0002
• File-0003
• …

You can also use variable expansion. For example, all jobs running on Monday with “Weekly- ${WeekDay}” would result in:

• Weekly-Monday0001
• Weekly-Monday0002
• Weekly-Monday0003
• …

The Bacula Server/LAN backup and recovery module has two defined storage device resources in the configuration files on a default installation:

• File
• Iomega REV removable HDD

The “File” device represents the local hard drive of the server Bacula is installed on. This is an easy and efficient means to back up data located on machines on the Local Area Network. You can even backup the server with this configuration, however, it is highly recommended that this file image be synced to a desktop, or better still, burnt to CD/DVD or copied over the Internet (scp tool) to a system outside the LAN.

The Iomega REV drive is an ideal backup storage media device for small businesses. The REV is a hard disk drive offering greater storage capacity over CD-ROM and DVD formats. In addition, the drive medium is removable, allowing unlimited storage capacity by adding drive units and having the advantage of being able to move backup data off site in the event of disaster, theft or other event that would result in loss of the storage medium. It is also fast - over 8 times faster than a tape backup solution.

The backup and recovery module supports and has been tested using the ATAPI model Iomega REV drive. USB, Firewire, Serial ATA and SCSI can be used, however, manual configuration may be required through direct editing of the Bacula configuration files. If you have a choice, the ATAPI (IDE) model is your best bet. For information on acquiring REV hardware, see the Related Links section below.

The module supports the creation of multiple backup definitions so you are not limited the defaults above. Additional file resources can be specified, and these do not necessarily have to be on the LAN. A file resource could be specified that resides on another network. With the proper firewall rules and configuration, a satellite office could backup data to the company headquarters, or vice versa. If you are considering backing up data across a public network (i.e. the Internet), it is important to weigh in on the following fact - Bacula does not currently support data encryption at the time of storage, so any traffic crossing a public network cannot be considered secure.

Besides supporting direct to file and the Iomega REV drive, the native Bacula module supports all kinds of tape solutions and tape storage auto-changers. Keep in mind, however, that although the Bacula project supports these devices, the ClarkConnect backup module may not interface with these devices properly. Direct editing of the configuration may be required in addition to using the Bacula text-based UI (bconsole) to backup to tape-based drives. For a list of supported tape drives, see the Bacula hardware support list.

Choose a unique name for your storage resource that describes the device. You will be taken directly to the “Edit Device” form to complete the remaining information that is required.

A typical edit configuration form is shown below.

The following directives are supported by the Webconfig UI for the Bacula module:

A unique name for the storage device.

The address where the storage device resides on the network. This field can be a valid IP (internal or external), FQDN or “localhost”.

The port the storage daemons listens on. By default, 9103.

This is the storage daemon's password that the director will pass to a client for authentication to the storage device.

Add the full directory path where you would like Bacula to save backup images of your filesets.

Enter in the mount point you created using the “Mount” action (see here). For example, ”/mnt/REV”.

Enter the device location. For example, ”/dev/nst0”.

A generic descriptor of the type of storage device. Valid selections include:

• File - a local filesystem (HDD, USB memory stick etc.)
• Iomega REV - see here
• DDS - Digital Data Storage device (DDS-1 [2GB], DDS-2 [4GB], DDS-3 [12GB], DDS-4 [20GB])
• DLT - Digital Linear Tape, a magnetic tape storage device

If enabled (set to “yes), the device will automatically label blank media. In other words, it will create the backup file to write to without user intervention. For information on how to set the Pool resource label format, click here.

If disabled (set to “no”), you will have to manually label media as required. For information on labeling media using the “Device Actions” feature, click here.

Devices that have linear access to storage medium (ie. a tape moving across a static head), set to “No”. Otherwise, set to “Yes”.

Set this directive to “Yes” to permit the Bacula daemon to examine the storage media and search for a Bacula labeled volume.

Set this directive to “Yes” if the storage device uses media that can be removed from the server (ie. a REV HDD, DAT, USB memory etc.).

It is recommended that you set the “Always Open” directive to “Yes”, making the storage media always available to Bacula. This allows scheduled backups to be run without user intervention. If set to “No”, tape media will be rewound at the end of each backup.

Sets a physical limit to the amount of data written to a device media.

Your catalog (contained in a protected MySQL database) is the central index of your backup. Think of your catalog as being the equivalent of a catalog in a library. Without an up-to-date catalog, recovering your files in the event of a hardware failure or disaster becomes much more difficult. You may have all the data (books) on a backup storage device, but finding a single file without a catalog is a time-consuming operation.

As a result of the catalog's importance, the Webconfig utility was designed to give you three common methods of recovering your catalog in the event it destroyed or corrupted:

• Catalog recovery by bootstrap file (BSR)
• Catalog recovery using locally stored image
• Catalog recovery by uploading an image

You will be given the option to choose which method you wish to use from the “Restore Catalog” menu (see screenshot below).

A MySQL catalog can become large over time - very large. Depending on the number of clients and files you backup on a regular basis, it is not uncommon to have a catalog that is in excess of 10-20MB in size. As such, method #1 above is the preferred method - backing the data in the catalog database on a regular basis to whatever storage device you are using. The only difference during recovery, is that you will use a bootstrap file (BSR) instead of using the catalog - a necessity since you don't have the catalog.

• Ensure the backup medium containing the latest catalog data is in your storage device
• Click on the “Restore Catalog” link
• Select the “I want to use a bootstrap (BSR) file…” option
• You should have the latest BSR file for the catalog that was e-mailed to the administration user. Retrieve it and save it to your local hard disk.
• Click on the “Browse” link and select the file you saved in the prior step
• Click on the “Continue” link
• A web dialog will be displayed asking you to confirm or cancel
• Click “Continue”. The database import may take several seconds (or minutes if very large) to complete.

Select the “I want to use a catalog image stored locally…” option and enter the filename including absolute path of the database image. Click on “Continue”. Confirm your intention to initialize the database using the data you have in the image.

Due to the file size limitations of uploading files combined with the large file size inherent to the Bacula catalog database image, this option is limited in use. It is a convenience for those who have a catalog image mailed to an account (ie. Gmail). However, for any catalog that is larger than 2MB, you would be advised to use an alternative file transfer method (SCP, FTP, WinSCP etc.).

Some devices require actions like ejecting a tape or removable HDD. You can perform these actions through the webconfig utility using the drop-down list of supported actions in the “Device Controls” page.

Mounts a filesystem at a specified mount point.For IDE and SCSI Iomega REV drives, the device location will be auto-discovered - only a mount point needs to be specified.For tape systems, this action will call an internal Bacula mount that ensures the device is available for Bacula to read/write.

Unmounts (or umounts) a device.

Unmount and Eject Same as Unmount, except that the tape or removable media is ejected.

Ejects removable media from the device.

Bacula uses labels in order to create volumes that are then associated through the use of pools. This may sound complicated at first, but it is really not. For more information, see the Bacula online manual concerning Pools, Volumes and Labels.

Issues a rewind command. Only applicable for tapes.

The report page provides a graphical display of job history.

The virtual console gives the administrator the ability to run Bacula commands via the webconfig GUI rather than the Bacula console. The use of AJAX makes this interface seamlessly bridge the divide between Bacula's console and the PHP webconfig form. Use of this feature should be done with caution and only by those having a solid understanding of the Bacula console commands.

Under most circumstances, backups will be performed automatically by the Bacula scheduler (provided you have created scheduled backup jobs). However, on occasion or by personal preference, users may wish to manually initiate a backup job.A backup job must be defined as a resource in order to initiate a manual backup. If you have not done so already, you will need to define resources needed by a job definition (ie. FileSet, Pool, StorageDevice etc.), and define a job.

Recovering individual files from a specified date is not currently available through the webconfig User Interface. This functionality is available via the Bacula “bconsole” CLI interface and follow procedures documentation provided on the Bacula website. Alternatively, if the recovered file(s) reside on a client machine (not the ClarkConnect server), users can use the graphical user interface provided by the Bacula client that is available for Linux, Mac and Windows platforms.

In the event you lose all data on your ClarkConnect server (through hard drive failure, damage, theft etc.) and provided you have data that was backed up to either removable media or to another machine, you will be able to fully restore your system to the state of the last full or differential/incremental backup.

The first step in restoring your server is to install the ClarkConnect OS on your new (or repaired) server. Download the latest ClarkConnect ISO matching your previous platform. It is advised (but not required) to stay with your current version until the server is restored to its original state.

Register your server to the ClarkConnect Gateway Service network using the I am re-installing an existing system option. For more information on system registration, click here.

Once registered, install the Bacula backup/restore module using the webconfig User Interface (UI) on port 81 or via command line:

# Apt-get update              
# Apt-get install cc-bacula 

Having installed the Bacula module, use the UI and navigate to the LAN Backup/Restore page that will be found under the Software heading. From here, you have three steps to a full restore:

• Upload the original Bacula configuration files
• Restore the Bacula file/directory database image
• Perform a full data restore

Although you can include your Bacula’s configuration files in a FileSet to be backed up, this presents another ‘chicken and the egg’ scenario, since the original configuration files are required to perform a restore. The UI presents a simple and reliable way to always have available the latest configuration files by emailing these files as attachments through the General Configuration page. Locate the most recent configuration files and save them to your local computer’s drive. There are four (4) configuration files that will be required:

• bconsole.conf
• bacula-dir.conf
• bacula-fd.conf
• bacula-sd.conf

Click on the General Configuration link. You will see four sections:

• Global Settings
• Director Daemon
• File Daemon
• Storage Daemon

Click on the Upload Config Files link under the Director Daemon section. You will see a file upload entry form similar to the screen shot below.

Click on the browse link next to the bconsole.conf file. Locate the bconsole.conf file on your local computer, and select ‘OK’.

Repeat the procedure for the bacula-dir.conf file.

Once you have both files defined in the corresponding input boxes, click Upload now.

Repeat similar procedures as described above for the File Daemon (bacula-fd.conf) and Storage Daemon (bacula-sd.conf) sections.

Having uploaded your original configuration files for the Bacula module, are now ready to start the Bacula services. Return to the main Bacula menu and click on the Configure Daemons link. Select Start all services. All four bacula services (director, file, storage and the MySQL server) should now be running. Return to the main menu.

Your next task is to restore the Bacaul database image. This operation simplifies the final action of recovering data. Your Bacula database can be restored in one of two ways:

• BSR File
• Database dump

Follow the instructions provided here for the preferred method. The method you choose will depend on which method you had planned on using. For example, if your configuration was set to email the BSR file of the database image upon creation, this will likely be the method you use. Alternatively, if you have been saving a raw database image to another machine (or even emailing this image to an account), you can upload this image through the Bacula module UI.

Now that your configuration files and database image are restored, simply select and run restores on any jobs containing filesets that require restoring on the local server. From the Bacula UI main menu, select Restore. Since your configuration and database have been successfully restored, you can select the Standard Restore form, completing the fields as required.

The client to which the files should be restored. This should match the client where the files were backed up from.

The file set that describes the files and directories to be restored.

Allows the user to control whether newer files replace older ones or not. This is only applicable when the Location parameter (below) is left blank.

Specifies the location where Bacula should restore the files to. Set this field to a blank (null) entry if you wish to restore files to their original location (caution, make sure your Replace Policy is properly set).

Have a look in the system logs if you are having problems. The bacula daemons log to /var/log/bacula.

Windows XP Personal firewall will block attempts made by the ClarkConnect server to backup a Windows desktop on the LAN. Open port 9102 on the Windows firewall by going to Start » Security Center » Windows Firewall and clicking on the 'Exceptions' tab. Add port 9102 and click Update.

This option, available under the Basic settings, allows you to backup the server to a Windows shared directory on the Local Area Network (LAN). The following steps will assist you in configuring this option.

• Go to Windows Start » My Computer
• Click on Shared Documents
• Select File » New » Folder
• Enter a folder name
• Right click on folder and select Properties
• Click on the Sharing tab
• Enable the Share this folder on the network checkbox
• Enter a share name…for example 'SharedDoc'
• Enable the Allow network users to change my files
• Click on OK

If you have Windows firewall enabled, you will need to open a port (189).

• Go to Windows Start » Control Panel
• Click on Network and Internet Connections
• Click on Windows Firewall
• Click on the Exceptions tab
• Click on Add Port
• Enter Server Backup in the Name field
• Enter 389 in the Port number field
• Select TCP
• Click on OK

In order to test whether you can mount the Windows share, login as root and type:

# smbmount '//IP/NAME' MP -o 'username=USER,password=PASS'

where:

• IP = IP address of Windows desktop
• NAME = your share name, as defined in the steps above
• MP = mount point on CC (i.e. /var/bacula/mnt/SueLaptop)
• USER = Windows username
• PASS = Windows password

• Bacula Home Page
• Find an Iomega REV Drive Reseller
• Iomega REV Drive Home Page
• Bacula Client Downloads

Previous: Email | Next: Printing || Return: Index