First release of the Qustodium Backup Appliance

QBA was born out of a need for organisations to have a cost-effective backup solution. There are a number of commercial products out there, but they are often too expensive for small organizations to justify, and the existing free products are beyond the technical abilities of these organisations. QBA was inspired by other great appliances such as ESVA, the "Email scanning (security) Virtual Appliance" [0] and the Vyatta network appliance [1].

The plan is to have a free downloadable version of QBA, and to sell security and feature updates to subscribers via a custom repository hosted by Qustodium Internet Security. The freely downloadable QBA community version will not be entitled to that kind of support, but service upgrades will always be available and support could be provided through the forums.

QBA could be described as the GPL version of Apple’s "Time Machine" for Windows PCs:

  • as a user, you do not have to configure anything,
  • the data is backed up while you can keep on working (more on this below),
  • and the restore interface is nice and clean, thanks to BackupPC!
QBA is the result of many great posts on the backuppc mailing list, and I would like to thank everyone for their contributions.

QBA is a simple, pre-built, easily configurable backup appliance that is intended to run on several virtualisation packages such as Qemu, VirtualBox, VMware, and others. QBA is intended to be plug&play for basic users but configurable for advanced users. This flexibility combined with the easy-to-use BackupPC web interface will empower users to automate their backups, without the need to know about the underlying operating system, which happens to be Ubuntu JeOS [2].

The system is based on three virtual disks: operating system, configuration and backup pool are stored on separate HDs in order to enable simple upgrades for the operating system, independent storage of user-specific configurations, and the possibility for offsite storage of the backup pool, for instance via an external rsync mechanism.

QBA requires no installation of client software, since it relies on winexe [3] to execute the installation of the rsync daemon via remote procedure calls. The only requirement is a domain-wide administrator/backup user account whose credentials have to be configured within QBA. QBA will use that account to log into all target machines that are to be backed up, and install rsyncd in case it is no already installed. It then creates a shadow copy, opens the firewall for rsyncd and the backup server, starts rsyncd on the client machine, starts the backup, waits for the backup to finish, stops rsyncd again, closes the firewall and closes the connection.

Installation and usage of QBA is as simple as follows:

  1. Download the appliance ZIP archive from the project’s download page http://www.cuba-project.org
  2. Unpack the archive
  3. Open the virtual machine with a virtualisation package of your choice (tested under Qemu and VMware Server for Windows)
  4. Configure the names of the computers that you want to back up
  5. By default, the “C:\My Documents” directory and everything in “D:\Data” will be backed up.
  6. Future versions of QBA will contain the ability to shut down the computers after they have been backed up: Users leave their PCs on when they leave their desk in the evening, the backup runs at some point between 22:00 and 6:00, and after it successfully completed its backup the PC is shut down to save energy.
Clearly QBA is covered by the GPL, based on its components such as Ubuntu JeOS, SetACL and BackupPC. Proprietary tools such as vshadow.exe and dosdev.exe (see below) are not necessary for QBA to work, but the user has the choice to obtain those tools separately from Microsoft and enhance QBA’s functionality significantly.

In addition to the above ease-of-use, QBA addresses some limitations stated in the BackupPC FAQ:

  • "Non-Unix file attributes not backed up"
    QBA uses SetACL [4] to backup and restore Windows NTFS access control lists for every file and directory. The ACLs are stored for every directory before the backup starts in a special file called BUGBUG, and upon restore that data is used to recreate the ACLs for the restored files only. In addition, QBA uses attrib.exe (part of every Windows installation) to backup and restore other file attributes such as System, Hidden, Archive or Read-Only.
  • "Locked files are not backed up"
    QBA can make use of the Volume Shadow Copy Service that was introduced with Windows XP to copy even open files such as Outlook .PSTs mail stores. In order for this to work, the user has to provide his own copies of vshadow.exe (part of the Volume Shadow Copy Service SDK) and dosdev.exe (part of Microsoft Product Support's Reporting Tools), both of which are free downloads. Once these files have been obtained by the user and integrated via the available automated GUI process, QBA will use them without further configuration to copy locked files. At the moment, there is no GUI and the files have to be simply dropped into the correct folder of the virtual “configuration” HD.
  • "Don't expect to reconstruct a complete WinXX drive"
    Since QBA addresses both the ACL and locked files issue, it remains to be confirmed whether this is sufficient to reconstruct a complete Windows drive. We anticipate that at least master boot record, partition table, boot sector and boot loader need more investigation, but could potentially be solved via the dd tool, as outlined here [5].

[0] http://www.global-domination.org/index.php
[1] http://www.vyatta.org/
[2] http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos
[3] http://eol.ovh.org/winexe/
[4] http://setacl.sourceforge.net/
[5] http://www.freesoftwaremagazine.com/columns/backing_up_your_master_boot_record