"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over March 2024.
There were six Comet releases during March - four in the Voyager release series, plus two updates for our Mimas release series.
We've landed a few large and exciting features this March:
New Protected Item Wizard for the Comet Backup Desktop App
We have overhauled our Protected Item Wizard for the Comet Backup desktop app. As part of this refresh we have moved the section where you name your Protected Item to the end, along with a nice summary of what you have configured to back up.
Each step of the Protected Item Wizard has had new styles applied to it, and below are some of the major differences you will see in new versions of the Comet Backup desktop app.
We have significantly improved the performance of browsing files and folders during a granular restore from Disk Image, Hyper-V, or VMware Protected Items. These improvements have significantly improved the responsiveness of the file browser when selecting files and folders to restore, particularly on slow or high-latency connections. Prior to 24.3.2, the file browser would have to wait for data to be retrieved from the Storage Vault every time a disk or folder was expanded, which could cause multiple second loads on slower connections. In 24.3.2 and newer, Comet has to retrieve new data much less frequently, significantly reducing the time spent waiting for folder contents to load.
We have added a new Storage Vault type to make use of network file shares using the SMB protocol. This is a fantastic addition to our Storage Vault offerings, as you can now backup to and restore from network file shares inside your infrastructure that use the SMB protocol.
If you are looking to back up data to your local NAS, check out our new SMB Storage Vault offering.
New Restore Option: Overwrite only if files are different
When restoring data with Comet, you will find a new restore option "If the restored file is different". When this option is set, Comet will only restore the file to the location if the file contents are not the same. If the same file already exists in the restore location, Comet will not need to do anything.
This is also useful for times when you want to quickly revert the contents of a folder to a previous snapshot, as Comet will only need to download and restore what changed between the two points in time.
Prevent Admin Accounts from Deleting Storage Vaults
Admin policies and permissions continue to be improved and expanded in our latest releases. You can now lock down admin accounts from being able to delete users storage vaults. This adds an additional layer of security and protection to your Comet accounts.
You can find these settings when editing an admin account on the Comet Server web interface.
The macOS Console app provides crash reports and live log messages of the running processes on your Mac. We have added support for the Comet Backup desktop app to write log message to the Console app. This is a huge improvement to being able to audit what is happening with Comet Backup on macOS, as well as making it easier to troubleshoot issues when they occur.
Having a Server Self-Backup provides peace of mind that you can recover a Comet Server from a number of disastrous situations. This includes being able to restore a Comet Server in the event critical settings are changed causing outages within your Comet environment.
For new installations of a Comet Server, the Server Self-Backup feature is now enabled by default. Comet strongly recommends moving the backup from the default location (the server installation directory) to somewhere safer, preferably offsite so you can recover from disaster situations.
If you haven't configured Server Self-Backup on your Comet Server yet, you can find the steps to set this up in our documentation
Comet Server supports backing up data to many different storage locations. Comet Server system administrators can configure storage in the client's settings; or server-side with Storage Role; or for supported storage providers, you can configure the Storage Templates feature to provision private, direct-to-cloud credentials for customer backup storage. This provides ease of use and high performance - as long as the storage provider has a compatible integration with Comet Server.
For the long-tail of other providers, we support Custom Remote Bucket and Custom IAM-Compatible as extension points to integrate with the Storage Templates feature. During March, in Comet 24.3.3, we improved the Custom IAM-Compatible Storage Template feature to support many new capabilities, including Object Lock support; the option to create buckets in custom S3 regions; and the option to choose whether the provisioning action creates individual buckets or private subdirectories.
These three new enhancements extend Comet Server's IAM compatibility, and ensure that you can use the Custom IAM-Compatible Storage Template feature with more of the IAM-compatible storage providers on the market.
We're very pleased to announce our latest Quarterly release series - Comet 24.2 Mimas. This is the the latest entry in our quarterly rollup series, that branches off from our main rolling Voyager development into a fixed target for you to qualify and build your service offering upon.
Mimas is named after a moon of Saturn, which in turn takes its name from an ancient Greek mythological giant. Mimas is relatively small compared to Earth's moon, with a diameter of about 396 kilometers (246 miles). Its composition is primarily made up of water ice with a small amount of rocky material. Its most distinguishing feature is a giant impact crater which stretches a third of the way across the face of the moon, making it look like the Death Star from "Star Wars."
For users coming from the previous 23.11 Saturn quarterly release series, Mimas adds 3 features and 15 enhancements, including Dark Mode for the Comet Server web interface and a Debian installer for the Comet Backup desktop app as mentioned below.
The full set of changes can be found in the release notes.
If you'd prefer to watch rather than read, we're hosting a webinar to discuss this new quarterly release and all the new changes. Please register before we go live on Tuesday 12 March (4pm ET / 1pm PT) to catch up on all the latest Comet news with Comet's CTO, Mason - and as usual, there will be time for a live question-and-answer session at the end of the presentation.
As well as that, we have many more videos available on our YouTube channel, including guides on getting started with Comet, individual features, demonstrations with our technology partners, and webinars for previous quarterly software releases.
To continue our visual improvements to the Comet Server web interface we have added Dark Mode support. This completely overhauls the look and feel of the Comet Server and automatically applies based on the theme you have chosen for your system. Next time you have a chance check it out by logging into your Comet Server and clicking the new toggle button in the top right corner.
Light Mode:
Dark Mode:
Debian Installer for the Comet Backup desktop app
To make it easier to install Comet on your Debian Linux installs, we are pleased to announce our new Debian Installer. Our new installer will walk you through all of the required steps to install Comet. Comet is installed as a systemd service meaning it will now automatically start when your device boots.
Once installed you can still upgrade Comet remotely using the Comet Server web interface meaning you now have multiple options for managing, installing and upgrading Comet on your Linux devices.
Object Lock is a great way to add additional security to your data stored in an S3-compatible Storage Vault. This month we've been hard at work finding ways to optimize Comet's performance when backing up to an S3-compatible Storage Vaults. We have found a way to significantly decrease the time taken to extend the object lock duration on objects stored in the vault. As a result, backup jobs to an S3-compatible Storage Vault now complete up to 16 times faster than before.
Comet has a great list of S3-compatible storage providers that we have storage templates for. To add better support for other S3-compatible storage providers you can now add Customer Headers to a Custom Remote Bucket in the Comet Server web interface. This greatly expands your options for which provider you would like to use as you can now add additional data such as long lived authentication tokens as part of the request Comet makes when connecting to the storage provider.
Faster Logins between the Comet Account Portal and Comet Hosted
Once Comet Hosted is running our new 24.2.0 Mimas release, we will enable the overhauled login button for Comet Hosted servers from the Comet Account Portal.
The new login button shares credentials between the Comet Account Portal and Comet Hosted meaning you no longer need to remember two sets of passwords. Because of this we have been able to solve all of the failing cases and can provide you with a reliable login experience for your Comet Hosted servers.
Once you've logged in with the new system for the first time, when you log out of your Comet Hosted Server you will see a new Login with Comet Account Portal appear on the login page. This allows you to jump straight back into your Comet Hosted server faster than ever before. This button will only appear on web browser sessions that remember you've clicked the login button from the Comet Account Portal first to ensure we don't show Comet branding to unexpected users of your Comet Hosted Servers.
At Comet, we are committed to continuously improving our products and services to meet your evolving data protection needs. In order to do this, occasionally we find it necessary to make adjustments to our product offerings. We are updating our pricing structure in order to further standardize our virtual machine protected item types – VMware and Hyper-V.
Effective February 28th 2024, we are introducing a new unlimited guest license option for VMware, priced at $39. If you have 8 or more VMware guests backing up, you will automatically get the unlimited pricing; no action needed on your part. This change supports your business growth as you scale and add VM deployments.
Also as of February 28th 2024, we are dropping the $2 base charge for Hyper-V. You will only pay the booster charge for all virtual environment backups (both VMware and Hyper-V) going forward.
To bring our virtual machine licensing into alignment, starting February 28th 2024, Hyper-V licensing will be charged at $3 per guest or $24 for unlimited guests per host.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager between December 2023 and January 2024.
There were nine Comet software releases between December 2023 and January 2024 - five in our 23.12.x Voyager release series and four point releases for our 23.12.x Saturn quarterly series.
Over the past nine releases we have released close to 20 bug fixes based on your feedback and our own internal quality standards. We are proud of the hard work the team has put in to make our latest versions of Saturn and Voyager our best releases yet.
Easier user creation in the Comet Server web interface
We've enhanced the way admins can create new users from the Comet Server web interface by allowing users to be created in any tenant. Previously this functionality was only available using the Comet Server API so it is great to be able to provide this functionality for all users.
It is also easier to add multiple users at once in the Comet Server as we've made the add multiple users workflow always visible. Previously this was hidden behind our advanced options settings system which made it harder to discover.
On Comet Servers with more than one tenant configured, it was hard to see what user belonged to what tenant from the Users page. You could see that the user belonged to a tenant, but you could not tell which one.
Now on the users page you can see what tenant a user belongs to right from the page. This is a massive quality of life improvement for admin users.
Along with this improvement we have also made it possible to search for users by tenant name.
In November we launched our VMware Protected Item and over the past two months we've been hard at work to improve it based on your feedback, including improved performance, compatibility, and correctness.
The latest versions of Saturn and Voyager are up to date with our latest improvements and we've seen great uptake of the new feature.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over November 2023.
There were seven Comet software releases during November - four in our 23.9.x Voyager release series, two point releases for our 23.8.x Adrastea quarterly series, and the official launch of our latest 23.11.0 Saturn quarterly release.
Last month, we launched our newest Protected Item type to add support for backing up VMware virtual machines using Comet. Over the last month of Voyager series releases, we've seen great uptake of the new feature and have been working to improve it based on your feedback, including improved performance, compatibility, and correctness.
The VMware vSphere hypervisor platform encompasses both the ESXi hypervisor as well as the vCenter centralized management application. ESXi is available in multiple licensed editions, including a free license with various limitations such as restrictions on the number of virtual CPUs that can be assigned to a given virtual machine.
In our first release, Comet supported ESXi versions with a paid license ("vSphere Essentials" or higher), but in the latest Comet 23.9.11 we took a closer look at the problem, and have extended our compatibility to include support for the free version of VMware ESXi. Our implementation supports the same versions (6.7, 7.x, 8.x) of ESXi and is built solely using VMware's officially supported vSphere VADP backup APIs, including Changed Block Tracking (CBT) support. No configuration changes are required to your free-license ESXi host server to support this backup mode.
As part of working on virtual machine features this month, we put a particular focus on the granular restore option. The existing granular restore mode in Comet allows you to take a virtual disk backup at the block level - either of VMware, Hyper-V, or of a physical Disk Image - and then restore individual files and folders from the interior NTFS filesystem.
Our granular restore feature gives competitive restore performance and offers flexible interactive browsing, all while supporting multiple disk image and partition formats, using Comet's encrypted deduplicated cloud storage.
This month, we've made granular restore even faster and have reduced its memory and network traffic requirements, by using an intelligent caching system that helps Comet traverse the virtual NTFS file table in a more efficient way. We have streamlined the restore and browsing workflows to reduce edge cases, improving support for virtual machines with multiple disks, disk images in subdirectories, disk images that span multiple files, and other such cases. In addition, Comet is now able to display each partition's name in more cases.
Outside of granular restore, we've also optimized our ordinary file restore further by removing bottlenecks that could stop Comet from effectively multithreading. In the latest versions of Comet, it should be much faster to restore very deep directory trees.
Comet Server has an extensive permission system for administrators, tenant administrators, and end users. Comet recently added support to allow a top-level administrator to restrict a tenant administrator into using certain policies. However, as this restriction was not transitive, the tenant administrator could still allow a tenant end-user to bypass those policy restrictions. The latest version of Comet adds a new ability to enforce settings and preferences across an entire Comet Server.
Without careful consideration, adding features can sometimes result in a cluttered user interface. As Comet Server has grown to offer more and more control over user permission levels, we have split out the administrator permission settings onto a separate tab.
The web interface and API for Comet Server make use of a built-in web server, based on the standard library from the Go programming language. This embedded web server is secure, performant and powerful, and includes many recent features such as TLS 1.3 and HTTP/2. As this is a bundled component, any security updates for this component must be delivered as part of a Comet Server update. Recently, the HTTP/2 Rapid Reset Attack (CVE-2023-44487) made headlines around the world, affecting major corporations including Google and Cloudflare. This month, we were able to take advantage of newly available mitigations to resolve the issue directly within Comet Server.
We've also implemented additional security protections against XSS attacks, as a defense in depth measure. The Comet Server web interface now uses an extremely strict Content Security Policy (CSP) to help prevent any remote attacks on your administrator login session.
We've kept the CometCon tradition going, bringing remote and local Comet team members together for another week-long conference.
During the week, we made it a priority to focus on deep technical brainstorming and planning, with speakers from various departments. But it wasn't all work - the collaborative environment was combined with social events including decorating the office, renting out a cinema, learning to mix cocktails, taking a flight lesson, and the infamous "Mandatory Fun".
We're very pleased to announce our latest Quarterly release series - Comet 23.11 Saturn.
Our product's first codename started many years ago with the planets of the inner solar system, and our Voyager track continues ever more outward into distance parts of space. Recently, all our quarterly releases have been named after moons of Jupiter. But with the recent addition of VMware support this quarter, we thought that adding a big new feature deserved a big new planet!
Saturn needs no introduction as the sixth planet from the Sun. It is the second-largest planet in our solar system after Jupiter, large enough to fit the Earth inside more than 760 times over. Its iconic rings were discovered in 1610, and we are continuing to find additional moons - over 140 have been discovered, most recently in 2020.
Comet 23.11.0 Saturn includes 8 new features and 23 enhancements that were developed over the course of the previous 23.9.x Voyager series, including our VMware Protected Item type, a lobby for silent installed devices, and improvements for Object Lock and Comet Storage.
We are currently working towards releasing our new Hyper-V Backup 2.0 offering next year, which means we’ll be retiring our existing Hyper-V backup at the same time. To prepare for this, we’ll preview new technology in Comet’s Voyager releases and add further capabilities to Hyper-V backup as we work towards the launch of Hyper-V Backup 2.0 in 2024!
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over October 2023.
There were four Comet software releases during October, all in the 23.9.x Voyager release series.
Comet 23.9.7 adds support for backing up VMware virtual machines.
This has been a long-standing request on our Feature Voting page. After running a successful beta program over the last few months, we're very happy to be able to deliver this feature to partners in our Voyager track.
Comet's new VMware Protected Item type allows you to easily connect to your ESXi or vCenter server. You can pick individual VMs for backup across all datacenters, or choose "All VMs" to ensure all VMs are backed up with targeted exclusions.
The feature supports Changed Block Tracking. After completing an initial backup job, any future backup jobs will coordinate with the VMware host server to identify which ranges of the disk have changed since the previous backup job. These changed ranges from the VMware server are adapted into content-defined boundaries for Comet's deduplicating chunking engine. This results in an extremely efficient, incremental-forever backup.
As this is a new Protected Item type, it must be configured to run from an installed device that will perform the compression and encryption workload. Installing Comet Backup on a VM within the VMware server itself is recommended for reduced end-to-end latency. In this first released version in Comet 23.9.7, this feature requires the device to be running Windows x86_64.
We are excited to bring this new Protected Item type to our entire Comet Community, so look out for our upcoming quarterly software release at the end of this month. We'd love your feedback and are here to help if you need any assistance getting started, reach out via our support ticket system.
It's official - Comet Storage is a new cloud storage offering from Comet, in partnership with Wasabi. We offer Wasabi's same great S3-compatible service, at no additional cost above their public pricing. The feature is fully integrated and managed from within your account.cometbackup.com account, giving you unified billing and reporting across both cloud storage and your backup software licenses.
Comet Backup will continue to support a wide range of cloud storage providers. However, the new all-in-one Comet Storage offering is both highly convenient and excellent value. If you are interested in migrating to Comet Storage from an existing Wasabi account or from another cloud provider, please contact us for migration assistance.
Comet Storage also supports S3 Object Lock, allowing the backed-up data to be marked as immutable. This is a complete defense against ransomware attacking the backup storage location itself, giving you a fixed number of days to identify and mitigate the issue. In the latest version of Comet, we've also made Object Lock easier to use for all supported Object Lock-compatible providers, by simplifying the configuration options for both Storage Vaults and Storage Templates.
For more information, please see the documentation, or check out our latest YouTube video:
New account.cometbackup.com user interface design
Every element on the page has been given a fresh coat of paint - from buttons to popups, from paying your bill to raising a support ticket. We've also grouped some pages together in a more logical way, so you'll find it simpler to make your way around the site.
Inspired by the similar change to the Comet Server web interface earlier this year, the new design has moved the main navigation bar from the top to the left-hand side. This change brings our branding more closely in line across these two interfaces. On devices with smaller screens, such as laptops and tablets, you can click the small arrow button to collapse the navigation bar and regain horizontal screen real estate.
Comet supports backing up physical Disk Images, Hyper-V virtual machines, and VMware virtual machines. All of these different Protected Item types result in virtual disk files. Comet supports granular restore for all three types, allowing you to browse through partitions and supported filesystems, to restore individual files from within a full disk backup.
In the latest versions of Comet, we've significantly improved the speed of granular restores from Disk Image backups. Some particular use-cases seeing a large improvement are granular restores involving a large number of directories, or a large quantity of small files. We're committed to continuing to improve Comet's performance and this work has identified more opportunities for improvement across all three types, so watch this space!
We've also added a feature to restore Disk Image backup jobs as VMware vSphere-compatible virtual disks.
Both Disk Image and our new VMware Protected Item type generate virtual *.vmdk files inside Comet's deduplicated Storage Vault. However, the subformat of the files does differ slightly. Until now, users who are using Comet to perform a physical-to-virtual (P2V) migration from a physical disk to a VMware virtual machine have been required to perform an extra file format conversion after the restore, requiring extra time and temporary disk space. With the new option in Comet to restore the disk in VMware vSphere-compatible file format, the conversion takes place dynamically as part of the restore job, simplifying the process and helping meet your recovery time objective (RTO).
Earlier this year, we added Audit Logging support to the self-hosted Comet Server product, to help our partners meet their compliance obligations. Since then, we've expanded the list of audit properties, and added a helpful option to configure this feature directly from the Comet Server web interface from the Settings page on the "License & Access" tab.
The new controls should make it much more accessible to configure Audit Logging support for your Comet Server.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over September 2023.
There were five Comet software releases during September - four releases in the 23.9.x Voyager release series, plus one for our quarterly 23.8.x Adrastea release series.
We've been hard at work developing a new way to register devices you would like to protect, right from the Comet Server admin web interface.
With the new remote registration feature you can remotely register a device and assign it to a user profile, right from the Comet Server admin web interface when the device has been silently installed using the /LOBBY flag.
We've renamed the Connected Devices page to the Devices page and made a number of improvements to this area.
You can now see all devices that have been connected to your Comet Server, not just online devices. This extra information will allow for easier troubleshooting of what state each of the devices connected to your server are in.
We have also added bulk actions to the Devices page. These bulk actions allow you to manage the devices connected to your server much faster than before.
As a final touch we have updated how clicking a device status on the "My Devices" widget works. If you click on "Online," this will take you to the Devices page and apply a filter so that only online devices are shown.
In rare circumstances it is possible for a backup or restore job to be stuck in a running state. For example, this can occur if a device becomes damaged when running a backup job and never starts up again to report to the Comet Server. These jobs stay visible on the Comet Server and impact how easy it is to monitor other jobs that are actively running.
As a first step to provide you with the tools to manage stuck running jobs, we have added the ability to manually mark a stuck running job as abandoned from the admin web interface.
An abandoned job is a job that Comet has automatically determined is no longer running after communication with the client was lost, or one that has been manually marked as abandoned by an admin. We have updated our documentation to add clarity to what each of the job statuses mean.
Marking a job as abandoned has been added to the "cancel a job" workflow. To remove a stuck running job, simply attempt to cancel the job and the Comet Server will help you with the rest.
A job marked as abandoned will revive itself and show as running if the Comet Server ever receives an update about that job again.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over August 2023.
There were six Comet software releases during August - five releases in the 23.6.x Voyager release series, plus one release for the launch of our new quarterly 23.8.x Adrastea release series.
Our goal for the new interface design was to make the product simpler for new users, while still keeping it familiar for existing users. The tabs, icons, buttons, fonts and colors have all been refreshed with a modern rounded style, but you are still greeted with your familiar Protected Items and charts on the home screen.
The most fundamental change was made to navigation within the app: the previous left-side navigation bar has been removed, meaning your Protected Items are always clearly visible, and we have refreshed the breadcrumb bar appearance to help orient you to this landmark interface element. The removed left-side navigation bar has been replaced with a top navigation bar which puts more emphasis on your branded company logo, and offers clearer, more distinctive focus on the calls-to-action for the key backup and restore functionality.
In the top-right corner, you will see a a dropdown overflow menu, using modern and intuitive UX iconography. Inside this menu, you can get quick access to detailed job history; creating recovery media for restoring Disk Image backups; and a new Settings dialog. The new Settings dialog contains Storage Vault management, account and login settings, email reporting settings, your devices, and the ability to import settings from other supported backup products.
The details are subject to change before release, but we expect to be able to support major versions of VMware ESXi (6 / 7 / 8) and vCenter, using either free or paid licenses. Your backup jobs can be accelerated using changed block tracking (CBT) to produce synthetic full disk images that are deduplicated inside your Storage Vault. The new Protected Item type will work seamlessly with Comet's scheduling, deduplication, compression, encryption, job reporting, tenants, and granular restore of single files from supported virtual disk filesystems.
We're in the final stages of the beta program and are currently accepting new partners to help us ensure that this new Protected Item type is a good fit for your production VMware infrastructure. If you are interested in getting early access to this feature, please follow this link to register your interest - we would greatly appreciate any feedback you might be able to give us before the official launch later this year.
Comet has supported Backblaze B2 as a storage platform for over six years, since our 17.6.4 release back in July 2017. Over the years Backblaze B2 has proven to be a reliable, trustworthy, performant, and cost-effective solution. Together with Wasabi, these are the two most popular cloud storage providers amongst Comet users.
This month, Backblaze B2 have announced a price change. The base storage cost is increasing from $5 USD / TB to $6 USD / TB, but egress bandwidth costs are being reduced. For full details, please see their official announcement.
WebDAV is a storage protocol like FTP, SFTP, or the S3-compatible protocol, that can be used to store files in a remote location. It's based on HTTP technology and supports password based authentication, as well as transport layer security over HTTPS. The protocol has been around since 1996 and was standardized by the IETF in RFC 4918.
Accessing a remote WebDAV server is a built-in feature of Windows Explorer, as well as macOS Finder and the KDE and GNOME file managers.
Because the capability for accessing remote storage is built into the operating system, WebDAV is simple to use with a very low barrier to entry, helping it maintain a broad user base amongst enterprises, universities, and commercial service providers including Hetzner Storage Box, DreamHost, Yandex Disk, pCloud, and many others.
Clicking the "Feedback" text will open a short survey asking for any short thoughts you have about your impressions of Comet and how easy our product is to use. Our Customer Success team would really appreciate any answer you give. After submitting feedback, the tab will disappear, but you can submit more feedback at any time by clicking the "Give us Feedback" link in the page footer area.
Earlier this week, we put the finishing touches on our latest quarterly release, Comet 23.8.0 Adrastea. This is the the latest entry in our quarterly rollup series, that branches off from our main rolling Voyager development into a fixed target for you to qualify and build your service offering upon.
As with all our recent quarterly release series, Adrastea is named after a moon of Jupiter, which in turn takes its name from an ancient Greek mythological figure. It is the second-closest moon to Jupiter and the smallest of the four inner moons, orbiting at the edge of Jupiter's main ring. It is thought to be the main contributor of material to the rings of Jupiter.
For users coming from the previous 23.5 Thebe quarterly release series, Adrastea adds 7 features and 24 enhancements, including the new Comet Backup desktop app design and WebDAV support mentioned above; single sign-on support with OpenID Connect (OIDC); Protected Items that can stay linked with the user's Policy; additional admin permission options; and many performance improvements.
The 23.8.0 series does remove support for some old versions of macOS. If you have users with old Mac machines that are not able to upgrade the OS, the previous 23.5.x Comet Backup client will remain capable and working when connected to a 23.8.x Comet Server.
The full set of changes can be found in the release notes.
If you'd prefer to watch rather than read, we're hosting a webinar next week to discuss this new quarterly release and all the new changes. Please register for a notification before we go live on September 5th (5pm EDT / 2pm PDT) to catch up on all the latest Comet news with me - and as usual, there will be time for a live question-and-answer session at the end of the presentation.
As well as that, we have many more videos available on our YouTube channel, including guides on getting started with Comet, individual features, demonstrations with our technology partners, and webinars for previous quarterly software releases.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over July 2023.
There were five Comet software releases during July - one in our quarterly 23.5.x Thebe release series, plus four releases in the 23.6.x Voyager release series.
Comet Server is adding support for administrators to single sign-on (SSO) to the Comet Server web interface, using a supported OpenID Connect (OIDC) identity provider:
Google (Google Cloud, Google Workspace, or personal)
Any other OIDC-compatible provider that uses a discovery document (usually at the .well-known/openid-configuration URL path).
You can configure a new OIDC provider from the Comet Server web interface > Settings screen > "Admin Accounts" tab > "External Authentication Sources" button:
To use this feature, you should first visit your IdP's settings page, register a new application credential within the IdP, and copy the credentials to this settings page. You will then need to copy Comet's generated "Redirect URI" field back into your IdP's settings page.
When the administrator user uses the new "Log in with..." button and performs a successful login operation via the IdP, a new Comet Server administrator account will be dynamically created for them on-demand. As with LDAP, you can specify which Comet Server permissions are granted to the newly generated account. This new account is marked as "Externally managed" within the "Admin Accounts" table, ensuring that valid IdP login is required to access this administrator account.
If your IdP enforces two-factor authentication (2FA), you can configure Comet Server to skip enforcing its own internal 2FA on the account, so that the user is not bothered twice.
You can request custom scopes, and enforce claim values against either custom scopes or standard OIDC scopes. This allows you to enforce that the only members of certain Microsoft, Google, or OIDC groups within your IdP are allowed to log in to the Comet Server.
This feature is available both for the top-level Comet Server administrator as well as individually for each tenant.
Price change notice for Comet Storage powered by Wasabi
Our Comet Storage service gives you the option to purchase Wasabi Cloud Storage directly from Comet, offering all-in-one billing and providing a more integrated experience. This month, we've passed along the latest price changes from Wasabi, to their new price of $6.99 / TB.
When backing up a Files and Folders-type Protected Item, one of the first steps is for Comet to enumerate all the selected files, in order to calculate their total size. The total size is used to enforce the "All Protected Items Quota" feature, as well as to properly determine the progress bar's expected upper bound. If you are running a headless device with no GUI to render the progress bar, and you are not using the "All Protected Items Quota" feature, then there's no remaining purpose for this scan phase, and so Comet will skip it to save time.
We heard mixed feedback about this - a discussion in our feature voting system uncovered some use-cases where the progress bar would still be desirable even on headless devices with no GUI. But also, there was competing feedback that spending time on file size measurement is still slow and undesirable even in some cases where the GUI was present.
In the latest version of Comet, we've come up with a new and better approach to this issue. If the "All Protected Items Quota" feature is used, then we require an accurate measurement up-front regardless. But if this feature is not used, then we can rapidly create an approximate progress bar size based on the previous backup job's size plus some small estimated buffer amount. This should provide a great speed improvement for GUI users, a reasonable progress bar for headless users, and at the same time, provide an accurate measurement for quota users. The reported size measurement will always be completely accurate after the backup job finishes.
For users using Comet on devices with low RAM, our software has long since offered the "Prefer temporary files instead of RAM (slower)" option for backup jobs, to toggle whether Comet stores the deduplication index either in-memory or on-disk in a temporary database file. Enabling this option can significantly reduce Comet's memory usage, allowing the backup job to complete on low-memory devices, at the expense of a longer backup job duration.
The latest version of Comet extends this option to also use a small in-memory bloom filter. This allows Comet to perform some of the deduplication operations in-memory with minimal overhead. This new combination technique can significantly improve the performance of this option for low-memory devices.
The deduplication index is needed for almost all operations involving the Storage Vault, not just backup operations. This month, we've also added an option to use temporary files instead of RAM during a restore, extending the possible use cases for Comet on low-memory devices.
The performance improvements this month are not limited to the Comet app itself. We've also significantly improved the account.cometbackup.com system: downloading the large Self-Hosted Comet Server installer is now implemented via an Amazon CloudFront cache, improving download speeds between 2-6x in our testing.
We have also been able to significantly improve the speed of creating new Comet-Hosted Comet Server instances. The creation time has been reduced from 60-90 seconds down to 10-15 seconds, owing primarily to some changes in the default generated DNS names.
Configuration change notice for PKCS11 codesigning
Comet supports Authenticode codesigning for Windows using either an on-disk file (PKCS #12), or a hardware security module such as a USB device (PKCS #11), or a cloud HSM on Azure Key Vault. With the file-based approach no longer being supported for new Authenticode certificates, we are seeing increased use of the alternative PKCS #11 and Azure Key Vault options, as partner Authenticode certificates come up for renewal.
If you are using a physical USB device for Authenticode codesigning, we have updated the available settings options to improve compatibility with a wider range of devices. The new settings screen should be clearer and easier to use, but you may be required to update your configured settings, as depicted:
If your Comet Server is running in a cloud VM, it's not feasible to plug in a USB hardware device for codesigning. We would recommend Azure Key Vault as an excellent cloud-based solution to this issue, but we've also recently tested the compatibility of the third-party Virtualhere software for remotely forwarding a physical USB device to another PC, and we can confirm this solution works for PKCS#11 codesigning when running Comet Server on a cloud VM.
When using the Comet Server web interface, the quick search bar (using the Alt + Q keyboard shortcut) could previously search through usernames, Account Name field values, Protected Item and Storage Vault names, settings pages, and more. In the latest version of Comet, we have extended the search capabilities to also find users by their email address.
You can also now enter the ID of a Protected Item, Storage Vault, or even a backup job, and the quick search bar will try to match it with the corresponding user or job. This is particularly helpful for troubleshooting some situations.
That's all for this month - the blog will return next month with more news about all the latest changes to Comet.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over June 2023.
There were six Comet software releases during June - two in our quarterly 23.5.x Thebe release series, plus four releases in the 23.6.x Voyager release series.
Comet has a comprehensive Policy system that allows you to apply rules to entire sets of customers at a time, such as restricting their ability to open the desktop app or restricting what features and settings can be used.
One of the existing Policy options allowed you to create a Protected Item that would be applied by default to all new devices that register in the account. However, it was limited to when the device was registered for the first time, it only defined the default settings, and after that the Protected Item could drift from what was configured in the policy. Having a default value that can then change is an important use case, but over time, we heard feedback that people would like these default Protected Items to remain tied to the policy version. In Comet 23.6.0, we made that possible.
You can choose whether the Policy Protected Item applies only for new devices, or if it remains linked to the policy after creation. This allows you to configure a Protected Item for a specific application, file-path, or integration target; apply it by default to all users of the Policy; and still be able to change those settings centrally for all users of that policy.
This was a highly popular request on our Feature Voting page. Thank you to all the partners who shared their support for this feature. If you haven't seen this system before, the Feature Voting system allows you to upvote existing requests, raise new requests, discuss features with other Comet partners, and get notified when a change happens in the product. We look at this system often to help guide the priority of new development.
As an administrator, when configuring permissions for other administrator accounts, additional options are now available.
These new options allow you restrict the capabilities of other administrators. This is intended for the use case of tenant administrators, or limited-permission administrators of a shared Comet Server. The use cases are varied but are often from the perspective of restricting the visibility of the Comet branding for white-label purposes.
You can hide the Server History and Server Info widgets from the homepage, including Comet's version numbers and update information. This simplifies the main screen for the limited-permission administrators who would be unable to act upon this information;
You can enforce that the target administrator is unable to create new Storage Vaults via Storage Templates or via custom storage; and
You can filter and restrict which cloud storage providers are available for these limited-permission administrators to use.
This work was also inspired from our Feature Voting system. Thanks to everyone for your patience as we combined several separate requests to refine down the essential requirements for this use case.
From Comet Backup 23.6.3 onwards, your customers must have macOS 10.13 High Sierra (2017) or later to continue running new versions of Comet Backup.
If your customers are still using macOS 10.11 El Capitan (2015) or 10.12 Sierra (2016), the last releases that can be run on these older versions of macOS are the Comet 23.5.x Thebe series, or 23.6.2 Voyager. These versions of macOS are no longer receiving security updates and we would recommend that all end-users upgrade if possible.
There is no change to Comet Server's minimum OS requirements as we do not offer Comet Server on macOS. It is safe to use the bulk deployment system in Comet Server to continue deploying software updates to all macOS customers - the affected users will skip the install and remain on their currently installed version of Comet Backup.
We last upgraded the minimum macOS version back in September 2022. We expect to be able to keep the 10.13 baseline for a longer period of time.
Comet has long supported a "Run when PC starts" option in the job schedule settings. This option is highly useful for laptops that are often offline or sleeping, where a regularly scheduled backup job is unlikely to occur at the odd moments when the device is online. By running a backup job immediately when the PC boots, the device is more likely to complete a successful backup job.
However, recent versions of Windows have expanded how widely "Fast Startup" is applied across different PCs, to the point that a Windows laptop will often not restart, but only simulate a restart via hibernation-related techniques. This has a negative effect on the "Run when PC starts" option as it was only triggered via a full restart, which is not the default behavior in current versions of Windows.
As a result, we have extended the "Run when PC starts" option to count waking up from sleep as "starting the PC". This is more in keeping with the behavior of current-generation laptop computers and it should make the option work as-expected in more cases. Compared to the old behavior, it is likely that additional backup jobs could be run unexpectedly, but our expectation is that this is not a bad thing, and the result will be more reliable overall.
The 23.5 Thebe release last month included a major redesign of the Comet Server web interface. We've continued to build upon this throughout June in the 23.6.x Voyager series with many enhancements for server operators.
One area of focus was on ease-of-use. When configuring a Protected Item for Application Aware Writer, Hyper-V, or Microsoft Exchange, you can now use the top-right button to remotely browse the customer's PC to select items for backup. Compared to finding individual virtual machine IDs, this is a significant improvement to the ease-of-use of this feature.
Additionally, when saving changes in the Settings page, the page will now intelligently wait for settings to be applied, instead of leaving you at a web browser refresh screen. This makes for a much more intuitive and user-friendly experience. The Comet Server web interface will now also warn you more clearly about invalid bucket names for cloud storage.
There was also a particular focus on performance enhancements for the Comet Server web interface. Loading the web interface should be snappier and with fewer loading spinners, as the necessary information is able to be loaded in parallel, as well as reused from previous lookups. The Quick Search area is now faster and has a new design style. When remotely controlling a connected device to start a restore job, the restore job will reuse information known by the web interface instead of recalculating it, resulting in a restore job that starts faster and finishes faster.
A third area of focus throughout the month was on fixing known issues that have been reported. Thank you to all partners who reported issues - the latest 23.5.x and 23.6.x updates should have addressed all the web interface issues raised to this point.
Following on from last year's successful event, we hosted another week-long meetup with Comet team members from all over the country. With a strong focus on technical talks, networking, and a special coffee-tasting event, everyone had a great week! I'd like to extend a special thank you to our guest speakers!
That's all for this month - the blog will return next month with more news about all the latest changes to Comet.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over May 2023.
There were four Comet software releases during May, all in the weekly 23.3.x Voyager release series. The work this month included a mix of core application development as well as projects in the surrounding ecosystem:
Earlier in May, Mason gave a presentation of the history and overview of backup technologies, starting with simple file copies, through chain-based approaches, and culminating in the Content-Defined Chunking technology used by Comet.
Docker is a popular system for running applications in "containers". In the same way that freight shipping containers have a consistent size and shape, in order to fit within a larger shipping ecosystem, Docker containers also have some consistent behaviors in order to fit within a larger application runtime ecosystem: a "containerized" application has a standard way to start, stop, and log messages; how their storage and configuration is managed, how ingress and TLS termination works, and how sandboxing and permission restrictions are applied.
By offering Comet Server as a Docker (OCI) container, it should be easy for existing Docker users to get started with the Self-Hosted app and to manage it going forward. It also enables new functionality such as running multiple self-hosted Comet Servers on the same PC or VM. This does not replace the existing Self-Hosted installers, which will continue to be available.
There has been a long-standing open feature request for an official Docker container. Thank you to everyone who voted and commented on this feature, and a special thanks to "Hobadee" for providing an unofficial solution to the community so far.
When you visit the the Comet Server web interface, your web browser loads and runs a "Single Page App" (SPA) locally inside your browser. This webapp speaks to the Comet Server backend solely using our public API. This API broadly covers every action you take within the Comet Server web interface, which means if you can do an action in the web interface, then it can be automated by a developer.
During May, we put the finishing touches on the latest addition to this group - a new public .NET SDK. It's available as CometBackup.CometAPI.SDK on NuGet and is developed in C# for use with any compliant .NET Standard 2.0 runtime, including .NET Framework 4.6, .NET Core 2.0, .NET 5, or any later versions.
Getting started with the SDK should be straightforward:
using (var client = new CometAPI("http://127.0.0.1:8060", "admin-user", "admin-password")) { var users = client.AdminListUsers(); foreach (var user in users) { Console.WriteLine(user); } }
Every API method is also available as an Async() version to allow for concurrency.
Our SDK version numbers generally adhere to Semantic Versioning and any enthusiastic readers may have noticed this SDK uses a "version zero" version number at present. We don't necessarily expect to make breaking changes, but we are actively requesting feedback about this new SDK from existing C# users to ensure we've created something idiomatic. We'd love to hear any feedback about the SDK design or any bug reports before we commit to v1 compatibility, so if you are a C# developer then please reach out by ticket or on GitHub.
To help our partners meet their compliance obligations, we've added advanced audit logging capabilities into Comet Server. Almost every action - including login events for administrators and users, restoring data, changes to user and server settings, and more - can now be logged server-side into a secure file.
This work was based on expanding Comet Server's live event streaming features to cover a much more comprehensive set of data. If you are making use of the existing Webhook feature or the Websocket API feature, when upgrading to Comet Server 23.3.7 or later, you may start receiving a larger amount of data. You can control this by declaring a restriction on the streamable event types you want to receive.
In current versions of Comet, this feature must be configured by setting the AuditFileOptions property inside the cometd.cfg file. We expect to make it available via the Comet Server web interface soon!
As we approached the quarterly release, we took a special focus on quality improvements to give us a solid foundation.
The fresh new design for the Comet Server web interface had its debut in 23.3.3, and since then throughout the 23.3.x Voyager release track, we have spent additional time and effort to ensure quality. In the latest versions of Comet Server you will see fewer cosmetic issues as this work has stabilised nicely.
We've also made significant performance improvements to key areas of the client application. Performing granular restore of single files from inside a Disk Image or Hyper-V backup may now be 3-8x faster while using 40% less memory. Comet also now uses less memory for loading files from S3-compatible Storage destinations like Wasabi, and when loading very large files from a Storage Vault.
The Office 365 Protected Item type in Comet has been a continued development focus this quarter, including a partial rewrite. Comet is now better able to handle incremental changes to mailboxes; the reported error messages are more detailed; and Office 365 backup jobs taken with the latest version of Comet should be more resilient against network errors and rate-limiting from the Microsoft Graph API. We would encourage all users to raise a support ticket if you experience any issues with Office 365 backups as we continue to improve the sync capabilities.
On the 1st of June, we put the finishing touches on our latest quarterly release, Comet 23.5.0 "Thebe".
Thebe is the latest entry in our quarterly rollup series. It branches off from our main rolling Voyager development into a fixed target for you to qualify and build your service offering upon.
Like Comet's previous recent quarterly software releases, "Thebe" is named after a moon of Jupiter, which in turn takes its name from an ancient Greek mythological figure. It is a very small moon with only 0.004x Earth's gravity, meaning it is less likely to shape itself into a sphere - in fact a large impact crater covers around 40% of its surface area:
It was discovered by the Voyager 1 and 2 spacecraft in 1979, but owing to its small size and position, almost nothing more could be discovered until the next spacecraft Galileo visited two decades later. Scientists believe it contains frozen water.
As always for a new quarterly release, there are two changelogs for 23.5.0 "Thebe" depending on whether you are coming from the previous quarterly release or the previous Voyager release. You can see the full details in the release notes.
That's all for this month! Thanks for reading - there are some more great features currently under development that we're excited to be able to share with you soon. As always, please follow @CometBackup on Twitter and you can always contact us if you have any questions.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over April 2023.
There were five Comet software releases during April - four in the weekly 23.3.x Voyager release series, plus one minor patch update 23.2.2 for our quarterly "Leda" release track. We've also released a new YouTube tutorial for the new Object Lock feature!
There were some very large and exciting features released in Voyager during April:
When upgrading to Comet Server 23.3.3, you'll be greeted with a new experience:
This is the first major Comet Server web interface upgrade in six years. We're very excited and proud of the new layout. The left-aligned navigation bar allows for faster navigation to pages without clicking through menus, and the quick search bar has been modernized. The new design has also expanded the set of colour customization options that are available: in addition to setting your custom brand colour, you can also set an accent colour for highlights.
The homepage has seen the most dramatic change, including new navigation buttons on the top-right and a rework of all the admin widgets. There are new widgets showing how many of each Protected Item type is being used; how much used/free space there is on your Storage Role data location; the status and last run time of your Server Self-Backup; a live real-time chart of replication progress; and more.
The policies page has also been redesigned. As we add more and more policy options in new versions of Comet, we split the long Policy section to use sub-tabs. This includes a summary page, and a new feature to suggest possible common file path exclusions. We're continuing to work on additional Policy features, and you can expect to see a highly-voted feature coming soon!
When looking at a user account, on the Protected Items tab, the new user interface design has also added a quick-access "Run Backup" button that can remotely command the device to start a backup job. Previously, this feature was available from the Connected Devices page or from the Devices tab - but adding it to the Protected Items tab is a significantly more convenient place, and demonstrates this functionality more clearly to new Comet administrators.
We would appreciate hearing your feedback on the new web interface design before it lands in the upcoming quarterly release!
When restoring data, Comet prompts you for the Storage Vault to restore from; the backup snapshot to browse inside; and then the file (or all files), respectively. However if you're trying to restore a single file without knowing exactly when it was last available, or what folder it was inside, Comet's Search button can search through all backup job snapshots to find the right match.
The Search button has been available on the Restore dialog in the desktop app for a while. New in Comet 23.3.4 is the ability to remotely perform a file search for restore from the Comet Server web interface.
Comet is highly flexible in the number of ways you can configure your storage. From the customer's device running Comet Backup, a Storage Vault could point to a local path; directly at a cloud storage provider; or to your Comet Server with Storage Role enabled - which could then receive the data and store it on a local RAID array or forward it to another cloud storage provider.
Storage Templates are the provisioning system for new Storage Vaults. If you set up a Storage Template for Wasabi or Backblaze, you gain the ability to provision private, per-customer cloud buckets and access credentials with a single click. If you enable Storage Role for receiving data into your Comet Server (or another clustered Comet Server), using a Storage Template can help to very easily provision new Storage Role buckets for each customer.
Comet has long supported a Test Connection button on the Storage Vault page, to check that your custom entered credentials are valid. But when setting up a Storage Template for the first time, the only way to verify that everything was functioning was to attempt to provision a new Storage Vault for a test customer.
In Comet 23.3.5, a new Test Connection button was added to the Storage Template configuration popup in the Comet Server web interface. This allows you to quickly verify that your template is working as expected.
Comet Backup requires a connection to a Comet Server to safely store its configuration. But if you are self-hosting the Comet Server application, the Comet Server also should be backed up to mitigate against the risk of data loss. However, you can't really use Comet Backup for this purpose, since this creates a circular dependency during recovery.
As a solution, Comet Server includes the Server Self-Backup feature. This creates a consistent snapshot of Comet's configuration files, and allows you to store it encrypted on any supported storage location, including cloud storage. Multiple targets, custom scheduling, and data retention policies are all supported. The files are simple zip files to ensure that any eventual necessary restore is an easy and low-stress process.
The latest version of Comet Server made improvements to the Server Self-Backup feature. The generated filenames now clearly show the date and time of the backup job, instead of solely an epoch timestamp. Any automatic SSL certificate files provisioned by Let's Encrypt are now included in the archive, ensuring that it is not required to reissue the certificate. This helps avoid any issues with rate limits on the Let's Encrypt service, which could otherwise prolong your service outage.
We've also added a new option to include server log files in the Self-Backup archive. These log files are not generally required, but for completeness or for an investigation, they can provide an additional view into the circumstances behind the event.
Microsoft, along with third-party security vendors, continue to harden the security posture of the Windows operating system. Comet Backup's client installer is codesigned - either by our company, or if you are using custom branding, then possibly with your own custom codesigning certificate. However over time, the security hardening has increased, and we've recently heard reports that the uninstaller for Comet Backup could trigger alerts in some security products. As a result, the latest versions of Comet Server apply Authenticode codesigning to the uninstaller to help avoid this issue.
At Comet, we release our software under two tracks - the "Voyager" release track approximately weekly, with all of our very latest changes; and the quarterly release track, where we bundle up three months' worth of development into a new fixed point for you to qualify, offer, and build upon, in order to provide a consistent experience for your own customers. Depending on your market position or your requirements, you may find either one of these tracks better suits your needs. As per our regular release schedule, you can expect a 23.5.0 quarterly release towards the end of this month, which will bring all of the exciting features to the quarterly track and also for Comet-Hosted users.
That's all for this month! Thanks for reading - there are some more great features currently under development that we're excited to be able to share with you soon. As always, please follow @CometBackup on Twitter and you can always contact us if you have any questions.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over March 2023.
There were just three Comet software releases during March - two in the 23.3.x Voyager release series, plus one minor patch update 23.2.1 for our quarterly "Leda" release track.
We've landed a few large and exciting features this March:
Comet 23.3.1 adds support for Object Lock on S3. This feature allows Comet to "lock" an object inside a S3-compatible bucket, preventing it from being deleted or modified for a fixed period of time.
This is a fantastic new capability for Comet and it is a key defense against ransomware. Comet generally requires the capability to add and delete files within your Storage location; deleting files is necessary for applying retention passes, updating index files, and coordinating locking across multiple devices. However, if malware is running on your PC and manages to intercept Comet's storage credentials, the malware would also be able to delete files, causing much wider havoc.
Comet uses S3 "Compliance Mode" to lock individual objects within the storage location. This ensures that there is no way for the object to be deleted for the specified time, not using Comet's storage credentials, nor even if your administrator S3 keys are leaked or exposed.
This feature is available for Amazon S3, Wasabi, IDrive (excluding Storage Template provisioning), and other S3-compatible providers including Minio-based providers. Please check with your S3-compatible provider's documentation to see if Object Lock is available.
Object Lock is an opt-in feature, both in Comet and with cloud storage providers. It also relies on S3 bucket versioning. These properties generally must be set when the S3 bucket is created for the first time. It is not generally possible to enable Object Lock on an existing S3 bucket. To use Object Lock with an existing S3-based Storage Vault, you would have to create a new S3 bucket with Object Lock enabled; migrate the data; and update Comet's Storage Vault settings to point to the updated bucket.
Regular users of Comet may be aware of the existing "Hide files rather than deleting them" option for Backblaze B2. Backblaze B2 supports both a native API and also an S3-compatible layer over the native API. Comet Backup integrates with the native API, so the new S3 Object Lock feature is not available for use with Backblaze B2. However, the existing "Hide files instead of deleting them" option can be used to provide the same protection against ransomware.
If you are customizing the branding of the Comet Backup desktop app, then we would recommend setting up codesigning certificates. Having a codesigning certificate means that installing Comet Backup proceeds more smoothly through Smartscreen and Antivirus popup warnings on Windows, and through Gatekeeper on macOS.
The Windows codesigning programme, "Authenticode", is currently in a period of disruption as new rules are being put in place. Owing to the high number of events where developer codesigning certificate files were leaked or lost, new requirements are being enforced from June 1st 2023 that newly issued codesigning certificates must no longer be stored as plain files on disk, but instead must be stored in a Hardware Security Module ("HSM") or equivalent isolated device. Comet has long supported Authenticode certificates using either certificate files ("PKCS #12"), or via plug-in HSM devices that are compatible with the "PKCS #11" standard.
There are two tiers of Authenticode available. The Extended Validation ("EV") service performs a deeper level of business-level and legal checks of the target organization before issuing the certificate. The extra vetting comes with a higher purchase cost, but it also results in a higher level of initial reputation for the resulting codesigned .exe file. An EV certificate was always required to be stored on an HSM.
However, it's common to install Comet Server on a cloud VM or VPS, where plugging in a USB dongle or smartcard hardware device is not physically possible. This difficulty also discouraged many MSPs from using the higher-quality Extended Validation service. With the impending phaseout of the file-based method for newly issued certificates, neither existing option is suitable, so another option had to be found.
Comet 23.3.0 adds support for codesigning using Azure Key Vault. This is a cloud service from Microsoft to manage the secure provisioning of security keys and certificates, including for Authenticode codesigning. There are various services and pricing tiers available; in particular, it's possible to purchase a managed cloud HSM, which meets the new June 1st 2023 Authenticode requirements.
At the time of writing, we would recommend GlobalSign or TrustZone for issuing new Authenticode certificates. There is no carry-over reputation with Authenticode, so replacement certificates can be issued from any provider. These particular providers were prepared early for the new requirements and have a secure vetting process to prove your use of an HSM, such as an Azure Key Vault managed HSM, before issuing your certificate. The private key never leaves the managed cloud HSM device, and Comet Server only uses an Azure application ID to remotely perform the signing steps.
Comet Server can perform Authenticode codesigning for Windows, regardless of whether Comet Server is installed on a Windows or Linux host OS. This is achieved by using a cross-platform signing toolchain. To support the new Azure Key Vault feature, we replaced our existing bundled codesigning toolchain from osslsigncode with a new jsign version. Comet ships these third-party utilities as a courtesy in compliance with their redistribution license.
For most existing users of codesigning with a PKCS#12 file-based certificate on disk, there will be no noticeable difference and Comet will continue to work without any configuration changes. However, some users may experience breaking changes:
The new jsign program takes different parameters for hardware devices using the PKCS#11 standard, which could not be automatically converted. Users of hardware devices may need to revisit their settings.
If Comet Server is installed on ARM64 Linux, the version of jsign distributed by Comet is not compatible with the musl C runtime generally used for static binary distribution. A glibc-based Linux distribution is now required to run the codesigning toolchain on ARM64 Linux. The issue does not apply to x86_64 Linux. We may be able to resolve this issue in a future version of Comet.
Looking beyond these headline features, there have been many more improvements to Comet this month, particularly in the Comet Server web interface.
It's now possible to select custom snapshots for deletion from the web restore dialog. This builds upon last month's feature to add this in the Comet Backup desktop app. To use this feature, enable "Advanced Options" from the top-right user menu, and then click the new Actions button in the Restore wizard dialog.
You can now see an online device's software version, OS platform, and IP address directly on the User Detail page in the Comet Server web interface. This was a minor feature request on our Feature Voting page. To view these new columns, click the "View" button to configure which columns are displayed. Your custom column selection is preserved for this browser throughout multiple page views, but your custom column selection will be reset when a new version of Comet Server is released.
If your Comet Server is configured to show software downloads to logged-out users, the login screen has expanded the number of download options from three (Windows, macOS, and Linux) to four with the new Synology download button. This fixes a minor inconsistency with the web interface as this fourth platform should be shown in the same context as the other three platforms.
There have been many cosmetic improvements to the Comet Server web interface too, including better spacing and padding when configuring an Office 365 Protected Item or a Windows System Backup Protected Item. We regularly make small improvements like this, but this month, we've also been working on a much more major cosmetic change for the Comet Server web interface. We will be able to share more information about that soon.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over February 2023.
There were just three Comet software releases during February - two in the 22.12.x Voyager release series, plus the launch of our latest quarterly series 23.3.0 "Leda".
February is a short month, and it was also a quiet month for new feature development as we focused on quality assurance ahead of the new quarterly software release. Most new feature development this month has been held back as a result, so you will see many more exciting new features land in the 23.3.x "Voyager" series when it reopens shortly next month in March.
The latest 22.12.x versions of Comet included improvements to the email reporting features that launched at the start of the 22.12.x series.
The Recent Activity email report template now includes a table legend in the email footer, helping to distinguish the color series from each other. By way of comparison, when you view Comet Server's Recent Activity page in a web browser, it's possible to hover the mouse over each color segment to display more detailed information about the breakdown of different job types. However, email is a more limited technology medium and an equivalent hover feature is not available. The legend is a simple solution that makes the Recent Activity email report more accessible to Comet Server operators who are not yet familiar with the colors.
The email feature has received more attention to detail, leading to us developing additional fixes for email report previews; for filtering the subset of customers; and for partial configuration of time boundaries.
Another one of our areas of focus this month has been the granular single-file restore system, that now shares some common core functionality across both the Disk Image and Hyper-V Protected Item types. Granular restore now supports more types of NTFS compressed file, including a fix for files that have been compressed with the LZNT1 algorithm. We also fixed an issue with reading single files from within NTFS partitions that have a highly fragmented MFT (Master File Table).
Additionally, we have fixed additional issues with the new Hyper-V single-file restore if a single Protected Item contains multiple virtual machines with multiple VHDX images, as well as fixing cosmetic issues when toggling between Protected Item types in the Comet Backup desktop app.
There have been improvements to the process of syncing Comet data with Gradient MSP. As a reminder, this is an external service that can correlate your Comet user accounts and storage usage with RMM invoices in systems such as Autotask, Syncro RMM, Connectwise, and many more.
The latest versions of Comet Server allow more fine-grained control of the connected feature set; the ability to toggle sending backup job failures to the RMM; optimizing the number of alerts that are sent; and providing clearer error messages if there is an error from Gradient's service.
All of our focus on bugfixes this month has been building up to one thing - a smooth and seamless release of our latest quarterly milestone software version. This time, it's named "Leda", and this rolls up the whole quarter's worth of 22.12.x enhancements into a new fixed point for you to build your business on.
Like Comet's previous recent quarterly software releases, "Leda" is named after a moon of Jupiter. Jupiter has a great number of moons and more are continuing to be discovered. When Leda was discovered as recently as 1974, it was one of Jupiter's 13 known moons. Today, Jupiter has 92 known moons, with the most recent discovered just this month in February 2023!
As well as that, we have many more videos available on our YouTube channel, including guides on getting started with Comet, individual features, demonstrations with our technology partners, and webinars for previous quarterly software releases.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over January 2023.
We've entered the second year of the "What's New" blog post series. There were seven releases during January - five in the Voyager release series, plus an additional two releases in the quarterly "Ananke" series.
The latest Voyager versions have an exciting new feature for the Hyper-V Protected Item type - when restoring a Hyper-V backup job, there's now an option to choose a granular restore of individual files inside the disk .vhdx file:
If you've used Comet's Disk Image Protected Item type, it's much the same - choose the "Restore files and folders" radio button option and click the "Next" button. When browsing the files to restore, the virtual machine's .vhdx file will appear as a folder instead of a file, allowing you to navigate inside the interior partitions and select files from supported filesystems.
It understands both GPT (Hyper-V Gen 2) and MBR/EBR (Hyper-V Gen 1) partition table layouts. The option to restore single files is available for older existing Hyper-V backup snapshots that you have taken with older versions of Comet Backup; it doesn't require you to take new backup snapshots.
There are some caveats to note. As with restoring single files from a Disk Image backup snapshot, this feature currently parses NTFS filesystems only. It doesn't yet support .avhdx differencing disks, only the .vhdx files within the backup snapshot - so if you are using Hyper-V checkpoints, and there are checkpoints present within the backed-up snapshot, then you'll only be able to perform a granular file restore from within the oldest base Hyper-V checkpoint.
This was a highly requested feature from our Feature Voting page. Just as a reminder - you can use this system to request features to be developed, add your votes for features requested by other users, and get notified when new features are available.
The 22.11.2 and 22.12.5 versions of Comet Server fix an important security issue related to administrator accounts. A malicious administrator with access to certain settings areas could achieve remote code execution on the Comet Server host operating system. If you share your Comet Server with untrusted tenant administrators or untrusted limited-permission administrator accounts, then we strongly recommend upgrading at the earliest possibility.
A separate notice has been sent to all self-hosted Comet Server users to encourage them to upgrade.
Last month, we added a new feature to Comet Server to send custom email reports based upon searching over your entire customer base. This can be used for sending an "all customers" report to your system administrators and staff technicians; or, it could be used to send a targeted email to specific groups of customers.
This month, we've extended the email system to include two new email report templates: the Recent Activity report and the Grouped Status report.
These two new template options are available for both individual users and as part of the new multi-customer email report system. When configuring an end-user's report, you can use the "Preview" button to quickly check your custom filters.
Another related feature for the email report system is the new guidelines for time boundaries. Previously when using the "Summary Table" report type, all jobs from all time would be included in the report. Users would have to configure a "Time since job start" is "greater than"... filter in order to restrict the results to show only recent jobs. To make this easier for users and for administrators, there's a new option in the configuration dialog that sets a default time boundary and makes it clear that it should be configured.
The Recent Activity report uses a fixed time-bound of the last 10 days, the same as the Recent Activity view in the web interface.
In Comet, you will eventually want to delete backup snapshots from your Storage Vault. The main use case is to free up space that is being consumed by very old backup jobs that are no longer required. For this use case, the Retention Policy system takes care of this automatically based on your configured retention rules.
Another use case for deleting snapshots is if you accidentally back up a large amount of data. For instance, maybe your Downloads directory was included in the Protected Item selection unexpectedly. For this use case, the Comet Backup desktop app allows you to delete specific backup snapshots by right-clicking them from the Restore wizard. You can delete single snapshots, or all snapshots for a selected Protected Item. You can also delete single files and folders from within a snapshot.
Every time you delete snapshots, the Comet Backup desktop app deletes the specific snapshot, and then, deletes any stored data that is no longer used by any snapshot. The first part is quite fast and the second part can take somewhat longer. If you have a large number of snapshots to delete, it's preferable to request to Comet that it deletes all your intended snapshots, and only then, runs the second "cleanup" phase.
To allow for this, the Comet Backup desktop app now has an advanced "Delete" option in the Restore dialog. When clicking this button, you'll see a new popup dialog with the option to make an arbitrary selection of snapshots. The internal ID of the snapshot is also displayed if you are acting on advice from your support contact.
Overall, this new dialog makes the process much more efficient as the cleanup pass only needs to run once for the entire set of deleted snapshots.
If you don't want to allow your customers to delete individual backup snapshots, you can prevent this by checking the "Prevent manually deleting backup snapshots from a Storage Vault" option in that user's Policy settings.
Remote browse for MySQL, Microsoft SQL Server and MongoDB
In the Comet Backup desktop app, when configuring a new database Protected Item for MySQL, Microsoft SQL Server, or MongoDB, you can use the "Items" tab to browse the content of the database server, to select individual databases for backup.
This feature has been available in the Comet Backup desktop app for a while. In the latest 22.12.x "Voyager" series, we've also made this available from the Comet Server web interface:
Use the new green folder icon to remote browse. If the device isn't currently online, you can still use the green plus icon to manually enter the names of databases to include and exclude from the backup job.
This feature works by remotely controlling a Comet Backup device that has an active live connection to the Comet Server. This allows you to remotely browse databases that are reachable only from the device's network position, such as the device's localhost or databases within the device's local area network (LAN).
As a related feature, we've upgraded the way that Comet Backup connects to a MongoDB database server. Comet no longer requires you to configure the "Mongo Shell" application, which was difficult to obtain for newer versions of MongoDB. This Protected Item type should now be a lot more reliable and easy-to-use.
There have been a few notable performance improvements throughout the 22.12.x "Voyager" series during January 2023. Retention passes use less peak memory, which can be a significant quality-of-life improvement for smaller laptops and NAS devices accessing a large Storage Vault.
Browsing a user's job history is now faster in more cases. If you are using the Job History API to search for the number of backup jobs meeting certain criteria, there is now a separate dedicated API to count jobs that can transfer a much smaller amount of data. There have also been speed improvements for Comet Servers that have a large number of tenants.
The Comet Backup desktop app has been streamlined, to show the "New Protected Item" dialog when using the app for the first time on a new device. If you're a "hands-off" service provider, this should make it easier for new users to get started backing up their files. We've also added new warnings when saving a Protected Item without actually selecting any files or databases for backup.
The account.cometbackup.com website has also had minor improvements. You will now see the filesize of uploaded ticket attachments, the country for Self-Hosted Comet Servers, and extended configuration for email forwarding for Comet-Hosted servers.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over December 2022.
December was a quiet month for Comet development as we entered the holiday season. After the release of 22.11.0 "Ananke" in late November 2022, December saw the "Voyager" series reopen with two releases in this 22.12.x series, plus one point-release in the Ananke series for a total of three releases.
As a Comet Server administrator, it's now possible to configure a single email report covering multiple customers. You can use this new feature to receive a regular report of all your customers, or, you can create custom reports for groups of specific customers.
You can access this from the Comet Server web interface, on the Settings page > Email Reporting tab:
This settings page previously contained only email reporting configuration, such as your SMTP server and "From" display name. The page now contains additional email-related settings including your custom reports. You can use the "Add" and "Edit" buttons in the table to create a new report, using the same configuration options you are familiar with from the existing per-user email reports.
When creating a report, you can choose to include all customers and send the report to yourself; or, you can add a "Username" "equals" filter to find a specific group of multiple user accounts and send the report to their designated contact. Both the "Summary table" and "Immediate job notification" report types are available in this dialog.
A special thanks to all the Comet users who upvoted this feature in our Feature Voting system. We check this system regularly to help guide our priorities.
The Office 365 Protected Item type in Comet allows you to back up an Office 365 tenant from your Comet Backup device, including mail, contacts, calendars, OneDrive files, SharePoint sites and more. At the time of writing, using this Protected Item type comes with a "Booster" charge of $1.50 USD per Protected Account. When you select an Office 365 resource to back up, such as an employee's mailbox or a shared OneDrive drive, all Office 365 users within the tenant who can access that resource are tagged as "Protected" for the purposes of Comet billing.
This is a simple system that scales with the size of your Office 365 tenant. However, we heard feedback from MSPs that unexpected changes to their customers' Office 365 tenants were resulting in unexpected charges to their Comet balance. To help mitigate this, we've introduced a quota feature for the number of Protected Accounts covered by the Office 365 Protected Items in a Comet user account profile. If more mailboxes are added to the Office 365 tenant and are selected for backup, if the total number of Protected Accounts exceeds the configured quota limit, the backup job will not run to prevent any unintentional charges from being billed to your Comet account.
If a user has reached your expected limit of Protected Accounts, you can detect this from the "Quota Exceeded" job status. This job status is specially highlighted on the Comet Server home screen and can also be seen from the search and user pages. When detecting this case, you can raise the limit and also modify the invoices you send to your customers.
We're very pleased to announce the new Polski (Polish) translation in Comet 21.12.0 "Voyager". We'd like to extend a special Dziękuję bardzo! (Thank you very much!) to the very dedicated Comet partner from Poland, who supplied the initial version of this translation and worked back-and-forth with us to ensure a high quality result.
Warsaw Skyline / Skitterphoto (CC0)
As a reminder, if you're interested in correcting a translation in Comet or helping to translate Comet into a new language, then please check out the instructions on our GitHub page.
Microsoft will stop extended support for Windows 8.1 and stop ESU support for Windows 7 on January 10th 2023. From this date, no security updates will be available from Microsoft for either Windows 7 or Windows 8.1.
Comet Backup will continue to work and will continue to support Windows 7 and Windows 8.1 for the foreseeable future; however, your customers may be exposed to operating system security issues unless they upgrade to Windows 10, Windows 11, or Linux at their earliest opportunity.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over November 2022.
November was a more active month for Comet development. There were six "Voyager" releases in the 22.9.x series during November, plus the first release of our new 22.11.0 "Ananke" quarterly series. This exceeds our previous quiet release volumes in October and September. A large number of minor cosmetic improvements were added, as well as many small bugfixes, so we would recommend that all users of previous 22.9.x versions should continue to follow the latest updates for the best experience.
Comet 22.9.8 now includes a native Apple silicon version of Comet Backup for macOS. This will improve efficiency when running on recent Apple computers with M1 and M2 chips.
Your existing macOS users will likely be running the current, x86_64 version of Comet Backup for macOS on their M1 or M2 hardware. The x86_64 version does run well under Apple's high-performance Rosetta2 emulation layer included with macOS. In addition, the backup job speed is usually limited by network speed or disk I/O, not CPU speed, so running under emulation is not likely to significantly impact backup job runtimes. However, the native version for Apple silicon will be more CPU and battery-efficient. After upgrading to the native Apple silicon version, there will be no visible difference to the end-user, except for a snappier and longer-lasting computer.
When an existing macOS user, running a version of Comet prior to 22.9.8 on M1 or M2 hardware, is part of a Bulk Upgrade Campaign to upgrade their installed Comet Backup client app, they will first upgrade to the 22.9.8 x86_64 version under emulation. This version can detect that it is running under Rosetta2, and during the following software upgrade, it will upgrade to the ARM64 version instead of the x86_64 version. As a result, two upgrade cycles may be required for all macOS users to receive the full performance and efficiency benefits of this change.
Comet 22.9.6 added a built-in feature to integrate with Gradient MSP. Gradient MSP is an external service that allows you to sync user account data and backup job error alerts into many RMM/PSA systems including ConnectWise, Autotask, Kaseya, Syncro, Pulseway RMM, HaloPSA and more. There is no cost to connect one Comet Server to one PSA.
Check out our launch webinar below to see how to take advantage of this service to connect your Comet Backup user accounts to your PSA platform, perform billing and invoice reconciliation, and receive alerts about failed backup jobs.
The latest version of Comet Backup adds support for a quick access download button directly within the navigation bar. This is intended to help first-time users of the Comet Server app find this option more easily, as well as being a quick option for experienced users.
Long-time users of Comet Server might remember the original version of this feature - a download icon in the top navigation bar - that existed between Comet Server 17.3.2 and 18.5.0 "Phobos". It was removed in Phobos owing to the introduction of the download links on the login screen, and also the download button within the home-screen 2x2 button pad.
Change your root keys for Comet Storage Powered By Wasabi
During November we added support for regenerating the top-level root access keys for your Wasabi account. The top-level root access keys are needed by Comet Server for the Storage Templates feature, to automatically provision new direct-to-cloud Storage Vaults for your customer. Being able to rotate these keys and issue new replacements can be a crucial feature if anyone gains access to your Comet Server configuration.
For your convenience, if the old keys are in use on a Comet-Hosted server for a Wasabi Storage Template, or for Constellation, then the Comet-Hosted server will automatically have its settings changed to use the replacement keys.
It comes with built-in examples and is built for TypeScript first. The SDK also contains generated JSDoc typings, ESM and CommonJS bundles, making this suitable for both Node.js and browser users. We've also created a sample app using the Next.js framework that shows how you can use this framework to create a custom B2C signup form for Comet Server using the new SDK.
The Comet Server web interface is a "single-page app" (SPA) that uses the same Comet Server API for its entire feature set, ensuring that our Comet Server API is stable, reliable and well tested. For many years now, our own Comet Server web interface has been entirely developed using Typescript, using a private internal version of this same SDK. We're very pleased to be able to release this work publicly under the open-source MIT license, unlocking productivity for Node.js, TypeScript, and JavaScript programmers looking to integrate Comet Server more closely with their businesses.
The Comet Server API is JSON over HTTP and can of course still be used in programming languages that do not yet have an official SDK, and we have many code samples available for other programming languages in our documentation.
We've just put the finishing touches on our latest Quarterly release, 22.11.0 "Ananke". This rolls up the whole quarter of 22.9.x enhancements into a new fixed point for you to build your business on.
Like Comet's previous recent quarterly software releases, "Ananke" is named after a moon of Jupiter, discovered as recently as 1951. It's the largest moon of the "Ananke group", a set of seven of the moons of Jupiter that have similar orbits and are thought to have a common origin. The moon is named after the ancient Greek mythological goddess of inevitability and necessity.
If you prefer to watch and listen rather than read, I'm hosting a webinar next week to discuss the latest 22.11 "Ananke" software release. Please register for a notification before we go live on December 6th (PST) to catch up on all the latest Comet news with me - there will be a free live Q&A session after the presentation.
As well as that, we have many more videos available on our YouTube channel, including guides on getting started with Comet, individual features, demonstrations with our technology partners, and webinars for previous quarterly software releases.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over October 2022.
October was a quiet month for Comet development. There were two "Voyager" releases in the 22.9.x series during October, matching our previous September release volume. A large number of minor bugs were fixed, so we would recommend that all users of previous 22.9.x versions should continue to follow the latest updates for the best experience.
In the Comet Server it's now possible to migrate a user account between Tenants. To do so, click the "Transfer user" option from the "Actions" menu on the user account page.
When you log in to the Comet Backup desktop app, the login is directed to the Auth Role server URL. Each Tenant in Comet Server generally has its own isolated Auth Role URL for the clients to log in to. When you use the "Transfer user" option, a signal will be sent to the online logged-in devices, to redirect them to log in again to the updated URL.
However, it's not possible to send this message to an offline device. If there are any offline devices, the Comet Server web interface will warn you about this situation - you'll have to manually reconfigure any such devices to use the new login URL, as they will not be able to log in at the previous URL. You can make this change from the Comet Backup desktop app at the login screen, or by using the 'Update Login URL' live action at any other time.
Our June 2022 recap blog post covered the new feature to allow custom SMTP servers at the Tenant level. One of the key limitations of this work was that the top-level administrator was required to configure these settings on behalf of the tenant. This is unfortunately an important restriction from a safety perspective, as it can help insulate the top-level administrator from any repercussions related to the IP reputation of their mail server.
The Comet-Hosted service is based on the Tenants feature, and correspondingly the responsibility for custom SMTP configuration falls on the account.cometbackup.com web application. We're pleased to announce that the IP reputation concerns have been addressed for this environment, and it is now possible for you to configure a custom SMTP server for your Comet-Hosted server via the 'My Servers' page:
Another change affecting the My Servers page on the account.cometbackup.com website, is that this page has received a design overhaul to now show your servers in a table view, instead of a card view.
When redesigning this page, our design goals were to make the page more intuitive for new users as well as more powerful for existing users. With the new design, the page is more scalable if you have a large number of Comet servers (either Self-Hosted or Comet-Hosted). It's more visually consistent with the design of the rest of the account.cometbackup.com site, and the ability to log in to a Comet-Hosted server is now clearer and much more obvious.
The Credit Usage report at account.cometbackup.com shows you a detailed history of all deductions to your Comet account balance. It's an essential tool for partners, to ensure you are appropriately matching your Comet expenses to your customer invoices. For partners with a large number of installed devices, or a very long history, this page can become cumbersome. We introduced a search feature on this page some years ago, but advanced filtering was not yet available, unless you exported the whole result as CSV or XLSX for external processing.
We're pleased to announce that it's now possible to filter your Credit Usage history by date, via the fields on the 'View' dialog.
This feature was a long-time request from our Feature Voting system. The regular feedback for requesting this feature helped us prioritize the work - so if there's anything you want to see in Comet, please do make your voice heard in the feature voting system.
It's long been possible to "copy and paste" a Protected Item from the Comet Server web interface to duplicate it, however, this functionality was restricted to the web interface. As of Comet 22.9.4, you can now right-click a Protected Item in the desktop app to "Duplicate" it.
This is a welcome convenience feature for users of the Microsoft SQL Server, Office 365 and Hyper-V Protected Item types, which can in some cases benefit from having multiple Protected Items with slightly different settings. By duplicating a Protected Item and then making minor customizations, it can be much faster to configure these from the Comet Backup desktop app.
Throughout the COVID-19 pandemic, the Comet team have been fortunate to be able to keep working remotely, while still continuing to expand the team by hiring and training teams of developers all over New Zealand. As restrictions lift, we brought the NZ team together face to face for the first time for the inaugural "Cometcon", a week-long event of networking, professional development, training, and brainstorming about Comet development.
We're looking forward to bringing the remote team together more regularly in the future!
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over September 2022.
September was another busy month for Comet, following on from August and our release of Comet 22.8.0 "Carme". The Carme release has been very well received, and we have not yet needed to release a patch update for it.
There were two "Voyager" releases in the 22.9.x series during September. We followed through with the removal of Windows Vista support, as discussed in our August blog post. This has reduced the filesize for downloading the Comet Backup installer by about half, which is a significant improvement and helps new users start using the app sooner. This change has also made it possible for us to perform a lot of technical cleanup internally to the software, removing edge-cases and upgrading libraries.
Comet 22.9.2 added support for direct streaming restore of Microsoft SQL Server backups, straight back to your database server, without any temporary spooling.
This follows from last month's support for streaming MySQL restore in 22.9.0.
When you use this option, the Microsoft SQL Server backed-up data will be streamed from Comet's Storage Vault into Microsoft SQL Server without needing to temporarily storing any .bak files and manually importing them via SQL Server Management Studio (SSMS).
You can configure the Microsoft SQL Server restore feature with all the same connection settings as for backup. The settings will be prefilled based on the current matching Protected Item, or they can be changed as required. This feature is available for restores performed in the desktop app, or remotely via the Comet Server web interface, or via the Comet Server API.
If your Microsoft SQL Server uses the "FULL" recovery mode, Comet Backup can take differential or log backups from the database. Generally we recommend always taking Full or Copy backups - Comet will chunk the whole database into an incremental-forever deduplication system, so that you don't need to worry about chains or full images or log truncation. However, in some very large databases, you may still wish to do this. To restore a differential or log backup in Comet, you should first restore the matching full backup with the "I want to keep restoring additional files (WITH NORECOVERY)" option set; and then, restore your target differential or log files with the "This is all I want to restore (WITH RECOVERY)" option set.
Following on from last month's redesign of the Comet Backup desktop app main screen, we've made some more minor changes. When creating a new Storage Vault using the 'Custom' option, the Comet Backup desktop app now shows this in a wizard.
This brings the behavior in line with creating new Protected Items in the Comet Backup desktop app: a wizard is used for initial creation, to help guide you through the process, but after initial creation a tabbed dialog is used, for quickly jumping to any setting.
We've also applied a cosmetic redesign of the Search dialog in the Comet Backup desktop app, to also use a wizard, allowing easier back and forward navigation. In particular, this is helpful if you want to change the set of search snapshots after having already entered a filename.
The restore dialog now lets you properly resize columns when selecting a Protected Item for restore.
There were also various fixes for viewing job reports from inside the desktop app. The 'View Log' button is now more responsive when first shown; long job report lines have better word-wrapping behavior, especially on macOS; and very long job reports will now load more quickly.
Webhooks and Websockets are two features of Comet Server, for external partners to receive live notifications of changes inside the Comet Server. These features are used by third-party apps and services to ensure their synced data is fully up to date and responsive to the latest changes.
In Comet Server, the Tenants (formerly "Organizations") feature allows you to create a private, isolated zone of user accounts. The top-level administrator has visibility over all tenants, both in the Comet Server web interface and in the API. In Comet 22.9.1 we've ensured that Webhook and Websocket events for the top-level administrator will now include events from sub-tenants, fixing a consistency gap.
We've also added the option to filter which types of live event messages you would like to receive when constructing a Websocket, by using query parameters (e.g. ?allowList=4100). This brings the websocket support more in line with the Webhook support, which allows any choice of event messages.
Now that the Webhook and Websocket features are more aligned in terms of feature support, the choice of tool is primarily driven by whether you prefer the "push" or "pull" model for events. This comes down to practical decisions about network firewalls, connection establishment, message ordering, deliverability guarantees and observability.
One last thing to point out about Webhooks is that in the Comet Server web interface, we've renamed this tab to "Integrations" - for reasons that will become clear next week!
Thanks for reading - there are some great new features in the development pipeline, that we're excited to be able to share with you soon in the upcoming 22.9.x Voyager series.
"What's New?" is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over August 2022.
This month at Comet we've been busy with behind-the-scenes changes. We've been lucky to continue to welcome many more new staff members that have joined the development team. Throughout August, there were three "Voyager" releases across the 22.6.x series; the launch of the new 22.8 "Carme" quarterly release track; and the slightly early reopening of Voyager for the 22.9.0 release.
Carme is the latest entry in our quarterly rollup series. It branches off from our main rolling Voyager development, into a fixed target for our partners to qualify and build upon.
Comet 22.8 "Carme" takes its name from another moon of Jupiter. It was discovered along with our previous Comet release "Lysithea" by Seth Barnes Nicholson in 1938, and both discoveries were reported in the very same publication. Jupiter's moons are classified into groups, and despite sharing a discovery event, Lysithea and Carme come from different groups of moons and have very different orbital properties. The moon itself is named after the Cretan goddess Carme, one of Zeus' lovers.
Carme brings 7 features and 14 enhancements, including IDrive e2 support, presigned clients, the ability to spread out peak job load across a random period, custom SMTP servers for Tenants, support for fallback domain controllers, more restore options, and improved performance.
For this last month of August, there have been very few features landing in the Voyager release track, with mostly a focus on fixing issues. This has resulted in a trouble-free release process and a great release that we have confidence in. It does mean that there are only a few new features and enhancements to cover, as all the larger changes were held back for the 22.9 "Voyager" release.
In early versions of Comet, macOS codesigning required Comet Server to SSH into a real Mac machine somewhere on your network in order to run the official XCode toolchain. We were very proud to integrate rcodesign as a native, built-in alternative in Comet 22.3.3; the bundling of pre-signed clients in Comet 22.6.2; and now, no longer requiring the third-party iTMSTransporter application as of Comet 22.6.9.
In our company we use the Go programming language extensively, so it's perhaps a little unusual that we didn't have a public Go SDK until this point. That's largely because PHP and Ruby produced the largest demand from external developers looking to integrate Comet with their web sites and ecommerce platforms; and in our in-house Go development environment, we can use the type definitions directly from Go without any SDK at all. However, having a public Go SDK definitely makes it easier to write and develop auxiliary tools, and we've already seen several utilities being ported to this great and efficient programming language.
Announcement about legacy operating system support
The 22.8.0 "Carme" release is the culmination of everything up through the previous 22.6.x "Voyager" release cycle. From this point, we're planning to make some bigger changes.
During the 22.9.x timeframe, we expect to remove support for running the Comet Backup desktop application on Windows Vista, Windows Server 2008, and macOS 10.10 "Yosemite".
If you have end-users running these operating systems, you should either
(A) stay with the 22.8 "Carme" release cycle, or
(B) install the 22.8 "Carme" Comet Backup desktop app and use it along with an upgraded version of Comet Server, or
(C) arrange for your end-users to upgrade to Windows 7, Windows Server 2008 R2, macOS 10.11 "El Capitan", or newer.
⚠ No longer supported in 22.9.x, please continue to use 22.8.x
⚠ No longer supported in 21.12.x, please continue to use 21.11.x
Windows Server 2008 R2 (NT 6.1 / Windows 7-based)
✅ Still supported
✅ Still supported
We don't take this removal lightly, but it's clear that in the present day, Windows Vista is not widely used or relevant, and we expect minimal issues as a result of this deprecation.
Although the Vista-based Windows Server 2008 and the Windows 7-based Windows Server 2008 R2 have the same extended support lifecycle, the underlying technology of the R2 update is significantly more advanced than the Vista-based RTM edition, and correspondingly easier for us to develop for. It's likely that Windows 7 and Server 2008 R2 will remain supported by Comet for a much longer period of time.
In Comet 22.9.0 "Voyager", we've put a new coat of paint on the Comet Backup desktop app. A picture says a thousand words:
The desktop app now shows you a summary of your Protected Items, Storage Vaults, and recent job history at a single glance. We're very happy to have struck a balance between information density, visual identity, and efficient performance as the charts remain using an optimized native-code renderer. We are excited to continue improving the UI going forward and we expect to make tweaks over the 22.9 "Voyager" series in response to your feedback before this lands in the next quarterly release.
This dashboard screen is divided into five main areas:
The Storage Vaults chart at the top left shows up to three Storage Vaults. If the Storage Vault has a quota, the sawtooth segment will be split into two colors showing the partial usage percentage of your Storage Vault quota. If you have more than three Storage Vaults, three are chosen for display based on whether they have Quota limits in place, and also whether they have been recently used on this device. Further details about your Storage Vaults remain available on the Settings tab.
The Currently Protecting chart at the top right shows a breakdown of your Protected Item size, across this device and across other devices in your account. If your Comet user account has a limit on the number of total devices allowed to be registered, or a limit on the total Protected Item size, these figures will be displayed here.
The Storage Vault size chart at the lower left looks at the past 10 days' of job history to build a visualization of how your Storage Vaults have grown or shrunk in that time. Comet measures the size of a Storage Vault during backup operations, so this chart is most effective if there are recent backup jobs for your Storage Vaults. A maximum of three Storage Vaults are shown, and as long as the necessary data points are available, the same choices and colors will be used as per the Storage Vaults chart at the top left.
The Transfer chart in the lower right looks at the past 10 days' of job history as well, to show the upload and download size for your jobs, including both backup and restore operations. These figures correspond to the Uploaded and Downloaded job report columns and at a technical level they reflect the transfer size to- and from- the Storage Vault. Notably this means that Upload/Download sizes may be reported even for Local Path storage vaults, and, Upload/Download transfer amounts for over-the-network Protected Item types (such as remote MySQL and MongoDB servers, or Office 365 tenants) are not currently reported here.
The news widget at the bottom shows bulletin messages created by the Comet Server system administrator. It's useful for contact details, notices of recent service changes, or promotional messages. Any news messages you create in Comet Server are shown immediately in the desktop app. If you have no news entries, this bottom section is hidden entirely.
We're excited to announce a partnership with Storj.io, a decentralized cloud storage provider. It's been possible to use the Storj service with Comet's S3-compatible option, but in Comet 22.9.0 "Voyager" it's now possible to connect directly to the Storj P2P network without involving the centralized gateway. This allows for faster performance during download operations and lower latency without the centralized bottleneck.
At the time of writing, Storj coordinate a network of over 13,000 storage nodes worldwide and can offer great low-latency to nearby storage nodes at an industry-leading price of $4 / TB and a generous free tier of 150GB.
Please note that when using Storj in this way, Comet performs client-side erasure coding to distribute data redundantly throughout the Storj network. The file upload size reported in Comet reflects the amount of data delivered to Storj, but the upload size experienced over the network may be higher as a result of client-side redundancy.
A key aspect of the Storj integration is the ability to configure Storj as a Storage Template provider:
Storage Template providers (formerly known as Requestable Storage providers) allow your Comet Server to automatically provision new, private Storage Vaults for each of your customers, with isolated credentials - including Constellation Role support for automatically cleaning up Storj buckets that are no longer used by any Comet user account.
As with all of our supported storage platforms, the new Storj integration is also available as a backend for Comet Server Storage Role, if you would prefer all customer data to flow through your Comet Server.
Comet supports backing up MySQL using our dedicated Protected Item type. This was one of the original Protected Item types included with the very first Beta versions of Comet, and is available at no additional charge. It works by streaming the output of mysqldump directly into our chunking deduplication engine, without requiring any spool space or temporary files.
In Comet 22.9.0 "Voyager" we've introduced corresponding support for streaming MySQL restores:
The data will be streamed from Comet's Storage Vault into the MySQL server without needing to temporarily store any .sql files and without needing to manually import them.
You can configure the MySQL restore feature with all the same connection settings as for backup. The settings will be prefilled based on the current matching Protected Item, or they can be changed as required. This feature is available for restores performed in the desktop app, or remotely via the Comet Server web interface, or via the Comet Server API.
This is a great feature that simplifies the restore process for this highly popular database. We expect to announce a similar feature for another popular database very soon, so keep an eye on our release notes for the latest news.
Configure webhooks from the Comet Server settings page
Webhooks are a feature to send live events from Comet Server to your other systems. They are largely of interest to developers who want real-time information to flow from Comet Server into other systems, such as CRM and ERP systems.
Comet Server has supported webhooks since 20.6.1, with major enhancements happening for custom header support in Comet 21.9.2. However, they've largely been hidden and confined to users who read the documentation and can make manual changes to the cometd.cfg file. In Comet 22.9.0 "Voyager", we're improving the discoverability of this feature by allowing you to view, edit and manage your current webhooks from the settings page in the Comet Server web interface.
This feature is available for webhooks both at the top-level, and for individual Tenants, including Comet-Hosted users.
As a top-level administrator, you can control permission to access this feature via the admin permission checkbox or via the AllowEditWebhooks API field.
Constellation Role has previously been restricted only to the top-level administrator. In Comet 22.9.0, it is now available at the Tenant level as well:
A "Bucket Users" report generated by a tenant Constellation is entirely independent of the top-level Constellation. The tenant also has an independent choice for the "Data deletion" setting.
Access to this feature can be controlled by a top-level administrator. If your Tenant administrator has all settings features enabled, this feature is included. If your Tenant administrator has been configured to have no- or limited- settings available, the Constellation Role feature is enabled by default. This is because Constellation Role is an essential partner of the Storage Template feature, to clean up disk space or cloud bucket space that was used by since-deleted user accounts.
Misuse of the Constellation Role feature can cause data loss, so please take care when configuring this setting. Our documented advice is that you should have exactly one Constellation Role for your Comet Server cluster; when running multiple Constellation reports on a per-tenant basis, the key advice is likewise to not overlap Constellation responsibilities - one set of user accounts and one set of buckets (local, Cloud Storage, Storage Role or otherwise) should be managed by one Constellation Role configuration only.
If you are using Constellation at the top-level of the Comet Server with top-level credentials, then it is able to see Tenant user accounts and deallocate their buckets as required. However, if you are in the situation of not using Constellation at the top level, or if you are not in control of which remote Storage Templates are used by your Tenants, then this new feature is especially useful to enable data cleanup.
If you prefer to watch and listen rather than read, I'm hosting a webinar next week to discuss the latest 22.8 "Carme" software release. Please register for a notification before we go live on September 6th (PST) to catch up on all the latest Comet news with me - there will a free live Q&A session after the presentation.
As well as that, we have many more videos available on our YouTube channel, including guides on getting started with Comet, individual features, and webinars for previous quarterly software releases.
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over July 2022.
It's been a busy month for Comet, and we've been lucky to welcome many new staff members that have joined the development team. This month, the 22.6.x "Voyager" release track has seen five minor updates. We've also released two minor updates for our 22.5.x "Lysithea" quarterly release track. There were many interesting improvements:
We're pleased to announce that IDrive e2 are now available as a built-in option in the Storage Vault selection type. This direct integration uses the IDrive e2 API to automatically determine the target bucket hostname, reducing the number of configuration steps compared to the S3-compatible option.
As well as using IDrive e2 directly, you can also add them as a Storage Template provider (previously known as "Requestable" Storage provider) in the Comet Server settings area. If you enter your top-level credentials in this field, Comet Server can use them to provision private buckets with separate credentials for each user, allowing seamless direct-to-cloud backup without traversing through the Comet Server Storage Role.
A quick reminder - when using the Storage Templates feature, it's likely you'll want to configure cleanup for cloud buckets that are no longer being used by any user account. Comet's solution for this problem is called Constellation Role, and it's available from the settings page of your Self-Hosted Comet Server. In Constellation, you can enter the same IDrive e2 top-level credentials for it to search through. When a Constellation report runs, it finds all your buckets; checks all the user accounts; cross-references the user's Storage Vaults with the available buckets; and deletes any discovered buckets that are not in use by any user account.
Constellation is designed to scale up to clusters of multiple Comet Servers, with any mix of server replication, Storage Role, or direct-to-cloud buckets created by the Storage Template feature. You should have precisely one Constellation Role server amongst your entire cluster of Comet Servers.
In Comet Server 22.6.6, Constellation now has an extra safety guard to prevent deleting any data if no Auth Role server is configured. This feature can help prevent accidental misconfiguration. This feature joins the many other safety features in Constellation, such as the ability to turn off deleting buckets until you are satisfied with the discoveries it makes.
Amazon AWS first launched their ground-breaking S3 service ("Simple Storage Service") back in 2006. In the 16 years since then, the S3 protocol has evolved and grown, adding support for V4 signing, path-vs-subdomain bucket addressing, multiple regions, batch processing, streaming processing, and many more features. As "S3-compatible" has become the de-facto standard cloud protocol for object storage, there are many varied implementations of the protocol and many different providers require different quirks for compatibility.
Comet has an extensive set of auto-detection for various S3-compatible cloud storage providers, which all require slightly different configuration. We've recently encountered several S3-compatible providers all needing the same type of custom configuration, related to the region field. For providers that we officially support and partner with, such as Wasabi and Storadera, we were able to specify the necessary fields internally, but it wasn't an available configuration option for any custom S3-compatible provider. This is now available in Comet 22.6.7.
For example, configuring a custom S3-compatible Region field helps Comet connect to Scaleway Object Storage in their Paris, Amsterdam, or Warsaw regions with the latest V4 signing mode instead of requiring legacy V2 signing. We're happy to improve support for Scaleway as a well-established European cloud provider offering 6+3 data redundancy (6 data drives plus three parity drives).
Last month, we launched the Job Execution Delay feature, to pseudo-randomly delay a backup job schedule by a different amount each time. If you apply this random job execution delay across your entire customer base, it can spread out the load on your storage infrastructure, reducing the peak spike of CPU usage that happens when many jobs all start simultaneously.
This month in Comet we've expanded our support for this feature. In Comet Server 22.6.3 you are able to enforce this setting at the Policy level and also at the whole-server level, where it will override any user or policy settings.
In the Comet Server web interface, when looking at a user's Protected Item or Storage Vault, a "Test Connection" button is available that uses Comet's code to reach out to the target and ensure the device is able to reach it successfully. Because Protected Items are private for each device in a user account, it's clear that we should send this live-connected signal to the correct device, but for a Storage Vault, any device in the account could potentially respond with this information for us. Up until now, Comet Server has picked a random device in the account for the connection.
For Storage Vaults, the situation can be a little different. In the case of shared Storage Vaults in the cloud, it's likely that any device can reach them. However, there are various situations where only some devices in an account might be able to access a Storage Vault. For example, a Local Path vault for an external harddrive; or troubleshooting if one specific device is unable to reach the target network. To help in these situations, the "Test Connection" button now shows a dropdown if multiple device connections could be used for the test.
We also fixed a security issue related to the Test Connections button in the web interface in Comet 22.5.2 and 22.6.4. If you are running an older version of Comet Server, please upgrade at your earliest convenience, or avoid using the web interface button.
For the programmers in the audience - the AdminDispatcherListActive API that underpins the live-connection selection here was also extended to support choosing the target username. This change is available now also in the latest updates to our PHP and Ruby SDKs on GitHub - and watch this space for more programming language SDKs coming very soon.
This month we've upgraded the main compression library used by Comet Backup - the industry-leading Zstandard - to its latest 1.5.2 release. This brings with it a major improvement in compression performance. The practical impact will be limited - backup jobs are almost always bottlenecked by the speed of reading files from the local disk, or by the network speed of uploading them to the Storage Vault - but even in that case, a more efficient compression system should result in lowered CPU usage during backup jobs.
There is a second compression-related story to discuss this month - I'd like to thank everyone who reported a recent issue with the RPM installer for Comet Server. In last month's "What's New" report, we described the new option for pre-built clients. Bundling these pre-built clients with Comet Server resulted in a large size increase for the Comet Server installer. To compensate for this, we adjusted the compression settings used by the Comet Server installer to use a larger window size, so that the pre-built clients would compress effectively with the piecemeal client components that are used with custom branding. This was highly effective, and the pre-built client feature ultimately had a negligible effect on Comet Server install sizes.
However, this compression change caused issues with some RPM-based Linux distros. After some research and testing, we were not able to resolve the issue while still maintaining the optimized file size of the RPM installers - so apologies to RPM users, the Comet Server installer for 22.6 "Voyager" has jumped from ~150MB to ~250MB. This is still a relatively small file size for the great functionality packed within, so we're sure you'll be happy to have the RPM installer functioning correctly again.
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over June 2022.
After our 22.5.x "Lysithea" release last month, June saw the reopening of Voyager under the 22.6.x release track. This month we shipped four software releases - one Lysithea point upgrade and three Voyager versions. There were many interesting improvements:
If you have a large customer base on your Comet Server, it's likely that across your users, there is a large number of jobs starting at 7pm, 8pm, and 9pm, and in general a pattern where a lot of jobs start at the top of the hour. In some cases, this can cause a performance issue with the Comet Server to have to accept so many jobs at once.
There is now a new feature in the backup job schedules, to specify a random delay. The random delay is calculated based on per-user, per-schedule parameters, and if applied to many customers, it will stochastically have the effect of spreading out this peak load spike over a longer time period.
Early next month we're looking at extending this to support bulk application in the Policies system and also server-side, so watch this space!
This month in Comet 22.6.2, there is a new option to download a pre-built codesigned client installer (Comet branded):
Until now, Comet Server has always generated a custom Comet Backup client installer, customized to embed your own branding and Comet Server login URL. But this makes all our MSP partners into distributors of custom software, and therefore subject to some of the problems faced by software distributors.
If you are experiencing issues with SmartScreen, Gatekeeper, or AV products with your custom-generated client installer, and you are in a position to allow the default Comet branding, then using a pre-built codesigned client installer may resolve the issue.
When using a pre-built client installer, Comet Server no longer has an opportunity to embed your default server login URL into the application. To compensate for this, we've made three other changes:
Firstly for the silent install process on Windows, there is a new /SERVER= command-line parameter to override the default login URL
The silent installer has long since allowed pre-filling the username and password on the command-line, but it always relied on the internally embedded Comet Server login URL. The new pre-built codesigned installer does not embed any Comet Server login URL, and you must enter the Comet Server URL at the Comet Backup login screen. This is a problem for the silent installer which is resolved with this new /SERVER= parameter.
If your silent install runs under cmd.exe, you should use double-quotes as per /SERVER="https://example.com" to avoid issues with character escaping.
Secondly, the Comet Backup Windows installer now allows reading the default URL from the installer's filename if there is no embedded default URL. On Windows, the Comet Server URL will be read from the installer's EXE filename (e.g. Comet Backup (http-my-company-com-8060).exe) if present. This information is only used if there is no default URL embedded into the installer itself.
Thirdly and finally - if the default server login URL could not be determined - then the user is of course required to enter it in the login dialog in the software. Generally this field is hidden behind the 'Advanced Options' checkbox:
We now automatically open this area up in more cases if no default URL is known.
We've also decided to automatically open this area up if a 192.168.x.x address is used for the Comet Server. When you are first configuring Comet you may be accessing the Comet Server by its LAN or localhost IP address. This address may get compiled in to a custom client installer and be difficult to troubleshoot. Comet already showed the server URL by default if a localhost IP was used, but also showing it for a LAN IP can help speed up troubleshooting this issue.
Comet Server supports using external authentication sources for admin accounts. If you have a highly-available LDAP server infrastructure using multiple servers, such as an Active Directory failover cluster with primary- and fallback- domain controllers, you are now able to configure multiple LDAP server addresses in Comet Server. When an admin user tries to authenticate at the Comet Server login screen, if a connection to the first entry on the list fails, Comet will try the remaining entries on the list before denying the authentication attempt.
In Comet Server, the Tenants feature allows you to create an isolated zone within the Comet Server that has its own user accounts, admin accounts, domain name, and branding settings. You can use Tenants for resellers, branding imprints, or just general customer grouping. It's a very flexible feature but every Tenant is ultimately under the jurisdiction of the top-level system administrator, and there are some limitations on the allowable settings.
A Tenant can have customized email settings, so that the Tenant's customers will receive their email reports "From" the tenant company's email address. This month, we've expanded this to also allow customizing the SMTP server used for a specific tenant.
In the last few years, email has become highly rigid and standardized. In order for your email to be properly delivered to the recipient's Inbox folder, there is a certain amount of administrative work required to authorize domain names, set up SPF and DKIM, before allowing someone to control these fields arbitrarily. An incorrect email configuration can result in tarnishing your IP address's reputation. As a result, we only allow the top-level Comet Server administrator to configure these email settings on behalf of the tenant.
Our own Comet-Hosted service is based on the Tenants feature. We expect to be able to offer custom SMTP support to Comet-Hosted users soon!
We have renamed "Requestable storage" to "Storage Templates". This is the feature of Comet Server that can provision new per-customer credentials for your storage platform.
This change is currently rolling out across our online documentation and the Comet-Hosted service. If you are operating a Self-Hosted Comet Server, the change will appear after the 22.6.2 upgrade in the Comet Server settings page and in the Comet Backup desktop app.
Overall, the new name should make the behavior clearer to new Comet partners.
We've released new major versions of our PHP SDK and Ruby SDK. These SDKs allow you to very easily write code that talks to the Comet Server API to list users, create accounts, and change settings - doing anything at all that the Comet Server web interface can do.
Our SDKs use Semantic Versioning ("semver") and bumping the major version is done to indicate a compatibility break, as has happened here. We take backwards compatibility very seriously at Comet, it's a key aspect of how our API is designed. The API itself remains fully backward compatible at the HTTP / JSON wire-level. Old versions of the SDK will continue to work, even against new versions of Comet Server.
So why make a "semver-major" breaking change at all? The compatibility break is solely in SDK code, not in the Comet Server API. We cautiously made a change to the MAJOR number in response to some minor type definition changes. These changes are fully compatible at the HTTP / JSON level, but if your application was using these type definitions - for instance, declaring variables explicitly using these types - then you might get an error when upgrading the library. Please read the full changelog (PHP / Ruby) for detailed upgrading guidance.
As long as a "semver-major" change was required to clean this up, we've taken the opportunity to modernize our system requirements for the PHP SDK. The PHP SDK now uses PHP 7 return type declarations, as well as parameter type hinting for scalar values. This should give a better development experience and help you catch bugs sooner before they make it to production. If your PHP server platform is still using PHP 5.x, we advise looking at upgrade options - or else the previous 3.x major version will remain available on GitHub and in Composer.
We're always happy to see work taking place in our language translations. In the course of June we saw updates to the Thai (22.6.0) and Dutch (22.6.1) translations for Comet.
As always - Our staff mostly only speak English, so we do hire translation contractors for the bulk of this work - but over the years we have consistently found that the best-quality translations come from our customers, who have a full understanding of both the software and the IT / MSP backup industry. If you see a typo in our translations, or if you want to help translate Comet into a new language, we'd love your contribution and it couldn't be easier to get started - just head to our GitHub page and follow the instructions.
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over May 2022.
May was a busy month for us at Comet - we've continued to expand our development team, and we are making great progress improving Comet. We've also grown our customer success team and support team, so if you see some new faces in the support tickets, please give them a warm welcome!
The headline news of this quarter is that we've rolled up the 22.3.x Voyager series into a new long-term-support release. If you're not comfortable with weekly Voyager software updates, we strongly recommend the quarterly rollup series to build your business upon.
The codenames for Comet follow a consistent naming pattern, as we voyage from the inner solar system (Comet 17.2.0 "Mercury"), through the inner planets, Earth, Mars, the asteroid belt, Jupiter, and now looking at the moons of Jupiter. "Lysithea" is the tenth moon of Jupiter; it was discovered by Seth Barnes Nicholson in 1938, and is named after the Lysithea of Greek mythology, one of Zeus' lovers.
Our friends at Wasabi have continued to launch new regions, with the latest addition being Australia (launched on May 9th). At our Comet offices in New Zealand, we're particularly pleased with the latency and performance of the new Australia region. The new region is automatically detected in Comet's software, and no region-specific settings are required.
IDrive e2 works very well with Comet, and you can expect to hear more about them in the future. Mention Comet Backup when signing up to get 1TB free storage for 30 days.
Comet Backup supports many different cloud storage providers if you bring your own storage credentials. If you have configured the customer's Comet Backup app to back up directly to a cloud storage provider, you should avoid reusing storage credentials across customers. For each customer, you should either create new cloud storage credentials manually; or proxy the data through Comet Server Storage Role; or ideally, have Comet Server provision new cloud storage credentials automatically. We call this the "Request Storage Vault" or "Requestable" system.
Previous versions of Comet Server supported this "Requestable" provisioning for Backblaze B2, Wasabi Cloud Storage, and custom HTTP integrations. We're very happy to announce that Comet Server extends this support to Amazon AWS and to custom IAM-compatible cloud services.
There are a lot of S3-compatible cloud storage providers on the market, but having "Requestable" support to automatically provision private credentials is a more advanced level of integration than just S3-compatible, and there's not yet an industry standard for providers to use. We're working with individual storage partners to expand our "Requestable" integrations over time.
When configuring a backup job schedule in Comet, you can now tell Comet to back up hourly, but only at certain times of day:
The main two use cases for this feature are
to back up only 9am to 5pm, Monday to Friday, when you know the customer's computer is on and working, to avoid any meaningless Missed backup job reports; and
the exact opposite, to back up from 5pm to 9am when you know the customer isn't interactively using their computer.
It's long since been possible to select an hourly schedule, or a daily schedule for weekdays, or individual backup times - but rolling them all together is a nice improvement that makes this kind of configuration much simpler.
This was a popular suggestion from our Feature Voting page. If you haven't checked out our Feature Voting page, i'd really recommend it. We look at this system often to help guide our priorities, so it's a great way to help shape the future of Comet.
Our Synology .spk package was first publicly released in February this year, as part of Comet 21.12.7. Since then, we've continued to improve the installer and our compatibility.
The platform compatibility has been extended to include more types of ARM CPU, including Synology NAS models based on the Armada, Comcerto, and Monaco platforms. The Synology package has been improved to better understand NAS timezones, provide clearer warnings on login failure, and to calculate device IDs in a more repeatable way. You should find that the installer just works in many more cases.
In the DSM 7 version of the installer, some additional steps are required to grant file permissions to the Comet Backup app. Previously, these steps were only listed in our official documentation, and if you are white-labeling the Comet Backup software for your end-users, then it is difficult to share a link to this information. The latest versions of the installer now include a new built-in help guide explaining how to configure the necessary permission settings for backup.
All of the changes mentioned above are included in our latest quarterly release 22.5.0 "Lysithea".
The tables in the Comet Server web interface now properly remember their state when refreshing the page or using the back button. This may sound like a subtle change, but it has had an immediate impact in making the Comet Server web interface much more intuitive and easy to use.
This was a long-standing request from our Feature Voting system. It's taken a while to get to this point because Comet Server's web interface is an SPA (Single Page App). This has been an excellent technical foundation for us, as our development team reuses the official Comet Server API, ensuring that it is stress-tested and has broad feature coverage, allowing any external API developers to get the same experience we do internally. However, this API-first design has meant we're not technically using the web browser's traditional Back button handling, and that has resulted in minor quirks like this. Thank you all for your patience with us as we developed this feature.
As of Comet Server 22.3.6, and available now in Comet 22.5.0 "Lysithea", when using the browser back button, all table settings will be restored exactly how they were, including rows-per-page, sorting, current page number, search term, and custom column selection. Your rows-per-page setting will also be preserved globally, even when you log out and log in again.
Your custom column selections will be preserved for each individual table, even when you log out and log in again, with your current version of Comet Server. However, if the Comet Server version changes, the custom column selections will be reset, because new versions of Comet Server might have introduced a different set of available columns.
As well as this improvement to the table system, there were many other small improvements to the Comet Server web interface this month. For example, "Internal Error" popup messages can now show you the information directly in more cases, such as when an administrator tries to use the "Request Storage Vault" feature.
Comet Server has a feature called Server Self-Backup to create backup copies of Comet Server's own configuration, such as the cometd.cfg and comet-users.db files.
The Self-Backup feature does not use the full chunking and deduplication infrastructure like a regular Comet Backup job, because if the Comet Server itself experiences an outage to the point where you need to restore from backup, then this chunking and deduplication infrastructure is unavailable. Instead, the Server Self-Backup only creates simple passworded zip files in any supported storage location. This self-contained design is a way to break the "chicken and egg" problem compared to using the full Comet infrastructure.
For providers with very large Comet Servers with thousands of user accounts and millions of job logs, the overhead of performing a Self-Backup might be considerable. The latest version of Comet Server includes two key improvements to the Server Self-Backup feature to reduce the CPU load in these cases.
Firstly, you can use the new slider component to adjust the compression level, to make a trade-off between 'Faster' compression with lower CPU impact but a larger file-size, and 'Smaller file-size' with a higher CPU impact.
If your Comet Server is hosted on a cloud provider where you pay for both CPU usage and for storage usage, you might find that the storage cost of a larger Self-Backup is actually lower than the CPU cost of performing more compression.
In addition, a new option has been added to exclude the job database from the Comet Server Self-Backup.
The job database is almost always the largest component of a Self-Backup, responsible for as much as 90% of the archive size and CPU impact. It's still important to back up this job database. However if it was excluded, then perhaps the other parts of the Comet Server configuration could be backed up more frequently. Excluding the job database also makes the generated zip archives smaller and more accessible when you only want to restore the user-profile settings or the server configuration.
For large partners in this situation, we recommend having two Self-Backup schedules: one frequent schedule that excludes the job database, and another less frequent backup that includes all databases.
When you restore data in Comet, you can restore files and folders directly; you can restore Office 365 emails back to the cloud; you can stream restore data into another program without spooling (great for MySQL); you can restore to nowhere, just to test that Comet is working; and, you have the option to restore as an archive format.
Multiple archive formats are available, including the ubiquitous zip, and we might as well have stopped there - but there is a time and place for other options. In particular, Linux users are better served by a compressed tar archive that can be used with standard system tools, without needing to install a Zip program.
This month, the Restore as Archive feature was expanded to support tar.zst, the latest type of tar format that uses zstd compression instead of gzip. This results in a smaller filesize while also being faster to compress and to decompress. The ordinary Linux untar command (tar xaf file.tar.zst) works with these files since GNU tar 1.31, which can be found in Debian 11 "Bullseye", Ubuntu 21.10 "Impish Indri", Fedora 30, and RHEL 9.
The .tgz and .tzst file extensions are now understood as common aliases for the .tar.gz and .tar.zst extensions, and the target directory for restore is now created automatically, aligning this behavior with how an everyday File and Folder restore works.
Comet Server can be configured for multi-tenancy, to give each of your partners an isolated zone within your Comet Server for their own individual customers. We've seen this feature used for reseller support and for hosted service offerings. Tenants (previously known as Organizations) have been a standard feature of Comet Server for a long time now, and we're continuing to improve the support.
When logged in to the Comet Server web interface as the top-level administrator, looking at a cross-tenant customer, you will find that the available Policy options now more accurately reflect the tenant's policies, instead of showing unusable options from other tenants. The "Request Storage Vault" dropdown option also now correctly finds the tenant's list of "Requestable" storage providers. These changes should make it much more seamless to manage a tenant's customers from the top-level account.
If you're a software developer making use of the Comet Server API to manage your Tenants, you might be interested to know that these improvements come thanks to some new API parameters in our AdminAddUser, AdminPoliciesList, AdminRequestStorageVaultProviders, and related APIs. New features for the API are generally mentioned in the official changelogs, but you can also stay up-to-date by following the changelogs for our PHP SDK and Ruby SDK on GitHub.
Internationalization is a high priority for us at Comet. It enables you to serve your customers in local markets much more effectively.
Comet is available in 13 fully translated languages, and the Comet 22.5.0 release includes updated translations for 10 of those - Danish, German, Spanish, French, Croatian, Italian, Portuguese (Brazil), Portuguese (Europe), Russian, and Hebrew. All of Comet, from the end-user desktop app and customer-facing email reports, through to the admin section and the new user guide from last month, can be used in translation.
We've also found- and fixed- many small gaps where the underlying English was showing through, such as the pagination footer for tables in the Comet Server web interface.
Our staff mostly only speak English, so we do hire translation contractors for the bulk of this work - but over the years we have consistently found that the best-quality translations come from our customers, who have a full understanding of both the software and the IT / MSP backup industry. If you see a typo in our translations, or if you want to help translate Comet into a new language, we'd love your contribution and it couldn't be easier to get started - just head to our GitHub page and follow the instructions.
In particular this month, I'd like to thank one of our partners for getting the Chinese (Traditional) localization started! This will be our 14th language.
If you'd prefer to watch rather than read, I'm hosting a live webinar to discuss the latest 22.5.0 "Lysithea" release and everything in it since our previous quarterly release. Please register for a notification before we go live on June 7th to catch up on all the latest Comet news with me - there will a free live Q&A session after the presentation.
As well as that, we have many more videos available on our YouTube channel, including guides on getting started with Comet, individual features, and webinars for previous quarterly software releases.
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over April 2022.
In early April, we became aware of a security issue affecting the Tenant feature in the Self-Hosted Comet Server version 22.3.1, 22.2.0 and all earlier versions. A certain API could allow administrators in one Tenant to see user profile details belonging to user accounts from another Tenant.
We discovered this issue internally, and there is no evidence to suggest that any misuse has taken place. All partners known to be using this feature have been notified directly.
Comet 22.3.2 and Comet 22.2.1 were released on April 6, 2022 to fix this issue. We recommend upgrading at your earliest opportunity.
Comet Server allows you to customize the branding for the client software, including changing the branding, logos, text, EULA, and icon for both the installer and the application itself.
When you download Comet Backup from your Comet Server web interface, Comet Server generates a custom installer on-demand. This custom installer contains all your branding as well as the built-in URL for your Comet Server, so no extra configuration is needed by the end-user.
However, newly generated installers are not immediately trusted by operating system security measures such as SmartScreen on Windows or Gatekeeper on macOS. Windows users are likely to be familiar with the blue SmartScreen dialog and practised in clicking the "Run anyway" button, but for macOS users, you may be surprised to learn that there is no such "Run anyway" button:
It's possible to bypass the dialog by right-clicking the *.pkg installer and choosing 'Open'. Then the dialog will include a 'Run anyway' button. However, this is a major user experience roadblock for macOS clients.
A better way to solve this solution is to codesign the installer. You can configure this on both Windows and Linux from inside your Comet Server, in the settings page, on the "Client branding" tab, using the "Codesigning" button at the bottom. For Windows, it's as simple as purchasing a certificate from one of our recommended vendors and uploading it to the "Authenticode" tab.
For macOS, the process was much more complicated. The tools used to perform macOS codesigning could only run on a real Mac machine. Comet Server required you to purchase a certificate from Apple, but in addition – to also to buy a Mac (or rent a cloud Mac), configure it for SSH, and set up some very careful permissions in order to allow Comet Server to remotely SSH into it to sign the installer *.pkg file. This was difficult for our partners (and difficult for our support team!).
Thanks to recent developments, we are pleased to announce that a Mac is no longer required for this process. You can simply purchase the certificate and upload it to this screen; Comet Server will handle all the necessary signing steps internally. We have further details on how to purchase an Apple certificate and register an App Store Connect ID in our full documentation.
This is a significant simplification of how Comet (and other software vendors) will be able to deploy macOS software going forward.
When using a Comet Server for the first time – or giving access to a reseller Tenant for the first time – Comet Server used to show a small text box with instructions on how to download the Comet Backup client app and run your first backup job. To help streamline this process, we've expanded this first-use guide into a larger sidebar that walks you through each step individually:
This guide appears the first time an admin logs into a new server and can be dismissed at any time. It walks you through all the first steps of running a Comet Server, including configuring storage settings, adding a first user account, downloading and installing the Comet Backup desktop client, ensuring the user account has registered a device and a Protected Item, and running a backup job.
The progress through these steps is refreshed automatically using a live connection to the Comet Server.
If you're an established Comet Server administrator, you won't see any changes in this area, but if you onboard new reseller Tenants or if you create a new Comet Server then we hope it helps you walk through the process a little more smoothly.
Once every quarter, we roll up all our Voyager development into a new long-term support release. The current quarterly release series, 22.2 "Elara" was planned for release in late February, and received one dedicated point release to fix issues over its lifetime. We are now closely approaching the end of its patch support period. You should expect to hear from us very soon about what's coming up next!
After each quarterly release gets superseded by another, the old quarterly release will receive ticket and critical support only, with most issues resolved by encouraging users to move to the current series.
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over March 2022.
Comet Server's web interface has a filter system that can be used for searching job history, and for generating backup job reports containing a summary table of that job history. The query system is very flexible, supporting boolean operators (and/or/not/nor), sub-clauses, grouping, and drag-and-drop rearranging. You can filter for jobs based on many different properties including the job's status (e.g. Success / Failure / Quota Exceeded), its classification type (e.g. Backup / Restore / Retention pass), its upload and download size, usernames, Protected Item and Storage Vault IDs, and many more.
When using a custom job history search to construct an email report, it's important that the result set has a time bound on it. Without a time bound clause, the system will produce a report containing jobs from all time. The 'Preview' button on this dialog is helpful in ensuring the result looks correct.
In Comet 22.3.0 and later, there is a new available clause to filter by 'Time since job end', joining the existing 'Time since job start' filter. In some cases, using one filter or the other in your scheduled email reports could cause you to miss out on seeing jobs that take longer than the period interval. We advise following the documented recipe for best results.
Comet Server allows you to remotely deploy a software upgrade to your live-connected user accounts. You can do this for a single user from their live-connected actions dialog, or you can deploy the upgrade in bulk via the Bulk Upgrade Campaign menu item. The bulk upgrade campaign takes care of intelligently waiting for devices to come online and avoiding interrupting running backup jobs, giving you an overall percentage indicator of the software uptake.
In Comet 22.3.0 there are more options to control the behavior of the bulk upgrade campaign:
Firstly, you can use our query system - mentioned above - to filter and select which devices should be considered eligible to receive the software update. If you are troubleshooting issues on a specific platform, you can restrict the update to individual device operating systems. You can filter by username and other properties too, allowing granular mass deployment without needing to resort to individually sending updates via the live-connected actions dialog.
Another new option is to control whether or not running jobs should be interrupted. The bulk upgrade campaign normally avoids sending a software-upgrade message signal to the client if a job is running, preferring to complete a backup job with old software, rather than have new software and no backup job. Having the client be one or two versions behind the Comet Server is not a problem as we maintain a strong commitment to backwards compatibility.
But if the customer's job schedules are running back-to-back, or they are infrequently online, then the campaign system might not find any reasonable opportunity to deploy the upgrade, and the devices could fall significantly far behind. It's now possible to override this behavior and ask for the bulk upgrade to be deployed regardless of any running jobs. The software installer will terminate all Comet's running processes as part of the upgrade.
These new settings are all optional and default to the previous behavior, of sending the update to all devices while not interrupting any running jobs.
Comet Server is split into multiple roles, including the Auth Role - where user accounts log in - and the Storage Role - one place where a customer might upload data to. These are conceptually independent parts of the Comet Server and can be enabled or disabled as required.
When you log in to the Comet Backup desktop app, if you check the 'advanced options' checkbox, you can see the server address that Comet is logging into. This is the Auth Role address. If you have a Comet-type Storage Vault in the customer's settings, you can check the hostname field for that Storage Vault. This is the Storage Role address.
In small installations, it's likely that Auth Role and Storage Role will be both enabled on a single server. If you are using direct-to-cloud storage, you might not even be using Storage Role. In larger installations, the Auth Role and Storage Role can be decoupled, to allow scaling them independently. For instance, you could have one single Auth Role server for all customers, with many dozens of Storage Role servers. In that case, the two hostname fields mentioned would have different content inside.
The Role system is simple and flexible, but managing these URLs at scale can be difficult. If you have to perform a server migration, such as a replication failover, the easiest way to do it is to change what DNS points to, instead of changing a lot of login-URL settings and Storage Vault hostname settings.
But sometimes these changes must be made. It is possible to remotely redirect a user to a different Auth Role login address via the live connection action dialog:
As well as the Auth Role login hostname, it is possible to change a user's Comet-type (i.e. Storage Role) Storage Vault hostname remotely by editing their Storage Vault settings. There is a way to do this in bulk via the 'Advanced' options > 'Bulk Replace Addresses' page. This page allows you to find-and-replace Comet-type Storage Vault hostnames across your entire user base.
In Comet 22.3.0, this page has gained separate 'Find' and 'Find and replace' modes:
You can now use the new 'Find' option to perform a dry-run, to see which customers are using any given Storage Vault URL. This is a helpful safety feature before switching to 'Find and replace'; and, it can also help with troubleshooting certain types of Constellation Role error message.
When you visit account.cometbackup.com, you can use the 'My Servers' page to manage your Self-Hosted and Comet-Hosted servers. Previously these were displayed on two separate tabs; we have now streamlined this page to show all your servers together, regardless of where they are hosted.
If you have a mix of environments (e.g. a primary a Comet-Hosted server and additional self-hosted servers for on-prem requirements; or, a primary self-hosted server and a test environment Comet-Hosted server) then you'll find it easier to see an overview of all your Comet Server infrastructure at a single glance.
Comet job information in custom command environment variables
Comet supports running commands as part of each backup jobs. You can configure a command to run before or after the backup job, or even when a disk snapshot is thawed. Custom commands can be attached to the Protected Item (e.g. for creating archives or database dumps for backup), to the Storage Vault (e.g. to supply extra login commands), or to an individual schedule (e.g. to shut down the PC after the backup job completes).
The commands are run as part of the job, and the output of the custom command is included in the job report. If your custom command returns a non-zero exit code, the job report will be marked as unsuccessful.
In Comet 22.3.0, the commands are run with additional environment variables available. These environment variables help you integrate Comet with your other systems. For example, you could use an After command that signals to your RMM software if a job has completed, including the device ID, job ID, and in-progress job status.
Comet Server has a comprehensive API - anything that you can do in the Comet Server web interface can be done via our API. The API makes use of JSON over HTTP, and it's simple to interact with - we have sample code and SDKs for several programming languages.
When you are integrating Comet with other software, you will find that the customer's device running Comet Backup is always represented by a "Device ID". This identifier is automatically generated based on a private set of hardware and software identifiers. It is designed to remain stable throughout the lifetime of the device and be a consistent way to identify it. However, the proprietary nature of its generation means it can be difficult to correlate Comet's device IDs from the Comet Server API with any other identifiers running on the same PC.
For instance if you have RMM scripts running on a customer's PC, you may want to know the current PC's Comet Device ID in order to make API calls related to the current device.
However, macOS and Linux devices don't have a Registry that we can use in the same way. Comet 22.3.0 adds a new platform-independent technique for retrieving the Device ID, by running the backup-tool info device-id command. This command outputs the current device ID on stdout and should always have the same result as reading the registry key.
This feature is highly useful for ISV (Independent Software Vendor) partners who are looking to integrate Comet more closely with their other software utilities.
Comet 22.3.1 adds support for the automatically detecting buckets in Wasabi's latest ca-central-1 region. Because Wasabi bucket names form a global namespace, Comet can generally autodetect the region without it having to be manually specified in the Storage Vault or Storage Role settings.
As with every quarter, we released our latest Comet 22.2.0 'Elara' release on March 8th. This release rolled up all the features from the 21.12.x Voyager series into a new long-term-support release that we will continue to patch and support. Some of the feature highlights include a new Settings page in the Comet Server web interface; support for WebAuthn as a 2FA method; and single file or folder restore for Disk Image backups. All users of the previous quarterly series 21.11.x 'Himalia' and earlier are encouraged to upgrade, but we’re happy for them to continue using older quarterly versions if they are not experiencing any issues.
Comet Elara takes its name from another moon of Jupiter - It is the eighth largest Jovian satellite, and is named after Elara, one of Zeus' lovers. It was discovered on January 5th 1905.
Thanks to everyone who joined us for the release launch webinar - if you missed this coverage of all the new features from Elara, you can watch the replay on our YouTube channel.
We recently added support for installing Comet Backup on the Synology NAS platform using a *.spk file. This support debuted with Comet 21.12.7 and we have been continuing to improve it since then. In the latest 22.3.x 'Voyager' series, you'll find improvements for installation on DSM 6; reduced job log verbosity on DSM 7 with @eaDir paths; and better support for the AdminBrandingAvailablePlatforms API.
Thanks for reading - stay tuned for our next monthly update summary, and if you would prefer to watch instead of read, we have a large number of update summaries available on our YouTube channel.
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over February 2022.
Comet Backup now has an SPK package installer available for Synology NAS devices. It supports both DSM 6 and DSM 7 firmware versions. This is a great way to ensure your NAS devices are backed up in a consistent way with all your other Comet infrastructure.
As with the existing Windows, macOS, and Linux Comet Backup client installers, you can get started with Synology by downloading your SPK package from the Comet Server downloads page.
Until now, it has been possible to install the Linux version of Comet Backup on a Synology device if you enabled SSH access to it. This was a complicated process, and upgrades to the DSM firmware would often cause the installed Comet Backup client to get deleted. Using the spk package avoids all these problems - the installation process is much simpler as your branded Comet client can be installed entirely via the Synology web interface through the package manager.
In DSM 6, Comet has full access to the system to back up and restore files. In DSM 7, Synology introduced a sandboxing system for packages to improve security. As a result, you will need to explicitly grant the Comet Backup app access to your storage volumes after installation. Please check the documentation closely when going through this process for the first time.
At this stage the new Synology installer is being released at no additional cost, but please note that we plan to introduce a Booster charge of $1 per Synology device starting April 15th 2022.
This has been one of our top feature requests on our Feature Voting page. We look at this system often to help guide our development priorities - if you've been using Comet Backup for a while and have some ideas about how we could improve the software, we would encourage you to make your voice heard and share any new ideas you have. Often multiple MSPs will rally together around an idea and refine it into something really wonderful.
The next time you look at the Comet Server web interface, you'll see a new search bar at the top of the screen:
This search bar allows you to quickly find user accounts by entering a few characters of their name.
The search bar will also find matching Storage Vaults and Protected Item. This is the first time it's been possible to find all matches of these by name from the Comet Server web interface. There are a few highly interesting scenarios that this enables - if you make good use of the Protected Item name fields, you can find all users backing up a certain product to troubleshoot them in bulk. Likewise if you are migrating storage platforms, finding all Storage Vaults named after your old platform might be very helpful.
For maximum productivity for keyboard users, you can focus the search field with Alt+Q, like Microsoft Outlook - and you can navigate through results with the arrow keys.
This request also came from our Feature Voting system, so I'd like to thank everyone who voted and commented on it for their advocacy and suggestions.
As of Comet 21.12.5, it's now possible to restore single files and folders from a Disk Image backup job. When you select a Disk Image backup job to restore, you'll see a new third option alongside the existing virtual disk (vmdk) and physical disk (partition) restore options:
If you select the new option, you can browse and restore single files and/or folders to restore:
This feature is accessible from either the Comet Backup desktop app or from the Comet Server web interface when remotely controlling a live-connected device.
The Disk Image backup in Comet produces a backup job snapshot containing a VMDK file that is a complete image of the raw partition data. When you restore single files, Comet will attempt to parse the backed-up VMDK files directly from the Storage Vault without spooling. If you intend to restore a large amount of files, the extra indirection makes this process slightly less efficient than restoring the entire disk image - but if you have only a few files to restore it is significantly more convenient, as you do not need to restore the entire disk image first. This reduces the total bandwidth and helps achieve your recovery time objectives.
Because Comet has to parse and process the filesystem within the VMDK file itself without relying on the operating system's filesystem drivers, we don't have exhaustive support for all filesystems. This feature currently only supports parsing the NTFS filesystem, and only regular file types, directories, symlinks, and EFS files. Other exotic NTFS object types, some types of reparse point, and other filesystems such as FAT, exFAT or ReFS are not supported yet by our built-in filesystem parser. However, this independent NTFS implementation does mean that restoring single files from a Windows disk image backup can be done on any Comet device platform, such as a macOS or Linux device logged in to the same account.
As of 21.12.8, this feature also integrates with the other restore options, such as restoring files directly to an archive (zip, tar, tar.gz, and sqfs) and performing test restores with the "download only, do not save" option.
Comet Backup allows you to configure retention policies to choose how long old backup jobs should be kept for. At some point, your retention policies have to be actually applied to the data in the Storage Vault; this is called a 'retention pass'. At the end of each backup job, Comet automatically considers whether it should run a retention pass.
Because the retention pass takes some additional time and system resources, often Comet will decide to skip running the retention pass until there's a sufficiently worthwhile amount of space that can be saved in your Storage Vault. The exact decision logic for this is more like an art than a science - we've got an excellent set of default settings, but as Comet grows larger we do find many users that are not well suited by our default settings.
If you do feel that the default behavior is not working well for you, then in Comet 21.12.x and later it's now possible to override the retention pass decision logic. You can choose this option as part of the advanced options for the backup job schedule, or, when running a backup job manually. There are four configuration options available:
The default setting is "Automatic" and is the same logic that Comet used in previous versions. When this option is selected, Comet uses a number of heuristics to determine whether to run a retention pass, based on the relative device performance compared to other devices in the account; the number of backup jobs in the Storage Vault that exceed the configured retention policy; and the time since the last retention pass. We have a full explanation of the rules in our documentation.
With the "Immediate" option, a retention pass will be run immediately at the end of every backup job, to completely enforce your retention policy. This is particularly helpful if your data set has a large amount of changes between incremental backup jobs, and you want to save as much space as possible in the Storage Vault at the expense of additional time to complete the operation.
The last two new options are "Run more often" and "Run less often". Like "Automatic", these options generally run retention passes after a few jobs or days have passed, but by explicitly setting "more often" and "less often" on your different devices within the same account, you can gain effective control over which device in the account is generally responsible for running retention passes.
If you have a low-powered laptop that's often put to sleep, and a high-powered always-online server with a lot of RAM both logged in as two devices in the same user account, then you can use these two options to encourage the high-powered device to do the retention pass work. Our "Automatic" logic does generally take uptime and system RAM into account in its decision making, but these options allow you to bias that decision in cases where you have a clearer understanding of the devices than Comet is able to determine automatically.
Comet Server supports two-factor authentication using WebAuthn - such as U2F dongles and fingerprint readers - and also TOTP, the standard and widely-used system of six-digit codes that change every 30 seconds.
Like most other services using TOTP, Comet provides a QR code to scan to enroll for TOTP in your mobile authenticator app. However there are genuine situations where no camera is available to scan the QR code. The most pressing situation is when enrolling the TOTP code into an enterprise security app or password manager, from a desktop PC without a camera available. In this situation, it's possible to enter a text code instead of scanning the QR code.
This text code is now displayed when setting up TOTP in Comet Server 21.12.5 and later. It should make life easier for users of managed TOTP password managers - or just users who have dropped their phone and broken the camera!
Sometimes in Comet, if your underlying storage platform experiences a data loss event, you may find that some of your backup snapshots within a Storage Vault are missing necessary chunks and can no longer be restored. In this case, the job report for a Retention pass normally mentions the exact IDs and filenames of the non-restorable snapshots to delete, in order to acknowledge and resolve the issue.
However when faced with this issue, many administrators might not have convenient access to the Storage Vault's data location in order to delete the affected files - for instance, if you are troubleshooting a customer's external harddrive backup that experienced some disk corruption.
In Comet 21.12.8, there's now a way to do this remotely from the Comet Server web interface. If you enable the "Advanced Options" toggle from your user menu in the top-right, then when going to restore data for an affected user, you'll see snapshot IDs and filenames listed directly alongside the snapshot option. This allows you to use Ctrl+F to find affected snapshots and select them for deletion via the 'Delete' menu option.
This feature has been available via the Comet Server API for some time, but having it as an option in the Comet Server web interface should make it much more accessible to the bulk of our partner base.
There's much more that's been happening in Comet - the admin homepage in the Comet Server web interface now loads faster when you visit it multiple times; the "Checking for free space" phase of backup jobs is now more resilient to network errors; the Thai translation has been significantly updated; the Comet Server web interface now visually shows icons for your Protected Items and Storage Vaults in more places; and many minor bugs and cosmetic bugs have been resolved. For more information, check out the full changelog.
Once every quarter, we roll up all our Voyager development into a new long-term support release. The current quarterly release series, 21.11 "Himalia" from late November 2021, received three dedicated point releases to fix minor issues over its lifetime, and we are now closely approaching the end of its patch support period. You should expect to hear from us very soon about what's coming up next!
After each quarterly release gets superseded by another, the old quarterly release will receive ticket and critical support only, with most issues resolved by encouraging users to move to the current series.
Check back next month for our next regular update summary - you can subscribe by RSS to never miss an article - or check out our YouTube channel.
"What's New?" is a new blog series covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over December 2021 and January 2022.
Comet 21.11.0 "Himalia" was released in late November 2021 - the latest in our series of quarterly releases. Quarterly releases bring you new features while still providing increased long-term stability around testing periods and update cycles. Himalia introduced many significant features, most notably the launch of Microsoft Office 365 backups into the quarterly release track for the first time.
We also publish weekly releases through the Voyager branch. Install the Voyager version of Comet to get the latest-and-greatest features as soon as they're out.
Since Himalia was launched in November 2021, there are a few Voyager highlights to cover:
We recently made a major overhaul to our documentation site:
While this isn't a software change, your interactions with Comet extend beyond the software itself and we are committed to continuously improving that experience.
With the new page design, it's now much easier to:
Navigate within large pages with the split side navigation
Look things up on a mobile device
Use the more responsive search system which should give more accurate results
Search through past release notes
The release notes have moved to docs.cometbackup.com as well, which replaces both the old changelog website and the popup dialogs on the Downloads page in your account. We've also migrated the Comet Blog here too; this is the inaugural new blog post on the updated platform.
Comet 21.12.4 now keeps track of the historical size of your Storage Vault. In the future, this will let us chart the storage growth over time for your partners in the Comet Server web interface. Until this release has been out in the wild for a bit longer, though, there's not much data to show yet; you can enable the Storage Vault Size as a hidden optional column from the Job Search page.
When configuring a user's scheduled backup job settings, you can schedule a backup to run at any particular time, or also when certain events happen. If you are working with laptop devices that are often offline, a regular job schedule is often insufficient. One solution to this problem is to aim for a scheduled time - say 5pm every day - but if the laptop is not available at that time, then run a new backup job as soon as the device is seen online again.
In the past, we had an option When PC starts, if the last job was missed - but modern laptops hardly ever fully turn off; between Always Connected PCs (ACPC), Windows Fast Startup and more, the PC usually only enters a deep sleep state, and this setting was not being triggered as intended.
We've updated this same setting to just say If the last job was missed. This reflects the concept that we will make use of other possible signal indicators to make this happen in practice. As part of the 21.12.3 update, the device will look at when the live connection to the Comet Server is dropped and reconnected; because this happens during PC sleep, this is a possible time to check if the new schedule option should run now.
Comet supports a lot of cloud storage providers. When you set up your Comet-based backup infrastructure, you're welcome to use any kind of storage you like, whether that's a colocated RAID array, a commercial cloud storage provider like Wasabi or Backblaze B2, or just some harddrives in your basement. There's always a balance between price and quality, but an additional major factor is the physical geographical location of the data, which affects not only latency - Comet's performance is somewhat latency-sensitive - and of course also data sovereignty requirements if your customers are storing data that is subject to local regulations.
We've published a large list of compatible cloud storage providers on the Integrations page of our website and in our documentation, and we'd certainly recommend any of them or any provider that can be connected via a supported protocol (SFTP, S3-Compatible, ...), but we have recently taken to adding built-in support for more and more of these partners.
In Comet 21.12.2, we're pleased to announce that three new cloud storage providers have been raised to built-in options.
DigitalOcean Spaces, the S3-compatible offering from this publicly-listed US cloud company costs 20 USD/mo/TB and is currently available in seven countries including the USA, Netherlands, Singapore, the UK, Germany, Canada, and India.
Catalyst Cloud Object Storage, an S3-compatible offering from Catalyst in New Zealand. Prices start from 30 NZD/mo/TB for a single availability-zone with triple replication.
The SwARM, by Cynny Space, the latest S3-compatible offering from Cynny Space. Datacenters are hosted in Italy and France, and there are no additional charges for bandwidth.
If you're shopping around for a new cloud storage provider, we can recommend all three of these offerings, which have been tested and verified by our team for performance and reliability.
The Comet Backup desktop app now has improved support for high DPI screens. If you have your Windows OS set to 150% scaling size, previously Comet would round up to 200%. We've upgraded our Qt integration to improve this and now Comet will seamlessly work at non-integral scale fractions.
This has been particularly helpful for many current-generation 14" laptops with high DPI screens that are factory-shipped at 150% scale. Despite meeting Comet's minimum system requirements for screen resolution, the Comet Backup app would have been larger than the physical screen by default. This is no longer an issue with the latest changes.
If you're using U2F for two-factor logins to the Comet Server web interface, you may have recently seen a prompt in the web browser asking you to upgrade to WebAuthn.
We're very pleased to announce that Comet Server has completely upgraded all two-factor support from U2F to the full WebAuthn in a seamless way that preserves full compatibility with your U2F devices, but adds support for two-factor via fingerprint readers, your Windows Hello PIN, or even facial recognition.
There are no changes required at your end to take advantage of this new feature. We do recommend checking if you can now add additional two-factor devices, if you have the hardware support for it. You can configure supported two-factor devices from the Account page within your Comet Server's web interface.
This change also partially unifies Comet Server's two-factor authentication capabilities with our self-service account page. Did you know that you can configure 2FA for account.cometbackup.com from your 'My Account' section?
With Comet, we are acutely aware that there is a large and diverse partner base of client devices and operating systems running in the wild. The Windows Server 2008 series of operating systems are coming to the end of their extended support lifecycle from Microsoft. There's always a long-tail of stragglers who are stuck on old versions of Windows Server for various reasons, and some of those are valid and important reasons. However, it remains a fact that over time it becomes more difficult for us to maintain support for these old operating systems.
Unfortunately the WebAuthn feature was the "straw that broke the camel's back" and we have needed to make some changes to the versions of Windows that are supported.
OS
Comet Backup
Comet Server
Windows Server 2008 (NT 6.0 / Vista-based)
✅ Still supported
⚠ No longer supported in 21.12.x, please continue to use 21.11.x
Windows Server 2008 R2 (NT 6.1 / Windows 7-based)
✅ Still supported
✅ Still supported
This change in compatibility only affects your use of Comet Server, not the client; and it only affects the original Windows Server 2008, not the updated R2 release. We expect there to be very few partners affected by this scenario.
Settings screen: Page redesign, Tenants, and Test Connection
We have shipped a major redesign of the settings screen in 21.12.0. Previously Comet Server's integrated settings configuration led you through a settings wizard. However, over time the wizard became too long.
The new Settings page makes it far easier to navigate to the specific single setting you are looking for, making for a much improved experience. We are working to reintroduce some of the workflow in a future iteration of this page.
As part of this change, we've also renamed 'Organizations' to 'Tenants', to make it more clear that you are constructing a multi-tenant world. Tenants are Comet Server's feature to partition your Comet Server into multiple isolated zones, so you can sell access to reseller partners or unrelated companies and give them a nearly-full Comet Server experience while still maintaining global management.
Another change in the new settings screen is a 'Test Connection' button for Storage Role storage. If you aren't 100% sure about your cloud storage provider settings or your SMB credentials when configuring where your Storage Role Comet Server stores its data, the new 'Test Connection' button will let you check it immediately, shortening the debug cycle time when setting up your storage environment.
Recovery environment: ISO support, timezones, and logs
Comet Backup supports taking disk image backups of a Windows PC or server. This is a bare-metal backup of all disk sectors for disaster recovery purposes. If you take a Disk Image backup with Comet, you can restore it back as a VMDK file for virtual booting (physical to virtual - P2V) or for uploading to a cloud provider to virtual-boot in the cloud. Or you can directly reimage a local disk.
When the time comes to restore, you will ordinarily find that Windows is currently running from C:\ and it's not possible to overwrite it. This is a good and important restriction - overwriting the running OS, including the pagefile, drivers and NTOSKRNL would be a recipe for an instant bluescreen! Instead, Comet provides a built-in Recovery Media feature, allowing you to create a miniature Windows environment that boots directly into Comet, allowing you to safely restore your C:\ partition from a Disk Image backup.
There are a few new features with the Recovery Environment. It's now possible to generate the recovery media as an ISO file, in addition to the previously existing USB flash drive support. Creating an ISO file is much more convenient if you have a virtual environment. The generated ISO file can be booted via both BIOS and EFI.
Thank you to everyone in our Feature Voting system submitted feedback that this feature was important to you. We use your input to help guide our development priorities.
It's now also possible to reconfigure the timezone within the recovery environment. Because the recovery media might be booted on any different PC, the timezone settings might not match. This can cause a problem for S3-compatible providers in particular, as the signature steps within this protocol involve the current time and many cloud providers require a close time sync in order to access the storage service. In the past, you would have had to open the Command Prompt window and use the time.exe and w32tm.exe commands to update the time in the Recovery Media. Now, it's as simple as choosing the "Configure Timezone" option from the top menu bar and following the wizard.
It's now also possible to view the full recovery media generation logs. In the past, you could only see the most recent line, but some types of error with the generation are best understood with more context. We've redesigned the wizard screens to seamlessly show more detailed information on demand.
Thanks for reading - stay tuned for our next monthly update summary, and if you would prefer to watch instead of read, we have a large number of update summaries available on our YouTube channel.
