User and Backup Configuration
Protected Items and Storage Vaults
The user's configuration is broadly separated into Protected Items and Storage Vaults.
A Protected Item is a description of the set of data that should be backed up.
A Storage Vault is a location where the backed-up data can be stored. In most common configurations, this would be a Comet Server with the Storage Role enabled; but it's possible for the client software to back up to a local disk, or to a cloud storage provider.
All data within a Storage Vault is compressed, encrypted, and deduplicated. A Storage Vault is the unit of deduplication; data is not deduplicated between multiple Storage Vaults.
Devices
Multiple devices (e.g. different computers, servers or laptops) can log in to the same Comet user account with a shared password. Each device has its own private set of Protected Items, but shares access to the same Storage Vaults. This allows you to deduplicate data between multiple devices.
Each device can also restore and delete each others' backed-up data, so it is important that multi-device accounts are only used in trusted contexts.
Storage Templates
When a new account is created, they have no Protected Items and also no Storage Vaults. The client must register a new Storage Vault either by manually entering details, or by requesting a Storage Vault from the server's Storage Templates. It is possible that the Comet Server administrator might offer multiple tiers of storage (e.g. RAID; SSD; ephemeral; cloud-backed; etc) each with different costing, that the user could request individually. When configuring the server, the list of Storage Template options can be configured. This feature is covered in more detail in later sections of this document.
Encryption
We strongly recommend that users use strong passwords. Even the best security is foiled by a user choosing a weak or commonly-used password, such as 123456 or letmein.
Comet always encrypts all user data before storing it, using strong AES-256-CTR with Poly1305 in AEAD mode with high-entropy random keys.
Encryption keys are automatically generated and managed by the client. The data encryption keys are then encrypted against the customer's password, and stored on the Comet Server. This means that (A) the service provider is unable to decrypt data without the customer's password; and (B) in the event of a customer PC loss, only the customer's password is necessary to log in to the account and restore data.
For more technical details about the encryption formats and key management, please see the Appendix.
Commands
You can register additional commands to run before- or after any backup job. For maximum flexibility, commands can be registered
- for a Protected Item (e.g. to dump a database), or
- for a Storage Vault (e.g. to perform custom network authentication), or
- for a Schedule (e.g. to shut down the computer afterward).
During a backup job, the commands are run in this order: Schedule Before, Protected Item Before, Storage Vault Before, Backup, Storage Vault After, Protected Item After, Schedule After.
Shell built-ins can be used as part of the command execution - the specified command is passed to either cmd.exe or /bin/sh as appropriate for your operating system.
Environment Variables
Available since 22.3.0
The following environment variable are made available when running custom before / after commands:
| Name | Type | Comment |
|---|---|---|
BACKUP_TOOL_USERNAME | string | |
BACKUP_TOOL_DEVICE_ID | string | |
BACKUP_TOOL_JOB_ID | string | |
BACKUP_TOOL_JOB_STATUS | int | Job status is only available in After commands. View possible values |