Skip to main content

Best Practices

Configuring your Comet Server

  • Keep your Server up to date with your release stream (Quarterly or Voyager). Update customer devices silently via the Bulk Update page on the left-hand menu.
  • Ensure that the Server Self-Backup is enabled, and saved to a safe, off-site location.
  • Ensure that the Comet Server and customer devices are synced with internet time, or you may get a series of log messages showing missed backups, followed or preceded by successful backups. A device which is out-of-sync with internet time may also experience difficulties with backups to some cloud storage providers. The Comet Server allows up to 10 minutes difference before logging separate events.
  • If you are rebranding/white-labelling your client software, code-signing is a requirement for a reliable experience on Windows and macOS. Consider using the prebuilt client software if rebranding is not a requirement.
    • Windows: EV certificates retain trust between renewals. OV certificates must rebuild their trust.
    • MacOS: Sign + Notarise is required on macOS 10.15+. Unsigned clients must re-enable Full Disk Access after each upgrade.


  • If you are self-hosting your storage, ensure your storage platform has sufficient IOPS performance to support your expected concurrent load.
  • For cloud storage, we recommend configuring a Storage Template for direct-to-cloud backups.

Configuring users

  • Users are the security boundary. Any device logged into a user can see and restore data from any other device. Register devices into different users when data should not be shared.
  • Consider setting the Policy option "Allow administrator to reset password" to "Always On". This will allow the Comet admin to access and reset the user-profile password as needed.
  • Consider separate Storage Vaults for different devices, unless there is a significant amount of shared data. Smaller Storage Vaults require less memory and can perform clean-up tasks in less time.

Configuring backups

  • Ensure your retention policy and schedule settings work together. For example, retention set to keep backups run on Sunday, but scheduled backups run on Monday, nothing will be retained.
  • Multiple, simultaneous backups into the same Vault are usually not a problem, and it offers benefits such as deduplication. Some devices which are shutdown frequently, such as laptops, can cause some issues. Lock issues are rare, unless a device unexpectedly stops or pauses. For more information about Comet's lock file design, see our troubleshooting guide. Consider separate Vaults for these.
  • Instead of backing up network-shares, consider installing the client software directly onto the device where the original data is stored. The backup will then be for a local path, will have better performance, take advantage of filesystem snapshots, and usually without issue.
  • Where there are issues with the MS proprietary Windows Server System State backup type, consider using the Disk Image backup type instead. Disk Image was specifically designed to overcome issues with these types, and has much greater functionality, as well as scope for future enhancement.

Ransomware protection

  • Consider Policy options to prevent end-users from deleting snapshots from Storage Vaults.
  • Consider Policy options to prevent end-users from editing/deleting Vaults and Protected Items.
  • Ensure that no user-account on any device has read/write access to any storage location.
  • Comet supports Object Lock on Wasabi and AWS S3 Storage Templates. A bucket with the appropriate configuration will be created if the bucket does not yet exist.