Comet Server usage

First use

Start the Comet Server background service.

Once Comet Server has started, you should be able to load the Comet Server web interface in your web browser, and then log in using your configured credentials.

The default web address is http://127.0.0.1:8060/.

Log in

From version 24.9.8 there is no default admin account, the most common ways to create the first admin account is either by,

The Comet Server Service Manager setup wizard
When first opening the Comet Server web interface

Alternatively you can use the 'admin/add-first-admin-user' API endpoint to create the first admin user. Or simply edit the cometd.cfg file directly.

Prior to version 24.9.8 the default username and password are both admin. There is no default two-factor authentication code.

Web browser compatibility

The Comet Server web interface supports all recent desktop and mobile web browsers.

The Comet 23.3.x series was the last release to support Internet Explorer. Internet Explorer no longer receives security patches from Microsoft and is unsafe to use on the public internet.

The Comet 18.8.x series was the last release to support Internet Explorer 8. IE 8 no longer receives security patches from Microsoft and is unsafe to use on the public internet.

Safari and "Ghostery" extension

If you experience an error logging in to the Comet Server web interface with the Safari web browser, please check whether the "Ghostery" browser extension is installed. The Safari version of this extension has not been updated in several years and prevents the use of the Comet Server web interface. Updated versions of this extension are safe to use on other web browsers.

Log out

Once you are logged in, you can log out at any time by using the "Log out" option in the user menu in the top right corner.

Web-based login sessions will expire after 30 minutes of inactivity. After this inactivity timer expires, the Comet Server will refuse any requests from the web interface. The session timeout can be modified on the Settings page.

Time display

Comet Server uses universal time (UTC) internally for all time calculations. A single worldwide instant can be displayed in any local timezone.

When you log in to the web interface, all times displayed (e.g. backup job start / stop times) will be converted to your browser's timezone (which is inherited from your operating system timezone).

Table views

All table views in Comet Server have the following features:

Pagination

The "Show ## entries" dropdown in the top-left corner of a table allows you to choose the number of rows that are displayed in the table. By default, only the first 15 items are displayed in a table.

You can switch between pages of the table by using the page selector in the bottom-right corner of the table.

Your current page is displayed in the bottom-left corner of the table.

Filter

The "Filter..." text field allows you to enter text that will be used to filter the result set in the table. The search filter is applied in realtime as you type.

Export

You can export the contents of any in table in Comet Server.

The following export formats are supported:

the clipboard, with tab-separated columns
a CSV (Comma Separated Values) file
an Excel (*.xlsx) spreadsheet.

Column selection

You can use the column selection icon to choose individual columns to hide. It may be possible to show additional information in a table by enabling a column that was hidden by default.

My Account

The My Account page allows you to view and change basic details about your Comet Server administrative login account.

Configure two-factor authentication

Two-factor authentication is an additional layer of protection for your Comet Server administrative login account. When this feature is enabled, an additional device (such as a cellphone app, or a hardware token) is also required to log in to the web interface. This means that a stolen password is insufficient to break into the web interface.

If you have any external API integrations that are accessing Comet Server using your user account, this may prevent that functionality. In order to continue using the API simultaneously with protecting your account with two-factor authentication, you should create an additional separate administrator user account exclusively for API usage, with a long randomly generated password.

TOTP

The Comet Server application supports two-factor authentication for administrator accounts in compliance with the TOTP standard. This standard describes a six-digit code that changes every 30 seconds.

You can enable TOTP-based two-factor authentication for your account as follows:

Click the "Regenerate TOTP code" button
Scan the displayed QR code with any TOTP application.

At the time of writing, we recommend the following applications:
- Android: FreeOTP, Google Authenticator
- iOS: FreeOTP, Google Authenticator

Configure Comet Server so that a TOTP code is required to log in to the web interface.

For more information, see the "Comet Server configuration" document > "Admin accounts" section.

FIDO2 WebAuthn

Comet Server supports using a WebAuthn authenticator as two-factor authentication for administrator accounts. This includes the following authenticator types:

CTAP1/CTAP2-compatible hardware security keys (e.g., a YubiKey)
- Any U2F-compatible hardware security keys can be seamlessly used with WebAuthn
Android devices using screen lock authentication (e.g., fingerprint or PIN)
Windows Hello (e.g., fingerprint, facial recognition, or PIN) on Windows devices with a valid TPM

As of Comet 21.12.1, Comet Server does not support using Apple Face ID or Apple Touch ID as a WebAuthn authenticator.

WebAuthn registration and login are only available if your Comet Server is using HTTPS.

WebAuthn is supported in all major modern browsers. WebAuthn is not available in Internet Explorer 11.

You can enable WebAuthn-based two-factor authentication for your account as follows:

Click the green "+" button in the FIDO2 WebAuthn table
Select the authenticator you would like to use, if prompted
- If only one authenticator is available on the device you are using, you won't be prompted
Follow the on-screen prompts on your device to allow the Comet Server web interface to access and use your authenticator
Close the WebAuthn registration dialog. If the registration succeeded, the newly-registered authenticator should be displayed in the WebAuthn table
Enable WebAuthn two-factor authentication at login by toggling from "Not required" to "Required" and clicking the "Save changes" button

FIDO U2F

Prior to Comet 21.12.1, Comet supported FIDO U2F for two-factor authentication. U2F is no longer available from Comet 21.12.1 onwards, as it is deprecated and will be removed from the only major browser supporting it by default, Google Chrome, in Google Chrome 98 (expected in February 2022).

Comet Server's WebAuthn implementation is fully backwards-compatible with existing U2F registrations. Existing U2F registrations will be automatically migrated to WebAuthn registrations when Comet Server is updated to Comet 21.12.1; this upgrade process does not require any manual intervention by an administrator. If U2F was enabled for login for an admin user, WebAuthn will automatically be enabled.

Advanced Options

You can select this checkbox to enable some additional features in the Comet Server web interface.

The exact functionality is subject to change, and mostly covers highly technical and/or uncommon functionality, that may be useful in specific situations.

As of Comet 21.12.8, the following features are enabled:

Page location	Advanced action
All users page	Bulk replace addresses
User detail page	Edit raw profile
User detail page	Login as user
Add user dialog	Create multiple accounts by CSV
Live connected device actions dialog	(Multiple actions)
Restore dialog	Delete single snapshot (>= 19.12.2)
Restore dialog	View snapshot IDs (>= 21.12.8)
Policy page	Edit raw policy
Client News page	Remove all
About this Server page	Shut down server
About this Server page	Restart server
About this Server page	Edit raw settings

If the Authentication role was enabled, the "Accounts" menu should appear when logged in, containing "Users" and "Job history" entries.

Users page

Add user

The "Add user" button allows you to create a new customer account.

On a Comet Server with the Authentication Role enabled (default), take the following steps:

Select the "Users" menu item > "Add user" button
Enter a username and password
Click the Add User button

If the account was created successfully, it is then possible to install and log in to the client software as this user.

There are some character and length restrictions on the username and password. For details, see the "Username and Password" section in the "User configuration" document.

User Groups

This feature requires Comet 24.12.0 or later.

Comet Server allows you to organize users into groups to simplify managing collections of related users. The Users page provides both grouped and ungrouped views of your user list, which can be freely toggled between. Each user group belongs to a specific tenant, and only users from that tenant can be added to the group. Groups are an admin-only feature for user management; a user cannot change, view, or assign their own group.

Groups can be created in several ways:

Using the "Add user group..." button
Using the "Move users to group..." Bulk Action after selecting one or more users from the same tenant, then selecting the "[custom]" entry at the bottom of the list

Once a group has been created, users can be added to it in several ways:

Using the "Move users to group..." Bulk Action after selecting one or more users from the same tenant, then selecting an existing group from the list
On the user account page of a specific user, using the "Assign user to group" button if the user does not belong to a group or the "Change user group" button if they are already in a group
When creating a user using the "Add user..." button, the new user can be assigned to an existing group. If the "Add user..." button on a group page is used, the new user will automatically be assigned to the current group.

Users can be removed from a group using the "Remove users from group" Bulk Action, and using the "Remove user from group" button on the user account page of a user who is in a group.

Groups can be renamed and deleted from the group page, which can be accessed by clicking on the group name in the user list or on the user account page of a user who is in a group.

In addition to organizing users in the user list, groups simplify management of the users within the group. In the grouped user list view, all users within a group can be selected using the checkbox in the group row, allowing Bulk Actions to easily be applied to all users in the group in only a few clicks. This can also be done using the select all checkbox in the user list on a group page. Users who are not in a group will appear in the special default "Ungrouped" group; these users can be selected and have Bulk Actions executed on them in the same way, but there is no group page for these users.

Modifying user account properties

For more information about modifying an existing account, please see the "User configuration" section.

Copy and Paste

Comet Server allows you to copy and paste Protected Item configurations, between users or devices. If a user has more than one device, simply choose the device to copy the Protected Item to.

To perform this action, on the user page > Protected Items tab, click the "Copy" link on the right-hand side.

A "Paste" button appears in the top bar, allowing you to paste this configuration into any device. You can also navigate to a different user and paste the protected item.

Copying and pasting a Protected Item does not copy nor share any backup data nor encryption keys between the accounts or devices. Protected Items are private to each device.

Storage Vault analysis

A Storage Vault can contain data from multiple Protected Items, all deduplicated together. It is possible to analyze the content of a Storage Vault to see how the data usage is distributed between different Protected Item sources and how much deduplication is being applied.

On the user page > Storage Vaults tab, the value in the "Stored" column may be a blue link. If so, clicking this link opens a dialog window displaying information about the storage breakdown.

Current = The most recent backup job for that Protected Item within that Storage Vault. Historic = The accumulated backup jobs for that Protected Item, except for the most recent one.

The analysis is generated as part of a retention pass. Because retention passes only run when necessary, the analysis information may become outdated by a few jobs; or, no analysis may yet be available for a newly created Storage Vault. In this case, the "Stored" column will be black and cannot be clicked.

You can regenerate the analysis by running a Retention Pass for this Storage Vault, via the Devices tab or the "Connected Devices" page.

Browsing log history for a customer

The job log report can be retrieved in the user tab, under the Job Logs tab.

All job reports can also be accessed in the job log section by performing a job search.

Send a client bulletin email

A client bulletin is an email message sent to all customers. Comet Server will send the email bulletin to all customers using your configured email settings.

You can customize the email subject and body text.

No body text formatting options are available. Any embedded URLs will not be made clickable.

Connected Devices

The Connected Devices page shows you all the live connections made by Comet Backup.

For each connection, you can see

the username
the device name
the device's operating system (e.g. Windows 64-bit)
the device's software version

Live connection actions

You can instruct the live connection to perform an action remotely. At the time of writing, the following actions are available:

Immediately run backup
Immediately run a scheduled backup
Apply retention rules now
Unlock / clean up lock files (only available when "Advanced Options" is selected)
Remote restore
Refresh profile
Update software
Import / scan for other installed products
Drop connection
Terminate process (only available when "Advanced Options" is selected, or if a device is double-connected)

Double-connections

In some cases, the same device might connect to Comet Server multiple times. This can occur if the Comet Backup software is launched multiple times on the client's device. This behavior is prevented in almost all cases, across all operating systems, but it may still occur.

If this happens,

the device will have two entries on the "Connected Devices" table
the device will show "Online (2)" on the Users page > Devices tab
scheduled backups might run twice
a "terminate" button will appear in the corresponding row on the "Connected Devices" table to allow for resolving this issue.

Bulk Update

Comet maintains a live-connection to customer devices. This allows you to remotely initiate a software update via the Device Actions dialog (from the Connected Devices page, or from the Devices tab on a user page). You can perform this at any time.

A bulk software upgrade across all customers must take on additional responsibility:

The update should be delayed for devices that are currently offline, or are currently backing up
The update should be delivered exactly once - preventing cascading failures if the update does not apply successfully
It should be possible to track the status of the bulk upgrade across the entire customer base

The bulk update system allows you to create a "Campaign". The Campaign allows you to target which users should receive the software update.

Targeted upgrades

Comet allows you to target devices to be affected for the Campaign by the following properties:

Software version
- Upgrade older versions
- Reinstall current versions (Enable this option if you have updated client branding settings on the same software version.)
- Downgrade newer versions

You can also target specific devices by using the search filter (by selecting "Select devices...")

Configure the filter so that the devices must match either "All of", "At least one of", "Not all of", or "None of" the rules set
Specifically target devices via their Device ID, Device name, or Operating system, or their user's Tenant ID or Username
Select one of the many operators such as equal, not equal, contains, matches regex, etc.
Add multiple rules to the filter with the "Add rule" button
Target multiple groups in one campaign by clicking the dropdown arrow next to "Add rule" button and selecting "Add group"

If you receive the message "Ineligible" when running a Bulk Update, this means one or more of the target device/s is already on the latest version. Make sure to enable "Reinstall current versions" or "Downgrade newer versions" if required.

Upgrade logic

The bulk update campaign system may initiate a remote update for a device when

(A) the bulk update campaign is created for the first time; or
(B) immediately when a device comes online; or
(C) in the background, on a timer interval.

If a device is currently performing a backup job, the bulk updater does not initiate a remote update. In this situation, the device would be left as "Pending" until either #C occurs above, or if the device goes offline and #B reoccurs above.

Policies

An administrator can create policy restrictions to assign to user accounts. A policy can also be assigned during user account creation.

The available policy settings are:

Storage Vaults

Activating these options make the following actions unavailable to BOTH end users and Admin. This comes in handy if you want to completely prevent end users from executing certain actions. Actions you may prevent are:

Prevent creating new Storage Vaults
- ...via Storage template
- ...via Custom
Prevent editing existing Storage Vaults
Prevent deleting Storage Vaults
Hide cloud storage branding in Storage Vaults

You may also restrict the available Storage Vault types available to end users. Users can still add, edit, or delete selected Storage Vaults.

Your options for limiting access to Storage Vault types are:

Restrict available Storage Vault types:
- S3-compatible / Amazon S3 / Google Cloud Storage / Wasabi ...
- SFTP
- Local Path
- Comet Server
- FTP
- Azure Blob Storage
- Spanned
- OpenStack Swift
- Backblaze B2 Cloud Storage

Protected Items

You may prevent end users from executing certain actions on Protected Items. Aside from ensuring that end users don’t delete or edit Protected Items that may affect backups, this also prevents end users from adding Protected Items that would incur a booster charge (see our pricing page for fees that apply).

Actions you can prevent on Protected Items are:

Prevent creating new Protected Items
Prevent editing Protected Items
Prevent deleting Protected Items

You can also set Default Protected Items to be added to new devices.

This won’t retroactively apply to already connected devices.
Changes to this policy will not be applied retroactively to Protected Items created by this policy.

You can also set Protected Items to be added automatically.

You can choose whether the Policy Protected Item applies only for new devices, or if it remains linked to the policy after creation by selecting "Update existing devices". This allows you to configure a Protected Item for a specific application, file path, or integration target, apply it by default to all users of the Policy and still be able to change those settings centrally for all users of that policy.

Prior to Comet 23.6.x, changes will not be applied retroactively to Protected Items created by this policy. Once applied, they are unlinked from the policy.

You may also restrict access to certain Protected Item types – take note that this applies to BOTH end users and admin.

Unselected Protected Items are un-editable to end users and to Admin. Only selected Protected Item types can be created. Existing Protected Items can be edited or deleted regardless of this setting.

Restrict available Protected Item types
- Files and Folders
- Microsoft Exchange Server
- Microsoft SQL Server
- MySQL
- MongoDB
- Program Output
- Windows Server System State
- Application-Aware Writer
- Microsoft Hyper-V
- Disk Image
- Microsoft Office 365

For example, in this Policy, only the Files and Folders option is ticked, which means that’s the only Protected Item that can be added, deleted, or edited by Admin (you) and the end user.

In the Client software, all Protected Items except for Files and Folders will be unavailable:

Default Settings

You can change the default for the following settings:

‘Skip if already running’ setting on backup schedules
- System default – The System default here is Optional, OFF
- Optional, default on – System default is ON, but can be turned OFF
- Optional, default off – System default is OFF, bit can be turned ON
- Always ON – Can’t be turned OFF unless the Policy is changed
- Always OFF – Can’t be turned ON unless the Policy is changed
‘Allow administrator to reset password’ setting on user accounts
- System default – The System default here is Optional, ON
- Optional, default on – System default is ON, but can be turned OFF
- Optional, default off – System default is OFF, bit can be turned ON
- Always ON – Can’t be turned OFF unless the Policy is changed
- Always OFF – Can’t be turned ON unless the Policy is changed. Take note that if this option is chosen, you can’t just reverse it. You’ll first have to change the Policy option to either Always or Optional ON, and then the end user will have to re-enable it within the app. This option is greyed out in the User Profile:
  The end user can allow it in the app after you re-activate it in the Policy:
‘Allow administrator to view file names’ setting on devices:
- System default – The System default here is Optional, ON
- Optional, default on – System default is ON, but can be turned OFF
- Optional, default off – System default is OFF, bit can be turned ON
- Always ON – Can’t be turned OFF unless the Policy is changed
- Always OFF – Can’t be turned ON unless the Policy is changed. Take note that if this option is chosen, you can’t just reverse it. You’ll first have to change the Policy option to either Always or Optional ON, and then the end user will have to re-enable it within the app.
‘Require user to change password at next login’ setting on user accounts:
- System default – The System default here is Optional, ON
- Optional, default on – System default is ON, but can be turned OFF
- Optional, default off – System default is OFF, bit can be turned ON
- Always ON – Can’t be turned OFF unless the Policy is changed
- Always OFF – Can’t be turned ON unless the Policy is changed

Other

The following policies will further restrict the end User’s ability to change backup settings. These are especially helpful if you want the end User to be completely hands off and not have access to their backup settings.

Prevent manually deleting backup snapshots from a Storage Vault
- This option will also prevent deleting individual files from a snapshot (from Comet version 23.3.0)
Prevent changing user account password
Prevent changing user account name
Prevent changing email settings
Prevent opening the application interface
- Prevent devices from viewing each others' names (Device names will still be visible if the user logs in to the web interface)
- Hide the Import feature
- Hide the software version and codename
Prevent logging in to the web interface

Mandatory file and folder exclusions

This allows you to automatically exclude certain files and folders. This is handy for excluding files that cause errors and disruptions to backups. These apply to all File and Folder backups run under this policy.

Default email reports and default backup schedules

You can set up a default job report template for all Users through Policies, as well as default backup schedules. For more information, please refer to our full guide on how to set up email reporting with Comet.

These backup schedules are applied to all new Protected Items. Similar to default Protected Items, these are not applied retroactively to existing Protected Items.

Take note that a default Protected Item with a schedule will end up with two schedules if this option is used, one from the default Protected Item, one from this.

To enforce the Default email reports, make sure that ‘Email backup reports to this account’ is activated in the User Profile tab.

Retention

Last, you can set default Retention policies for all Users. Click on ‘Keep all backups forever’ to assign a different Retention policy, otherwise, that’s the default Retention policy that would apply.

Tick ‘Enforce this retention policy for all Storage Vaults’ to override Retention policies you may have applied on Storage Vaults. This is useful if you want users to be able to modify their Protected Items, but not their retention policies.

Default retention policy
- Enforce this retention policy for all Storage Vaults
- Prevent overriding retention policies on Protected Items

‘Prevent overriding retention policies on Protected Items’ is useful for ransomware protection, as a bad actor with user credentials could otherwise set the retention policy on a Protected Item to “keep nothing” and let historical backups be deleted by retention.

Job History

The Job History page will allow you to search for all type of jobs that has been ran or are currently running on your server.

If you view a running job, you can then cancel it by clicking the red Cancel button.

Recent Activity

The Recent Activity page shows you an overview of the last 10 days' of customer job history.

There is a row for every Protected Item, for every device, in every account. By default, the rows are sorted alphabetically by Username > Device name > Protected Item name.

A red "Offline" alert badge is displayed beside the device name if a device is offline. If a device has no Protected Items, a message is displayed.

A yellow "Outdated" alert badge is displayed besides the device name if a device has outdated client software. You can update client software via Bulk Update

A red "No Schedule" alert badge is displayed beside the Protected Item name if a Protected Item has no schedules. You can click the Protected Item name to immediately edit its settings to repair common problems.

The "Activity" section shows a timeline of the last 10 days, from oldest (left) to newest (right), interpreted in your local timezone. Each segment on the bar represents one day of jobs, and shows the number of backup jobs for that day. You can click the segment to go to a dedicated job search.

The right-most segment may show a blank day-block for devices which have not yet run a backup job for the current day.

The segment is colored based on the worst status of all jobs which ran on that day. If all jobs which occurred that day were successful, the segment will be green; if one or more jobs which occurred on that day was unsuccessful, the segment will be red. If multiple statuses appeared on that day, the segment will be striped between the worst and next-worst status color.

Client News

The News system allows you to create messages that appear to end-users. Messages are displayed in chronological order (newest-first).

News messages appear in

the Comet Backup app, and
when an end-user logs in to the Comet Server web interface.

Adding and deleting news items causes the updated news item to be immediately reflected in the client app.

URLs will be converted into clickable links, but other formatting is unavailable.

If the Storage role was enabled, the "Local storage buckets" menu option should be available when logged in.

Local Storage Buckets

The Storage Role consists of a number of buckets. The buckets are abstracted from the underlying data storage, which could be on any supported storage platform. For more information about the available data storage locations, see the "Storage configuration" document.

Comet allows you to list and browse the buckets, as well as see the total size of data stored within the bucket.

Note: Comet shows Size in Tebibyte/Gibibyte. Cloud-storage providers may display Size in Terabyte/Gigabyte, which can cause some confusion.

Deleting buckets

If you are certain that a bucket is not in use by any Comet account, it may be safe to remove a bucket. You can remove a bucket by clicking the "Delete" button on the right-hand side of this screen.

WARNING:: If you delete a bucket that is still in use by a Comet account's Storage Vault, the user's Comet Backup application will not be able to backup data to their Storage Vault nor restore data from their Storage Vault.

Because of the risk in this operation, it is recommended to leave the process of deleting unused buckets up to the Constellation role. For more information about Constellation, please see the Constellation section of the "Comet Server configuration" document.

Add a new bucket

You can add a new bucket on the Storage Role. The new Bucket will be generated with a random name and access key.

Comet Server will display the necessary hostname, bucket name, and bucket key that can be copied into the Comet Backup Storage Vault configuration in order to store data in this bucket.

It is not normally necessary to manually add buckets in this way. You can use the "request" system to automatically create buckets and attach them to a user's account.

Download client software

You can use the "Download client software" menu item to produce and download branded software client installers. Comet Server will generate a new installer on demand based on your current server branding settings.

The client software can be downloaded for a range of target platforms. For more information about the client software, see the "Comet Backup Installation" section.

Copy (as cURL / wget)

When installing Comet Backup on a remote Linux server by SSH, it can be inconvenient to transfer an installer file. The "Copy (as cURL)" / "Copy (as wget)" options copy a bash shell command to your clipboard, that will automatically download the Linux installer file.

Server logs

View the server logs to find more information when having difficulty configuring your server or client.

You can also find the server logs on your Self-Hosted Comet Server at C:\ProgramData\Comet\logs on Windows and /var/log/cometd for Debian/Ubuntu.

Replication

About Replication

The replication page displays the current replication status. Comet Server supports replicating user profiles as well as stored data. Replication in Comet Server happens in one direction only from a primary to a replica Comet server.

The replication system uses a queue-and-worker model. When Comet Server starts for the first time, it will inspect all local data and remote data to determine what needs to be transmitted. Once this inspection is complete, data that needs to be updated will be queued for transfer.

The primary server will monitor new changes and sync them over to the replica. You generally shouldn't need to make any changes on the replica; changes on the replica are not synced back to the primary. When the primary next restarts, it will detect any changes on the replica and fix them to match the primary version.

Comet will replicate multiple objects simultaneously in parallel via multithreading.

Comet replication does not replicate Server logs or job logs.

Replicating deletions

You can configure separate replication targets for Auth Role data (user accounts, and policies) and Storage Role data (buckets, and bucket content).

When data is deleted from the primary Server, it may be deleted on the replica Server, depending upon the copy-settings.

For Storage Role, the replication system will synchronise deletion actions for data within a bucket. However, it will not synchronise the action of deleting a bucket; the Constellation Role is responsible for deleting buckets across your entire Comet Server cluster.

For Auth Role, you can choose between the following options:

Option	Description
None (Add/Update only)	No deletion actions will be applied to the replica server.
Partial (Delete from remote only when deleted locally; do not delete unknown users)	Deletion actions will be applied to the replica server, but, unknown objects on the replica server will not be deleted. This option may be used if you are using replication to combine multiple Auth Role servers together
Complete (Synchronise remote with local)	Deletion actions will be applied to the replica server, and all unknown objects on the replica will be deleted.

Failing over (Storage role)

A Storage Role server hands out chunks from the disk, to whomever has the right password. Recovering a Storage role server from the data on a replica or secondary server, or failing-over to your secondary server, is as simple as making sure the files are intact, and all the DNS entries point to the right places. The replication system has already ensured that all the bucket names and bucket passwords are mirrored.

This simplicity allows for different approaches depending on your exact failure scenario:

In all cases, we strongly recommend that you use the Server Self-Backup feature to safely make a copy of the server and client configuration files before they are needed in any sort of data-loss or disaster scenario

Option 1: Recover files

Start the primary storage server. Make sure it is running normally. Copy all the data from the secondary back to the primary.

You could do that either by drag-and-drop via a GUI, copy files via command-line or terminal, or by replicating in reverse. The transfer should run at line-speed regardless of method.

You need to copy all the vault data as well as the cometd-buckets.db file.

Option 2: Server DNS failover

Switch your secondary to be the primary, by pointing the primary's DNS record to point to the secondary. As replication is one way, the failed primary should not be brought back online without first disabling replication to avoid any data loss.

You will need to update any other servers that refer to this server by DNS, e.g. the Constellation role.

If your primary Comet Server uses HTTPS, you will need to update the secondary's SSL certificate settings to work with the primary's domain name.

Option 3: Client address failover

Switch your secondary to be the primary, by updating all the Storage Vaults in each user's profile to point to the DNS name of the secondary server.

The Comet Server interface includes a helpful tool to modify Comet Server Storage Vault URLs in bulk.

This is an option for Storage Role failover, however, it is not a suitable option for Authentication Role failover.

Failing over (Authentication role)

An Authentication Role server is where you manage user profiles and policy group configurations. The user profiles are critical for accessing the encrypted Storage Role data.

Option 1: Recover files

Get your primary authentication server physically up and running, then copy all the data from the secondary back to the primary.

You need to back up the configuration file and .db files. The config file is called cometd.cfg and it will be in the same folder with the database files (.db). The main data base file you need is comet-users.db.

In the event of a server failure:

Reinstall comet server
Recover the files
'Relax' the serial number and now you are back online.

Option 2: Server DNS failover

Switch your secondary to be the primary, by pointing the primary's DNS record to point to the secondary. To avoid data loss, the failed primary should not be brought back online without first disabling replication.

You will need to update any other servers that refer to this server by DNS, e.g. the Constellation role.

If your Comet Server is using HTTPS, you will need to update the secondary's SSL certificate settings to work with the primary's domain name.

You may also want to change the "generate missed backup reports" setting; we recommend this is enabled on primary servers and disabled on secondary servers.

About this Server

The "About this server" page shows basic information about the server.

The following information is available:

Server version and codename
Server start time
"Serial number valid offline until"
- Your Comet Server has an time-limited exclusive lease to use its serial number, and can remain running without any communication to the central licensing server until the date specified. For more information, please see the "Overview and Concepts" section.
Server roles
- The available roles are listed. If a role is currently enabled on the server, it is displayed in green. If a role is not currently enabled on the service, it is displayed in red.

If the Constellation role was enabled, the "Cluster" menu option should be available when logged in.

About this Cluster

You can use the "About this cluster" menu item to perform global operations across all your Comet Servers.

Bucket users

Use this section to generate a report to see current buckets within the server and see information about them.

You may want to view this information to find unused buckets.

First use​

Log in​

Web browser compatibility​

Safari and "Ghostery" extension​

Log out​

Time display​

Table views​

Pagination​

Filter​

Export​

Column selection​

User menu​

My Account​

Configure two-factor authentication​

TOTP​

FIDO2 WebAuthn​

FIDO U2F​

Advanced Options​

Accounts menu​

Users page​

Add user​

User Groups​

Modifying user account properties​

Copy and Paste​

Storage Vault analysis​

Browsing log history for a customer​

Send a client bulletin email​

Connected Devices​

Live connection actions​

Double-connections​

Bulk Update​

Targeted upgrades​

Upgrade logic​

Policies​

Storage Vaults​

Protected Items​

Default Settings​

Other​

Mandatory file and folder exclusions​

Default email reports and default backup schedules​

Retention​

Job History​

Recent Activity​

Client News​

Storage menu​

Local Storage Buckets​

Deleting buckets​

Add a new bucket​

Server menu​

Download client software​

Copy (as cURL / wget)​

Server logs​

Replication​

About Replication​

Replicating deletions​

Failing over (Storage role)​

Option 1: Recover files​

Option 2: Server DNS failover​

Option 3: Client address failover​

Failing over (Authentication role)​

Option 1: Recover files​

Option 2: Server DNS failover​

About this Server​

Cluster menu​

About this Cluster​

Bucket users​

First use

Log in

Web browser compatibility

Safari and "Ghostery" extension

Log out

Time display

Table views

Pagination

Filter

Export

Column selection

User menu

My Account

Configure two-factor authentication

TOTP

FIDO2 WebAuthn

FIDO U2F

Advanced Options

Accounts menu

Users page

Add user

User Groups

Modifying user account properties

Copy and Paste

Storage Vault analysis

Browsing log history for a customer

Send a client bulletin email

Connected Devices

Live connection actions

Double-connections

Bulk Update

Targeted upgrades

Upgrade logic

Policies

Storage Vaults

Protected Items

Default Settings

Other

Mandatory file and folder exclusions

Default email reports and default backup schedules

Retention

Job History

Recent Activity

Client News

Storage menu

Local Storage Buckets

Deleting buckets

Add a new bucket

Server menu

Download client software

Copy (as cURL / wget)

Server logs

Replication

About Replication

Replicating deletions

Failing over (Storage role)

Option 1: Recover files

Option 2: Server DNS failover

Option 3: Client address failover

Failing over (Authentication role)

Option 1: Recover files

Option 2: Server DNS failover

About this Server

Cluster menu

About this Cluster

Bucket users