Zmanda Windows Client (or ZWC) backs up data from Microsoft Windows clients to an Amanda backup server. It is compatible with the following operating system versions:
Zmanda Windows Client uses Volume Shadow Copy services. Volume Shadow Copy service must be started and must not be disabled on the Windows client.
Windows clients must open inbound TCP ports 10080 and 10081, and outbound TCP ports 700:800. On Windows XP Pro with SP2, Windows Vista, Windows 7 and Windows 2008, ZWCService.exe added to the "Exceptions list" during ZWC installation if the Windows firewall is turned on. Please ensure that these ports are not used by other software. Some Anti-Virus software are known to use these ports. Please contact Zmanda Support if you need help in avoiding port conflicts.
The Zmanda Windows Client utilities such as ZWCconfig and ZWCsupport must be run as Administrator (either logged in as Administrator, or by right-clicking the utility from the Windows Start menu and choosing Run as administrator.)
Important Note: During installation, an amandabackup user account is created on the Zmanda Windows Client using local rules (i.e., Domain Controller/Domain/Standalone Workstation) for password creation. These OS users run backup and restore processes. When you change the account passwords eventually, be careful to ensure that security policies (such as strong passwords, password expiration) are followed. If an amandabackup user password expires, the Zmanda Windows Client service will fail to start, returning a Login Failure message.
Because the Zmanda Windows Client is packaged as an .msi file, you can use the Windows Installer tool (msiexec.exe) in conjunction with other enterprise deployment and distribution tools (either from Microsoft or other vendors) to perform multiple, unattended installations in a large-scale environment. Enterprise installation tools are described in more detail here.
The msiexec command line to perform an unattended installation of the Zmanda Windows Client is:
The example above causes the Windows Installer to display a status bar and log any installation messages to C:\ZWCInst.log. To run the Installer without the status bar, use the /quiet option. You can also specify different paths for the ZWCInstaller.msi and log file if desired.
If the installation failed for some reason, the ZWC installer rolls back the installation to the last working configuration.
The installation program logs messages to the following locations:
Installation can fail for a variety of reasons. For example, the user set a Password not conforming to Windows requirements, or running the installation program without the necessarily permissions. The log messages will explain what went wrong.
Depending on the size of backup sets and the number of backup runs scheduled for your organization, the Zmanda Windows Client can consume a lot (>1G) of disk space, and also affect the performance of other applications that depend on the same disk while backups are running. The files that tend to grow are listed below:
The database stores the list of files that are backed up and their meta data. This information is stored between full backups to track what was backed up and determine what should be backed up in incremental backups. Doing full backup of the directory will cause all the information stored about earlier incremental backups to be removed (and so database size will be reduced). The size of database is directly proportional to number of files in the directory or volume being backed up.
If you find that the ZWC installation is consuming too much disk space while processing backup sets, you can move location of these files. There are two methods of doing this:
Windows clients can be backed up using a number of different methods. The method you choose will depend on:
There are four methods that require the Zmanda Windows Client (CIFS/Samba-based backup does not require that the ZWC is installed):
Windows templates are described here.
ZMC/AEE allows concurrent backups of at most one application backup object (such as Oracle or MS Exchange) and either one Windows filesystem backup object or one Windows template backup. Editing DLEs using the ZMC will result in all windows backup object/DLEs having spindle values supporting this behavior.
However, note that the Windows template backup object type does support multiple concurrent filesystem-based DLEs (for example, the Program Files and My Documents folders).
Please make sure no other backup software is scheduled to run at the same time as the Amanda Windows Client backup.
The Zmanda Management Console (ZMC) allows backup objects (also known as Disk List Entries or DLEs) with different Host Types to be included in the same Backup Set. Disk List Entries for Windows Clients resemble entries for other host types (Linux, Solaris, etc.).
The only way in which Windows clients are treated differently is this: When Windows directory paths are specified by back slashes, ZMC converts them to forward slashes. For example, ZMC converts the path C:\abc to C:/abc. On the Restore What page, all paths are displayed with forward slashes.
See the help topic for Backup What for details on exclude files, encryption, compression, etc.
The Zmanda Management Console can back up mapped drives on a Windows client provided the drives have been mapped from the 'amandabackup' account on the Windows machine. This constraint is because XP, Vista, Windows 2003 server drive letters are not global; different users can map different directories on different servers to the same drive letter. For further information, see the article "Backing up network mapped drives on Windows clients" on Zmanda's Knowledgebase.
If you have purchased and installed the relevant Zmanda licenses, Amanda Enterprise can perform intelligent backups of selected Windows applications such as Exchange and Oracle. These backups use Microsofts VSS (Volume Shadow Service) to capture a consistent copy of the database(s) in question.
Refer to the Zmanda Application Modules User Guide for further details.
If only one of the hardlinked files is present in the backup set, then the information about its other hardlink files will not be backed up. Also at restore time, if only one hardlink file is selected for restore, then its other hardlink file will not be restored. Please see this Zmanda Knowledgebase article for details.
The Restore procedure for a Windows client similar to the procedure for other clients. Note that you cannot restore a Windows backup to a Linux/Unix destination host.
Choose Windows instead of Linux/Unix.
The Destination Directory specifies the client directory on which ZMC will restore the files (the default is to restore to the original location). If a Restore fails while restoring to Zmanda Windows Client and displays the following error, please refer to the Debug log files located in the Zmanda Windows Client Installation folder for details:
"ERROR: Client Reported Error while Restoring Error restoring the selected files"
Note: Restoring C:\Windows directly is not recommended because the system files may be open. Use a Windows System State backup image (see the next section) to restore files to C:\Windows.
Windows System State refers to a collection of several key operating system elements and their files. Backing up the Windows System State is crucial for a successful disaster recovery strategy. Zmanda Windows Client can back up the Windows System State of Windows 2003 Server (with or without AD), Windows XP, and Vista clients. Windows System State is always a full backup (level 0).
The system state can be restored to the original location or a different location. Partial restoration of Windows System State can be done only to a different directory location. Windows System State files require special handling to back up because they are always locked.
Restoring a system state backup from one computer to a second computer of a different make, model, or hardware configuration is not supported. See the following Microsoft Knowledgebase article for details: http://support.microsoft.com/kb/249694
Depending on the type of Windows system, Zmanda Windows Client software backs up the following System State information in comprehensive and coherent fashion:
Workstation in this context means any Windows XP machine or any Windows Vista or Windows 2003 server machine which does not have Active Directory (AD).
A Domain Controller (or DC) is any Windows 2003 machine with Active Directory installed. DC backups include all of the state information listed above for Workstations, plus the Active Directory database, log files, and Group Policy Objects (GPOs).
To back up the Windows System State (which is always a full backup), choose Microsoft Windows System State as the type in the Backup What page of the Zmanda Management Console, and the following options are displayed:
After you have set the options, click the Add button to add the Winows snapshot to the backup set. Click Apply Plan to Server to commit the changes; you can then configure the backup set just as you would any other by setting the options on Backup Where, Backup How, and Backup When, etc.
To restore Windows system state, specify the Initial Directory as SystemState in the Restore What page of ZMC.
Please note the following requirements and cautions regarding System State backup and restores through the Zmanda Windows Client:
During the installation process, the amandabackup user is created and a password is set. To change the password, shut down the Zmanda Windows Client service, then use the Windows Control Panel utility to edit the amandabackup user account. Use the same procedure as for any other Windows-based password protected service. Restart the Zmanda Windows Client service when you are done. Note that the service must restart without any errors for the changed password to take effect.
The Zmanda Windows Client configuration utility (ZWCConfig) can be used to
Log on to the workstation as the Administrator and start ZWCConfig utility by clicking Start->Programs->Zmanda Client for Windows->ZWCConfig. Alternatively, you can right-click the menu option to Run as administrator. After you start the program, The Zmanda Windows Configuration dialog is displayed.
A Windows template is roughly equivalent to a backup object in the Zmanda Management Console, or a Disk List Entry (DLE) in Amanda. A template is useful if you want to back up different files and folders that reside on different drives as part of a single backup object/DLE.
In addition to specifying drives and folders for backup (which can be accomplished via ZWCconfig), you can also manually edit the template file to specify programs or scripts that should be run before and after the backup.
Templates created using ZWCConfig utility are stored in the template.txt file located in the \Misc directory of the Zmanda Windows Client installation directory on Windows XP and Windows 2003 systems, or %ProgramData%\misc in on Windows Vista, Windows 7 and Windows 2008 systems.
You may want to perform automated operations before and after a backup run and/or before and after a restore run, such as deleting temporary files, starting or stopping services, or other such operations that can be performed
from a Windows script or batch file. By editing the template.txt file described above, you can specify such scripts to run automatically either before or after a backup run and/or before and after a restore run for a given backup template.
Simply add a <PRE_BACKUP_SCRIPT> or <POST_BACKUP_SCRIPT> (or <PRE_RESTORE_SCRIPT> or <POST_RESTORE_SCRIPT>) tag(s) to the template.txt file for a given template. The tag's content is the path to script. For example, the following shows what the code would look like to add pre- and post-backup scripts to the MyTemplate template, which backs up c:\data after running c:\preScript.bat (which takes the input file prebackup.txt as an argument), and then runs postScript.bat:
<MyTemplate> <DLE_NAME>MyData</DLE_NAME> <DLE_TYPE>USER-DEFINED</DLE_TYPE> <FILE_LIST> <FILE_NAME>c:\data</FILE_NAME> </FILE_LIST> <PRE_BACKUP_SCRIPT>C:\preScript.bat prebackup.txt</PRE_BACKUP_SCRIPT> <POST_BACKUP_SCRIPT>C:\postScript.bat postbackup.txt</POST_BACKUP_SCRIPT> </MyTemplate>
If the prebackup script fails, the backup returns ZWC_ENG_ERR_PRE_SCRIPT (error code 278) . If the postbackup script fails, the error will be logged and backup status will be success.
If the prerestore script fails, an error is logged. If the postrestore script fails, the restore returns the appropriate error.
Click the Server tab to display server settings:
When you exit the program, you are prompted to restart the ZWCservice, which is necessary for the configuration changes to take effect.
The Zmanda Windows client service can be also be manually restarted from the Windows services user interface (Administrative Tools > Services). An example services screen is shown below.
ZWC uses industry-standard RSA RC4 algorithm for backup encryption. RC4 is RSA's standard streaming encryption algorithm. ZWC supports Windows PFX (Personal Information Exchange) certificates only.
The backup archive stores all encryption metadata information in encoded form including the certificate that was used to encrypt. The SHA1(secure) hash of the certificate is also stored in the archive.
ZWC can decrypt the backup image only if the encryption certificate (in the same form during backup) is present on the target machine. A renamed certificate of the same form will also be able to decrypt the files. User will be able to view the files (filenames) stored within the archive through Winzip and PKZIP Windows utilities, but will not be able to decrypt through these utilities. Only ZWC can decrypt the backup files.
The certificate to be used for encryption must be in amandabackup user's Personal Certificate Store as well as Trusted Root Certification Authorities. Validation of the backup set will fail if the encryption certificate specified in the backup set is not in the certificate stores. The procedure to add the certificate to certificate store is described in next two sections.
ZWC uses Zmanda key container to manage the private keys associated with amandabackup user. When amandabackup user is deleted or in Disaster Recovery situation, it is important to export the Zmanda key container and import it in the new machine. Exporting/Import Key container section discusses this procedure.
The backup user amandabackup must have “Full Control” permissions on the following folders so that it can create Zmanda key container during backup encryption process.
Windows XP and 2003 server:
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Windows Vista, Windows 7 and 2008 server:
C:\Program Data\Microsoft\Crypto\RSA
C:\Program Data\Microsoft\Crypto\RSA\MachineKeys
Enabling Client encryption requires multiple steps:
encrypt client client_encrypt "certificate" client_decrypt_option "-d"
NOTE : This DLE should not be modified using Zmanda Management Console. Modifying this DLE would cause the client encryption changes to be lost.
The method of encryption and further information are included in this Zmanda Knowledgebase article.
The Zmanda Windows client requires a Windows PFX (Personal Information Exchange) certificate to encrypt a backup. Windows PFX files are native certificate formats used in Windows. To export a certificate that the ZWC can use for encryption, follow these steps:
Double clicking the certificate pfx file will start the Certificate Import Wizard. The password used to protect the private key must be entered. Make sure the Mark this key as exportable option is selected. See the above screen figure. Place it in a certificate store. It should be in Personal certificate store.
You can now specify the certificate in the Zmanda Windows Client Configuration utility's Advanced Options dialog.
Encryption Metadata for the association between amandabackup user and the digital certificate used is stored under the Zmanda key container on disk on the backup client machine.It is important to export the key container before uninstalling ZWC on the client machine. Also, this key container will be needed, in the case of restoring encrypted archives on a different machine.
The exported XML file is needed for disaster recovery and must be backed up. To export and import key containers, .NET framework (version 2.0 or greater) must be installed on the Windows machine. It is usually found under C:\WINDOWS\Microsoft.NET\Framework and Framework64 folders.
To export the Zmanda key container to XML file, run the following command (Windows Start > Run > command):
aspnet_regiis -px “Zmanda” “<Name of XML file to be created>” -pri
IMPORTANT: Before importing Zmanda key container from another machine, make sure you have exported Zmanda key container from the current machine. This step is necessary if you are importing Zmanda Key container to a machine that is already performing Amanda encrypted backups. Use the above procedure to export Zmanda key container. To import the Zmanda key container from the XML file, run the following command (Windows Start > Run > command):
aspnet_regiis -pi “Zmanda” “<Name of the exported XML file>” -exp
You will need to import the exported key container from the current machine, in order to recover from encrypted archives backed up from this machine.
After importing the Zmanda key container, the digital encryption certificates have to be imported for the amandabackup user. This is necessary to recover from encrypted archives.
If you have created backup images using Amanda Enterprise edition Windows Client 2.6.1 or older, the older version of the client is required to recover the files to a Windows machine. Contact the Zmanda Support team for assistance. Alternatively, you can use the current version of Amanda Enterprise to recover the files to the backup server and then move them manually to the client.
The zwc-support utility collects system log files, log files related to ZWC and system related information. The utility then archives these log files into a single compressed file. You must run the utility as the Administrator. This compressed file can be then sent to the Zmanda Support team for analysis.
The Zmanda Windows Client support utility zwc-support.bat is included with the Zmanda Windows Client. To start the script, click Start->Programs->Zmanda Client for Windows->zwc-support
The following types of log files are gathered by zwc-support:
After the utility is run, an output file with the name zwc-logs-datetimestamp.cab is created in the Zmanda installation directory.