Connected® Backup for PC and Mac Small Business Deployment Guide

Introduction

This guide is for those customers of Connected® Backup for PC and Mac Subscription Service for small businesses who have received an email containing download, registration and support information. This instructional guide outlines the options available to you – and provides instructions for – deploying the Connected Backup for PC and Mac Agent on each machine that will be using the Service. If you have not subscribed to the Connected for PC and Mac Subscription Service, please do so before continuing with the instructions below.

What You Received

The following items will be electronically forwarded to you from Iron Mountain fulfillment upon successful validation of your company’s credit card. Please refer to the FAQ section of Iron Mountain's web site if you have questions on the following:

  • Technician ID
  • Welcome letter email containing:
    • Technician Login and password
    • Web address for the Account Management site
    • How to get technical support (free web help and email) information
    • Portal account number – for billing reference
    • Location of FAQs
    • Support Center Information

Your users will download a Setup executable from the Account Management site. This program will install the Connected Backup for PC and Mac Agent on a user’s machine and walk the user through the process of installation and their first backup*.
 

*Note: Not intended for servers or multimedia. The ability to deselect files is enabled with this service plan. Improper use of this function could result in users deselecting files required for Heal.

Deployment and Installation

To deploy the Connected Backup for PC and Mac Agent to your user (individual accounts) send the web site address in the Welcome letter to your users.

When each user accesses the web site, they are prompted to register their account and download the software on their machine. The web site provides instructions about installing the software on the users' machines.

After installing the Connected Backup for PC and Mac Agent software, users are ready to complete their initial backup. It is not unusual for an initial backup to take several hours. We recommend users initiate this backup in the evening to run overnight. Each backup thereafter will generally take a few minutes.

  • Click “Backup Now” at the bottom of the Connected Backup for PC and Mac Agent window to initiate the first backup.

Configuring the Connected Backup for PC and Mac Subscription Service with an Internet Firewall

Overview
A Connected Backup for PC and Mac Agent communicates with the Iron Mountain Secure Operations Center using the standard TCP/IP protocol.

Connections are initiated from the backup clients inside the firewall. Connections are NEVER initiated from the outside.

The program can work with all types of firewalls, including packet-filtering, circuit-filtering, SOCKS-compliant Proxy or Mapped Proxy firewalls. For most firewalls, some configuration of the firewall by the firewall administrator is needed. If your network requires explicit connection to the firewall to initiate outgoing connections, the backup software must be configured for your firewall

The requirements for running the Connected Backup for PC and Mac Subscription Service for small businesses are consistent with security best practices. They do not create an opening for incoming connections, and outgoing connections can be limited to specific ports at specific known IP addresses. As an added security measure, all data is 128-bit or DES-encrypted before leaving the computer; it remains encrypted though transmission, and is stored encrypted at the Connected Secure Data Centers.

The following additional information is useful to a firewall administrator for configuring a firewall to permit outgoing connections to the Connected Backup for PC and Mac servers.

Protocols
TCP/IP is used. There is no use of UDP or ICMP.

Server Subnets
Each user's Connected Backup for PC and Mac Agent connects to a primary and an alternate server in order to provide high availability. Currently, all servers reside in the subnet 12.159.133.0-63 (also expressed as 12.159.133.0/26) and in the subnet 66.151.228.0-255 (also expressed as 66.151.228.0/24). The Connected Backup for PC and Mac software must have access to both of these subnets. Should these addresses change in the future, notice will be given to allow firewall changes and the Connected Backup for PC and Mac software can be automatically updated with the new addresses.

Port Numbers
All Connected Backup for PC and Mac servers listen for client requests on a well-known port number: 16384. An Agent always establishes a TCP/IP session with port 16384 on the server.

DNS
The Connected Backup for PC and Mac Agent connects to a server using the server's IP address, not its name. Therefore, name resolution and access to a name server are not required.

Registration vs. Subsequent Connections
The Connected Backup for PC and Mac Agent is configured to connect to one of a pair of registration server addresses (primary and alternate) when it is used for the first time. The registration process assigns a server address pair (primary and alternate) for all subsequent uses.

SOCKS-Compliant Proxy Servers
The IP address (or the DNS) of the proxy server and the port number on which it listens for connections must be known in order to configure the backup software. SOCKS is designed to allow outgoing connections and responses back to those connections, but to prevent other incoming packets. This is consistent with the Connected Backup for PC and Mac software. If your SOCKS proxy server has been set up with additional restrictions on outgoing connections, it is necessary to include Iron Mountain's subnets in the permitted destinations.

It may be necessary to configure the Agent software to use your SOCKS proxy server. Contact Support for assistance with this task.

Other Proxy Firewalls
In order for the Connected Agent software to be used with an application-based proxy firewall server, the firewall must be set to permit outbound TCP connections for a generic application. Mapped firewalls require a separate port on the firewall for each different destination address.

You may also need to change the configuration for the Connected Backup for PC and Mac software. Contact Support for assistance with this task.

If you need to configure your Connected Backup for PC and Mac software to use a SOCKS-Compliant Proxy Server, contact Support for assistance.

Packet filtering firewalls
The following is a summary of 'rules' that must be applied to the firewall software or hardware in order to enable the Connected Backup for PC and Mac client-server protocol. (All the rules are described from the 'firewall's point of view.')

1. Permit TCP/IP outbound to port 16384 to subnets 12.159.133.0-63 (12.159.133.0/26) and 66.151.228.0-255 (66.151.228.0/24).

2. If your firewall requires you to explicitly permit the response packets to come back, do so by permitting TCP/IP inbound to ports 1024-5000 from the subnets listed above, for an already-established connection. It is NOT necessary to permit a connection originating from outside the firewall.

3. We do not utilize UDP or ICMP.

IMPORTANT: If your question is not answered in the FAQs, please complete a Support Request.
If you have questions about our services or solutions call us at 800-899-IRON.
© Iron Mountain Incorporated. All rights reserved.