NinjaOne Backup: Best Practices

Topic

This article describes best practices for NinjaOne Device Backup.

Environment

NinjaOne Device Backup

Description

The sections below discuss best practices and topics that you should review before deploying NinjaOne Device Backup. Click an item below for more information about the topic.

Environment Type
- Workstation
- Servers
Backup Plan Types
- File and Folder Backups
- Image Backups
Backup Storage Destination types
Other Setups
Tips for Maintaining Your Backups
Recovering After a Cyber Attack

Environment Type

Consider the type of environment that you are working in when planning which backup plan type to use. Your environment can be anything from a small office consisting of desktops or laptops, or larger offices that consist of not only workstations but servers as well.

Although the services required to back up these devices are similar, they are different in the method and type of backup plan you choose. Consider how much data of each type you'll be working with and use that information to inform your decisions on different backup solutions.

Workstation

For workstations, the most common backup plan is File/Folder. With this plan, NinjaOne backs up the files and folders you specify on the local computer. If something happens to the device, you can run a restore job to copy back only the files and folders that you select. When adding a device to a File/Folder backup plan, you will need to have the operating system installed and configured, along with the user's profile.

You can configure NinjaOne Device Backup to back up critical files to either a local network attached storage (NAS), or to the cloud. You can restore deleted files directly to the workstation.

Servers

For servers, NinjaOne Device Backup can perform both full image backups of the entire server and individual file/folder backups or a combination of both. For a combined or hybrid approach, you could have a file/folder backup plan that performs backups on a daily or even an hourly schedule, depending on the change rate. You could add a weekly or monthly image backup as well.

There are many variables that you should consider when designing and setting up server backups:

The number of servers that you need to back up.
The volume of data on the servers.
The number of revisions of changes the user desires to keep.
Are they stand-alone physical servers or virtual servers?
Is your virtual environment Hyper-V or VMware?
How critical is response time in restoring a server or file in an emergency?
Do you have a NAS (Network Accessible Storage) to house your local backups?
Your network speeds and ISP configuration.

Initially, the correct approach may be to back up all your selected data in the cloud. However, if your network bandwidth is slower or if you are trying to restore large volumes of data, this method can be more costly in the long term. You'll need to decide what works best for your situation.

Backup Plan Types

Each type of data will have its own retention time and process based on how you use it, so you'll likely be using each of the methods described below. When thinking about the data in your organization, think about which plan would work best for your needs.

File and Folder Backups

You should use a File/Folder Backup plan when you need to restore only certain files and folders.

File/Folder backups have these advantages:

File/Folder backups are excellent for backing up organizational files such as spreadsheets, documents, or photos.
This plan type is great for recovering single files or folders.
File /Folder backups take less time to back up and recover data due to their smaller size.
The backups cost less to store, due to their smaller overall size.
These plans put less strain on bandwidth and network performance.
You should not normally use File Folder Backup plans for full servers or databases.
File/Folder plans can back up user profiles
You can select which items to back up at a granular level.

For more information about File/Folder backups, refer to these documents:

Image Backups

Image backups make the most sense when you need to restore an entire device or full disks to new or existing hardware. Image backups are also capable of restoring individual files and folders from the cloud, but the backup will encompass the whole device rather than a subsection of files.

When deciding whether to use Image Backup, consider these points:

You should use Image Backup for large system copies such as databases, servers, and other business-critical systems.
Recoveries will include the entire machine, including the applications and operating system (OS).
Full image backups can minimize downtime in case of a disaster.
These backups can take longer to recover due to the larger data size.
While you are able to access individual files upon restoration, Image Backup plans are used mainly for machine-level backups.

For more information about Image backups, refer to these documents:

Backup Storage Destination Types

You can use a mix of different storage destinations for your organization's data. User file data will likely take a different backup form than the data stored within a large database. When considering storage destinations, you can sort them into three destinations:

Cloud Only
Local Storage
Hybrid

Cloud Only

Your data is stored strictly off-site using a cloud storage vendor such as Amazon Web Services (AWS) or Microsoft Azure. Cloud storage allows you to support a large number of remote workers, deliver a consistent user experience, and take advantage of scalable storage options. Your available download speed affects Cloud-only storage, which can make it less flexible and accessible when compared to local storage.

Local Storage

Data is stored on-site only without any remote backups. This data has no internet dependencies, so you'll see quicker recovery times than cloud backups. However, if your organization is comprised of many remote employees, local backup recovery may not be an option. Local-only backups also have the disadvantage of single-point failure, so one natural disaster or cyberattack could end up wiping out both your data and backups.

Hybrid

With hybrid storage, you store your data both locally and in the cloud, giving you quick recovery options and disaster protection. Many organizations follow the 3-2-1 backup rule, which specifies you should have three copies of your data, in two different forms, one of which should be off-site. A hybrid backup strategy typically includes both local and cloud backups, with the cloud backup ensuring that your data is stored off-site.

Other Setups

Network Attached Storage (NAS) Backup Tips

You should secure network attached storage (NAS) access with its own service account that you only use for the network storage credentials for NinjaOne Device Backup.
You should only configure the NAS share for one service account with no access to any other user account.
Consider isolating the NAS behind VLAN or firewall access rules.
Make sure you deactivate the Recycle Bin on the NAS to avoid unnecessary storage usage.
Do not make the share visible to network discovery search features. Obscuring the share's location makes it less susceptible to attack.
Keep your NAS software up to date.
Do not keep your NAS open to the internet.

Microsoft OneDrive

If you are using Microsoft OneDrive as part of your user's profile, by default, these files are not backed up. NinjaOne Device Backup only backs up files that are on the actual workstation.

By default, in your OneDrive setup, the option is checked to keep the files on OneDrive unless you have selected the file to make changes. This action will copy the file to your local computer, and it will be processed in the same way as any other file on your workstation.

If you decide that you want any files contained in your OneDrive folder to be backed up along with your regular files, you will need to clear the box labeled Files On-Demand in your OneDrive settings and ensure that your workstation has enough space to hold all the files contained in your OneDrive.

Virtual Machines (VMs)

NinjaOne Device Backup can back up virtual machines. You back up virtual machines by activating NinjaOne Device Backup within NinjaOne directly on the endpoint, just as you would with any physical machine. You can choose Image and File/Folder plans for Windows or Apple macOS, while only the File/Folder plan is available for Linux.

NinjaOne Device Backup is an agent-based backup product. We strongly discourage backing up virtual machines directly by backing up a hypervisor. You should perform all virtual machine backups at the agent level by installing NinjaOne on the individual machine and enabling backup.

Tips for Maintaining Your Backups

Here are a few tips for maintaining your backups to ensure they are always reliable and accessible.

Enable comprehensive backup alerts. Setting alerts for failed backups and failed cloud syncs is a great start, but you should consider building out more thorough alerts. Some examples of other alerts include last backup success, length of backups, new devices added, and unexpected large new storage usage. Don't just rely on failure alerting.
Keep your backup software up to date. Make sure you're updating your backup software regularly. Vendors frequently introduce new features or fix critical bugs. Missing updates can negatively impact your backup schedule.
Consider your recovery point objective (RPO) and recovery time objective (RTO). RPO determines how much data you need to recover, while RTO determines how quickly you need the data restored. You should use these parameters to decide how often to back up and what backup method to use.
Consider which backups should be stored locally vs. in the cloud.. Are there any backups you need to have restored more quickly? Do the backups impact remote workers? How does the location of data impact the restore process? These questions are helpful in determining where to store your backups.
Consistently audit and test your backup process Backups are only useful if they're successful, so auditing your backups regularly is important. Test and validate your backups regularly. You should also validate that your backups have completed successfully on a regular schedule, not just when you receive failure alerts.
Develop a disaster recovery checklist. List everything that you'll need to do in case of data failure. Include your potential recovery point and time objectives, who needs to be involved, how you'll recover the data, where the backup is stored, and all other critical parameters.
Make sure your backups have redundancy. The 3-2-1 backup rule mentioned in the Hybrid section above is a great place to start. Have redundant copies of your data in multiple locations so that no matter the disaster, you always have a reliable place to recover your data from.
Keep your documentation current. Keep current documentation so that anyone will be able to manage data restoration. Supervise the DR plan, but don't do it yourself; that way, more than one person understands and can execute the recovery procedure.
Keep your backups on different disks and in different locations. You should always store backups on different media, especially different disks. If a disk fails and the backup is just on a different store within the same disk, your chances of recovery are next to zero.
Keep local backups isolated. If using local storage, use the least permissive access in case the organization is infected. Make sure that permissions to your backup appliance are limited so that no one can maliciously or accidentally browse the file path. This action also ensures that bad actors cannot access those backups to encrypt them. Consider keeping your local backup storage NAS out of your domain AD.
Secure local and cloud storage to service accounts. Service accounts are a special type of non-human privileged account that you can use to execute applications and run services. By using a service account, you can limit access to a single account.
Backing up SaaS data is also important.. Just because data is being stored in the cloud doesn't mean that it's being backed up by your cloud provider, so run consistent backups of your cloud data. NinjaOne SaaS Backup is an excellent tool for this purpose.
Print out your disaster recovery plans If you're trying to restore your data and you only have a digital copy of your plan, that document is likely part of what was compromised, and you might have trouble getting access to it. Make a printed copy for easy access, and be sure to update it whenever changes occur.
Don't neglect your networking hardware. Backups aren't just for operating systems, servers, and data, but also for your switch configurations, firewall configurations, and other configuration files. so that you can quickly restore that hardware in case it goes offline. Have a restore plan ready to replace the pieces of networking infrastructure if there is a failure on one of the components.
Consider having extra physical component backups or a place to source them. If you can have extra physical components, constantly test them, and make sure they're usable for hot swaps when needed.
Audit data that is saved in non-standard locations. Employees may save data in places that you might not have protected. Make sure you're auditing every source on the network.

Recovering After a Cyber Attack

When hackers compromise your system or steal credentials, how do you recover your data?

Organizations should plan for these events accordingly and know how to recover quickly.

Prepare a disaster recovery (DR) plan in advance. The best approach to recovery is to prepare for an attack at any moment. If you have plans ready ahead of time, it will make it easier to recover as much of your data as possible. Refer to the list above for tips on how to build out your full disaster recovery plan. You can also find many online resources for disaster recovery plans.
Determine the type of threat. With so many potential threats, organizations should know what they're up against before trying to recover any data. For example, in Red Canary's 2023 Detection Report, they list a variety of major threats, each one with different remediation methods. Because each threat is different, this information is crucial to determining your next steps. Depending on the severity of the incident, you may need to enlist the help of external specialists. In some cases, your cyber insurance coverage may specify who those specialists should be and when they should be involved.
Isolate vulnerable and infected devices. Assess the network to discover the extent of damage, find affected systems, and isolate them from the rest of the network. Have conversations with your insurance provider up front to determine who will be responsible for what in terms of containment, eradication, and recovery. Make sure you have proper logging set up and that you know what not to do to preserve evidence properly. Have plans in place for a variety of scenarios. These incident response plan playbooks are great examples to build on.
Install security updates or patches. Many attackers will exploit major software vulnerabilities to force their way into your network, so you'll need to scan your network for any unpatched vulnerabilities before proceeding to restoration.
Run security scans on backups. Many viruses can lie dormant on networks for months, so you'll need to run scans on your backups to make sure that they're not infected before restoring.
Recover your backups. After you've quarantined the threat and ensured that your backups are safe, you can move on to restoration. Recovery methods may include granular file-level recovery or complete system restoration.
Update all passwords and codes. Keep your organization safe from future attack by updating all of your passwords and security codes.
Run thorough vulnerability scans after recovery. Once recovered, you should carefully examine your network to make sure the threat is properly eradicated. Threats can lie dormant, so you should scan thoroughly to be sure your network is safe.
Document attack response and update your data recovery process. It's important to document what happened and what steps you took to restore your data. Documenting the experience can help inform your disaster recovery process.

Additional Resources

For a complete list of our backup guides, refer to the NinjaOne Backup section of the NinjaOne Dojo.