Cloud Laptop Protection

Overview

Cloud Laptop is a solution to allow end-users to install and configure their laptops for backups without Administrator interaction.

This solution can be easily set up in your environment using several standard Calypso utilities and some hand crafted scripts.

Depending on your needs, this set up can be done in different ways. Below is an example of one such set up that allows users within an organization to create their own Calypso accounts, download and install packages, register their computers and make configuration customizations before the first backup occurs.

Pre-requisites

Review the following requirements before setting up the Cloud Laptop:

Web Server
A server residing in the DMZ which is accessible through internet.
Data Collector Server
A server residing internally serving as a Data Collector. This server should have secure ftp access to the external Web Server.
CommServe
A server where laptop backup configuration is setup and the laptops will be installed to this server.

Service Provider

Set up Laptop Configuration on CommServe

Use the following steps to set up a Cloud Laptop Protection on CommServe.

Create Storage Policy with Client Side deduplication enabled for Laptop Backup groups.
Create another Storage Policy with no deduplication enabled and name it as Laptop backups (sensitive) or any other name, but make sure that name is modified in the enablecomputers.bat file which is given below.
This policy will be used in cases where end users require their data to be password protected.

See Create Storage Policy for step-by-step instructions.

Create a client computer group for laptops.
Create another client computer group with any name e.g., Waiting Room client computer group where all job activities are disabled and no schedules are enabled on this client computer group.
This client computer group will be used as a holding area for computers that are initially installed.

See Create a Client Group for Laptop for step-by-step instructions.

See Disable Operations for step-by-step instructions.

Create a schedule policy for laptop group.

While associating client computer groups to the schedule policy, make sure only the Laptop Backup client computer group is selected.

See Create a Schedule Policy for step-by-step instructions.

Create a subclient policy for laptop group.

See Create a Subclient Policy for step-by-step instructions.

Setup Firewall depending upon your environment.

The same firewall configuration configured on laptop client computer group must also be configured on the Waiting Room client computer group.

See Setup Firewall Using Proxy - Laptop Backup for step-by-step instructions.

See Setup Firewall Without Proxy - Laptop Backup for step-by-step instructions.

Create an Installation Package.

This package allows end-users to install the software without accessing the CommServe during installation and provide the option to register the laptop later.

During selection of client computer group at step 25, make sure to select Waiting Room client computer group.
You need not create additional user accounts for each user which is described in the step 36 - 38 in Create Decoupled Installation Package.
Rename the package as 32-bit.exe for 32-bit software package and 64bit.exe for 64-bit software package.

See Create Decoupled Installation Package for step-by-step instructions.

Copy the 32-bit.exe and 64-bit.exe packages on to Web Server.

Setup Self Service

This will allow you to set up a self-service web console to perform backup, restore and download operations on laptop.

See Setup Self Service - Laptop Backup for step-by-step instructions.

Use the following steps to download the scripts needed to collect laptop users data:

Click the Download Now button located on the right.
Select a location to save the .zip file.
Navigate to the location of the .zip file and unzip the file.

Create the following folders and place these file with them (your paths can be changed to suite your needs, just modify the scripts accordingly):
- E:\scripts\bin
  Modify this file to change the name of YOUR SMTP MAIL server.
- E:\scripts\laptopcloud_createusers
  Check and modify all lines that begin with *** to suit your environment, remove the *** after modifying the line.
- E:\scripts\ laptopcloud_enablecomputers
  Check and modify all lines that begin with *** to suit your environment, remove the *** after modifying the line.
Schedule the 2 batch files above to run for every 5 minutes around the clock.

Set Up Web Server

Use the following steps to set up Web Server

10.	Use the following steps to download the scripts needed to set up the web interface page for laptop users: Click the Download Now button located on the right. Select a location to save the .zip file. Navigate to the location of the .zip file and unzip the file.
11.	Make any required changes to this example web page cloudlaptop.html file. This web page assume that the package files to be downloaded are named "32bit.exe" and 64bit.exe". Modify the file to match your paths and filenames. The backend files require that your web server supports PHP. Make and necessary modifications to the, users.php , download.php and computer.php files to suite your environment. (file paths, look for “$folderName =”)

Set up Data Collector Server

Use the following steps to set up data collection server.

12.	Use the following steps to download the scripts needed to collect laptop users data: Click the Download Now button located on the right. Select a location to save the .zip file. Navigate to the location of the .zip file and unzip the file.
13.	Create folder E:\CloudLaptop Place the download_from_web.bat in the folder and schedule the batch file to run every 5 minutes. Modify the batch file, check and modify all lines that begin with * to suit your environment, remove the * after modifying the line. This server will require a method to download files and delete files from the web server. In our example we used secure FTP server but you can tailor this to any FPT program you use.

Verify the Setup

14.	On Web Page: Verify that the web page loads properly and can be accessed by your users. Verify that when you enter a username, password and company in the step 1 form, a file gets written to the Users folder. Verify that when you enter a computer and email it the step 4 form, a file gets written to the Computers folder.
15.	On Data Collector server: Verify that when the schedule runs for the download_from_web.bat that the users and computer files get copied to the Data Collector server in the Users and Computer folders and that the files are deleted from the web server.
16.	Commserver - User creation script: Verify that when the schedule for the createuser.bat file runs that the user files get copied from the Data Collector server to the Commserve and that the files are deleted from the Data Collector Verify that the user account in the file actually gets created and assigned to the Laptops user group. Verify that the user account that was provided on the web server receives a confirmation email.
17.	Commserver - Computer activation script: Verify that when the schedule for the enablecomputer.bat file runs that the computer files get copied from the Data Collector server to the Commserve and that the files are deleted from the Data Collector Verify that the computer gets added to the Laptops client group. Verify that the computer gets removed from the Waiting room client group. Verify that the email account the user entered gets added to the laptop client description field. Verify that if the user has selected YES for the data encryption option that the storage policy for that laptop gets changed to the Laptop backups (sensitive) storage policy. Verify that the user account that was provided on the web server receives a confirmation email.
18.	Provide the Cloud Laptop Web page URL to laptop users.

End-User Experience

The following steps outline what the end user can perform and experience they should encounter.

The user desiring their laptop to be protected will visit the web page provided by the Service Provider in the steps above.
The user will create an account by filling out and submitting the form on the Web Page in Step 1: Create User Account.
The user will receive a message stating their account submissions will be processed shortly. Within a few minutes, they will receive another email stating that the account has been created and they may proceed to the next step.
The user will download and install the appropriate package for their laptop computer.
By double clicking on the package, it will install the software to their computer. At this point the computer software is installed in decoupled mode which means the laptop is not yet a member of the Commcell.
The user now runs the RegisterMe.exe tool which will couple the computer to the Commserver and make the user the Owner or the laptop on the Commserver, giving him/her all rights to that computer.
At this point the user has 2 options:
- If they require no changes to the default configuration provided by the Service Provider, they can Activate the computer right way and begin backing up. The default configuration provided by the Service Provider would include the subclient content selected for backup as well as a non-encrypted data protection scheme.
- If the user wishes to change the content that gets backed up i.e., add folders / filter folders or enable Password Protection (Data Encryption) then can do so now by following the instructions provided.
Lastly the user Activates their laptop by visiting the web page, providing the computer name they have registered and clicking the button I’m ready for my first backup.
The Laptop will perform a backup based on the schedule rules the Service Provider has defined.

All the above can take place without the Backup Administrator needing to do anything for the user.