New to Elastio? This secton will guide you through easy steps to configure Elastio in your environment.
To start using Elastio you’ll need a Tenant, which is a logically separated space of the Elastio service dedicated to a specific customer or user. Need more than one Tenant for your organization? No problem, you can create multiple Tenants according to your needs.
Invite team members to your space, and assign them roles. The roles assigned grant or restrict access to various Elastio operations.
Once you’re all set with the Tenant, link your AWS account(s) to your Tenant. During Elastio install we’ll create infrastructure needed to run your first Elastio backup automatically. At this point you are ready to start protecting your assets with Elastio.
Let’s get started!
Navigate to the elastio.com and sign-up. Afterwards, you will receive an email with access to your Elastio Tenant.
Click on Show instructions to see a step-by-step guide to creating your Tenant…
When you sign up for Elastio, we will send you an email with an invitation to create your Elastio Tenant account. Here is a step-by-step guide to signing up and creating your Elastio Tenant.
A step-by-step guide to connecting to your Elastio Tenant
1. Sign up for an Elastio Tenant accountNavigate to the Elastio Website and click on the Try for Free button (Figure 1).
The next step is to fill in your email (see Figure 2 below).
The following step is to name your Tenant (see Figure 3 below).
After filling out this web form and clicking on the Sign Up button at the bottom of the form, you will see the following message:
"We are onboarding new users every day, keep an eye out for our onboarding message sent to your email."
2. Create your Elastio Tenant Account
Once the email has arrived, click on the green Join Now link contained within the email (see Figure 5 below) to navigate to Elastio Tenant web page and follow the steps listed below.
Note: The following points are important to bear in mind before starting with the list of instructions below:
- - Active sources would contain your AWS account and regions you deployed to.
- - The AWS Security Token Service (STS) must be enabled in your AWS account for the Cloud Connector to communicate with the Cloud Tenant.
Select Sign In to sign into your Cloud Tenant account (Figure 6 below)
In order to access the Elastio Tenant you can just log into it via Google or Microsoft (MS) Single Sign-On (SSO). On the other hand, if you're going to log in using a username and password, you need to first register in the Elastio Tenant by clicking on the Sign Up button below the Sign In button (see Figure 7 below).
Enter your name, work email, and password and then click on the Sign Up button.
Once you have logged in either with your username and password or via Google or MS SSO and been successfully authenticated, you will be logged into your Elastio Tenant account.
In order to invite team members to your Elastio Tenant, navigate to the On Boarding page and select Invite Team Members section. Clicking on this section will forward you to the Team Members page that allows you to create and manage groups, users, roles. Alternatively, the same page can be accessible through the Settings page. The Team Members tab allows you to view and edit team members, as well as to add new users to your Elastio Tenant.
To find more information on how to invite team members to your Tenant, click on the Show instructions…
To add a new user to your Tenant, follow the steps below:
- 1. Press the "Add User" button.
- 2. Add the user's email, assign him a role and save the modifications in the "Add New User" pop-up. To find more about Roles, go to the Team Members page
- 3. It is also possible to find a certain team member with a search box under the Users tab.
Once you have invited your team members to join your Tenant, you can proceed by deploying Elastio to your AWS account.
Sources are AWS accounts that can be connected to your Elastio Tenant. Multiple accounts can be connected to one or several Tenants.
To connect your sources to your Tenant, navigate either to the On Boarding or to the Sources page and press the “Link Source” button. Alternatively, you can set up your Tenant and after that you will be forwarded directly to the Cloud Installer flow. The flow will guide you through deploying the Elastio CloudFormation stack and Cloud Connector and allow you to connect sources to your dedicated space.
To set off, click on the Show instructions…
To deploy Elastio into your AWS account, follow the instructions below:
- Enter your AWS account number into the input field in Step 1.
- Select an AWS region to deploy the Elastio CloudFormation stack to. Click on the “Deploy CloudFormation Stack” link.
- An AWS Console window will open in a new tab. Please do not make any changes to the default inputs.
- Check the checkbox “I acknowledge that AWS CloudFormation might create IAM resources with custom names.”
- Click the "Create Stack" button. Wait until the CloudFormation stack is deployed successfully. This might take a couple of minutes. Note: For further details on the Cloud Connector security information, click here.
- Once the stack creation is completed, go back to the Elastio Tenant. A list of available regions should appear in Step 3. Select the region(s) and the VPC(s) you want to deploy to. A default VPC is pre-selected, but you can change it if you wish. Note: The selected VPC can have either a public, or a private subnet, as well as a subnet in every Availability Zone within the region. A public subnet with "auto-assign public IPv4 address" enabled allows Elastio to run smoothly. Though if you Policy to use Elastio only within the VPC with a private subnet, you will need to create a private subnet with a NAT gateway. The instructions below will help you to configure it:
- Create a public NAT in the public subnet.
- Go to the private subnet route table and route `0.0.0.0/0` through the NAT.
- The public subnet route table should have a route `0.0.0.0/0` to IGW interface.
In this case the vault will only be accessed from within the private subnet. Mount backups from your workstations will become possible only after setting up a VPN tunnel into the VPC with a network path from the VPN tunnel to the private subnets, where the vault is running.
Deploying the vault entirely in public subnets will allow the vault to be accessible over the Internet. So, performing backups, restores and mounts from outside of AWS (either from other clouds or from on-prem workstations) will become available. This is the most flexible configuration, but it might not be permitted depending upon each organization's security policies.
Once you have deployed Elastio to your AWS account, you can go on and create your first protection Policy.
There are two ways of protecting your assets. You can do it either from the Elastio Tenant or through the Elastio CLI.
In order to schedule backups for certain assets in your AWS account enabled with Elastio through the Elastio Tenant, navigate to the Policies page. Alternatively, you can do it through the On Boarding page. For now it is possible to create a Policy for AWS EC2 and AWS EBS.
To learn more about how to protect your assets, click on the Show instructions…
Protect assets with Policies
A Policy is a way of scheduling Elastio backups for certain assets in your AWS account enabled with Elastio. Policies can be created either for special Assets or for Assets with associated tags.
To add a new Policy to your account, please follow the steps below:
- Press the “+New Policy” button.
- Add a name to your Policy and define the schedule for it.
- Step 2 - Integrity Scan - provides you an option of running Ransomware or Malware detection scan against the recovery points that are created when the Policy is executed. You can select either or both options.
- On step 3 select the assets you would like to protect.
- Press the “Save and Activate” button to start your Policy.
Elastio backup Policy may run every 15 minutes, 30 minutes, every hour, 12 hours, as well as daily, weekly and monthly. It can be started immediately or at a set time.Note: if you have selected the “Run now” option, you should be aware that the first backup will run at its earliest availability, which for now is every 15 minutes So, a Policy created at HH:25 with the “Run now” option on will run at HH:30 and then according to schedule.
You can select specific Assets from the table below and add them to the Policy.
You can also select Assets by tags. Enter the tag to identify which assets to protect when the Policy is executed.
Please note: an asset must have a tag to be backed up with a Policy. Each time the Policy is executed, the assets are identified by tag dynamically meaning that the assets and tags don’t need to exist when this Policy is created.
Please note: an asset count in the Policies table on Policies page will be 0 until the first run of the Policy. Once it was run, the assets count will be updated with appropriate number.
To learn more about how to create, edit and delete a Policy, see the Policies page instructions.
Protect assets with Elastio CLI
Available types of backups for Elastio CLI are:
- Streams (S3 buckets, stdin)
- Block devices
- Databases and individual tables (Local, Amazon RDS, Google Cloud SQL, Azure SQL)
- EC2 instances
- EBS volumes
Elastio helps defend your data from ransomware and malware attacks by detecting ransomware, crypto miners, trojans and other malware hiding in backups. Our malware engine is updated daily with the latest known malware. It detects evidence of a ransomware attack in the recovery points with deterministic and statistical analysis against all files in the backup. Elastio protects against over 1,000 known ransomware.
There are two approaches provided by Elastio to check recovery points for vulnerabilities. To get to know more about these approaches, click on the Show instructions.
Enable The first approach is to enable
iscan for recovery points in a Policy
iscanfor a data protection Policy. Policies are defined in the Elastio Tenant and are applied to assets within the accounts enabled with Elastio. Policies include both a protection schedule and integrity scan options. Follow these steps to enable recovery point scanning after every scheduled backup.
- Proceed to the Policies page, press the “+New Policy” button.
- Add a name to your Policy and define a schedule for it.
- Set an integrity scan to run against the recovery point after every backup. You can choose to run a check for ransomware, malware or both.
- After the Policy is run at least once, navigate to the Reports page to check the details for each ransomware and malware checks performed.
- Click the Run Report button to see all Anti-Malware Scan Results.
- By clicking on the recovery point ID you will be redirected to the asset page that carries the details on the asset that has been backed up.
- Expand the row with the scan by clicking the "+" button. Then by clicking on the asset ID proceed to the Malware and Ransomware Scan Results.
Scan recovery points and paths through Elastio CLI
The second way of checking recovery points for malware is to use the Elastio CLI Integrity Scan (
Elastio Integrity Scan capability is available using the
elastio iscan command within the Elastio CLI. It can be initiated like so:
elastio iscan should be run on an EC2 instance in order to function properly. This restriction will soon be removed. Additionally, currently
iscan might fail on amazon Linux 2 if the `ntfs-3g` is not installed. To install it, run:
sudo yum install ntfs-3g
Integrity Scan (
iscan) can be used for a certain path:
elastio iscan $path
or for a recovery point, where the recovery point must be that of an EC2, EBS or block:
elastio iscan --rp $rp-id
The output is presented on the screen and saved in a .gz file. This file contains the details of the scan.
Check a directory for malware only:
elastio iscan --malware-only $path
To mount a recovery point and to check it for ransomware and malware:
elastio mount rp --rp $rp-id
elastio iscan $mnt
Elastio jobs execute background tasks, including deploying Elastio resources, backup and restore operations and integrity checks. Background jobs are initiated when performing agentless EBS and EC2 operations and integrity checks. Background jobs run in the same account as the Elastio. They also automatically run in the correct region for the resources respectively. Other kinds of jobs are foreground backups and restores, such as block, file or stream.
To monitor the operations performed by Elastio, click on the Show instructions…
Monitor jobs in the Elastio Tenant
All jobs show up on the Jobs page which can be accessible through the On Boarding page. The page displays the current status or the job and its result. The Jobs table shows a Job Type, its Task, the Date the operation was scheduled on, the Date of its completion and the Status of the Job.
The task of the job carries the description of the operation performed by the Elastio.
The "Scheduled on" date displays the date the operation was initiated. The "Completed on" date displays the date when the operation has reached it's logical end.
The Status of the job shows the progress of the operation.
In order to find a job of a particular type, apply the respective filter.
Clicking on the plus sign will show the detailed progress of the parent job, as well as the status of the child jobs included in the operation.
Monitor jobs through Elastio CLI
You can also monitor the progress of the operations through the Elastio CLI. Use the following command to monitor a job run:
elastio job monitor --job-id $job-id