logo for Autonomy
 
Connected Deployment Guide
Contents Introduction

This guide is for those customers of the Connected Backup for PC and Mac Small-Business Service who have received an email containing download, registration and support information. This instructional guide outlines the options available to you – and provides instructions for – deploying the Connected Backup for PC and Mac Agent on each machine that will be using the Service. If you have not subscribed to the Connected Small Business Service, please do so before continuing with the instructions below.

Back to Top

What You Received

The following items will be electronically forwarded to you from Connected fulfillment upon successful validation of your company’s credit card.

  • Technician ID
  • Welcome letter email containing:
    • Technician Login and password
    • Web address for Account Management web site
    • How to get technical support (free web help and email) information
    • Portal account number – for billing reference
    • Location of FAQs
    • Support Center Information

Your users will download a Setup executable from the Account Management web site. The program will install the Connected Backup for PC and Mac Agent on a user’s machine and walk the user through the process of installation and their first backup*.

*Note: Not intended for servers or multimedia.

Back to Top

Deployment and Installation

To deploy the Connected Backup for PC and Mac Agent to your users (individual accounts), send the web site address of the Account Management web site in a Welcome letter to your users.

When each user accesses the web site, they are prompted to register their account and download the software on their machine. The web site provides instructions about installing the software on the users' machines.

After installing the Connected Backup for PC and Mac Agent software, users are ready to complete their initial backup. It is not unusual for an initial backup to take several hours. We recommend users initiate this backup in the evening to run overnight. Each backup thereafter will generally take only a few minutes.

Click Backup Now at the bottom of the Connected Backup for PC and Mac Agent window to initiate the first backup.

Back to Top


Configuring the Connected Service with an Internet Firewall

Overview

The Connected Backup for PC and Mac Agent communicates with the Autonomy Secure Operations Center using the standard TCP/IP protocol.

Connections are initiated from the backup clients inside the firewall. Connections are NEVER initiated from the outside.

The program can work with all types of firewalls, including packet-filtering, circuit-filtering, SOCKS-compliant Proxy or Mapped Proxy firewalls. For most firewalls, some configuration of the firewall by the firewall administrator is needed. If your network requires explicit connection to the firewall to initiate outgoing connections, the backup software must be configured for your firewall

The requirements for running the Connected Small-Business Service are consistent with security best-practices. They do not create an opening for incoming connections, and outgoing connections can be limited to specific ports at specific known IP addresses. As an added security measure, all data is 128-bit or DES-encrypted before leaving the PC; it remains encrypted though transmission, and is stored encrypted at the Connected Secure Data Centers.

The following additional information is useful to a firewall administrator for configuring a firewall to permit outgoing connections to the backup servers.

Back to Top

Protocols - TCP/IP is used. There is no use of UDP or ICMP.

Back to Top

Server Subnets - Each user's Connected Backup for PC and Mac Agent software connects to a primary and an alternate server in order to provide high availability. Currently, all servers reside in the subnet 12.159.133.0-63 (also expressed as 12.159.133.0/26) and in the subnet 66.151.228.0-255 (also expressed as 66.151.228.0/24). The Connected Backup for PC and Mac software must have access to both of these subnets. Should these addresses change in the future, notice will be given to allow firewall changes and the Connected Backup for PC and Mac software can be automatically updated with the new addresses.

Back to Top

Port Numbers - All Connected servers listen for client requests on a well-known port number: 16384. An Agent always establishes a TCP/IP session with port 16384 on the server.

Back to Top

DNS - The Connected Backup for PC and Mac Agent connects to a server using the server's IP address, not its name. Therefore, name resolution and access to a name server are not required.

Back to Top

Registration vs. Subsequent Connections - The Connected Backup for PC and Mac Agent is configured to connect to one of a pair of registration server addresses (primary and alternate) when it is used for the first time. The registration process assigns a server address pair (primary and alternate) for all subsequent uses.

Back to Top

SOCKS-Compliant Proxy Servers - The Connected Backup for PC and Mac Agent software can be configured to connect out through a SOCKS proxy server. The IP address (or the DNS) of the proxy server and the port number on which it listens for connections must be known in order to configure the backup software. SOCKS is designed to allow outgoing connections and responses back to those connections, but to prevent other incoming packets. This is consistent with Connected Service. If your SOCKS proxy server has been set up with additional restrictions on outgoing connections, it is necessary to include Autonomy subnets in the permitted destinations.

Back to Top

Other Proxy Firewalls - In order for the Connected Backup for PC and Mac Agent software to be used with an application-based proxy firewall server, the firewall must be set to permit outbound TCP connections for a generic application. Mapped firewalls require a separate port on the firewall for each different destination address.

The IP addresses that must be mapped will appear when you attempt to run the client software, or can be seen by selecting Options/Connection.../Firewall in the client software. The destination port number is always 16384. The firewall administrator may choose any available port numbers on the firewall. Finally, the Agent must be configured with the IP address or the DNS of the firewall and the firewall port numbers that were chosen.

Back to Top

Packet filtering firewalls

The following is a summary of 'rules' that must be applied to the firewall software or hardware in order to enable Connected's client-server protocol. (All the rules are described from the 'firewall's point of view.')

1. Permit TCP/IP outbound to port 16384 to subnets 12.159.133.0-63 (12.159.133.0/26) and 66.151.228.0-255 (66.151.228.0/24).

2. If your firewall requires you to explicitly permit the response packets to come back, do so by permitting TCP/IP inbound to ports 1024-5000 from the subnets listed above, for an already-established connection. It is NOT necessary to permit a connection originating from outside the firewall.

3. We do not utilize UDP or ICMP.

IMPORTANT: If your question is not answered in the FAQs, please complete a Support Request.

Back to Top

Internet Connections

Modem, Cable, DSL, LAN Connections - Each type of connection has its own characteristics. When our software is first installed it will identify the type of connection that you have and auto-configure itself to use it. If you have more than one connection, you can specify which one the software should use. Standard modems have been in use for a long time and are consistently reliable. They open and close a connection as needed, using a dialer, unlike other methods of connecting. Our software supports the standard Windows Dial-Up-Networking for these modems.

Cable modems have certain limitations that could affect your connectivity. For example:

Cable service can be either one-way or two-way, depending on the provider. One-way service relies on an analog modem and phone line for uploads. This limits the upload speed to 33.3 Kbps. The more people on a node, the slower each connection could be. Service providers can tie a specific data rate or percentage of total bandwidth to each user. Providers do move bandwidth around among users selectively. Because most users don't need constant-megabit-per-second connections — they need high speeds for loading a Web page but not for viewing it — cable operators will take advantage of this burst of usage and divide bandwidth among multiple users.

DSL service comes in several flavors, with varying throughput rates, technical limitations, and prices. Speed: The most common form for businesses and home users — the one we refer to simply as DSL — is asymmetric DSL, or ADSL, which supports peak downstream speeds of 144 Kbps to 2.2 Mbps but upstream rates only from 90 Kbps to 640 Kbps. Your backups will run at the upstream rate.

Distance: The line's performance degrades with distance from the central office. All else being equal, users 5,000 feet from the central office will get better throughput than those 15,000 feet away. Beyond 18,000 feet service is generally unavailable.

ISP: One advantage of ADSL service is a dedicated connection that won't degrade as more users in your area sign on (as cable will). Still, performance not only varies depending on how far you are from the central office but also on the efficiency of your ISP's network. Even the fastest DSL connections can't cure bottlenecks at an ISP, such as slowdowns during peak hours.

Generally, DSL upload transmission speed is rated at an average of 256K. Therefore, a data stream of 100MB would upload in 54.50 minutes.

LAN connections, including DSL and cable, provide a continuously open channel to the Internet. Like DSL and cable, LANs do not necessarily assure a high rate of transmission. You still have to go through an Internet gateway and through several routers, so the variables that create bottlenecks still exist and can affect throughput.

Back to Top

AOL, Prodigy, CompuServe, Juno, and similar ISP connections - If you will be connecting to us via ISPs who provide their own dialer instead of using the standard Windows dialer, it will be necessary to open your Internet connection before running our software. You will not be able to use scheduled backups that run automatically, but all other features are unaffected.

Back to Top

Transmission Times/Backup Tips - Some suggestions for successful backups:
  • Avoid peak hours. We recommend using automatic backups that are scheduled to run in the earliest morning hours, between midnight and dawn.
  • Close applications that aren't essential during the backup. There may be one or more background applications running at the same time. Use Task Manager to check this.
  • Monitor several transmissions to see the speed at which your ISP has connected you. Bandwidth is not usually guaranteed and will vary with the amount of traffic at any given time. Try to backup when conditions are favorable.
  • Reduce the size of your backup sessions — at least until you complete an initial backup of everything that you want. It may be that your ISP's available capacity is being taxed by sheer volume or that your own network is.
Back to Top