Your Concerns Matter! How Can We Help You?

Frequently Asked Questions (FAQ)

No.  We have focused our efforts towards supporting M365 SaaS workloadsWe support backup / archiving of M365 components like Exchange Online, OneDrive for Business and SharePoint Online.

Although not commonly done, we do support backing up to local storage on your premisesSuch a deployment is what we call a BYOL (Bring Your Own License) model as opposed to our BaaS (Backup as a Service)In this case however, you will be responsible for hosting the backup infrastructure and the Parablu software on your premises, in addition to the storageThis could result in significant network impact to your on-premise set up – since all the MS 365 data will need to be downloaded in order to record it to local storage.

It is similar to brick level backup in the sense that it is a granular backup where you can restore individual mailboxes, sub-folders or even a single messageHowever, unlike brick level backups which sometimes export the data into a PST file to provide the above granularity – we don’t have to do thatOur method directly catalogs the individual mailboxes, folders and emails in our meta-database so it is a seamless experience for you.

We have methods by which we can capture email even if a user deletes the email immediately after they receive it, before the next backup has a chance to runEven if they delete it, remove it from Deleted Items and from the Recoverable Items area.

With our cloud-cloud backup, this isn’t a concern because the data moves directly from your MS 365 cloud to your Parablu backup tenant in the cloudThere will be no impact on your on-premise network infrastructure for backup operations.

Yes.  A simple way to do this is to make the employee’s mailbox a shared mailbox (which doesn’t require a separate license) and relinquish the employee’s MS 365 license.  Parablu supports backups of shared mailboxes – so once the backup is complete, you may choose to delete the shared mailbox. 

Even better, if you need to turn over access of this data to a new employee or a supervisor, it is incredibly easy to do so using our Asset Reassignment feature.  Rather than download all their data into a PST and give it to the new employee on a USB drive etc. – you can simply assign ownership of the ex-employee’s backups to the new employee in the Parablu portal with just a few mouse clicks. 

Mailbox (or OneDrive) registration is seamless and automaticWe integrate with Azure Active Directory to identify the users for whom you wish to backup mailboxes or OneDriveYou can create an Azure Active Directory group and populate the names of the licensable users in there – and Parablu will periodically sync with that listIf new users are added, we will automatically provision a license for them and register their Mailbox or OneDrive for backupIf users are removed, we will automatically relinquish a license for such users and move them into a blocked or ‘preserved’ stateUnlike some other products, we don’t require a separate server to provision users or their mailboxes. 

Absolutely! You can run backups as many times as you wish. Multiple times a week, even multiple times a day.

The previous backup is first allowed to finish. The new schedule will defer itself and run only at the next opportunity.

We backup the latest version of each file as of the time of the backup run. We however maintain multiple versions in the backup repository based on the number of backup versions you’ve asked us to preserve. This allows you to preserve more versions of files over a longer time period without running out of storage or network bandwidth.

Parablu maintains file versions in our backup repository based on how many times we’ve backed up the same file. Files are backed up only if they’ve changed – so if a file hasn’t changed, we will only keep the first version that we collect at the time of the full backup. But if a file does change, it will get backed up during incremental backup runs – and we will maintain a version corresponding to the number of times the file qualified for an incremental backup. Although, by default, we keep 3 file versions, you can increase or decrease the number of version we store via our policy settings.

YesWe do this using a mechanism called asset or mailbox re-assignmentThis is especially useful when a user leaves the organization and their backups need to be accessible to someone else after they leave.

No. Content Search – It is a builtin feature and is provided as part of our Exchange Online backup and archiving solutionsContent search for OneDrive and SharePoint are also available, but as add-on licenses which need to be purchasedOur search feature is native and doesn’t require you to export the data first into a PST and then search

With our cloud-cloud backup, this isn’t a concern because the data moves directly from your MS 365 cloud to your Parablu backup tenant in the cloudThere will be no impact on your on-premise network infrastructure for backup operations.

Yes. With our cloud-cloud backup, this isn’t a concern because the data moves directly from your MS 365 cloud to your Parablu backup tenant in the cloudThere will be no impact on your on-premise network infrastructure for backup operations.

Yes – so long as they’re an administratorAn end-user would not have this privilege.

NoThe destination mailboxes listed in the Parablu UI will be only authorized and licensed mailboxes present in your M365 tenant.

This can be prevented by leveraging Parablu’s integration with Azure AD conditional access.

YesParablu’s audit logging is detailed and comprehensive and covers all critical touchpoints.

Parablu helps you meet GDPR compliance in several waysFirst off, we support data locality requirements via geo-fencingSince our data centers have worldwide points of presence, if you have users in certain geographies whose data should stay within that geography, we can support that via our user-tethering featureSecond, we have support for GDPR’s “right to be forgotten requests” wherein you can search for and delete specific files or emails based on a citizen’s requestLast, but not lease, we provide detailed, historical reports and audit logs of backup and recovery performance – which are essential to prove compliance to an external or internal audit team.

Yes, we can make a local copy while also creating a copy to the cloudThis is a favored deployment model to have an offline data copy, while still having a local version for quick restores.

  • Parablu BaaS has built-in redundancy so a single VM or compute instance going does doesn’t stop backups.   
  • But in the event of an on-premise deployment which hasn’t made redundant, it is fairly easy to set up an alternate server, re-install the Parablu server bits on it, restore the latest copy of the Parablu meta-database and bring up the backup server back up and running.  This process could take about a half a day at the most. 

De-duplication percentage can vary greatly based on the type of data backed up, and the quantity of data that has been backed upDe-duplication ratios also tend to improve greatly when many incremental backups have run in sequence after the first full backupWhile it is hard to put a precise number on de-duplication ratios, we have seen customer environment reports as little as 2x savings and as high as 5x savings in storage. 

Only if you opt to use our cloud storage (Azure blob)You can opt to use your OneDrive for Business or Google Drive accounts for storage – in which case, our software will deposit the data in your OneDrive or Google Drive user accounts.

Data is encrypted at all times when using Parablu both during transit and at rest.  During transit, we always use secure channels for all data transfers using https protocolsAll data is transferred using TLS 1.2 minimally and with strong ciphersData at rest is protected using AES-256 encryption, and we let you manage and change the encryption keys at any time. 

Yes and no. 

You can absolutely access your own backup data – but using the Parablu user interfaceIf you go directly to OneDrive, our patented secure container will deliberately not let you access the backup files directlyIf you think about this – it makes sense because the backups are supposed to be an immutable enterprise copy of data and users shouldn’t simply be able to go and tamper with those files or delete themSecondly the backups are stored in an encrypted form – and not decipherable by the human eyeUsing the Parablu interface, you can view, download and restore any data that you wish to, from the backups.

AbsolutelyParablu doesn’t interfere with your users’ OneDrive usage at allThey can continue to use OneDrive as they always haveIt is just that a portion of their OneDrive storage is now quietly being used to keep their data safe.

A Delegated Administrator has (more or less) all the rights of an administrator, but on a limited set of users and devicesDelegated Administrators are typically assigned to particular departments, geographies etc. 

Agents can be deployed using a variety of mass-deployment toolsPopular methods from Microsoft include SCCM, InTune, or AD GPOMany third-party tools can also be utilizedIt is of course, also possible to install the agent interactivelyPlease note that once the agent is installed on an endpoint, it can auto-update itself going forward.

Devices are typically identified by the device name as named in the operating systemInternally Parablu uses a unique GUID to identify devices. 

We usually offer our software in a subscription model.  The licensing is per-user and the subscription fee is yearly.  Each user license allows protection for up to 3 devices.  Our M365 backup is also licensed similarly (per-user).  Our server backup pricing is per server, with additional costs based on storage, should the storage exceed certain thresholds. 

In some cases, we also offer a perpetual license – please speak to your partner or Parablu sales representative for details 

  • Our reports are designed in such a way that you can receive them in various forms – via email, as PDF or even as an MS Excel/csv file.  You can narrow down the scope of reports based on users, devices, policies, time intervals etc. as the case may be.   
  • Report customization is best accomplished by using our Excel/CSV format, and using Excel tools such as graphs, pivot charts etc. for internal presentations. 

Typically, policies are created for groups of users – not for each individual user.  The power of policies comes from the scale-out effect they can bring – you can define in a single policy the backup schedule, retention, folders for backup, folders to exclude, file types to include/exclude etc. – and then let that take effect for hundreds (or even thousands) of users. 

But if you wish to create a policy specific to a user, that is of course also possible.  Just create (or clone an existing) policy with the right setting and point the specific user to it. 

After a first full backup copy is made of all files, incremental backups look for new or changed files and back them again.  As a file changes multiple times, it is likely to get backed up over and over again.  Parablu doesn’t overwrite the old copy of the file in the backup with the new one.  It instead preserves older copies in the form of ‘versions’.  You can view files in the backup by version and identify a previous version to recover if you so wish.   

By default, Parablu preserves 3 versions of a file, but this is a configurable setting. Customers usually opt to keep a fixed number of versions.  3 or 5 versions are common settings – although we have some customers who have been known to keep as many as 90 -100 versions also.

This is quite likely to happen with endpoints – but is not a worryThe endpoint agent is highly resilient and will attempt to resume the backup at the next opportunity (not the next schedule, but as soon as the system is back on the network and connected)All backups are checkpointed – so they will restart from the point where they were last suspended. 

  • Both options are possible.  We can certainly backup OneDrive files from your laptop.  In such a case, it is important to ensure that the file are actually present on disk in a hydrated form and not in a de-hydrated form – since that could slow down the backup inordinately.  To make sure of this, you will need to turn off the ‘offline files’ option in OneDrive. 
  •  OneDrive files can also be backed up right from the OneDrive repository in the cloud using our M365 OneDrive backup support.  

In both cases the destination storage can be the Parablu secure container in OneDrive itself. 

YesThis is simply done by creating (or cloning an existing) policy and specifying the folder in questionOnce the policy is created, assign the policy to the desired user. 

No.  This is deliberately not allowed to maintain the sanctity of the backupThe only sanctioned way for data to be removed from the backup is via automatic retention/versioning rules executed automatically by the softwareOr by an Administrator using a special “Administrative Delete” option which should only be used in special cases such as to satisfy user deletion requests under GDPRAdministrative delete request are closely audit logged for compliance.

No.  The idea of a backup is to have the data preserved even if a user deletes from their laptop.  So, Parablu’s backup copies are completely insulated from any actions on the endpoint performed by the user or even malicious software like ransomware. 

If there is a need to remove data from the backup since they have been permanently removed from the endpoint and the user doesn’t wish to preserve those files in the backup any more, it is possible to set a delayed deletion rule to remove deleted files from the backup as well – usually after a period of 30 or 60 days from the deletion on the endpoint.  If in such a time period, those files have not re-appeared in the backup, if such a setting has been enabled, then Parablu will delete that data from the backup as well. 

Also called a Litigation Hold, this is feature which is typically used in cases where there is a demand for information from an attorney or a judge, or a legal team.  Parablu allows administrators to turn on this option at a Policy level. 

Once a user is placed in a policy with Litigation Hold turned ON, the software will automatically suspend any policy-based data deletion – in other words data retention becomes infinite, which means all backed up data is retained forever.  The endpoint agent also quietly begins to backup all folders on the endpoint system, as opposed to only those specified by policy.

By default, yesBut there is a privacy setting to turn this off and only allow self-restoresThere is also an option to allow administrator restores – but with an email notification to the user indicating the details of the restore attemptAny administrator actions taken to modify these settings are fully audit-logged.

Yes.  End-user privileges can be dialed up and down by Administrators based on business requirements.  And different groups of end-users can be managed differently as well. 

So, yes, it is possible to prevent end-users access to backed up data, and force them to go via the administrator for any restore requests.

Parablu’s endpoint agent has been designed with care to ensure that it takes minimal resourcesIn most cases, users will not even be aware of its presence or that it is runningIn cases where administrators wish to reduce the endpoint agent’s footprint further, it is possible to throttle the agent’s CPU and network usage via policy. 

Our compute resources in the BaaS cloud are elastic and are handled automatically by the software to accommodate load. In cases where you are deploying our software on-premise or in your cloud, the servers are spec-ed carefully to handle anticipated load based on what we know about your data patterns.

Parablu servers have self-governing mechanisms to manage load dynamically. They have data-flow control mechanisms based on hysteresis based high and low watermarks. If the server is getting backups at a faster clip than it is able to push the data out to storage, it will auto-throttle incoming backups and open up again only after it is sufficiently caught up on the backend.

The agent will automatically connect to the closest media server that it can reach. Since the media servers are stateless in nature, any media server can handle any user’s data without having to know any previous state or history.

That said, it is also possible to direct data flow from certain endpoints only to specific media servers (for geo-fencing and data residency reasons).

Parablu goes a long way in helping an organization being GDPR compliance. A fundamental tenet of GDPR (and for that matter, any regulation) is to preserve the data you own. Parablu not only help organizations do that, it also provides you with auditable reports and logs which can help you prove compliance to an internal or external auditor – even a regulatory body or authority.

Apart from that Parablu has several GDPR specific features. Parablu, through its Administrative Delete feature allows organizations to comply with user’s “right to be forgotten”. Parablu also supports the notion of data locality by allows users and devices to be ‘tethered’ to a given geography. Parablu’s encryption which allows you (as the customer) to control encryption keys puts your organization on a stronger platform with respect to compliance, even in the event of a breach.

Since such a list would be very long and, in any case can be viewed right on the portal in the MyFiles screen, we instead allow administrators to view a list of files which have failed during a backup. For any given backup run, administrators can get a count of failed files and the list of such files.

Not necessary. The Parablu server can be equipped with a public IP, and placed in the DMZ with port 443 alone opened up for incoming https connections. This will allow backups to occur to the Parablu server over the internet without a VPN. Such a set up should be protected with appropriate security software and server hardening steps of course.

If you are utilizing storage on-premises, you may consult with your storage vendor for this. Most modern storage arrays have non-intrusive ways to expand storage without affecting your existing data.

The best option is to of course use cloud storage, where storage expansion is vastly easier to manage.

Of course. Parablu doesn’t prevent regular usage of OneDrive in any way.

First off, Parablu will not delete or overwrite any files in your backup even in the case of a ransomware attack. Any actions on the endpoint (either by a user or by ransomware) don’t impact your backup data copies.

Parablu might continue to run backup post the attack and it is possible that encrypted files may get added to the backup. But this doesn’t affect your ability to retrieve your data – here’s why.

First off, the sanctity of your older file versions or copies is untouched even if encrypted files have been added to the backup more recently.

Let us take an example of file called ’abc.docx’ which is valuable file. When a backup runs, we keep a copy of abc.docx in OneDrive or Google Drive inside our secure container. Now if a ransomware attacks hits this file, it will deleted and replaced with an encrypted file of the form 60F9FCCC-68A2-76A7-8C1E-9B8A53652A3F.thor. The standard Google Sync or OneDrive client will faithfully replicate this to the cloud by deleting abc.docx and recording the new file 60F9FCCC-68A2-76A7-8C1E-9B8A53652A3F.thor. However, if you browse BluVault’s archives using our web interface or agent GUI, you will not only see abc.docx there, you can click on it and download/restore the file.

Most importantly, Parablu supports a ‘point-in-time’ restore of data – which means that after a ransomware attack, you can choose to ‘dial back’ to an earlier point in time, prior to the attack, and choose to get all your data back as it looked then.

Parablu also offers a Ransomware Defense Suite which can assist further in recovering from an attack. Please get in touch with your Parablu reseller or sales representative to learn more.

Not necessarily. Parablu has several ways to help you preserve the data backed up for users previously employed with the organization.

  • First off, Parablu doesn’t remove old data and meta-data simply because a user’s backup license is relinquished. Even if a user license is de-provisioned because the organization needs to use that license for another user’s backups – the backup data for the user’s devices are preserved in the system. The user continues to exist in the Parablu system in a ‘blocked’ state. Restores can be enabled for the user simply by temporarily assigning a license back to the user.
  • Secondly, Parablu also provides Data Migration – another extremely helpful feature during employee separations. This is especially so in cases where Parablu is set up to back up device data to an individual licensed storage allocation like OneDrive for Business. When the employee leaves the organization, and their Microsoft 365 license expires, the business has about 30 days during which Microsoft allows the organization time to retrieve any data they require from the terminated account. If the BluVault backups are stored on OneDrive, it is important to ensure that those backups are relocated to a safe target for subsequent restores.

BluVault’s Data Migration feature will move all backup data for a given user out of their OneDrive for Business account into a central OneDrive repository supplied by the organization. This process is irreversible once started and results not just in moving the backup data, but also updates all data pointers in BluVault’s meta-data catalog to refer to the new backup locations.

  • Thirdly, Parablu also allows a way for a former employee’s device to be “re-assigned” to an alternate user in the organization. If the alternate user (like a supervisor or a co-worker) has frequent need to access and restore data from the former employee’s backups – then such an arrangement makes sense. The new user would be able to view and access the backups from the former employee’s devices much like they can access their own. Device reassignment is normally permitted for up to 10% of the total # of licenses purchased.

YesBluVault allows administrators to assign servers to policiesPolicy settings dictate schedules (how often backups should run), what folders to include in the backup, which ones to exclude, which file types to include or exclude etc. Schedules can be set to run daily, weekly etc. and can even be set to run several times in a day.

YesAll Parablu products can be managed from a central web-based console,  Administrators can configure users, systems and polices from this consoleThey can monitor backup operations, and even perform on-demand backup and restore operationsAudit logs and reports are also available for viewing or auto-scheduling via the console. 

All data is fully encrypted during the backup process, both during transit and at restBluVault uses strong AES-256 encryption to protect data at restData in transit is sent over https channels using TLS 1.2 with strong ciphers.

YesBluVault is agnostic to how the storage is configured on the serverSCSI, FC, iSCSI, NAS or Direct Attached disk – are all supported.

Yes. BluVault can be used as part of a broader Disaster Recovery solution.

BluVault’s System State backup includes backup of Active Directory.

BluVault supports the notion of a ‘dual copy’ – where one copy of backup data is kept on-premise while another is copied to a cloud repositoryThis allows for a virtual air-gapped copy in the cloud, while also having a nearline copy of quicker restores.

BluSync transfers files using using a secure TLS 1.2 channel over httpsBluSync doesn’t use protocols like FTP or SFTP which require you to open special ports like port 22.

Certainly.  One simple way to automated file synchronization is to install the BluSync agent on the user endpoint. This agent seamlessly synchronizes data with the cloud at predefined intervals, making it easy on end-users. 

BluSync also has an API which allows for file upload and sharing operations which you can use to integrate with your organization’s workflow if you so desire.

Yes.  BluSync is supported on a broad variety of cloud storage targets such as MS Azure Blob, Google Cloud Platform, IBM Cloud, Oracle cloud, AWS S3 and several other S3 compatible storage targets. 

In addition, BluSync has the unique ability to also leverage OneDrive or Google Drive as a central repository. 

BluSync records every action carried out by administrators and users in its Activity History logs. This encompasses activities not only activities such as logins and logouts, but also file uploads, downloads, sharing, as well as policy modifications made by administrators.

BluSync is integrated with Active Directory, Azure Active Directory and Okta.  BluSync can leverage these for authentication (single sign-on) as well as for automated provisioning and de-provisioning of users (via security groups).

Parablu also supports its own local namespaceUser logins for external users or third party users can be created using Parablu’s namespaces. These logins can also be secured with complex passwords and multi-factor authentication.

Yes, Multi-Factor Authentication (MFA) is built-in with BluSyncFor users who are part of AD/AAD/Okta, BluSync can use Single Sign-on and piggy back on the MFA enforced by your identity managerFor non AD/AAD/Okta users, it is possible to enforce MFA and generate a 6 – digit One-Time Password each time they loginFile accesses by recipients can also be mandated to require MFA the same way. 

Have a specific question? Speak with our experts.

Resources

Webinar

Ransomware Recovery Made Simple

The annual ransomware-triggered financial losses are projected to exceed $265 Billion globally by 2031. Inadequate data protection measures..

Blog

Cloud Storage Solutions: Decoding the Cost Components

Cloud storage is now the go-to solution for organizations looking to streamline their data management. It offers flexibility, scalability, and accessibility.

eBook

Ransomware Attack – The importance of data backup

A deep-dive into how enterprises can use endpoint data backup as defense against ransomware. The best defense against Ransomware attacks, without a doubt is a backup.

Scroll to Top