Overview
Ironcore Backup Solution (IBS) is the platform-wide service for backing up and restoring compute instances, system containers, and physical hosts. As an administrator you provision backup datastores, configure retention policies, define replication targets, integrate tape libraries and object storage backends, and govern access through roles and tokens. This guide covers the full administrative lifecycle — initial deployment, day-to-day operations, and tuning IBS for production workloads.- Deployment Console
- CLI
Open the Deployment Console
Log in to the deployment console (
https://the-deployment-console.<your-domain>)
and navigate to Configuration.Enable Backup Solution
Select the Advanced Features tab. Toggle Enable Backup Solution to Yes.This provisions the backup server, default local datastore, and the integration
with the Ironcore platform without any manual file editing.
In This Guide
Architecture
Component diagram, data flow, change tracking, deduplication, and encryption layers.
Datastores
Create local, replicated, and S3-backed datastores. Organise data into namespaces.
Retention Policies
Configure daily, weekly, monthly, and yearly retention with the Prune Simulator.
Replication and Sync
Replicate backups between Primary DC and Backup sites with encryption in transit.
Tape and Object Storage
Integrate LTO tape libraries and S3-compatible object storage for long-term archival.
Access Control
Roles, API tokens, multi-factor authentication, and LDAP / Active Directory realms.
Security and Encryption
Client-side AES-256-GCM, master-key handling, ransomware protection, and hardening.
Verification and Validation
Schedule integrity checks and conduct bi-annual mock recovery drills.
Notifications
Send alerts via SMTP, webhooks, and external metric servers.
Infrastructure Sizing
Plan Primary and Backup site capacity for incremental, full, and archival retention.
Troubleshooting
Diagnose backup, restore, sync, and verification failures across the stack.
Architecture Summary
| Service | Role |
|---|---|
| Backup API | REST API for backup, restore, datastore, and job management |
| Scheduler | Triggers backup, sync, and verification jobs based on configured schedule |
| Garbage Collector | Reclaims chunks that no snapshot still references |
| Verification Worker | Re-reads chunks and recomputes SHA-256 to detect bit rot |
| Replication Worker | Mirrors snapshots from Primary to Backup site over an encrypted channel |
| Tape Worker | Reads / writes LTO tapes; manages barcoded media catalog |
Compliance Mapping
| Requirement | IBS Capability | Configured In |
|---|---|---|
| Block-level change tracking (CBT) | Native block-level CBT for running VMs | Architecture |
| Full + incremental + file-level restore | Snapshot model with mountable archive | Restore Options |
| Daily Incremental retention (7 days) | Retention policy keep-daily=7 | Retention Policies |
| Weekly Full retention (3 weeks) | Retention policy keep-weekly=3 | Retention Policies |
| Weekly archival (52 weeks) at Backup site | Sync job + retention keep-weekly=52 | Replication and Sync |
| Near real-time async replication | Push / pull sync jobs with throttling | Replication and Sync |
| Encryption in transit | TLS 1.3 between sites | Replication and Sync |
| Integrity verification of replicated data | SHA-256 verify after sync | Verification and Validation |
| Deduplication and compression | Content-defined chunking + Zstandard | Architecture |
| Encryption at rest | Client-side AES-256-GCM | Security and Encryption |
| Role-based access control | Roles, API tokens, restricted-by-default | Access Control |
| Immutability against modification | Append-only chunks, no chunk rewrite | Security and Encryption |
| Bi-annual mock drill | Restore-test job from Backup site | Verification and Validation |
Next Steps
Ironcore Backup User Guide
Operate IBS from a project member perspective — create backups and restores.
Ironcore Backup Overview
Service overview and getting started.