> ## Documentation Index > Fetch the complete documentation index at: https://docs.polystack.tech/llms.txt > Use this file to discover all available pages before exploring further. # Ironcore Backup Solution Admin Guide > Deploy, configure, and operate Ironcore Backup Solution — provision datastores, define retention, set up cross-site replication, integrate tape, and harden security.

Overview

Ironcore Backup Solution (IBS) is the platform-wide service for backing up and restoring compute instances, system containers, and physical hosts. As an administrator you provision backup datastores, configure retention policies, define replication targets, integrate tape libraries and object storage backends, and govern access through roles and tokens. This guide covers the full administrative lifecycle — initial deployment, day-to-day operations, and tuning IBS for production workloads. All operations in this guide require administrator privileges. Changes to retention policies, datastore configuration, and replication jobs affect data already protected. Validate every policy change against the **Prune Simulator** before applying. Log in to **the deployment console** (`https://the-deployment-console.`) and navigate to **Configuration**. Select the **Advanced Features** tab. Toggle **Enable Backup Solution** to **Yes**. This provisions the backup server, default local datastore, and the integration with the Ironcore platform without any manual file editing. Click **Save Configuration**, then go to **Operations** and run **deploy** or **reconfigure**. The IBS service starts. The default datastore is registered and reachable via the Dashboard. Enable IBS by setting the flags in the globals configuration and deploying. ```bash title="Create IBS globals override" theme={null} cat > /etc/ironcore/globals.d/_50_backup.yml << 'EOF' enable_backup_solution: "yes" backup_default_datastore: "ibs-primary" EOF ``` ```bash title="Deploy the Backup Solution service" theme={null} ironcore-ansible deploy -t backup ``` The IBS API, scheduler, GC worker, and verification worker are running on all backup nodes. ***

In This Guide

Component diagram, data flow, change tracking, deduplication, and encryption layers. Create local, replicated, and S3-backed datastores. Organise data into namespaces. Configure daily, weekly, monthly, and yearly retention with the Prune Simulator. Replicate backups between Primary DC and Backup sites with encryption in transit. Integrate LTO tape libraries and S3-compatible object storage for long-term archival. Roles, API tokens, multi-factor authentication, and LDAP / Active Directory realms. Client-side AES-256-GCM, master-key handling, ransomware protection, and hardening. Schedule integrity checks and conduct bi-annual mock recovery drills. Send alerts via SMTP, webhooks, and external metric servers. Plan Primary and Backup site capacity for incremental, full, and archival retention. Diagnose backup, restore, sync, and verification failures across the stack. ***

Architecture Summary

| Service | Role | | ----------------------- | ------------------------------------------------------------------------- | | **Backup API** | REST API for backup, restore, datastore, and job management | | **Scheduler** | Triggers backup, sync, and verification jobs based on configured schedule | | **Garbage Collector** | Reclaims chunks that no snapshot still references | | **Verification Worker** | Re-reads chunks and recomputes SHA-256 to detect bit rot | | **Replication Worker** | Mirrors snapshots from Primary to Backup site over an encrypted channel | | **Tape Worker** | Reads / writes LTO tapes; manages barcoded media catalog | ***

Compliance Mapping

| Requirement | IBS Capability | Configured In | | ----------------------------------------- | ---------------------------------------- | --------------------------- | | Block-level change tracking (CBT) | Native block-level CBT for running VMs | Architecture | | Full + incremental + file-level restore | Snapshot model with mountable archive | Restore Options | | Daily Incremental retention (7 days) | Retention policy `keep-daily=7` | Retention Policies | | Weekly Full retention (3 weeks) | Retention policy `keep-weekly=3` | Retention Policies | | Weekly archival (52 weeks) at Backup site | Sync job + retention `keep-weekly=52` | Replication and Sync | | Near real-time async replication | Push / pull sync jobs with throttling | Replication and Sync | | Encryption in transit | TLS 1.3 between sites | Replication and Sync | | Integrity verification of replicated data | SHA-256 verify after sync | Verification and Validation | | Deduplication and compression | Content-defined chunking + Zstandard | Architecture | | Encryption at rest | Client-side AES-256-GCM | Security and Encryption | | Role-based access control | Roles, API tokens, restricted-by-default | Access Control | | Immutability against modification | Append-only chunks, no chunk rewrite | Security and Encryption | | Bi-annual mock drill | Restore-test job from Backup site | Verification and Validation | ***

Next Steps

Operate IBS from a project member perspective — create backups and restores. Service overview and getting started.