Datto FAQs

Topic

This article describes the process to order a RoundTrip drive. Use this article as a guide when you need to request a RoundTrip to synchronize your local data to the Datto Cloud.

Environment

Datto RoundTrip

Prerequisites

Before ordering aRoundTrip, see the RoundTrip Overview article for important considerations.

Description

1. Log into the Partner Portal.

2. Click the Status tab, then select BCDR Status from the drop-down menu.

Figure 1:The Datto Partner Portal (click to enlarge)

3. Click the name of the device needing the RoundTrip drive.

Figure 2:The BCDR Status page (click to enlarge)

4. Scrolltothe RoundTripscard and click the Order RoundTrip button.TheOrder RoundTrip form will appear.

Figure 3:The RoundTrips card (click to enlarge)

5. Fill out theOrder RoundTripform. The system should automatically select the appropriate size RoundTrip drive. If you need a different size, select it in the Drive Options drop-down menu.

Figure 4: TheRoundTrip Request Form (click to enlarge)

RoundTrip pricing

Datto partners receive one complimentary RoundTrip per quarter. If you have already used your complimentary RoundTrip, the charge will vary based on RoundTrip drive size and will display in the Drive Options menu.

Figure 5: TheRoundTrip Drive Options menu (click to enlarge)

Checking RoundTrip status

To check the status of the RoundTrip, return to the device's BCDR Status page and scroll to theRoundTrip Status card. See Checking the Status of a RoundTrip for more information.

Figure 6:RoundTrip status (click to enlarge)

When you receive your RoundTrip drive,follow Synchronizing a USB RoundTrip Drive or Synchronizing a NAS RoundTrip Drive to begin the data transfer process.

Topic

This article describes the Reverse RoundTrip process, which allows for physical data retrieval from the Datto Cloud.

Environment

Datto Reverse RoundTrip

Description

A Reverse RoundTrip lets you retrieve data from the Datto Cloud by having it copied from Datto's data centers to a portable drive that we can ship to a location of your choice.

Important information

Reverse RoundTrips are a paid service. See this section of this article for base service fees. Datto waives these fees in a disaster recovery scenario.

Ask Datto Technical Support if a Reverse RoundTrip is the best solution for you. In many scenarios, aReverse Sendis a faster method. A Reverse Send is a manual process that Datto Technical Support can use to send incrementally-changed data from an offsite virtualization down to your device.

To obtain specific pricing for a Reverse RoundTrip and to better understand if a Reverse RoundTrip is the best solution for you, contact your Datto Sales Executive.

Reverse RoundTrips are not available for Cloud Continuity.

Ordering a Reverse RoundTrip

To order a Reverse RoundTrip, use the Reverse RoundTrip Request Form. Submitting this form creates a Technical Support ticket with all of the information below:

File Format

ZFS

ZFS is the smallest, fastest file format available for Reverse RoundTrips. It is also the native format that Datto houses data in, both locally and offsite.

ZFS allows for any restore operation when sent as a USB drive and connected to a Datto device.

ZFS saves space by storing only the changed data for each recovery point, instead of the entire image. For example, if you request 3 points with 200 GB, 225 GB, and 275 GB of space consumed, then you will only need a Reverse RoundTrip for about 300 GB of data.

ZFS-NAS

A NAS unit, housing Reverse RoundTrip data in ZFS is also available as a standalone solution.

Datto recommends ZFS or ZFS-NAS, as either solution reduces time, money, and effort for all parties.

Image export (VHD, VMDK)

Image exports can be sent on any of the above options, and contain full disk images rather than a file directory structure.

Image export is the largest restore option, and as such, will typically cost the most (unless done as a local image export in ZFS format).

It is the most direct method when restoring to a hypervisor.

The supported image formats are VMDK and VHD.

Directory

Datto recommends ZFS format as it is the smallest and least expensive storage method. However, upon request, Datto will only export specific directories or files to the Reverse RoundTrip device. When submitting your request, specify the device's file system (typically NTFS, ext4).

Image Export or Directory formats will be considerably larger than ZFS because the estimated size is the totalprotectedsize of the agent, times the number of backup points requested. For example, if an agent with an average protected size of 1 TB, and 20 GB of data change per backup, with 12 backup points requested, the total capacity will be 1 TB x 12 = 12 TB.

RoundTrips are not supported on volumes with NTFS deduplication or NTFS compression.

Drive Options

Encrypt your RoundTrip drive? This optionlets you specify if a drive is encrypted or unencrypted. If encrypted, only the Datto appliance associated with this request can decrypt the drive.

Keep (purchase your RoundTrip) drive?You can buy the drive used in the RoundTrip process for a fee.Otherwise, you will need to return it to Datto.

Desired Date Range

Select agent volumes

checkout cart Figure 1: Select agent volumes

You can select any volume associated with agents that have replicated to the cloud. If you only want specific directories or files, chooseDirectoryas yourFile Formatand relay the desiredinformation inOptional - Details on specific files.

Optional - Details on specific files

You can use this field to relay any additional details or concerns to support when submitting your request.

Shipping and Technical Contact Details

Submitting a request will open a ticket with Datto Technical Support. Provide a valid e-mail address for the contact associated with your request.

Provide a valid shipping address. We ship via UPS and can provide transportation charges before shipment upon request.

You can relay any optional instructions (for shipping, support, etc.) in theOptional Instructionsfield.

Datto-provided RoundTrip vs. Partner-provided RoundTrip

You have the option of providing the drive for the Reverse RoundTrip. Datto recommends that we provide the necessary equipment for the fastest and most reliable data retrieval process. If you'd like to provide your own equipment, you can learn how to do so in our SIRIS, ALTO, and NAS: Using your own storage device as a RoundTrip drive article.

Reverse Round-Trip Process

Technical Support sees the ticket and reaches out to the partner for a brief consultation

This consultation is to verify the specifics of the request and to make sure it will meet the needs of the partner.

Technical Support verifies that all required information has been provided

If you are sending Datto a storage device, you need to update the support ticket with the tracking number so that our RoundTrip team can track the incoming shipment.

If you are providing the storage device, you need to ship the unit to the designated data center for your location (see below). Datto is not responsible for costs incurred in shipping partner-provided units to the data centers.

USA Partners

Canadian Partners

UK / EMEA Partners

German Partners

Australian Partners

Singapore Partners

ATTN: Datto TierPoint

Shipping and Receiving

9999 Hamilton Blvd

Building #4, Dock 7

Breinigsville, PA 18031

Datto Canada RoundTrip Department

Aptum Technologies

20 Pullman Court

Scarborough, ON M1X 1E4

Datto Europe

RoundTrip Team

250 Longwater Avenue

Reading

RG2 6GB

Datto

C/O Noris Network

AG Klausnerstrae 30

85609

Aschheim

Munich, DE

Equinix SY4

Datto RoundTrip Department

200 Bourke Rd. Sydney NSW 2015

Datto Singapore

9 Battery Rd

#28-01

Singapore 409051

Technical Support engages Cloud Support

After preliminary setup, Cloud Support synchronizes the data as requested. Cloud Support will provide an estimated cost for the Reverse RoundTrip and do a final check on all information. The table below outlines the time frames in which you can expect these data syncs to complete:

Figure 3: Estimated time to complete Reverse RoundTrip sync

RoundTrip Support ships the RoundTrip unit

Datto ships the Reverse RoundTrip unit to the address provided on the request form. All orders are shipped UPS Overnight. Make sure that you keep everything in the box, especially the Datto-provided return shipping label.

RoundTrip Operations bills for syncing service fees

Once Datto ships the drive, RoundTrip Operations bills the partner for the service fees. We base this charge on the amount of data synced to the RoundTrip device, not the size of the device. Base service fees are$50 for the first 2 TB block of data synced and $50 for each additional 1 TB block of data synced.

Syncing 0.1 TB - 2.0 TB costs $50

Syncing 2.1 TB - 3.0 TB would cost $100

Syncing 3.1 TB - 4.0 TB would cost $150, etc.

The invoice is submitted asAwaiting Reseller Approvalin the Partner Portal so that you can associate a credit card with the invoice in the.

You havethe option to sync data back to the Dattoappliance

Datto Technical Support can assist in copying the Reverse RoundTrip data back to a Datto appliance. If you have any encrypted agents or shares, and we are restoring encrypted data from our cloud servers, the process is similar to the above procedure. However, before repairing agent communication after the sync, Datto downloads algorithm information to the appliance, allowing youto enter the encryption passphrase. After entering the passphrase, you can pair the agent and resume backups.

You can either return the Reverse RoundTrip unit to Datto or pay to keep it

When you return the Reverse RoundTrip unit to Datto, you must use the original packaging in which it was shipped. Packaging consists of the box, packing materials, USB cables, and power supply (if applicable).If you wish to keep the Reverse RoundTrip unit for archival purposes, Datto will charge a replacement fee (see the tables below).

You must return the Reverse RoundTrip unit within fourteen (14) days of delivery. If you do not return the Reverse RoundTrip within four weeks (28 days) of delivery, Datto will consider the drive late and will send a notification. If Datto does not receive a Reverse RoundTrip unit back within eight weeks (56 days) of delivery, Datto will bill you for the full replacement cost of the Reverse RoundTrip.

Replacement fees by region

USA (prices in US Dollars)

Model

Description

Hardware cost

RT2000

2 TB Passport

$185

RT4000

4 TB Passport

$250

RT6000

6 TB MyBook

$355

RT8000

8 TB MyBook

$410

RT10000

10 TB NAS (4 Bay)

$610

RT12000

12 TB NAS (4 Bay)

$2,150

RT15000

15 TB NAS (4 Bay)

$2,430

RT28000

28 TB NAS (8 Bay)

$3,860

RT30000

30 TB NAS (4 Bay)

$3,500

RT36000

36 TB NAS (8 Bay)

$4,115

RT70000

70 TB NAS (8 Bay)

$6,550

Canada (Prices in Canadian Dollars)

Product Model

Description

Hardware

RT2000

2TB Passport

$240

RT4000

4 TB Passport

$325

RT6000

6 TB MyBook

$465

RT8000

8 TB MyBook

$535

RT10000

10 TB NAS (4 Bay)

$800

RT12000

12 TB NAS (4 Bay)

$2,820

RT15000

15 TB NAS (4 Bay)

$3,190

RT28000

28 TB NAS (8 Bay)

$5,065

RT30000

30 TB NAS (4 Bay)

$4,595

RT36000

36 TB NAS (8 Bay)

$5,400

RT70000

70 TB NAS (8 Bay)

$8,600

EMEA (prices in British Pounds/Euros)

Product Model

Description

Hardware

RT2000

2TB Passport

140/165

RT4000

4 TB Passport

190/220

RT6000

6 TB MyBook

270/315

RT8000

8 TB MyBook

315/365

RT10000

10 TB NAS (4 Bay)

470/545

RT12000

12 TB NAS (4 Bay)

1,665/1,920

RT15000

15 TB NAS (4 Bay)

1,875/2,170

RT28000

28 TB NAS (8 Bay)

2,975/3,445

RT30000

30 TB NAS (4 Bay)

2,700/3,125

RT36000

36 TB NAS (8 Bay)

3,175/3,675

RT70000

70 TB NAS (8 Bay)

5,055/5,850

APAC (Prices in Australian Dollars/Singapore Dollars)

Product Model

Description

Hardware

RT2000

2TB Passport

$255/$250

RT4000

4 TB Passport

$345/$335

RT6000

6 TB MyBook

$490/$475

RT8000

8 TB MyBook

$565/$550

RT10000

10 TB NAS (4 Bay)

$840/$820

RT12000

12 TB NAS (4 Bay)

$2,970/$2,900

RT15000

15 TB NAS (4 Bay)

$3,355/$3,280

RT28000

28 TB NAS (8 Bay)

$5,335/$5,215

RT30000

30 TB NAS (4 Bay)

$4,835/$2,725

RT36000

36 TB NAS (8 Bay)

$5,685/$5,560

RT70000

70 TB NAS (8 Bay)

$9,050/$8,850

If you arekeeping the Reverse RoundTrip for archival purposes and discontinuing service with Datto:

Upon terminating your service with Datto, you will no longer receive any support for restore operations using the Reverse RoundTrip unit. For this reason, we recommend purchasing a NAS unit for the Reverse RoundTrip, as it will ship to you with a full UI allowing you to restore as necessary. This functionality includes:

Networking configuration

Advanced device settings, including the health of the NAS unit

File restore

Bare metal restore

Image export, including VHD and VMDK formats

iSCSI restore (iSCSI NAS shares only)

Datto recommends verifying all contents and functionality of the Reverse RoundTrip unit before discontinuing service.

Topic

This article contains all release notes for the Datto Partner Portal.

Environment

Datto Partner Portal

Description

Periodically, Datto may release updates to the Partner Portal that affect the functionality of or impact certain Datto products.

Index

2020

Release 2020-02-04

Release 2020-01-22

Release 2020-01-15

Release 2020-01-05

Releases

Previous years

2019

Releases

Release 2020-02-04

Improvements

Updated RoundTrip ordering information to reflect the latest RoundTrip drive models and pricing

Release 2020-01-22

Improvements

Modified the User Accounts card on the User Settings page to group and display all user accounts based on the companies to which the user belongs

Release 2020-01-15

Improvements

Added functionality for users to enable two-factor authentication from the User Settings page

Release 2020-01-05

Improvements

Enforced two-factor authentication (2FA) for all Datto RMM accounts

Removed the 48-hour 2FA snooze period for Datto RMM users

2019

Release 2019-12-12

Release 2019-12-05

Release 2019-12-12

Improvements

Added a direct link to change user passwords on the User Settingspage

Release 2019-12-05

Improvements

Modernized and reorganized the Order RoundTrip dialog box

Bug Fixes

Identified and fixed a potential security vulnerability in the Order RoundTrip dialog box

Topic

This article explains how to gather and send diagnostic logs to Datto Support for use in a support case while troubleshooting backups.

NOTE:The steps in this article are specific to the products listed in the Environment field below. ForCloud Continuity products, see Cloud Continuity for PCs: Gathering Support Diagnostic Files.

Environment

Datto Windows Agent

ShadowSnap Agent

Agentless Backups

VMware

Description

Select the type of backup protection your server uses to continue:

Gathering ShadowSnap Agent (ShadowProtect) Diagnostic Logs

Gathering Datto Windows Agent Diagnostic Logs

Gathering Datto Windows Agent Installation Logs

Gathering VMware logs for agentless backups

Gathering ShadowSnap (ShadowProtect) Diagnostic Logs

This section only applies to protected systems running theShadowSnapAgent. If the system you are gathering logs from is not running this backup solution, do not perform these steps.

Part 1: Gather the Windows Logs

1. Perform the following steps from Microsoft's Archive an Event Log article(external link):

A. StartEvent Viewer.

B. In the console tree, navigate to the log you want to archive.

C. On theActionmenu, clickSave Events As.

D. InFilename, enter a name for the archived log file.

E. InSave as type, select a file format, and then clickSave.Datto recommends exporting logs in EVTX format when possible.

F. ClickOK.

2. Attach the exported logs to your Support ticket.

Part 2: Gather the ShadowProtect Logs

1. Copy the following system files into a.zipor.7zarchive namedSPDIAGNOSTICS, and attach them to your Datto support ticket:

For 32-bit systems:

\Program Files\StorageCraft\ShadowProtect\ShadowSnap\log\raw_agent.log

\Program Files\StorageCraft\ShadowProtect\ShadowSnap\log\log.txt

\Program Files\StorageCraft\ShadowProtect\ShadowSnap\endptconfig.sqlite3

For 64-bit systems:

\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\log\raw_agent.log

\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\log\log.txt

\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\endptconfig.sqlite3

GatheringDatto Windows Agent Logs

This section only applies to protected systems running theDatto Windows Agent. If the system you are gathering logs from is not running this backup solution, do not perform these steps.

Part 1: Gather the Windows Logs

1. Perform the following steps from Microsoft's Archive an Event Log article(external link):

A. StartEvent Viewer.

B. In the console tree, navigate to the log you want to archive.

C. On theActionmenu, clickSave Events As.

D. InFilename, enter a name for the archived log file.

E. InSave as type, select a file format, and then clickSave. Datto recommends exporting logs in EVTX format when possible.

F. ClickOK.

2. Attach the exported logs to your Support ticket.

Part 2: Gather the Datto Windows Agent Logs

1. Navigate to the proper location on the protected machine based on your version of Windows.

For Windows Vista and up (including Server 2008, 2012, 2016, 2019, and Windows 10):

\%systemdrive\%\Windows\system32\config\systemprofile\AppData\Local\Datto\Datto Windows Agent\

For Windows XP or Windows Server 2003 systems:

\%systemdrive\%\windows\system32\config\systemprofile\Local Settings\Application Data\Datto\Datto Windows Agent

2. Add the contents of thelogsdirectory and theagent.sqlitefile to a ZIP, RAR, or 7z archive.

3. Attach this archive to your support ticket.

If you receive any 'path not found' error messages, it might be necessary to click through each folder in the path to the agent.sqlite file, starting with the C:\ drive, and respond to any User Account Control messages you receive.

Depending on your version of Windows, you may need to copy the agent.sqlite file to another location (such as the Windows Desktop) before you can attach it to the support ticket.

Figure 1:Logs directory &agent.sqlite file on a production server(click to enlarge)

Gathering Datto Windows Agent Installation Logs

The Datto Windows Agent includes installer logging. The logs generated by the installation process can help Technical Support troubleshoot common setup issues.

Datto Windows Agent - Version 2.0 and below

Datto Windows Agent - Version 2.1 and above

Datto Windows Agent - Version 2.0 and below

You can find logs generated by the install process on the protected endpoint at\%systemdrive\%\Program Files\Datto.

When contacting Datto Technical Support for assistance with installation issues, please gather the following logs, and attach them to your Support ticket:

DattoBackupAgentInstall.log

Datto Windows Agent - Version 2.1 and above

You can find logs generated by the install process on the protected endpoint at\%systemdrive\%\Users\[USER]\AppData\Local\Temp.

When contacting Datto Technical Support for assistance with installation issues, please gather the following logs, and attach them to your Support ticket:

Datto_Windows_Agent_[timestamp].log

Datto_Windows_Agent_[timestamp]_[numbers]_DattoWindowsAgent[platform].msi.log

When you are browsing to find these files, we recommend sorting the files in the\%TEMP\% directory byDate modified.

Gathering VMware Logs for Agentless Backups

This section only applies to protected systems running the agentless backup solution. If the system you are collecting logs from is not running this backup solution, do not perform these steps.

See Collecting diagnostic information for VMware ESX/ESXi (653) (external link)for details about gathering VMware logs from protected systems running agentless backups.

Topic

This article discusses best practices for secure configuration and deployment of DattoSIRIS, ALTO, and Datto NAS devices.

Environment

Datto SIRIS

Datto ALTO

Datto NAS

Description

Datto BDR appliances ship with inherent and configurable security features and functionality tosupport a secure deployment. MSPs and end-users must ensure the use of those features and deploy the Datto appliance into the end-user environment in a way that meets their network and security architecture requirements. Datto expects that you will deploy your BDR appliances in a secure LAN environment with no inbound Internet access and that appropriate network access control exists in the LAN to limit the accessibility of the appliance network daemons and services.

Access Control Objectives

Datto strongly recommends implementing least privilege (external link) access controls, such as the following:

Never allow inbound access from the internet to the appliance.

Deploy the appliance in line with the SIRIS, ALTO & Datto NAS Networking and Bandwidth Requirements article.

Only permit access OUTBOUND, as inbound access is not needed for the appliance to function.

Restrict outbound communications from the Datto appliance to only the networks in the Knowledge Base, and deny all other communications.

Limit access to the appliance's management end-user network Web UI to only trusted network

management workstations, or jump hosts that need access for BDR workflow purposes.

Only allow protected systems to communicate with the appliance.

Implement strong identity and access management practices for Web UI and IPMI login.

Limiting Accessibility

You can deploy your Datto devices in line with the above best practices in several ways, including, but not limited to:

Placing the appliance in a protected backup network requiring L2 adjacency.

Limiting the backup network's reachability through network routing restrictions.

Employing a network firewall to implement network access control lists.

Deploying port-based access control lists (ACLs) on network switch ports.

Secure Configuration Best Practices

The Datto BDR appliance offers a range of configuration options to help MSPs and End Users manageBDR workflows in a manner that best suits their environment. MSPs should always deploy the Datto in a secure LAN environment, and enable more secure configuration options when available and appropriate for the end-user.

Ensure your device is running the latest software version

Updates ensure that your device has the latest software and operating system packages. They also patch and harden the appliance to Datto's most recent standards.

You can find the software version your Datto device is running listed at the top of the home page of your deviceGUI.

See the GUI: Device Settings article for details.

Deploy Encrypted Agents

Agent level encryption assures backup data written to the appliance's ZFS filesystem and replicated to the Datto Cloud, is encrypted at rest, using a unique key that you can only generate with the passphrase held by the MSP or end-user.

Agent encryption is available on specific appliance platforms, such as the SIRIS family of appliances and ALTO XL appliances.

See the How to Encrypt Backups on a Datto Appliance and Properly Sizing a Datto Appliance Knowledge Base articles for details.

Configure File Shares with secure protocols and settings

Understand the policy and compliance requirements of the environment that you have deployed the Datto device in, as you can jeopardize compliance by selecting insecure file share options.

Whenever end-user business requirements allow, do not permit anonymous or public access to any file share.

Leverage CHAP authentication with iSCSI file shares, as this requires authentication to access the file share.

Enable SFTP instead of FTP, as SFTP requires authentication AND encrypts data in transit across your network.

See the iSCSI Share Settings article for details.

Enable Relay Forced Login

Relay Forced Login requires all users to enter their login credentials when navigating from the Partner Portal to the Device UI via the Datto Relay remote web system.

Enable Relay Forced Login in the device web UI by navigating to Configure Device Settings Datto Relay Forced Loginand clicking Enable Forced Login.

See the GUI: Device Settings article for details.

Unmount File Recoveries and Local Virtualizations when no longer required

Do not make file restore data or local virtualizations on supported platforms available for longer than is necessary to complete the required BDR workflow.

After confirming mounted file restores and local virtualizations are no longer needed, unmount them.

Remove a File Restore by navigating to Restore Active Recoveries,selecting the file restore or local virtualization,and clicking Remove Restore.

Enable Mounted Restore Alerts

This option displays an alert in the device web UI when you have a file restore, or virtualization mounted for longer than the admin-specified period. These alerts warn you oflatent restores that may need removal.

Enable Mounted Restore Alerts in the device web UI by navigating to Configure Device Settings Mounted Restore Alert, selecting the number of days after which to alert from the drop-down menu, then clicking Apply.

Configure local users with strong access credentials

Configure local user account usernames and passwords following the MSP or End User's identity and password management policies.

Where MSPs and End Users lack identity and password policies, Datto strongly recommends following password guidance in NIST SP 800-63: Digital Identity Guidelines.

Avoid using known weak or compromised passwords (i.e., 123456, password, admin, etc.). Asecure password has a combination of uppercase and lowercase letters, as well as numbers and special characters.

You can create local users in the Datto appliance GUI from the Local Users page.See the Local Users article for details.

Update Local User credentials as required

Local User access credentials for MSP Techs and end-user employees should be updated when those employees leave their respective organizations.

Update Local User passwords when required in the device web UI, bynavigating to Configure Device Settings Local Usersand clicking Set Password.

See the Local User and Contacts article for details.

Enable Remote Logging

For end-users with logging and auditing requirements, you can configure the ability to send device logs to an off-box syslog server for later analysis.

Enable Remote Logging in the device web UI by navigating to Configure Device Settings Remote Logging, clicking Enable Remote Logging, then entering the IP address and port of the syslog server and clicking Add Remote Server.

See the GUI: Device Settings article for details.

Configure IPMI with strong access credentials

You have the option to use IPMI to interact with unresponsive appliances over the local LAN.When you enable this feature, configure it with a robust non-default user password that avoids known weak or breached credentials.Asecure password has a combination of uppercase and lowercase letters, as well as numbers and special characters.

Update IPMI passwords in the device web UI by navigating to Configure Networking IPMI Settings. Thenselect Admin, enter a secure password, and click Change Admin Password.

See the GUI - Network Settings article for details.

Disable Local Access

Disabling local access will require all device access to originate from the Partner Portal, and leverages the security of Partner Portal two-factor authentication (2FA).

Note: If you have enabled Forced Login, you still need to manage local user credentials.

Disable Local Access in the device web UI by navigating to Configure Device Settings Local Access Control.

Enable Secondary Replication

Available on all SIRIS products,Secondary Replication ensures that your data is available in the event of unintended deletion of backup data.

Data remains available in the secondary site for a period of X days after deleted from the primary.

Enable secondary replication in the device web UI by navigating to Configure Device Settings Secondary Replication.

Datto is committed to providing a backup and disaster recovery solution with security features that aid customers in meeting their security policy and compliance requirements. Should you have any questions or concerns relating to topics covered in this article, please reach out to Datto Technical Support.

Topic

This article describes system requirements for the Datto Windows Agent.

Environment

Datto Windows Agent 2.0

Datto Windows Agent 2.1

Datto Windows Agent 2.2

Description

System requirements

Versioning

Overview

Warnings

Installation

Additional Resources

System requirements

OS

Datto Windows Agent 1.0 and 2.0

Windows XP Service Pack 3

Windows Storage Server 2003

Windows Server 2003 Service Pack 2

Windows Vista

Datto Windows Agent 2.1 and above

Windows Server 2008 Service Pack 2

Windows Server 2008 R2 Service Pack 1 and later

IncludesWindows Small Business Server 2011

Windows 7 Service Pack 1

Windows 8

Windows 8.1

Windows 10

Windows Server 2012

Windows Server 2016

Windows Server 2019

Supported disk types

Hardware and software-based RAID implementations are supported.

Any size disk drive can be backed up, including disks larger than 2TB.

MBR boot sectors and GPT partition tables.

Virtual & physical disks.

Basic volumes and disks.

Windows dynamic disks.

Protected volumes must beRead/Write. You cannot back up Read-Onlyvolumes.

Disk space requirements

The Datto Windows Agent needs eachvolumeselected for backup to have10\% of the volume's total sizeavailable for the DattoCtrl or Datto.ctl file except in the following scenarios:

For versions 2.0and belowof the Datto Windows Agent, if the volume is large enough that 10 GB islessthan 10\% of the total disk space, the agent will use the percentage of the volume's size that is closest to and is at least 10 GB. For example, for a 560 GB volume, the COW file size will be 2\% of thevolumeand be about 11.2 GB in size.

For versions 2.1and aboveof the Datto Windows Agent, if the 10\% number is larger than 10 GB, the file's size will be 10 GB, regardless of the total size of the protected volume.

In all sizing scenarios, the agent requiresan additional 2 GB of free spacefor operational overhead.

Memory requirements

At least 1 GB of RAM must remain free during normal operations of the production machine for install and backups to run.

Network

Gigabit connections from the Datto appliance to all appropriate network infrastructure. For best results, the Datto appliance should be connected to a gigabit switch whenever possible.

The protected machinemusthave Internet access and be able to reach https://device.dattobackup.com/certApi.php for the initial installation of the Datto Windows Agent.

Outbound connectivity on the protected machine:

Port 443 (for Datto Cloud communication)

Port 3260 (for iSCSI)

Port 3262 (for MercuryFTP )

Inbound connectivity on the protected machine:

TCP port 25568 (for Datto Windows Agent service)

Outbound from the Datto appliance to the Internet:

Ports 22, 80, 123, 443

Bypass any local proxy to 8.34.176.9 (webserver.dattobackup.com), on port 443 for correct certificate installation during DWA install.

The Datto Windows Agent uses MercuryFTP as its primary transport method; however, if this method fails, backups are intended to fall back to iSCSI.

For an in-depth overview of Datto's networking requirements, seethe SIRIS, ALTO, and DNAS Networking & Bandwidth Requirements article.

Anti-virus exceptions

Set service-level exceptions for theDatto Backup AgentandDatto Provider services.

Set an application-level exception for the Datto Windows agent (DattoBackupAgent.exe).

Whitelist the following installation path:\%PROGRAMFILES\%\Datto\

Compatibility

The production machine must use a ReFS or NTFS filesystem.

Acronis True Image and Acronis Disk Director are incompatible with the Datto Windows Agent. Ensure that neither product is present on the protected system before attempting to install the Datto Windows Agent.

FAT32 filesystems are currently unsupported.

French versions of Windows older than Windows Server 2008 are unsupported by the Datto Windows Agent.

The compatibility of this backup solution with any hypervisor environment or operating system not listed in this article is untested and may yield unreliable results.

Versioning

You can download the latest version of the Datto Windows Agent from the Datto Downloads page.

Version numbers for all Datto Windows Agent endpoints protected by your Datto device appear on the appliance's Device Overview page, in theLocal Agent Informationfield, under theAgent Versionheading for each listed production machine.

For Windows XP & Windows Server 2003

The current version of the Datto Windows Agent is2.0.10.0, with driver version1.10.0.0.For release notes, refer to the Datto Windows Agent (DWA) 1.0 and 2.0: Release notes.

You can download this version of the agent software from the following link: Datto Windows Agent: Legacy Installer.

For Windows Vista, Windows Server 2008, and above

Version information for this platform of the Datto Windows Agent is available in the Datto Windows Agent (DWA) Version 2.1 and above: Release notes.

Datto Windows Agent Version 2.2 is asignificantupgrade. This release includes new drivers, which means that existing agent installationswill not automatically update.To update your agent software, follow the steps in our Updating to Datto Windows Agent Version 2.2 and above article.

Update notes for all versions

The agent software also automatically updates itself when a new version becomes available, except when the release includes a driver update. Because a driver update requires an update and reboot of the host system, you will need to download and install these versions manually.

If your protected machine does not have regular internet access, you will need to check for and install updates manually.

Overview

Figure 1 illustrates a generalized data flow for the Datto Windows Agent solution.

Figure 1: Data flow for the Datto Windows Agent (click to enlarge)

For a technical overview of the Datto Windows Agent, see One Take: A Look at the Datto Windows Agent.

Warnings

Compatibility of this backup solution with any hypervisor environment or operating system not listed in this article is untested and may yield unreliable results. Universal VM Backup may be a viable alternative for backing up virtual machines with operating systems that are not listed as compatible.

Due to their mobile nature, Datto does not endorse or support backing up laptops. Laptops must be inside the LAN, and not on a wireless network, to perform backups promptly.Attempts to back up laptops are at your discretion. Due to the range of touchpad drivers, custom drivers, and hardware configurations available for bothlaptops and all-in-one workstations, restoration support for these platforms is 'best-effort' only.

The Datto Windows Agent can only back up volumes that are recognized by the Windows operating system as logical, stable volumes. It cannot back up mapped network drives, iSCSI targetsnot attached as a logical volume, or removable drives.

The Datto solution is capable of backing up multiple types of disk sector schemes. The process writes an image-based backup to a file that is 512 bytes per physical sector. While rare, some software that relies on advanced formats, such as 4K, may have issues with the sector size change. Datto recommends performing regular DR tests to ensure that all required applications function as expected in our virtualized environment.

The backup of deduplicated volumes is untested and may produce inconsistent results.

File restore of deduplicated volumes is not possible. The Datto Windows Agent, ShadowSnap Agent, and agentless backup solutions are capable of restoring deduplicated volumes through virtualization, Direct Restore, and Bare Metal Restore.

Installation

Datto recommends running the following checks on the system you are protecting before installing the Datto Windows Agent:

chkdsk

Run chkdskto be sure that all RAIDs and individual disks report back as healthy. Perform necessary disk repairs before deploying any backup agent. Failure to do so may result in backing up corrupted systems and restoration failures.

Disk defragmentation

While Datto can perform backups that are running disk defragmentation, be aware that this rearranges data at a block level, and larger backups will consequently result.

Run disk defragmentation before deployment of the agent.

VSS-aware disk defragmentation programs may allow for smaller backups but are optional.

Windows updates

Download Windows updates, service packs, and any other Microsoft provided updates. After installing these updates, reboot the server. When scheduling your deployment, remember that the 2ndTuesday of every month is Microsoft's 'Patch Tuesday.'

Virus scan

Run a virus scanbefore you deploy the Datto backup solution to your production machine.

Event Viewer

Check the target's system and application logs to see if there are any VSS or hardware errors.

Resolve any errors before attempting to install the agent.

Do notinstall the Datto Windows Agent on any system currently protected by the ShadowSnap Agent, even if the ShadowSnap Agent is notpresent. Installing the Datto Windows Agentwill start a new backup chainfor the protected system and will not continue your existing ShadowSnap chain

Before installing the Datto Windows Agent, disable or remove all other backup software from the production machine. When uninstalling, use a high-level program that eliminates all traces of the incompatible software, including registry keys, DLLs, and stray folders.These components can cause conflicts.

See Installing the Datto Windows Agent to learn how to deploy the agent to your production machine.

Additional Resources

Best-Practices For Backup Maintenance Plans

Topic

This article describes the procedure to exclude theDFS Replication Service VSS writer from being used in Datto Windows Agent backups due to performance issues in some scenarios.

Environment

Datto Windows Agent version 2.2 and newer

Microsoft Windows 2016

Microsoft Windows 2019

Description

The procedure outlined below should only be necessary on Windows Server 2016 and 2019 systems that have DFS replication enabled and are having performance issues, such as Windows Explorer crashing while running backups with Datto Windows Agent version 2.2 or newer.

Excluding the VSS writer for any application will result in a crash-consistent backup of that application, which will not capture data in memory or data that the system is processing at the time of the backup. Datto has not observed backup issues resulting from the exclusion of the DFS writer. Contact Microsoft for support if you have any questions about how excluding this VSS writer may impact your environment.

Procedure

To exclude theDFS Replication Service VSS writer from future backups, follow the steps below.

Open the GUI for the Datto appliance.

Click the Protect tab.

Find the agent you wish to configure and click Configure Agent Settings.

Scroll down to the Advanced section to the VSS writer Exclusion settings.

Disable the DFS Replication Service VSS writer.

If backup performance issues persist after making these changes, contact Datto Technical Support.

Additional Resources

SIRIS, ALTO, and NAS: VSS writer exclusion

Topic

This article explains how to exclude individual VSS writers from being backed up by a Datto device.Follow this procedure when another VSS-aware software product in your environment is causing conflicts with the Datto solution.

Environment

Datto SIRIS

Datto ALTO

Description

To exclude a VSS writer from future backups, follow the procedure outlined below.

1. Openthe device GUI for the Datto appliance.

2. Click the Protect tab.

3. Find the agent you wish to configure and click Configure Agent Settings.

4. Scroll down to the Advanced section to VSS Writer Exclusion.

Figure 1: VSS Writer Exclusion (click to enlarge)

5. Check the boxes for the writers that you wish to exclude from future backups. Excluding writers will not affect previous backups.

Example

The SQLSERVERAGENT service's configuration frequently uses the MSDEWriter VSS writer or the SQLServer VSS writer for its VSS application-aware processes.

By excluding these VSS writers, the SQLSERVERAGENT can continue to provide the services it is responsible for without interfering with backups to the Datto appliance.

After excluding these VSS Writers, your SQL database's backups will restore in a crash-consistent state if your Datto appliance is using its defaultApplication-AwareVSS settings.

Topic

This article describes the cause and possible solution for screenshot failures with a completely or partially blank screen.

Environment

Datto SIRIS

Cause

The operating system is not waiting long enough to load before attempting to capture a screenshot.

The operating system is waiting too long to load before attempting to capture a screenshot, and the virtualization's GUI is going into a power-saving state.

The operating system's screensaver is turning on, preventing a capture of the operating system in a ready state.

Dell Data Protection Figure 1:Example of partial black screen boot

Solution

1. Mount a local virtualization of the affected server from the Datto appliance's GUI. Set the virtualization's resource allocation to 1 CPU core and 2 GB of RAM. Start the virtualization, and observe the amount of time the VM takes to boot to the Windows login screen.

2. If the production machine has a screensaver configured, observe the amount of time it takes for the screensaver to turn on in the VM.

3. Stop and unmount the virtualization. Navigate to the Protect Configure Agent Settings tab of the Datto GUI.Adjust theamount of time the virtual machine needs to wait before taking a screenshot using the Screenshot Verification drop-down shown inFigure 2.

Figure 2:Screenshot Verification Schedule Options

4. Adjust the screensaver wait time on the production machine to allow enough time for the virtualization to boot, and for the Datto appliance to capture a screenshot.

5. Start a backup for the production machine. Wait for the backup to complete.

6. Force a new screenshot verification, and observe the results.

Further Troubleshooting

Verification Time

If adjusting the verification and screensaver times does not resolve the issue, you can change theVirtualization Video Controller to the 'Cirrus' setting. This setting is found on the Remote Web, at Protect Configure Agent Settings Advanced, as shown in Figure 3.

Figure 3: Virtualization Video Controllerselector

Windows Updates

If the production machine has pending Windows updates, this state will be replicated to all snapshots taken of it from the time the updates became available until the time that they are installed. This can cause screenshots of the protected system to appear blank, because the pending Windows updates are attempting to install in the virtual environment, causing the boot process of the screenshot VM to take longer than normal to complete.

To correct this issue, you can install the pending Windows updates on the production machine and take a new backup. Alternatively, you can increase the Additional Wait Time setting for the protected system to allow the agent more time to boot fully before your Datto appliance attempts screenshot verification.

Dell Data Protection

(external link)may cause failed screenshots showing a blank screen and a cursor. If this service is enabled on the production machine, attempt another backup after disabling it.

Topic

This article describes the advanced network address translation (NAT) configuration options of the Datto Networking Appliance (DNA). Use this article as a guide when setting up SNAT and DNAT on your device.

Environment

Datto Networking Appliance (DNA)

Description

Source Network Address Translation (SNAT) and DestinationNetwork Address Translation (DNAT) let you rewrite the addresses of inbound and outbound network traffic that matches a set of specified parameters.

Navigation

1.Log into the DNA web interface, click the Firewall tab, then click Advanced NAT.

Figure 1: The Advanced NAT card in the DNA interface (click to enlarge)

Configuration

ClickAdd Ruleto create a new NAT rule.You can create multiple rules. Use the following fields and options to configure your rule:

Name:In this field, you can specify a name for the rule.

Src IP:Enter the source IP address the rule will use. The source IP must be a valid address, subnet, or network object. To apply to a subnet, use CIDR notation (i.e., 192.168.1.0/24).If you leave this field blank, the rule will apply to all source IP addresses.

Src Port:Enter the source port or port range this rule will use. For example, you can specify outgoing traffic on port 80. If you leave this field blank, the rule will apply to all ports.

Protocol:This menu lets you define the traffic type to which the rule applies. You can select from the following options:

All

TCP

UDP

TCP & UDP

Dest IP:Enter the destination IP address the rule will use. The destination IP must be a valid address, subnet, or network object.To apply to a subnet, use CIDR notation (i.e., 192.168.1.0/24). If you leave this field blank, the rule will apply to all destination IP addresses.

Dest Port:Enter the destination port for the rule. For example, outgoing traffic using port 80. If you leave this field blank, the rule will apply to all ports.

Enabled: Check this box to activate the rule.

Order:This field lets you attribute a numerical priority to the rule. When applied to traffic, the lowest value represents the highest priority (1, 2, 3, etc.).

Type: Use this field to specify whether you are applying the rule to source traffic (SNAT) or destination traffic (DNAT).

Rewritten IP:Use this field to specify the incoming or outgoing translated IP address. A valid IP address or subnet is required unless you check theBypass box.

Rewritten Port: Use this field to specify the SNAT/DNAT translated IP address. A valid port is required unless you check theBypassbox to enable bypass mode.

Bypass: Check this box to enable bypass mode for this rule.

Delete:Press theXbutton to delete the rule.

Click Save Changes to save all modified settings.

Figure 2: Advanced NAT configuration options (click to enlarge)

Additional Resources

Datto Networking Appliance (DNA): Port forwarding

Datto Networking Appliance (DNA): Outbound NAT

Datto Networking Appliance (DNA): Configuring a 1:1 NAT

Datto Networking Appliance (DNA): Configuring a 1 to Many NAT

Topic

This article contains all software release notes for the Datto Networking App.

Environment

Datto Networking App

Description

Unless indicated, all releases are for both the Android and iOS versions of the Datto Networking App.

Index

2020

Release 2020-01-31

Previous years

2019

2018

Releases

Release 2020-01-31

Version 1.8.0

Improvements

Moved some management actions for devices, device ports, and clients for a streamlined UI experience

Improved the router PoE enable warning on the D200 to indicate it is passive PoE, and state that enabling itmay cause damage to devices that do not support 24V PoE

Bug fixes

Small UI enhancements and bug fixes

2019

2019-10-22

2019-6-20

2019-6-17

2019-5-3

2019-4-19

Release 2019-10-22

Version 1.7.0

Improvements

Added Recent Events to Networks and Devices

Added a Connected Client information tab to Access Points

Added Enable Locate Mode to Access Points

Added Port and Ping Testtabs in Power Device Details

Added Move Network to Network Group

Added Delete Network

Added Delete Network Group

Improved the Support menu, including localized Support phone numbers, emails, and Knowledge Base links

Added Knowledge Base and Feedback menu items

Release2019-6-20

Version 1.6.1

Improvements

Added switch port list and related management actions

Release 2019-6-17

Version 1.6.0

Improvements

Added alerts for Datto Networking devices

Added the switch port list and associated management actions

Added push notifications for network alerts

Improved Move Device tool UI when moving the MP10

Release 2019-5-3

Version 1.5.1

Improvements

Added a preview of BCDR support

Added PPPoE support for routers

Added IP address to client details

Added check-in history to the network device list

Added Move to Network for network devices

Updated authentication in preparation for multiple account login

Bug fixes

Various small tweaks and fixes

Release 2019-4-19

Version 1.5.0

Improvements

Added beta BCDR support

Bug fixes

Various minor tweaks and fixes

2018

2018-12-18

2018-11-15

2018-11-13

2018-10-29

2018-9-25

2018-9-20

2018-8-10

2018-8-8

2018-8-1

2018-6-20

Release 2018-12-18

Version 1.4.1 (iOS)

Improvements

Made log in and refresh faster

Added router clients

Bug fixes

Small bug fixes and improvements

Version 1.4.2 (Android)

Made log in and refresh faster

Added router clients

Made other small bug fixes and improvements

Release 2018-11-15

Version 1.4.1 (Android)

Bug Fixes

General bug fixes and improvements

Release 2018-11-13

Version 1.4.0

Improvements

Added support for routers

Bug fixes

Minor bug fixes and improvements

Release 2018-10-29

Version 1.3.0

Improvements

General UI improvements

Bug fixes

Various small tweaks and fixes

Release 2018-9-25

Version 1.2.1

Improvements

Log in easily with Touch ID / Face ID

Added functionality to view and edit SSID information for your networks

Added functionality to see connection status for Access Points and Power Devices

Release 2018-9-20

Version 1.2.0 (Android)

Fingerprint authentication: Users can log in using their phone's fingerprint authentication feature

SSID rename: Users can modify access point SSID configuration

Port rename: Users can change names of ports on a managed power device

Release 2018-8-10

Version 1.1.0

Improvements

Added the ability to rename power device ports

Bug fixes

Various bug fixes

Release 2018-8-8

Version 1.1

Improvements

Added the ability to rename power device ports

Bug fixes

Various bug fixes

Release 2018-8-1

Version 1.0

Initial product release (iOS)

Release 2018-6-20

Version 1.0

Initial product release (Android)

Issue

When you try to start a backup for a machine protected by the Datto Windows Agent or the ShadowSnap Agent, you receive the error message, "Critical backup failure during data transfer."

Environment

Datto SIRIS

Datto ALTO

Datto Windows Agent

ShadowSnap Agent

Cause

This is a generic error message indicating backup failure. You can find the detailed error message in theAgent Logs on your Datto appliance.

This error message also displays if a machine protected by the Datto Windows Agent is out of disk space.

Resolution

1. In the Datto appliance's GUI, click the Protect tab, and navigate to the affected agent on the Backup Agents page.

2. Search the Datto Knowledge Base for any error banners shown for the agent to troubleshoot further. If you do not see an error banner, continue to step 3.

3. Click Show Backup Logs, as shown in Figure 1.2.

4. Click Show Agent Logs, as shown in Figure 1.3. A detailed error message relating to the backup failure will display in the logs. Search the Datto Knowledge Base for any errors shown for the agent to troubleshoot further.

5. If you do not see any error messages, or if you cannot find a Knowledge Base article that matches the error you found, contact Datto Technical Support for further assistance.

Figure 1: Show agent logs (click to enlarge)

Topic

This article describes how to configure custom traffic policies on a Datto DNA.

Environment

Datto Networking Appliance (DNA)

Description

A traffic policy enables operators to define rules that allow or block incoming and outgoing traffic based on its port, IP address, or both of these parameters

Navigation

1.Log into the DNA web interface, click the Firewall tab, then click Traffic Policy.

Figure 1:The DNA web interface (click to enlarge)

Configuration

Click New Rule to create a new traffic policy rule.You can create multiple rules. Use the following fields and options to configure your rule:

Order:This field lets you attribute a numerical priority to the rule. Rules are processed sequentially, with the lowest value representing the highest priority (1, 2, 3, etc.). In the example shown in Figure 2, two rules are blocking and allowing the same IP address. When applied to traffic, the block rule will take precedence due to its order value.

Figure 2: Rules blocking and allowing traffic (click to enlarge)

Name: In this field, you can specify a name for the rule.

Allow: This menu lets you specify whether your DNA should allow or block incoming or outgoing traffic.

Source IP/Subnet: Enter the incoming IP address the rule will use. For example, you may apply the rule to all traffic originating from 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). If you leave this field blank, the rule will apply to all source IP addresses.

Source Port(s): Enter the incoming port or port range this rule will use. For example, incoming traffic uses port 80. If you leave this field blank, the rule will apply to all ports.

Protocol: This menu lets you define the traffic type to which the rule applies. You can select from the following options:

TCP

UDP

TCP & UDP

ICMP

UDB-Lite

ESP

AH

SCTP

OSPF

All

Other (enter a protocol number between 0 and 255)

Dest IP/Subnet: Enter the outgoing IP address the rule will use. For example, all traffic traversing to 8.8.8.8. To apply to a subnet, use CIDR notation (i.e. 192.168.1.0/24). If you leave this field blank, the rule will apply to all destination IP addresses.

Dest Port(s): Enter the destination port for the rule. For example, outgoing traffic using port 80. If you leave this field blank, the rule will apply to all ports.

Delete: Press the X button to delete the rule.

Click Save Changes to save all modified settings.

Figure 3: Traffic policy with one new rule (click to enlarge)

Common Rules

Allowing and Blocking LAN or VLAN traffic

When creating your rule, enter the LAN or VLAN IP range in both the Source IP and Dest IP fields.

Allowing and Blocking traffic by port

Use Port Forwarding rulesto ensure that your DNA sends port-defined application traffic to specific machines.

Web Filters

The Web Filters feature requires open access to the IP addresses:

18.219.167.83

13.57.118.138

13.54.39.168

18.130.11.250over TCP port 53

Additional Resources

DNA: Commonly-Forwarded Ports

DNA: Adding another LAN

Topic

This article provides an overview of the Datto Networking Appliance's features. For region and hardware specification information, see Datto Networking Appliance (DNA): Region And Hardware Specifications.

Environment

Datto Networking Appliance (DNA)

Description

Index

Deployment

Accessing Your Appliance

Creating Networks

Creating LANs

Navigating the Interface

Hardware Legend

Front Faceplate

Rear Faceplate

Deployment

To deploy the Datto Networking Appliance, follow the steps in our Datto Networking Appliance (DNA): Hardware Installation guide. For an in-depth video tour of the Datto Networking Appliance, see the following video.

Getting Started with Datto Networking by Datto, Inc.

Accessing YourAppliance

The Datto Networking Appliance uses a web-based management interface. To access it, you will need to install the device and log into it using your Datto Partner Portal account. See Accessing Your Cloud-Managed AP, Switch Or DNA to learn more.

Creating Networks

To configure a wireless network, see our Datto Networking Appliance (DNA): Creating Or Adding Wireless (WiFi) Networks article. To configure the wireless network broadcast frequency that your device uses, or to globally enable or disable the broadcast of wireless networks from the appliance, review our Datto Networking Appliance (DNA): Global WiFi Settings article.

Creating LANs

You can create up to four unique LANs on your appliance. To get started, see Datto Networking Appliance (DNA): LAN Settings

Navigating the Interface

The Datto Networking Appliance features many additional customization options, which are segmented across several sections of the appliance GUI. Click a section name to learn more.

Status

System

Networks

Firewall

Applications

Diagnostics

Status Page

Figure 1: Status (click to enlarge)

The Status page provides network reporting and management options. It contains the following features. Click a feature nameto learn more.

Network Health

Network Usage

Browse Networks

Recent Events (Logs)

Router Details

Port Overview

WAN Details

VPN Tunnels

System Page

Figure 2: System (click to enlarge)

The Systempage provides system management options for your Datto Networking Appliance. It contains the following features. Click a feature nameto learn more.

DNA Settings

Global WiFi Settings

Configuration Restore

Ethernet Settings

New Port Aggregation

Networks Page

Figure 3: Networks (click to enlarge)

TheNetworkspageallows you to configure all primary networking options for yourDatto Networking Appliance. It contains the following features. Click a feature nameto learn more.

WAN Settings

WAN Load Balancing

LTE

LAN Settings

Site-to-Site VPN

Client VPN

Static Routes

New LAN

New WiFi Network

Global DNS

Firewall Page

Figure 4: Firewall (click to enlarge)

TheFirewall pageallows you to configure advanced networking and security options for yourDatto Networking Appliance. It contains the following features. Click a feature nameto learn more.

Inter-Network Accessibility

DMZ Host

Port Forwarding

1 to 1 NAT

1 to Many NAT

Outbound NAT

Advanced NAT

Failover Policy Control

Applications Page

Figure 5: Applications (click to enlarge)

TheApplicationspage allows you to set Intrusion Detection & Prevention (IDP) rules, configure web filters, and create conditional DNS forwarding and static host mapping rules.It contains the following features. Click a feature nameto learn more.

Intrusion Detection / Prevention

Web Filters

Conditional DNS Forwarding

DNS Static Host Records

Diagnostics Page

Figure 6: Diagnostics (click to enlarge)

The Diagnostics page provides tools to assess and troubleshoot a network using your Datto Networking Appliance. Click a tool name to learn more.

DNA: Ping

DNA: Traceroute

DNA: DNS Lookup

Hardware Legend

Front Faceplate

Figure 7: Front faceplate (click to enlarge)

Power

HDD Activity

Offsite server connectivity

LTE connectivity status

Green = Gigabit connectivity

Amber = ~100 Mb connectivity

Port 1 - 6 connectivity status

Green = Gigabit connectivity

Amber = ~100 Mb connectivityPort 1 - 6 activity

Rear Faceplate

Figure 8: Rear faceplate (click to enlarge)

Power switch

DC in

Factory reset pinhole

Reboot pinhole

Ports 1 & 2 (WAN)

Ports 3 & 4 (LAN)

Ports 5 & 6 (LAN)

2x USB 2.0 (currently unused)

Console Port

Additional Resources

Video: Getting Started with Datto Networking

Environment

Datto Networking Appliance (DNA)

Description

Index

2020

Server release - 2020-02-03

Version 1.20.0 - 2020-02-03

Server release - 2020-01-13

Version 1.19.8 - 2020-01-13

Previous years

2019

2018

2017

Releases

Release 2020-02-03

Server release

Improvements

Renamed Incoming Port(s) to Source Port(s) on the Traffic Policy card

Bug fixes

Fixed an issue that caused custom Inter-Network Accessibility rules to get removed when making changes to a LAN/VLAN

Release 2020-02-03

Version 1.20.0

Improvements

Implemented SNAT/DNAT, which can be managed from the Advanced NAT card in the DNA GUI.

Improved LTE Modem Manager stability

Added functionality to send an email alert if a device cannot perform a failover to LTE within 15 minutes

Bug fixes

Fixed an issue where ICMP responses from the router would be dropped if the rate exceeded 1 per second.

Release2020-01-13

Server release

Improvements

Traffic Policies now have more options to select from, including Protocol, TCP, UDP, TCP & UDP, ICMP, UDB-Lite, ESP, AH, SCTP, OSPF, All, and Other. See Datto Networking Appliance (DNA): Traffic Policy for more information.

Release 2020-01-13

Version 1.19.8

Improvements

Added additional internal diagnostic capabilities

Datto Support's internal 'vclient' tool now uses LAN DNS

Added the ability for Datto Support to use lspci for troubleshooting

Added functionality for Datto Support to collect diagnostics after an unexpected system crash

2019

Server release - 2019-12-09

Server release - 2019-11-18

Version 1.19.7 - 2019-10-14

Version 1.19.6 - 2019-09-30

Version 1.19.4 - 2019-09-16

Server release - 2019-09-11

Server release - 2019-09-04

Version 1.19.3 - 2019-08-12

Version 1.19.2 - 2019-07-30

Server release - 2019-07-10

Server release - 2019-07-09

Version 1.18.4 - 2019-07-01

Version 1.18.3 - 2019-06-17

Version 1.18.2 - 2019-06-10

Server release - 2019-06-06

Version 1.18.1 - 2019-04-29

Server release - 2019-04-25

Server release - 2019-04-02

Version 1.17.3 - 2019-03-21

Server release - 2019-03-13

Version 1.16.2 - 2019-02-04

Server release - 2019-01-11

Release 2019-12-09

Server release

Improvements

Added the 255.255.255.254 (/31) subnet mask as a selectable option on the DNA WAN card

Increased the number of additional WAN IP addresses on the DNA from 5 to 16

Vulnerability fixes

Various security-related improvements

Release 2019-11-18

Server release

Bug fixes

Resolved an error where the Copy Configuration tool displays an unspecified error when trying to copy the configuration

Release2019-10-14

Version 1.19.7

Improvements

Improved LTE failover/failback reliability

Improved reliability of VoIP call delivery while in LTE failover

Bug fixes

Resolved an issue where conditional DNS does not work over IPSec

Release 2019-09-30

Version 1.19.6

Improved LTE failback reliability

Bug fixes

Various bug fixes and enhancements

Release 2019-09-16

Version 1.19.4

Various bug fixes and enhancements

Release 2019-09-11

Server release

Improvements

Users can now specify which local subnets,static routes, and network objects are accessible in IPSec topologies.

Users can now specify a second DNS server for option 6 in DHCP Advanced Options.

DHCP Advanced Options 43 and 66 now allow for string-typed sub-options.

Global DNS now sets both the search domain and DNS suffix, so most legacy clients are still able to resolve by name.

Release 2019-09-04

Server release

Improvements

Various bug fixes and enhancements

Release 2019-08-12

Version 1.19.3

Improvements

Resolved an issue which could causeall in-progress TCP/UDP streams to stop functioning on firewall reload due to an erroneous signal from an inactive interface

Release2019-07-30

Version 1.19.2

Improvements

UI now indicates if the modem cannot find cellular service

Added functionality to DNA diagnostics tools to run ifconfig and dig commands.

Disabled TCP SACK due to vulnerability

Added multiple improvements to cellular failover handling

Improved navigation within the partner shell

Bug fixes

Fixed an issue where Ublox-based DNAs are not connecting to the LTE network

Fixed an issue where DHCP would not start if another DHCP server is on the network

Fixed an issue where UDP traffic does not adhere properly to Failover Policy Control

Release2019-07-10

Bug fixes

Fixed an issue where making changes to the WAN card configuration failed with the error message, "Sorry, applying your changes did not go as expected. Please contact support"

Release2019-07-09

Server release

Improvements

The IDP log in Recent Events now has an Action column that shows whether suspicious packages are either detected or prevented.

Release2019-07-01

Version 1.18.4

Bug Fixes

Resolved an issue where the Site to Site VPN service would restart every 5 seconds, rendering site to site VPNs nonfunctional

Release2019-06-17

Version 1.18.3

Improvements

Updated the mechanism for Datto Technical Support to gather logs on the DNA

Release2019-06-10

Version 1.18.2

Improvements

Improvements to intrusion detection and prevention

Release2019-06-06

Server release

<p"> Improvements

<li"> Partners can now configure /17, /19, /25, /26, /27, /28, and /29 subnet sizes through the

subnet

drop-down menu.

Release 2019-04-29

Version 1.18.1

Improvements

Partners can now view and execute ping commands when connected to the DNA diagnostic shell.

Partners can now view and execute traceroute commands when connected to the DNA diagnostic shell.

The DNA device UI now displays a graph of network usage across WAN ports.

IDP is now enhanced to more aggressively classify and drop bad traffic.

Bug Fixes

Resolved an issue preventing partners from creating IKEv1/v2 site-to-site VPNs with multiple subnets on each end

Resolved an issue that caused VPN connections to a DNA with multiple subnets to break after the device reboots

Fixed a problem where the DNA sends false alerts and emails indicating that primary connectivity is nonfunctional

Release 2019-04-25

Server release

Bug Fixes

Fixed an issue where the Search Domain setting did not work when using OpenVPN for Client VPN with the WAN configured for static IP

Release 2019-04-02

Server release

Bug Fixes

Resolved an issue in which clicking the Create New LAN button could cause a screen refresh, deleting all changes on the screen

Release 2019-03-21

Version 1.17.3

Improvements

The DHCP server will start, even if it detects another DHCP server on the network.

Bug fixes

Resolved an issue where LANs disabled under the Allow Access To interface were still accessible via ClientVPN

Fixed an issue in which newly-enabled siteVPNs generate an email stating the tunnel is down, then create a second email stating the tunnel is up

Release 2019-03-13

Server release

Improvements

Added a Fleet Management tab to the device UI, allowing admins to copy a DNA device's configuration and assign it to other devices

Added functionality to use custom VPN profiles with Cisco ASA, Google Cloud Platform, and some Azure configurations

Bug fixes

Resolved an issue where automatic firmware updates were not installing

Resolved an issue in which adding ten or more traffic policy rules breaks rule ordering

Release 2019-02-04

Version 1.16.2

Improvements

Added functionality to the Connected Devices card that displays approximately when a device was last seen on a network

Added functionality that only triggers the device offline alert for service-linked DNA devices

Added functionality that consolidates custom DNS search domain settings for WAN ports & LTE into one setting in the newGlobal DNScard, simplifying the process for an operator

Added functionality that allows an operator to selectAtlantic Standard Time (AST)as a time zone for a DNA

Added functionality that improves DNA alert processing time from 10 minutes to less than 1 minute

Bug fixes

Resolved an issue where a DNA could not check-in over LTE

Resolved an issue where triggered alerts displayed a timestamp five hours ahead of the local time of a DNA

Release 2019-01-11

Server release

Improvements

This release improves the readability and presentation of IDP logging.

While this functionality does not require a firmware upgrade, we've also added minor code enhancements to improve device functionality as part of 1.16.1. We recommend upgrading to the latest firmware release.

Bug Fixes

Resolved an issue that caused false positive LTE failover alerts

2018

Server release - 2018-11-28

Version 1.15.6 2018-11-09

Version 1.15.5 - 2018-10-02

Version 1.15.4 - 2018-09-12

Server release - 2018-08-28

Server release - 2018-08-16

Version 1.15.3 - 2018-08-15

Server release - 2018-07-31

Version 1.15.1 - 2018-07-26

Version 1.14.4 - 2018-06-25

Version 1.14.3 - 2018-06-05

Server release - 2018-05-17

Version 1.13.2 - 2018-05-02

Version 1.13.0 - 2018-04-18

Server release - 2018-03-22

Server release - 2018-03-15

Server release - 2018-03-14

Version 1.12.0.74147 -2018-03-08

Version 1.11.2.66162 -2018-02-27

Version 1.11 - 2018-02-13

Version 1.9.0.40368 -2018-01-24

Version 1.8.1.38278 -2018-01-10

Release 2018-11-28

Server release

Improvements

Email recipients and alerting options configured for Alerts Configuration now clear during a factory reset

Bug Fixes

Resolved an issue that prevented the same email address from using different alerting options across multiple DNAs

Release 2018-11-09

Version 1.15.6

New Features

Custom Traffic Policies: Operators can set and configure custom traffic policies that allow or block traffic by port number, IP addresses, and more. For more information, read our DNA: Traffic Policy article.

Improvements

Operators can now allow or disallow subdomains as part of blacklisting or whitelisting in the Web Filters feature.

Bug Fixes

Resolved an issue where the DNA could not connect to legacy VPN sites

Resolved an issue where DNS traffic always redirected to the LAN gateway after disabling the Web Filters feature

Fixed an issue where the DNA falsely reported that a site-to-site VPN tunnel went down

Release 2018-10-02

Version 1.15.5

New Features

Alerts and Notifications: The DNA can now send out alerts to email recipients for events such as the appliance switching to LTE failover mode, unscheduled reboots, setting modifications, and more. For more information, read the DNA: Alerts Configuration article.

Advanced DHCP Options: Operators can set advanced DHCP options on a per LAN basis.

Improvements

The Web Filters feature now allows unclassified traffic by default.

Release 2018-09-12

Version 1.15.4

Bug Fixes

Resolved an issue where IPsec tunnel initiations would not establish on a responder DNA with client VPN enabled

Resolved an issue that prevented the login page from displaying after a device GUI session had expired

Fixed an issue that could cause LTE connectivity failures on some DNA-EA5-KZ1 units

Release 2018-08-28

Server release

Improvements

Added functionality that improves management for distinct site-to-site VPN topologies

Added functionality that allows operators to remove configuration backups

Release 2018-08-16

Server release

Improvements

Added functionality that will enable operators to enable or disable the transmission of unclassified traffic through the DNA web filtering feature

Release 2018-08-15

Version 1.15.3

New Features

Network Objects - DMZ Host: Operators can now specify a network object when creating or modifying a DMZ Host.

Site-to-Site VPN IPsec policies: Operators now have full control of the IPSec policies used between the DNA and non-DNA peers.

Improvements

Added timezones for all regions with DNA availability

Added a graphical representation of network utilization per client

Added functionality that allows operators to adjust the MTU of the WAN interface

Bug Fixes

Resolved an issue where a WiFi network failed to add to a LAN lacking DHCP configuration

Resolved an issue that intercepted outbound traffic to recently modified subnets in static routes

Fixed an issue where IPsec connections timed out after 20 minutes for MacOS clients

Fixed an issue that logged false "tunnel up" events

Resolved an issue where OpenVPN user authentication failures were not sent to clients

Resolved an issue where VPN certificates failed to generate

Fixed an issue where system logs under recent events failed to load

Release 2018-07-31

Server release

Improvements

Added functionality that allows operators to select or remove all web filtering categories at once

Release 2018-07-26

Version 1.15.1

New Features:

TitanHQ Web Filter: The DNA now uses TitanHQ for an improved web filtering experience. Read the DNA: Web Filters article for more information.

Release 2018-06-25

Version 1.14.4

Bug Fixes

Resolved an issue which could cause the Datto Networking Appliance's UI to stop accepting changes in certain situations

Release 2018-06-05

Version 1.14.3

New Features

Diagnostics: Added a new page with networking diagnostic tools to the DNA GUI. For a full list of tools, see our Datto Networking Appliance: Getting Started article.

MAC Address Override: WAN interfaces assigned to the DNA can now be manually specified.

Network Objects: Operators can now limit access to port forwarding rules by Network Objects (IP ranges, subnets, etc.)

Improvements

Added functionality that will allow the DNA to auto-negotiate reconnection to a VPN peer device when failing over

Operators can now specify what LAN subnets are accessible in a site-to-site VPN setup

Bug Fixes

Resolved an issue where connecting to OpenVPN using the same credentials as another active session will cause that user to disconnect

Release2018-05-17

Server release

New Features

Customizable Description Field: From the DNA Settings card, operators can label their DNA with a description separate from its hostname to assist with fleet management.

Bug Fixes

Resolved an issue where removing a spoke site in a multi-VPN setup would cause the hub DNA to lose all its configuration

Release 2018-05-02

Version 11.13.2

Improvements

For DNA-NA5-US units only, changed the default APN for the LTE connection to improve performance

Bug Fixes

Resolved an issue which caused an undesirable modification of SIP packets under certain circumstances

Release2018-04-18

Version 1.13.0

New Features

WAN Load Balancing: Allows an operator to configure the DNA to use multiple WAN connections for increased throughput, per-WAN load percentages to allow optimal performance in deployments with asymmetric link capacity, and local subnets to prefer either the ISP 1 or ISP 2 interface.

Ethernet Settings:Adds a configuration card that allows an operator to adjust link speed and duplex settings for the appliance's physical ports.

Failover Policy Control: This feature allows an operator to interrupt existing sessions for LAN clients during transitions to and from4G LTE failover, and to specify how the DNA disrupts the sessions.

Improvements

Renamed the "Static Host Mapping" card to "DNS Static Host Records" for clarity

Bug Fixes

Resolved an issue which could cause the Datto appliance's LTE modem to take a long time to initiate after a hard device reboot

Resolved an issue that could cause upgrades to time out and fail as a result of a slow WAN connection

Resolved an issue that could cause intermittent connectivity problems with device LTE modems

Release2018-03-22

Server release

Bug Fixes

Resolved an issue which could cause certain recent events activity to not display on the Recent Events card

Release2018-03-15

Server release

Bug Fixes

Resolved an issue which could cause the DNA to become flooded with jobs, preventing operators from managing the device

Release2018-03-14

Server release

Improvements

Custom DNS for LTE Failover:Added functionality to allow device operators to apply existing custom DNS settings to the LTE interface.

Reorganized Device UI:The Datto Networking Appliance's user interface has been revamped to enhance navigation and promote ease of configuration. You can learn more about the new user experience by watching our UI tour video. For a full list of features, see our Datto Networking Appliance: Getting Started article.

Bug Fixes

Fixed an issue which could prevent the appliance's secondary WAN IP address from being displayed in the Network Overview panel

Resolved an issue that prevented appliances from saving WAN configurations where the SSID contained an emoji

Release2018-03-08

Version1.12.0.74147

Improvements

Operators are now able to configure WiFi frequencies on devices authorized for service in Australia and New Zealand

Bug Fixes

Resolved an issue where LTE did not work out-of-box for specific models, which required operators to register the DNA through a wired LAN connection as a workaround

Resolved an issue that could cause DHCP relay and static DHCP leases to interfere with the display of IP address for connected clients

Release2018-02-27

Version 1.11.2.66162

New Features

Port Aggregation Status: Allows an operator to see the status of aggregated ports to verify that they are working as expected and to troubleshoot issues.

Bug Fixes

Global WiFi Settings Toggle: Changed wording on the Global WiFi Settings card's on/off toggle to clarify its meaning

Fixed an issue that could prevent the description field on a configured WiFi card from being edited if an operator entered a blank value

Fixed an issue that prevented DHCP leases from being removed on the deletion of a VLAN

Fixed an issue that could cause an operator to be repeatedly prompted for credentials when connecting to an IKEv2 client VPN

Release2018-02-13

Version 1.11

Improvements

The DNA now supports a subnet mask for /30, which is typically configured for LANs connecting to a point-to-point subnet

IPsec Profiles: Allows an operator to apply policy and encryption optimizations to a Site-to-Site VPN connection which are appropriate to the profile of the IPsec endpoint in the connecting environment

VPN Re-Key Improvements: The DNA will now create a new VPN tunnel before tearing down the existing one during the Automatic Tunnel Restart process, delivering a more seamless experience and ensuring connection continuity for devices connected through Site-to-Site VPN

Release2018-01-24

Version 1.9.0.40368

New Features

Inter-Network Accessibility: Allows an operator tospecify firewall rules between VLANs configured on the DNA, providing greater control over which VLANs can communicate with other VLANs

Static Host Mapping:Allows an operator to specify an IP address to resolve for a given hostname when queried by an internal client on the LAN

Port Forwarding: Allows an operator to specify a source IP when directing incoming network traffic to specific destinations within the LAN (firmware update not required)

Port Aggregation: Allows an operator to combine two or more NICs to act as a single logical link (LACP interface), enabling improved connection performance and redundancy for inter-network traffic passing through the DNA

Port Aggregation requires firmware 1.6.0 or above. Datto recommends firmware version 1.9.0.40368 for best results

Bug Fixes

Fixed an issue that could cause the DNA to show an update banner when an update was not available

Fixed an issue that could cause the Test Failover button to time out prematurely

Fixed an issue that could cause large subnets assigned to a LAN to report duplicate device connections

Fixed an issue that could cause IDP (Snort) to fill logs with ping reports for 8.8.8.8 and 8.8.8.4

Release2018-01-10

Version 1.8.1.38278

New Features

Outbound NAT Support: Allows an operator to configure firewall rules which route traffic through alternate source IP addresses in the private subnets. This feature requires more than one static IP and permits you to specify which external IP address to use for a given host (one IP) or subnet

PPPoE Support: Allows an operator to configure either WAN connection to pass a username and password to an ISP connection, so that the connected router can authenticate to the modem

Seamless Site-to-Site VPN Failback: Preserves existing Site-to-Site VPN connections during a network transition

Bug Fixes

Fixed an issue that could cause the DNA to bring down an incorrect VPN tunnel when more than one connection is defined

2017

Version 1.6.0 - 2017-11-21

Version 1.5.3.99 - 2017-11-09

Version 1.4.4.93 - 2017-10-23

Server release - 2017-10-20

Version 1.4.0 - 2017-10-16

Version 1.3.4 -2017-10-09

Version 1.2.2.82 -2017-09-19

Server release 2017-09-07

Server release 2017-08-28

Server release - 2017-08-23

Server release - 2017-08-21

Server release - 2017-08-15

Version 1.0.5.75 - 2017-08-07

Version 1.0.4.74 - 2017-08-03

Server release - 2017-07-24

Version 0.9.1.65 - 2017-07-12

Server release - 2017-07-10

Server release - 2017-06-27

Server release - 2017-06-14

Version 0.9.0.64 - 2017-06-13

Server release - 2017-06-12

Version 0.8.4.58 - 2017-05-19

Server release - 2017-05-15

Server release - 2017-05-11

Version 0.8.0.54 - 2017-05-10

Server release - 2017-05-04

Version 0.6.1.51 - 2017-04-04

Server release - 2017-03-09

Server release - 2017-03-01

Version 0.5.4.45 - 2017-02-28

Server release - 2017-02-23

Version 0.5.3.44 - 2017-02-14

Server release - 2017-02-08

Server release - 2017-02-06

Release2017-11-21

Version 1.6.0

New Features

DHCP Relay: Allows an operator to configure a DHCP server external to the DNA for more centralized management of client IP addresses

Automatic VPN Tunnel Restart: lets operators specify a timeframe for re-keying site-to-site VPN tunnels after they are created

Automatic VPN Failback: When using a failover connection, site-to-site VPN will now automatically fail back to the primary WAN when it healths is restored

Bug Fixes

Fixed an issue that could cause the DNA to prompt for a subnet mask when configuring LANs incorrectly

Release2017-11-09

Version 1.5.3.99

Improvements

Client VPN: Added enforcement of server certificate verification. The OpenVPN server must now present a compatible certificate before the client trusts the connection.After installing this firmware update, you will need to download new VPN Gateway Certificates and OpenVPN Config Files from the Client VPN card. Old certificates will no longer work

Bug Fixes

Fixed an issue that could cause the LTE connection to appear as unavailable when in actuality, the modem for LTE was becoming unresponsive. This fix will allow the DNA to recognize the modem state and re-establish communication

Fixed an issue that could prevent the DNA from going into LTE failover mode when an upstream device, such as an ISP modem, was disconnected

Release2017-10-23

Version 1.4.4.93

Improvements

Updates to the Datto Networking Appliance, providing enhanced time zone support

Bug Fixes

Fixed an issue that could cause IPSec traffic to stop when specific interfaces were detached and reattached to the system by an operator

Release2017-10-20

Server release

Terms of Service Updates

All device operators will be prompted to acknowledge the updated Terms of Service at the next device login. Once acknowledged, the Terms of Service prompt will not reappear

Release2017-10-16

Version 1.4.0

Improvements

Updates to the Datto Networking Appliance providing additional modem and SIM support

Release2017-10-09

Server release

New Features

Added functionality to allow the appliance to notify an operator of WAN / LAN conflicts from the Status page

Added a conditional DNS forwarding feature which allows the DNA to use a custom target IP address to resolve requests for specific URLs

Improvements

Added functionality to allow an operator to configure /16 subnets(subnets with a theoretical maximum of65,536 addresses)

Added functionality to allowVPN clients access hosts behind a site-to-site connected remote DNA

Bug Fixes

Fixed an issue that blocked some IP address from passing through the firewall of the DNA and prevented OpenVPN from working

Fixed an issue that could cause site-to-site VPN tunnels to drop unexpectedly and fail to self-heal

Release2017-09-19

Version 1.2.2.82

New Features:

Added functionality to allow an operator to view the status of a Site-to-Site VPN connection

Added functionality to allow an operator to view the local subnets required to configure non-DNA clients

Improvement

Added the ability for the DNA to fall back to static DNS information if local DNS information is unavailable

Bug Fixes

Fixed bandwidth data reporting of IP addresses for statically-addressed WiFi clients

Fixed an issue that could prevent the LTE modem from coming back up on device reboot

Fixed an issue that could cause prevent device check-in under specific conditions

Fixed an issue that could prevent ping requests from passing overlte0

Fixed an issue that could prevent IKEv2 users from being shown in the device UI

Fixed an issue that could cause unsupported device features to appear in the device UI on older DNA platforms

Fixed an issue that could cause LAN information not to report connected devices

Fixed an issue that prevented the More Info button for connected devices from displaying device information

Fixed an issue that could prevent DHCP leases from being retained by the DNA when the Cancel button was clicked during a LAN card edit

Release2017-09-07

Server release

New Feature

Added functionality to allow the assignment of multiple networks to a single LAN port throughVLAN tagging

Bug Fixes

Fixed an issue that could preventthe DNA's LTE connection from resuming after a device reboot

Fixed an issue that prevented the device from displaying IKEv2 users in the GUI

Fixed an issue that could cause userIDs to fail to update after Partner Portal log out

Fixed an issue that required users to double-click the Cancel button to cancel an edit on the VLAN card.

Release2017-08-28

Server release

New Feature

IKEv2 Support for Mac:Adds IKEv2 support for Mac devices connecting via VPN

Bug Fixes

Fixed an issue that could cause internal clients to be unable to reach port forwarded services using NAT reflection

Fixed an issue thatcaused intermittent timeouts when accessing the Top Applications pie chart

Fixed an issue that couldprevent IKEv2 traffic from reaching the DNA

Release2017-08-23

Server release

Bug Fixes:

Fixed an issuewhich could cause latency in the DNA portal and intermittent red banners to appear in the GUI

Release2017-08-21

Server release

New Feature:

Configuration Restore:Allows an operator to restore the appliance to a previously saved configuration. The device will now back up its current settingswhen a user makes a configuration change

Improvements

Site-to-Site VPN:

Restored the 'Reset Connection' connection button to the Site-to-Site VPN configuration card

Added functionality to lock the UIif the DNA is configured as a spoke

Improved UI badging to more clearly indicate the role of each connection in a static configuration

Bug Fixes

Fixed an issue that could cause subdomain name length validation to be skipped on check-in

Fixed an issue that could cause multi-site-to-site migration to fail for very old siteVPN configurations

Fixed an issue that could prevent anoperator fromediting only the router addresswhen configuring a subnet

Release2017-08-07

Version1.0.5.75.

Improvement:

Improves algorithm to determine LTE signal strength based on actualconnectivity and ping.

Release2017-08-03

Version1.0.4.74

New Feature

Top Applications Reporting (Layer 7 DPI):Partners can view data usage on a per-application basis from the Network Usage card. Requires firmware version 1.0.4 or higher

Added update to OS that enables application data reporting through the UI

Improvement

Improved signal strength reporting through the UI

Release2017-07-24

Server release

Features

1:Many NAT.Partners can now configure a 1:Many NAT environment through the GUI of the DNA appliance

Release2017-07-12

Version0.9.1.65

Bug Fixes

Fixed an issue withLTE failover which could cause the DNAto stop checking in

Fixed an issuewhich caused the Network Overview pane not to display OpenVPN connection details

Fixed an issue which could cause the DNA to display an incorrect network gateway in the WAN Details pane

Release2017-07-10

Server release

Features

1:1 NAT.Partners can now configure a 1:1 NAT environment through the GUI of the DNA appliance

Release2017-06-27

Server release

Bug Fixes

Fixed an issuethat could cause theDNA to stop checking in after saving DHCP static reservations

Fixed an issue that could cause the client and site-to-site configurations to be superseded by port forwards

Release2017-06-14

Server release

Features

OpenVPN Integration:Partners can now use OpenVPN to establish an SSL client VPN connection to the Datto Networking Appliance

Release2017-06-13

Version0.9.0.64

Features

DNA auto-update.DNA auto-update allows an operator to configure a schedule for the DNA toautomatically update if and when there is a device update available, and if set parameters are met. The DNA does not send device updates without being manually initiated. The auto-update feature is off and not configured by default.

OpenVPN.This feature allows a user to configure an SSL Client VPN connection using the same client VPN feature currently in place. When enabled, the subnet is divided in two, allowing half of the subnet to use IPSec IKEv1 or IKEv2 client VPN connectivity, while allowing the other half of addresses to be configured for SSL (OpenVPN) client connectivity

Improvements

Increased the DNA connection tracking table to accommodate larger end-users with more connected clients

Improved the modem manager to enhance logging and improve overall LTE modem performance

Release2017-06-12

Server release

Features

Site-to-Site VPN - Phase 3:When a DNA is configured for site-to-site VPN, the initiating DNA will tell the responder DNA to configure itself as the other VPN endpoint, performing all necessary handshakes automatically. This step eliminates additional configuration steps currently required for setting up site-to-site VPN

DNA Auto-Update:DNA auto-update allows an operator to configureupdate windows duringwhich the DNA will automatically check for and apply software updates. The auto-update feature is off by default and must be manually enabled by the operator

Improvement

Hostname character limit:The UI now enforces 63 maximum characters per DNS name segment when configuring hostnames. This character limit is consistent with the RFC1123 standard

Release2017-05-19

Version0.8.4.58

Features

DNA now uses Verizon recommended MTU and MSS values on LTE interface, improving performance when in failover

Use the DNA’s internal resolver and search domain while connected via client VPN, enhancing the usability for clients connecting and accessing local resources that require a local resolver

Bug Fixes

Fixed issue with client VPN where clients behind the DNA are sometimes inaccessible

Fixed issue with client VPN (ike1) where it connects but does not send traffic over the tunnel

Fixed issue where web filters “Ad Networks” was on by default

Fixed issue where client VPN outbound client traffic was affected by port forwarding

Fixed an issue where the DMZ stopped the client VPN from being able to connect

Fixed issue where creating a new LAN prevents site-to-site VPN from working on previous LANs

Release2017-05-15

Server release

Feature

Configurable Channel Width:Allows operators to switch between the 20Mhz and 40Mhz WiFi channels to select the setting that best meets their needs

Improvement

Local DNS Resolution:This improvement ensures that clients remotely connecting over VPN will be able to resolve hostnames from a DNS server running on the DNA

Bug Fixes

Fixed a bug that could cause a rendering issue with the Domain Whitelist / Blacklist'sDeletebutton

Fixed an issue where creating a new LAN could cause site-to-site VPN to not work on previously configured LANs

Release2017-05-11

Server release

Bug Fix

Fixeda VPN issue causing statically-assigned WAN IP addresses to appear in the local and remote subnet data used to populate firewall rules and site VPN IPsec configurations

Release2017-05-10

Version0.8.0.54

Features

Client VPN status now displays in DNA management UI- Under Browse Networks, there is now a tab for VPN. This tab will provide detailed information on what is currently connected and the duration of that connection in real-time

Client VPN (Windows) no longer requires a third-party application- This is also known as IKEv2. Essentially the DNA facilitates a method to build a cert to deploy on clients running a Windows OS that once applied, eliminates the need for a third-party application

Bug fixes

Fixed an issue where some websites had been blocked, even after turning off web filtering. Note that you may still need to clear the cache on the client's OS and Web Browser. The DNA does not currently have access to this

Fixed an issue where the device stopped collecting bandwidth data aftera long period since a reboot

Fixed the absence of "DNA booted" message when DNA boots in System Events

Fixed an issue where enabling Site to Site VPN broke the UI

Release2017-05-04

Server release

Features

Client VPN Status:Adds a GUI element to provide a real-time view of all devices and clients connected to a DNA

Site-to-Site VPN - Phase 2:Adds one-click configuration when setting up a site-to-site VPN connection, eliminating manual steps. Also adds auto-discovery of WAN IP and LAN IP ranges, and auto-generates and assigns a new Pre-Shared Key (PSK) to the DNA

IKEv2 for Client VPN:Adds support for native VPN connections to remove the dependency on third-party VPN applications to connect to a DNA's LAN

Improvements

Added enforcement of RFC standards for device hostname entriesto harden the appliance against specific networking configuration issues

Bug Fixes:

Fixed an issue that could cause configuration cards tonot sync with configuration changes

Fixed an issue that caused theUI to allow slashes in the device hostname, which would break DNS as a result

Fixed an issue that could cause the UI to display a blank Network Overview page when enablingSite-to Site-VPN

Release2017-04-04

Version 0.6.1.51

Features

Fixed a bug where, in some scenarios, when creating a new VLAN with DHCP Pool, connected clients are unable to obtain an IP Address. The previous workaround required a reboot

Update initiated + Version upgrading to + user / process (if automated) that initiated

Update successful + New Version

Update failed + Version failed to upgrade to

WAN/LTE Interface up + human-readable Interface (not VLANX)

WAN/LTE Interface down + human-readable Interface (not VLANX)

Factory reset + user that initiated

System Start Time

Fixed bug where a factory reset breaks web filtering -Details in previous versions of DNA performing a factory reset broke web filtering

Fixed bug where LAN shows WAN/LAN conflict when newly created- Previously when creating a new LAN in the UI it showed the message that a WAN/LAN subnet conflict was resolved, even though that wasn't the case since the LAN didn't exist yet

Improved "Site Blocked" page served up when web filter rule is triggered- Language referencing the DNA has been removed, and general syntax has been updated

Implementation of Dynamic DNS (DDNS)- The DNA now provides a persistent addressing method for the DNA so that WAN IP address changes will not impact services that require a consistent inbound address

DNA Now supports system logs in Network Overview- The DNA now collects and reports system logs for the following events:

Added whitelist and blacklist for web filters- The DNA Web Filtering feature now supports adding whitelists and blacklists for specific sites to work in combination with existing web filter categories

Site to Site VPN support- The DNA now supports IPSec Site to Site VPN betweenanother DNA

IP Address Reservations (DHCP Reservations):Allows the reservation of a static IP, within a subnet range of a VLAN, to be statically assigned to a specific device by MAC Address,on a per-VLAN basis

Update initiated + Version upgrading to + user / process (if automated) that initiated it

Update successful + new version

Update failed + version failed to upgrade to

WAN/LTE Interface up + human-readable interface (not VLANX)

WAN/LTE Interface down + human-readable interface (not VLANX)

Factory reset + user that initiated

System start time

Remote Power-Cycle DNA:Adds a UI element to allow ‘soft’ reboot functionality of the DNA through the DNA management interface

Dynamic DNS:Provides a persistent addressing method for a DNA so that WAN IP address changes will not impact services that require a consistent inbound address, e.g., for local exchange server, client VPN server. The DDNS name is factory configured and is not user-configurable

Web Filtering Whitelisting / Blacklisting:In addition to web filter categories, the DNA now offers the option of adding sites to either whitelists or blacklists

System Logging:Adds a UI element to reportDNA system events; this is a view-only system log which displayshistorical changes on the DNA

Bug Fixes

Fixed an issue that could cause a falseWAN/LAN conflict message on initial LAN creation.

Adds firewall rules to allow traffic between VPN endpoints across the tunnel, ensuring that a client system behind a DNA can communicate with a client system behind another DNA, even with the firewall running. It also ensures that client systems can communicate across a tunnel, yet when a tunnel drops and is restarted

Fixes an issue that could cause afactory reset not correctly to refresh the UI

Release2017-03-09

Server release

Bug Fix

Fixes an issue that could causesome DNAs to be unable to communicate across the Client VPN tunnel

Release2017-03-01

Server release

Bug Fixes

Fixed an issue that could cause a static WAN IP tonot display on theWAN Card after being configured

Fixes an issue that could cause network interruption whenchanging a WAN description

Release2017-02-28

Release 0.5.4.45

This release includes client-side updates that require new software downloads. You should upgrade your device to ensure the best results

Features

Updates to heartbeat:Heartbeat controls the DNA's check-ins with its webserver to orchestrate communications. This update makes the service more robust

Hardening the LTE modem manager:this hardening ensures that your DNA will get a single IP address from Verizon without rebooting the modem or DNA

Release2017-02-23

Server release

Bug Fixes

Fixeda validation issue which allowed operators to save blank custom DNS fields, causing connectivity issues

Fixed a UI setting that caused theLAN Segregation card always to show LANs as segregated even with the LAN Segregation featuredisabled

Fixed an issue that could cause a user's Partner Portal session to remain logged in after the user logged out of the DNA

Fixed an issue that caused changes made to the description of a configured WiFi network to remove existing MAC Filters

Fixed an issue that could cause WiFiconfiguration attributes to be cleared when changing an associated VLAN setting

Release2017-02-14

Release 0.5.3.44

This release includes client-side updates that require new software downloads. You should upgrade your device to ensure the best results

Features

Changes to VLAN card disabled when using Client VPN:You are nowunable to save changes to the VLAN card while the Client VPN is enabled

Fixed issue with intermittent dropped connections by Verizon:For some customers, connectivity could become intermittently disrupted when operating in failover on Verizon LTE

This update ensures connected clients on both VLAN and WiFi remain connected when in LTE failover without disruption to connectivity

Release2017-02-08

Server release

Bug Fixes

Fixed an issue that could cause the device to stop checking in when multiple users are logged into its interface

Release2017-02-06

Server release

Improvements

Added functionality givingan operatorthe ability to view multiple DNAs in different browser windows

Added UI notification when a WiFi network is associated with a LAN that does not have a DHCP pool

Added failover status to the Portal API

Bug Fixes

Fixed an issue that could cause the current WiFichannel to appear blank in theUI when set to "auto"

Fixed an issue that could cause WiFi card information to appear blank after saving

5

Topic

This article provides the hardware specifications and region availability for the Datto E310-48 48-port Ethernet Switch.

Environment

Datto E310-48 Switch

Description

Datto E-Series switches are the next evolution in the Datto Networking switch lineup.

Device Layout

Figure 1: E310-048 layout (click to enlarge)

1. System LED

2. Mode indicator LEDs

3. Console Port

4. 10/100/1000 RJ45 ports

5. Port status LEDs

6. 1G/10G SFP+ Ports

Technical Specifications

Port Configuration

Total Ports

52

RJ45 (10 MB/100 MB/1 GB)

48

SFP+ Ports (1 GB/10 GB)

4

PoE Capable Ports

Ports 1-48

Hardware Performance

Forwarding Capacity

130.944 Mpps

Switching Capacity

176 Gbps

MAC Table

32 K

Jumbo Frames

14000 Bytes

Environmental Range

Operating Temperature

32 to 122 F / 0 to 50 C

Storage Temperature

-4 to 158 F / -20 to 70 C

Operating Humidity Range

Up to 95\%, non-condensing

Dimensions and Weight

Dimensions (W x H x D)

17.4 x 1.73 x 14.8 inches / 442 x 44 x 375 mm

Weight

12.21 lb / 5.53 kg

Mounting

Desktop, Rack Mount (included)

Power, Voltage and Frequency

Input Voltage

100-240V AC

Input Frequency

50/60 Hz

Power Supply

Internal power supply

Power Connector

IEC C14

Power Cable

US/EU/UK/AU

Idle Power Consumption

42W

Max. Power Consumption

780W

Rated Air Discharge

Protection (ESD)

8KV

Rated Contact Discharge Protection (ESD)

4KV

Power Over Ethernet

PoE Budget

740W

PoE Standard

IEEE 802.3at/af up to 30W per port

IEEE 802.3az (EEE)

PoE Management

PoE Scheduled Reboot

PoE Power Monitoring

User Defined PoE Budget Limits

PoE Sequential Power-On

Power Control per Port

Power Class Configuration

Other Management Tools

Cable Diagnostics

Certifications

Safety

UL 60950-1:2005 + Am 1:2009 + Am 2:2013

EMC

EN 55024:2010/A1:2015

EN 55032:2015/AC:2016 Class A

AS/NZS CISPR 32:2015 Class A

EN 61000-3-2:2014

EN 61000-3-3:2013

IEC 61000-4-3

IEC 61000-4-4

IEC 61000-4-5

IEC 61000-4-6

IEC 61000-4-8

IEC 61000-4-11

EMI

FCC 47 CFR Part 15B, Class A Digital Device

ICES-003 Issue 6, Class A

ANSI C63.4

CISPR PUB. 22

Environmental

RoHS

Topic

This article describes access point information available inthe Datto Networking App.

Environment

Datto Networking App

Datto Access Points

Index

Overview

Procedure

Name and Settings

Health

Statistics

System

WiFi

Description

The Datto Networking App Shows you the status of your access points and lets you perform basic configuration changes.

Navigating to access points information

1. In the Networks page, scroll to the network that houses your access point.

Figure 1: A Network with View Network and Access Points selected

2. Press View Network, or Access Points.

3. Press the access point for which you wish to view information.

Figure 2: An example access point

The Access Points screen

The following information and actions are available for your access point:

Name and Settings

Figure 3: Device name and settings

A. Press the back arrow icon to return to the previous page.

B. Press the pencil icon to edit the name of your access point.

Health

The Health section shows you information about the access point's uptime and connectivity:

Last Check-in: This rowshows the last time the device checked-in to Datto's servers.

Check-in History: Here you can see a graphical timeline of device check-ins.

Uptime: This rowdisplays how long the device has been powered on; PressReboot to restart the access point.

Locate mode: Turning Locate mode on rapidly flashes the access point's LEDsfor easy visual identification. Press Enable to activate Locate mode.

Figure 4: Access point health(click to view a larger image)

Statistics

Click the Statistics heading to expand a list of operation statistics for this access point.

Figure 5: Statistics (click to view a larger image)

Channel (2.4 GHz): Displays the configured channel the access point is broadcasting on the 2.4 GHz wireless frequency band

Channel (5 GHz): Shows the configured channel the access point is broadcasting on the 5 GHz wireless frequency band

Hops: Shows the number of device mesh hops this access point is from its configured gateway

Usage: Displays an overall average of connected client data usage

Traffic: Shows a graphical timeline of connected client download and upload usage

System

The System screen shows you your network and firmware information.

Figure 6: System (click to view a larger image)

Network: This row shows the name of the network the access point is on. PressMove to move this device to a different network.

MAC Address: This row displays the MAC device's MAC address. To change the MAC address, pressReplace.

LAN IP Address:This row shows the device's internal IP address.

Mesh IP Address:This row displays the Mesh-healing IP address of the device.

Firmware Version:This row shows the firmware the device is currently running.

PressSaveto save all modified settings.

Topic

This article contains software release notes forVersion 2.0and belowof the Datto Windows Agent.

This version of the Datto Windows Agent is no longer in active development, but it will continue to receive maintenance updates.

For Version 2.1 and above, see our Datto Windows Agent (DWA) Version 2.1 and above: Release notes article.

For guidance about which Datto Windows Agent version is right for your protected system, review our Getting Started with the Datto Windows Agent article.

Environment

Datto Windows Agent 2.0 and below

Description

Releases

2020

Agent Version 2.0.10 - 2020-02-03

Previous years

2019

2018

2017

Release 2020-02-03

Agent Version 2.0.10

Hotfix

Fixed an issue that caused backups for Datto Windows Agent Version 2.0.9 to fail with, "Operation timed out after 0 milliseconds with 0 out of 0 bytes received"

Fixed an issue that could cause pairing operations to fail with the error, "The backup agent on this system is out of date and no longer supported," for Datto Windows Agent 2.0.9 installations

2019

Agent Version 2.0.9 - 2019-06-10

Agent Version 2.0.8.0 - 2019-01-28

Release 2019-06-10

Agent Version 2.0.9

Bugfixes

AGENTS-1269:Resolved an issue which could cause logging failure of certain errors related to volume discovery

AGENTS-453:Fixed an issue which could cause the agent software to be unable to pull new certs (2.0.X)

AGENTS-1406:Resolved a scenario in which backups for systems protected by the Datto Windows Agent could fail with the error,"err: 33"

AGENTS-1422:Resolved a scenario in which backups for systems protected by the Datto Windows Agent could fail with the error, "system time to local time failed"

AGENTS-1452:Fixed an issue which caused the backup agent software to report Windows Server 2019 installations as Windows Server 2016 incorrectly

Improvements

AGENTS-1479:Added logic to protect backup threads from getting hung on long-running VSS operations

AGENTS-1611:Improved the agent installer to prevent the installation of Version 2.0 agent software over existing Version 2.1 installations

AGENTS-1631: Improved Windows Update backup validation to avoid unnecessary differential merges

Release 2019-01-28

Agent Version 2.0.8.0

Bugfixes

AGENTS-1347:Resolved an issue which prevented iSCSI fallback from functioning on DWA 2.0

AGENTS-1350: Added logic to check for and prevent the installation of DWA version 2.0 on systems where the Direct to Cloud (DTC) agent is already present

Vulnerability Fixes

AGENTS-1383: TheAPI Key for CSR requestsno longer appearsin plaintext

Tech Work

AGENTS-638: Resolved an issue which could causeGetVolumeInformation calls to protected machines to fail with Error Code 0

AGENTS-1253: Resolved an issue which could cause failed API calls to prevent WindowsServer 2003 machines from sleeping

2018

Agent Version 2.0.7.2 - 2018-11-08

Agent Version 2.0.7.1 - 2018-10-31

Agent Version 2.0.7 - 2018-10-25

Agent Version 2.0.5.1 - 2018-09-10

Agent Version 2.0.5 - 2018-07-31

Agent Version 2.0.3 - 2018-06-20

Back to top

Release 2018-11-08

Agent Version 2.0.7.2

Bugfixes

AGENTS-1332: Resolved an issue that could cause backups to exceed 100\% of their estimated transfer size

Release 2018-10-31

Agent Version 2.0.7.1

Bugfixes

AGENTS-1310: Resolved an issue that could cause backup failures under certain low memory conditions

Release 2018-10-25

Agent Version 2.0.7

Improvements

AGENTS-1115: Adjusted logging thresholds for certain expected events

AGENTS-1275: Agents should report the same fields as 1.1 to support backup of 4Kn drives

Vulnerability Fixes

AGENTS-1148: This fix disallows device connections using low/medium strength cipher algorithms

Bugfixes

AGENTS-1279: Resolved an issuethat could cause backups to fail due to invalid sector reads for systems protected by version2.0.5.1 of the Datto Windows Agent

AGENTS-1280:Resolved an issuethat could cause screenshot failures forsystemsprotected by version2.0.5.1 of the Datto Windows Agent

AGENTS-803: Resolved an issue which could cause"- /host response missing os_version expected by Siris"failures under certain circumstances

AGENTS-1237: Resolved an issue that could cause automatic updates of the Datto Windows Agent to fail when only the build number changes

AGENTS-1238: Resolved an issue which caused noisy and incorrect severityFBRE/CopyChunkRanges logs

AGENTS-1276: Resolved an issue that caused screenshot verification to fail when the protected system's OS volumereportedincorrectly to the device

AGENTS-1278: Resolved an issue which prevented BMR autopartitioning from functioning for EFI systems running DWA 2.0.5.1

AGENTS-1084: Resolved an issue which caused driver block size calculation to be incorrect and cause backups to fail onextremely largevolumes

AGENTS-1123: Resolved an issue where VSS failures to prepare for backup could cause an unnecessarydiffmerge

AGENTS-1146: Resolved an issue that could cause non-NTFS volumes to report to the device incorrectly

AGENTS-1152: Resolved a scenario in which failure to delete old log files caused backups to fail

AGENTS-1201: Resolved an issue which could cause the DattoCtrl file to be 10xlargerthan it should be forvery largevolumes

Release 2018-09-10

Agent Version 2.0.5.1

New Features

AGENTS-385: This enhancement adds full backup detection logic to the Datto Windows Agent engine to help prevent your appliance from filling up prematurely. Full backups will now only occur during the first snapshot of a protected volume or after an operator destroys the live dataset ofa volume. Otherwise, your Datto device will stop the full backup, perform an automatic rollback, and initiate a differential merge.

Vulnerability Fixes

AGENTS-375: Resolved an issue which could enable DattoBackupAgentService to run an executable not enclosedin quotes

AGENTS-1033: Fixed a vulnerability where the agent would accept connections from devices using the insecure TLS 1.0 protocol; now, only device connections using TLS 1.1+ willbeaccepted

Bugfixes

AGENTS-307: Improved iSCSI / Mercury connect logic to be more resilient by retrying whenconnectionsfail

AGENTS-377: Resolved an issue that caused the first backup of a protected volume to be a differential merge instead of a full

AGENTS-390: Resolved an issue which prevented the Datto Windows Agent uninstaller from removing services and caused it to leave artifacts behind

AGENTS-397: Resolved an issue which caused a differential merge on reboot after disabling Windows updateson the protected system

AGENTS-438: Corrected a formatting error for Datto Windows Agent events (EventLog) in Windows Event Viewer

AGENTS-716: Fixed an issue which caused /pair endpoint in re-pair scenarios to return "null" response on success

AGENTS-981: Fixed a typo in the Datto Windows Agent log output

AGENTS-252: Fixed an issue which allowed protected machines to sleep while backing up

AGENTS-775: Fixed a bug wherenon-4K block size volumes could fail to back up

AGENTS-992: Fixed a bug which could cause incremental changeset data to fail to be rolled forward in cases ofincrementalbackup failures or interruptions

AGENTS-1027: Fixed a bug which could cause curl requests to output unformatted JSON

AGENTS-1037: Fixed a bug where the agent revision version numberwas omittedfrom the full version string

AGENTS-1045: Fixed a bug which could cause iSCSI differential merge backups to behave like full backups

AGENTS-1082: Fixed a bug which could cause a small amount of memory to leak when making outbound curl requests

AGENTS-1116: Fixed a bug which could cause unnecessary differentialmergeswhen a backup failed before snapshot mode

Improvements

AGENTS-283: Added logic to cancel a backup in progress if the Datto devicerequests to start a new backup

AGENTS-284: Added boot time to the host command

AGENTS-305: Added the current redistributable version to /host

AGENTS-394: Added reporting to record whether a given backup was a full,

differential merge, or incremental

AGENTS-13: Added MercuryFTP support for Windows

AGENTS-1013: Lowered the severity of the "volume size divisibility" logging messages to

debug-level

AGENTS-1074: Lowered the severity of the "read less" logging messages to debug level

AGENTS-468: VSS backup failures will no longer trigger differential mergeswhen falling back to DBD

AGENTS-1099: Improved Mercury V1 re-connection logic to be more resilient

Release 2018-07-31

Agent Version 2.0.5

NOTE:This release is targeted explicitly at existing DWA 2.0.3 installations to address the issues listed below. Neither download.datto.com nor any other current DWA versions will be affected by this release. A schedule for wider deployment willbe available in the future.

Improvement

AGENTS-468: As a protected agent, I want VSS backup failuresnot to trigger differential merges when falling back to DBD, so my backups are more efficient

AGENTS-1099: Improved Mercury V1 re-connection logic to be more resilient

Vulnerability Fixes

AGENTS-1033: Fixed a vulnerability where the agent would accept connections from devices using the insecure TLS 1.0 protocol - now only device connections using TLS 1.1+ will beaccepted

Bugfixes

AGENTS-775: Fixed a bug wherenon-4K block size volumes could fail to back up

AGENTS-992: Fixed a bug where incremental changeset data would fail to be rolled forward in cases ofincrementalbackup failures/interruptions

AGENTS-1027: Fixed a bug where curl requests would output unformatted JSON

AGENTS-1037: Fixed a bug where the agent revision version numberwas omittedfrom the full version string

AGENTS-1045: Fixed a bug where iSCSI diff-merge backups would behave like full backups

AGENTS-1082: Fixed a bug where a small amount of memory couldleakwhen making outbound curl requests

AGENTS-1116: Unnecessary diff-merge when a backup fails before snapshot mode

AGENTS-1013: Lowered the severity of the "volume size divisibility" logging messages to debug-level

AGENTS-1014: Lowered the severity of the "read less" logging messages to debug-level

Release 2018-06-20

Agent Version 2.0.3

New Features

AGENTS-385: As a Partner using a Datto agent, I want to avoid receiving full backups and insteadreceivedifferential merges to avoid performing rollbacks or prematurely filling my device

Vulnerability Fixes

AGENTS-562: Enabled compiler generation of instructions to mitigate certain Spectre variant 1 security vulnerabilities

Bugfixes

AGENTS-307: Improved Iscsi/Mercury connect logic to be more resilient by retrying when connecting fails

AGENTS-377:Firstbackup is a diff, not a full

AGENTS-390: Uninstaller fails to remove services, leaves artifacts

AGENTS-397: Disabling Windows Updates causes diff-merge after reboot

AGENTS-438: Formatting error for DWA events (EventLog) in Windows Event Viewer

AGENTS-716: Pair endpoint in re-pair scenario returns "null" response on success

AGENTS-981: Typo in DWA Agent Logs: "lastbackup failed,foricingdiffmerge"

Improvements

AGENTS-252: Prevent machine from going to sleep while backing up

AGENTS-269: At the start of each backup, log the agent version and driver version

AGENTS-283: Never deny the SIRIS a new backup - automatically cancel a running backup if the SIRIS requests to start a new backup

AGENTS-284: Add boot time to host command

AGENTS-305: Add the current redistributable version to /host

AGENTS-394: As a partner using a Datto agent, I would like to know if a given backup was a full, diff, or incremental

AGENTS-13: Mercury FTP support for Windows

2017

Agent Version 1.1.0.0 - 2017-12-27

Agent Version 1.0.6.0 - 2017-10-31

Agent Version 1.0.5.0 - 2017-07-31

Agent Version 1.0.4.0 /Driver Version 1.10.0.0 - 2017-04-20

Agent Version 1.0.3.0 / Driver Version 1.9.0.0 - 2017-02-27

Back to top

Release 2017-12-27

Agent Version 1.1.0.0

DWA-144: Fixed an issue where disabling the Windows Update service caused adiffmergeafter every system reboot

DWA-191: Fixed an issue where the DattoBackupAgentService ran an executable path not enclosedin quotes

DWA-197: Updates the agent pairing process and fixes DWA certificate validation as mitigation for CVE-2017-16673

DWA-230: Fixed an issue that could prevent 32-bit agent installs from updating correctly

NOTE:Complete mitigation of the issues resolved by this release requires that you update to the latest version of the Datto Windows Agent to version 1.1.0.0 after your device hasupdatedto OS 3.68.

Release 2017-10-31

Agent Version 1.0.6.0

DWA-186: Fixed remote command execution vulnerability of non-whitelisted commands discovered in CVE-2017-16674

DWA-149:Fixedpresence of newer versions of vc_redist causing the installation to fail

DWA-152: Prevent machine from going to sleep while a backup is in progress

DWA-155: Changed behavior to cancel current backup if anotheris requested

DWA-181: Schedule update to occur after a backup if a backup is in progress

DWA-168, DWA-172: Added logging for component versions

Release 2017-07-31

Agent Version 1.0.5.0

DWA-142:Fixed an issue that could cause agents to report corruption even when no corruption existed on the production machine

DWA-92: Added support for Windows 10 Creators Update

Release 2017-04-20

Agent Version 1.0.4.0 /Driver Version 1.10.0.0

DWA-72: Fixed Exchange logs failing totruncate

DWA-74: Fixed a small memory leak

DWA-71: Integrated use of a driver roll-forward capability to allow for immediate snapshot retry by preserving change tracking data; resolves snapshot failures withcertainVSS snapshot errors, such as timeouts

DWA-80: Removed DWA snapshot devices fromhostresponse

DWA-59: Added an icon for DWA instead of using the default Windowsicon

DWA-47: Retrieving VSS writer status post snapshot

DWA-81: Added initial use of updated driver error status implementation to allow for better driver error diagnosis

Release 2017-02-27

Agent Version 1.0.3.0 / Driver Version 1.9.0.0

DWA-67 - Hung disk devices - allow NTFS checks to quiesce

Fix for incorrect snapshot partition configuration

Fix for IO processing during an invalid CoW file state

Fix for trying to set a bit in the CoW bitmask when it is either beyond the bitmask length or the bitmask had been torn down

Addedtracing support

Added more granular error handling (errcode, args)

Added support for roll forward. Can retain tracking data in case of snapshot failure

DWA-45. Added capabilities field in API host response

DWA-49. Added mercury1 to capabilities field

DWA-42. Optimized network-baseddiffmergebuffer comparison

DWA-47. Retrieval of VSS writer status (failure/success) during snapshotsetup to allow for troubleshooting and diagnosis of potential VSS snapshot issues

DWA-50. Return errors in status response (code, params, message)

DWA-51. Added status response errors in capabilities

DWA-61. Allow only one instance of an installer

DWA-63. Control files (DattoCtrl/Snap files) deleted on uninstall

DWA-68. Cache system VSS writer information used in host response

Additional Resources

Getting Started With The Datto Windows Agent

Topic

This article explains the function of the BCDR Status (Device Details) page in the Datto Partner Portal.

Environment

Datto Partner Portal

Description

The Device Details page provides a general overview of a device's status, activity, and condition. It also allows you to perform various administration functions on that specific device, including:

Assigning and editing device alerts

Authorizing or deauthorizing target SIRIS appliances

Remotely accessing power management functions through IPMI

Creating Support tickets

Ordering RoundTrips or Reverse RoundTrips

Creating an offsite audit

Accessing the Device Details page

1. Log into the Datto Partner Portal.

2. Click the Status tab at the top of the screen, and then select BCDR Status from the drop-down menu

Figure 1:Partner Portal (click to enlarge)

3. On the Backup Status page, search for the device, and then click the device name when it appears in the asset list.

Figure 2:Backup Status page (click to enlarge)

Navigating the Device Details page

The Device Details page is comprised of informationcards. You can quickly navigate between the cards using the left-hand menu to jump to the following sections. Select a section name to continue:

Device Overview

Hardware & Software Status

Tickets

Billing Info

Replication Details

RoundTrips

Offsite

Notes

Agents

Device Overview

This card provides a general overview of device functionality, including:

Device and client details

Networking information

Device status

Queued tasks

On this card, you can also:

Click the Device Alerts button to set or edit device alerts

Click the Assign New Task button to assign system tasks

Figure 3: Device Overview card (click to enlarge)

Hardware & Software Status

This card reports the selected device's hardware and software details. From here, you can also click the Access IPMI button to manage your Datto SIRIS remotely via IPMI.

Datto ALTO appliances do not have IPMI functionality.

Figure 4:Hardware & Software Status card (click to enlarge)

Tickets

This card shows all open Support tickets for the device, including ticket numbers, dates opened, and status. You can click the Create Ticket button to raise a new ticket with Datto Technical Support.

Figure 5:Tickets card (click to enlarge)

Billing Info

This card shows billing details for the device, including service and offsite storage plans, term, expiration, and warranty information. You can also click the Purchase Service link to buy service.

Figure 6:Billing card (click to enlarge)

Replication Details

TheReplication Detailscard reports key information about the selected appliance's device-to-device replication status and provides SIRIS Private configuration options.If the selected device is not on a SIRIS Private service plan, you will not see this card. Instead, you will see the Offsite card.

The information and configuration options available from this card are as follows; refer to Figure 7 for all information described:

Target SIRIS:Lists the SIRIS appliances currently configured for SIRIS Private replication

Space Available:Reports the total amount of storage space available on the target SIRIS

Replicated Systems: Represents the total number of agents and shares replicating from the source device to the target SIRIS

Authorize Target SIRIS:Authorizes a new target SIRIS for SIRIS Private replication

Deauthorize Target SIRIS: Removes the selected SIRIS from the list of devices authorized to act as target storage nodes for this appliance ; note that you cannot deauthorize a device if it has any systems replicating to it

Offsite Audit:Generates an Offsite Audit report for the selected appliance

Figure 7:Replication Details (click to enlarge)

RoundTrips

This card shows details about RoundTrips in progress, including date requested, size, and current status. Click the Order RoundTrip button to order a new RoundTrip for this device.

NOTE:If the selected device is on a SIRIS Private service plan, you will not see this card.

Figure 8:RoundTrips card (click to enlarge)

Offsite

This card displays details about the offsite server to which this device syncs, including source type, server name, servernumber, and location.

Click the Reverse Roundtrip button to order a Reverse Roundtrip as part of disaster recovery.

Click the Offsite Audit button to generate an Offsite Audit report for this specific device.

NOTE:If the selected device is on a SIRIS Private service plan, you will not see this card. Instead, you will see the Replication Details card.

Figure 9:Offsite card (click to enlarge)

Notes

On this card, you can write and save notes about this particular device.

Figure 10:Notes card (click to enlarge)

Agents

This card shows information for all agents on the device. If your Datto appliance acts as a SIRIS Private target and contains replicated agents, certain data fields will report asN/AorN/A for Replicated Agents.

Figure 11:Agents card (click to enlarge)

Shares

This card shows information for all agents on the device. If your Datto appliance acts as a SIRIS Private target and contains replicated agents, certain data fields will report asN/AorN/A for Replicated Agents.

Figure 12:Shares card (click to enlarge)

Additional Resources

How do I use the BCDR Status page with Standard View?

Configuring Email Alerts For Datto Backup Devices In The Partner Portal

IPMI On SIRIS 3 Business and SIRIS 3 Enterprise

IPMI on SIRIS 4 and SIRIS 4X Professional

IPMI On SIRIS 4 and SIRIS 4X Enterprise

RoundTrip Overview

Reverse RoundTrip (RevRT) Process; Physical Data Retrieval from Cloud

Offsite Audit Report: BCDR Status

Using the BCDR Status Page With Standard View

Issue

When trying to start a backup of a system protected by the Datto Windows Agent, you receive the error message, "Error ABA1010 CURL."

Environment

Datto ALTO

Datto SIRIS

Datto NAS

Cause

The Datto device is unable to start the backup job because it cannot reach the agent services.

Resolution

Ensure that the Datto Backup Agent Service is running from services.msc on the protected system. If not, restart the service.

Ensure that the Datto device is able to communicate with the server over ports 25568, 3262, and 3260, as stated in the networking requirements.

Make sure the protected system IP is reachable from the Datto device.

Ensure the protected system's IP is the same as the IP that was originally paired. If the IP changed, use the Agent Rename feature to pair the Datto device to the new IP.

If the agent was paired by hostname or FQDN, navigate to theNetworking page under the Configure tab in the device UI and check that the DNS information on the Datto device is correct.

Make sure each volume included in the backups has at least 10\% or 10GB free on each volume, as stated in the Pre-Deployment Requirements.

Topic

This article explains general troubleshooting steps for the Datto Linux Agent.

Environment

Datto Linux Agent

Description

Refer to the following sections for steps to help you troubleshoot the Datto Linux Agent.

If the partition size on a Linux agent volume changes, you will need to destroy the live dataset for that volume before backups can continue. Otherwise, backups can fail in a "Snapshot exceeds target size"error state.

Update the Datto Linux Agent

Ensure the Datto Linux Agent is running the latest version of the agent software. The currently installed version of the agent will appear on the home page and Protect tab of the Datto device's UI.Update the software as necessary. See Getting Started With The Datto Linux Agent for more information.

Check the status of the Linux agent packages on your protected machine

Debian/Ubuntu:

dpkg -l dlad

If the dattobd driver appears to be malfunctioning on the agent machine

1. Use modprobe to reload the driver:

sudo modprobe -r dattobd && sudo modprobe dattobd

2. Verify the driver is loaded:

lsmod|grep dattobd

Reinstall the agent

If you had trouble installing the Linux Agent, or if the backups never worked, you can try reinstalling the agent packages. First, remove the packages and then reinstall them by running the following commands on the affected machine.

1. Remove the agent packages:

Debian/Ubuntu:sudo apt-get remove dattobd-dkms

openSUSE/SLE: sudo zypper remove dkms-dattobd

RHEL/CentOS: sudo yum remove dkms-dattobd

Fedora 22+: sudo dnf remove dkms-dattobd

2. Before installing the agent, be sure to install any required kernel header packages by running the following command:

Debian/Ubuntu: sudo apt-get install linux-headers-$(uname -r)

RHEL/CentOS: sudo yum install kernel-headers-$(uname -r)

On CentOS, the above command will only download the latest version for the kernel headers. If you need to update kernel headers for an older distribution, you can obtain them from the CentOS on the Web repository (external link).

3. Reinstall the agent packages:

Debian/Ubuntu:

sudo apt-get install dlad

openSUSE/SLE:

sudo zypper install dlad

RHEL/CentOS:

sudo yum install dlad

Fedora 22+:

sudo dnf install dlad

Troubleshooting resource errors

Operation timed out after X milliseconds with 0 bytes received

This error iscaused predominantly by either local or network latency. Datto recommends ensuring the local disk, CPU, and memory on the protected machine are not under an excessive load. Running the Datto Linux Agent requires at least 8 GB of memory.

You can use tools such as htop, top, and iostat on your protected system to measure and display the load on its local resources.

Next Steps

Gather the Logs

If you need help, you can visit our Community Forum or open a support ticket. When opening a case with our team, gather the following files from the production machine, and attach them to your ticket:

Attach

/var/log/messages (standard syslog location) or /var/log/syslog(Debian/Ubuntu syslog location).

If neither of the above logs exists, access syslog with journalctl.

You should also include:

/var/log/kern.log.

/var/log/dmesg.

/etc/datto/dla/agent.sqlite. This log contains the job information in an SQLite database. In Datto Linux Agent versions older than 2.0, you will find this log file at/etc/datto/dla/dlad.sqlite.

Topic

This article answers frequently asked questions about Backupify and Datto SaaS Protection security considerations.

Environment

Backupify for G Suite

Backupify for O365

Datto SaaS Protection for G Suite

Datto SaaS Protection for O365

Description

User Error

By using Backupify/Datto SaaS Protection, your organization has significantly decreased the risk of data loss due to hardware failure. However, user error (the second largest cause of data loss) still exists. Backupify/Datto SaaS Protection protects against user error, allowing your organization to keep a second copy of all your important G Suite and O365 data.

Built-In 256-bit encryption

These encryption methods apply only to Backupify and Datto SaaS Protection products. Click here for information on encrypting backups on a Datto BCDR device.

At every step along our data-replication process, Backupify/Datto SaaS Protection uses 256-bit encryption.In particular:

All authenticated user interaction with the Backupify/Datto SaaS Protection application

Logging in

Configuring services

Altering settings

Accessing archived data

Backupify/Datto SaaS Protection encrypts your duplicate archives. For every new account created (each email address), our system automatically generates a unique AES 256-bit encryption key for that user. All data written for the user is encrypted with that key prior to storage. Data remains encrypted both in-transit and at-rest.

Private keys

Upon retrieval (e.g. when a user views/downloads Archives through the Backupify/Datto SaaS Protection Web interface), the key is used to decrypt the stored data. All users’ AES keys are stored on the Backupify/Datto SaaS Protection production system and the central list of keys is encrypted with Backupify/Datto SaaS Protection's master RSA-2048 private key.

Internal controls

Backupify/Datto SaaS Protection grants access to stored data internally using the “principle of least privilege” through appropriate roles and only on a “need to know” basis and manages its systems in line with security industry best practices, including the ISO 27000 series and NIST Security Publications.

Additional Resources

The Datto Cloud: Uncompromising Security & Constant Availability

How Do I Encrypt Backups on A Datto Appliance?

-

To contact Backupify/Datto SaaS Protectionsupport, click here to submit a Support Request, orclick here for more contact options.

Topic

This article explainsthe Volume Shadow Copy Service, and how it interacts with the Datto backup solution. Use this article as an aid when troubleshooting backup issues.

Environment

Datto ALTO

Datto SIRIS

Description

Whatis the Volume Shadow Copy Service?

What is the difference between VSS backups and STC backups?

Common VSS Writers

Commonly-Found VSS Related Services

Additional Resources

Common VSS Troubleshooting Steps from Microsoft Answers

Windows XP

Windows 2003 SP1 and SP2

Windows Vista and Windows Server 2008-related

Windows Server 2008

Windows 7 and Windows Server 2008 R2-related

Windows 8, Windows Server 2012, and Up

What is the Volume Shadow Copy Service?

Microsoft's Shadow Copy Provider's Volume Shadow Copy Service, also commonly known as VSS, is used to take image-based backups. VSS is composed of the following:

VSS Writer:This writer tells the backup tool how to back up the application and its data. A VSS writer must be present for the Volume Shadow Copy Service to quiesce (freeze) the programto take an application-aware backup.

VSS Requestor: This is the writer that initiates the backup process.

VSS Provider: This writer allows the VSS backup process to work with the system's hardware and operating system. The VSS provider is responsible for taking a snapshot. The VSS provider and its associated driver are required for this snapshot to take place.

Figure 1:VSS dependencies illustrated (click to enlarge)

For VSS backup solutions, only one process on the production machine can use the VSS writers at a time. If more than one of these processes are running in the same environment, a conflict between the solutions will happen, resulting in one or more VSS Writers failing.

What is the difference between VSS backups and STC backups?

On Windows systems, Datto's agent-based backup software uses the Microsoft Shadow Copy Provider to perform the initial step of the backup process. If the Microsoft Shadow Copy Provider's VSS writers encounter an error, the following will occur (depending on which agent software is in use):

The Datto Windows Agentwill fail over to the Datto Snapshot Driver, referred to as the Datto Backup Driver,bypassingthe VSS backup process.

The ShadowSnap agent will fail over to use the StorageCraft Shadow Copy Provider, referred to as the STC Backup Engine,bypassingthe VSS backup process.

Both the Datto Backup Driver and the STC Backup Engine generate backups in a crash-consistent state. Data in processing at the time of the backup may not save correctly.

Crash-consistent backups are a concern for systems running any services that include a VSS writer for backups (such as database services). For instance, if the VSS writer for a database fails, recent transactions for that database may not back up.

Application-Aware VSS refers to the Microsoft Shadow Copy Provider. This VSS provider interacts with supported applications to provide backups as the applications are running.

Common VSS Writers

To list current VSS writers on any Windows operating system, open an elevated command prompt and type the command:

vssadmin list writers

This command will not list all of the following VSS writers. In most cases, a Windows Desktop has 5 to 10 VSS writers, and a Windows Server machine has 10 to 15 VSS Writers.

Below is a list of the most commonly found VSS writers with a brief description of their associations to different processes:

ADAM (instanceName) Writer:Beginning with Server 2003, this writer reports the ADAM database file (adamntds.dit) and the associated log files for each instance in \%program files\%\Microsoft ADAM\instanceN\data, where N is the ADAM instance number. These database log files are required to restore ADAM instances.

ADAM (VMwareVCMSDS) Writer: This writer handlesVMWare Virtual Center Server Service for the ADAM instance VMWareVCMSDS.

ASR Writer: This writer is theAutomated System Recovery, which stores the BCD configuration of disks on the system on OSes (starting with Vista and Server 2008).

BITS Writer: This is theBackground Intelligent Transfer Service Writer, first available in Vista and Server 2008. BITSuses the FilesNotToBackup registry key to exclude files from the BITS cache folder. The default cache location is.\%AllUsersProfile\%\Microsoft\Network\Downloader\Cache

Certificate Authority:This writer is responsible for enumerating the data files for the Certificate Server.

COM+ REGDB Writer: The COM+ Class Registration Database Writer is responsible for the contents of the directory\%SystemRoot\%\Registration, which was first available in Vista and Server 2008 operating systems.

DFS Replication Service Writer:Starting in Server 2003 R2, this writer protects Distributed File System Replication Selections data.

DHCP Jet Writer:Starting with Server 2003, this writer is responsible for enumerating files required for the DHCP server role. This writer is not available for workstation OSes.

Exchange Writer: This is the writer responsible for backing up the Exchange Information Store as well as providing the ability to truncate Exchange transaction logs.

Event Log Writer: This writer isresponsible for protecting the Event Log Viewer contents.

FRS Writer:Starting with Server 2003, this writer is responsible for the File Replication Service.

FSRM Writer:Starting with Windows Server 2003 R2, this writer enumerates the FSRM configuration files used for system state backup. During restore operations, it prevents changes in FSRM configuration and temporarily halts enforcement of quotas and file screens. This writer is not available for workstation OSes.

IIS Config Writer: This writer protects the configuration data for Internet Information Services (IIS).

IIS Metabase Writer: This is the writerresponsible for the Microsoft Internet Information Services, which is required by some SQL Server features.

Microsoft Exchange Writer: This writer is responsible for backing up the Exchange Information Store as well as providing the ability to truncate Exchange transaction logs.

Microsoft Hyper-V VSS Writer: This writer backs upHyper-V Virtual Machines.

MSSearch Service Writer:Starting with Server 2008, this writer exists to delete search index files from shadow copies after creation, minimize the impact of Copy-on-Write I/O during regular I/O on these files on the shadow-copied volume.

MSDEWriter:Beginning with Windows Server 2008, this writer exists to delete search index files from shadow copies after creation, and minimize the impact of Copy-on-Write I/O during regular I/O on these files on the shadow-copied volume. This writer is frequently called on by operations from the SQLSERVERAGENT service.

NPS Writer: The NPS Writer isResponsible for protecting the Network Policy Server.

NPS VSS Writer: This writer protectsthe Network Policy Server.

NTDS: This is theActive Directory Domain Services VSS Writer. Beginning with Windows Server 2003, this writer reports the NTDS database file (ntds.dit) and the associated log files. These files are required to restore the Active Directory correctly.

Search VSS Writer: The Search VSS Writer is responsible for Search Operations

Performance Counters Writer:Starting with Windows 7 and Server 2008r2, this writer reports the performance counter configuration files. These files are only modified during application installation and should be backed up and restored during system state backups and restores.

Registry Writer:The registry writer is responsible for the Windows registry.

SCVMM Express Writer: This writer handlesthe Microsoft System Center Virtual Machine Manager.

Shadow Copy Optimization Writer:Beginning with Windows Vista and Windows Server 2008, this writer deletes specific files from volume shadow copies.

SMS Writer:This writer is responsible for the System Center Configuration Manager.

SPSearch VSS Writer:This writer is responsible for the SharePoint Server Search operation.

SQL Server Writer: This writer provides added functionality for backup and restore of SQL Server, includingtruncation of transaction logs. This writer only works with instances of Microsoft SQL Server.

System Writer:Beginning with Windows Vista and Windows Server 2008, the system writer enumerates all operating system and driver binaries.

Task Scheduler Writer:Starting with Windows 7 and Server 2008r2, this writer reports the Task Scheduler's task files.

TermServLicensing: This writer is responsible for protecting the Microsoft Terminal Server Licensing.

VSS Metadata Store Writer:Starting with Windows 7 and Server 2008r2, This writer reports the writer metadata files for all VSS express writers.

WDS VSS Writer:Beginning with Windows Vista and Windows Server 2008, this writer reports the writer metadata files for all VSS express writers.

WINS Jet Writer:Starting with Windows Server 2003, this writer is responsible for enumerating files required for WINS.

WMI Writer:Beginning with Windows Vista and Windows Server 2008, this writer identifies WMI-specific state and data during backup operations.

Commonly-Found VSS Related Services

The following chart lists commonly-found VSS-related services and shows which are compatible with the Datto solution. You can view the VSS services installed on a Windows-based production machine by accessing the Windows Services Manager from the Start Menu, or by invoking the services.msc command from the Run prompt.

SIRIS, ALTO, and NAS: Resolving VSS Writer Errors in Windows 8, Server 2012, and Up

Acronis Nonstop Backup Service

Acronis Scheduler2 Service

Acronis Sync Agent Service

Background Intelligent Transfer Service

Backup Exec Error Recording Service

Backup Exec PureDisk Filesystem Service

Backup Exec Remote Agent for Windows

Backup Exec VSS Provider

Block Level Backup Engine Service

Carbonite

Datto Backup Agent Service

DattoProvider

EVault Software BUAgent

Hyper-V Volume Shadow Copy Requestor

Microsoft Software Shadow Copy Provider

MozyHome Backup Service

MozyPro Backup Service

Replay 5 SnapToVM

Replay Agent

Replay Core

Replay XML Command

SAAZCore (Current RMM Version no longer requires this, can be removed)

ShadowProtect Service

StorageCraft Raw Agent

StorageCraft Shadow Copy Provider

SQL Server (BKUPEXEC)

SQL Server VSS Writer

Volume Shadow Copy

Windows Backup

Additional Resources

The following external knowledge articles provide resources for troubleshooting and optimizing VSS writers in the Windows environment.

Common VSS Troubleshooting Steps from Microsoft Answers

Microsoft Answers "Multiple VSS writers are failing and my backups are failing too. Need help !!"

Windows XP

Optimize Shadow Copy Client accessing shadow copies in Windows XP

Windows 2003 SP1 and SP2

A Volume Shadow Copy Service (VSS) update package is available for Windows Server 2003

A Volume Shadow Copy Service (VSS) update-2 package is available

Availability of a Volume Shadow Copy Service (VSS) update rollup package forWindows Server 2003 to resolve some VSS snapshot issues

Availability of Windows Server 2003 Post-Service Pack 2 COM+ 1.5 Hotfix Rollup Package 12

Various issues may occur on a Windows Server 2003-based computer that is running the Volume Shadow Copy Service

Time-out errors occur in Volume Shadow Copy service writers

Optimize Shadow Copy Client accessing shadow copies in Windows Server 2003

Parallel backup operation may fail

Windows Vista and Windows Server 2008-related

VSS hardware snapshot database keeps growing

Non-persistent snapshot cleanup operation is aborted

VSS-based system state backup fails after you uninstall or upgrade a program

Backups fail and Event ID 12293

Memory leak in the Virtual Disk Service

Parallel backup operation may fail

The startup time increases or hangs at the logon “Welcome” screen if you frequently backup Hyper-V virtual machines on a Windows Server 2008 R2 system

Windows Server 2008

Cluster service may stop responding

"VSS_E_PROVIDER_VETO" error message when you create VSS backups of multiple volumes

Windows 7 and Windows Server 2008 R2-related

Snapshot may become corrupted when the Volume Shadow Copy Service (VSS) snapshot providers take more than 10 seconds to create

Snapshot set of the VSS writer has no disk volumes

"0x0000007E" Stop error when you run a VSS-based backup application

Virtual machine online backup fails in Windows Server 2008 R2

Stop error when you create a VSS snapshot backup

Hyper-V update rollup is available for Windows Server 2008 R2

Computer randomly stops responding after you use the VSS software provider

A file copy operation fails when files or folders have long paths in Windows Explorer

Windows 8, Windows Server 2012, and Up

Topic

This article discusses how to export conversation messages from Microsoft Teams. Use this article as an aid when exporting damaged or deleted Teams conversation messages. You can also export Teams Content and Teams Calendars

Environment

Backupify/Datto SaaS Protection 2.0 for Office 365

Description

Datto SaaS Protection/Backupify cannot restore conversation messages at this time.

Exporting Teams conversations

1. In the Backupify/Datto SaaS Protection 2.0 dashboard page, click the Recovery tab, then select Teams from the drop-down menu.

Figure 1:The Teams tab (click to enlarge)

2. On the next page, click the name of the Team from which you are exporting.

Figure 2:The Teams Recovery page (click to enlarge)

3.To export a conversation a snapshot other than the latest one, click the Snapshot drop-down menu, then choose the restore point by using the calendar options.

Figure 3:Snapshot selection (click to enlarge)

4. Click theConversationsbutton. The files in that snapshot will populate in a list. If you are exporting individual messages instead of the entire list of messages, select them by checking the boxes next to their names. When finished, click theExportbutton.

Figure 4:Export conversations (click to enlarge)

Export location

Backupify/Datto SaaS Protection will download the exported conversation in a zip file to the Downloads folder of the machine from which you are performing the export. To view the export, extract the zip file to a folder and click the .html file at the root of the export.

Additional Resources

Backupify/Datto SaaS Protection 2.0 for Office 365: Protecting Microsoft Teams data

Topic

This article discusses the Teams Seat Management page in Backupify/Datto SaaS Protection 2.0.

Environment

Backupify/Datto SaaS Protection 2.0 for Office 365

Description

Navigating to Teams Management page

1. From the Backupify/Datto SaaS Protection 2.0 dashboard, click theSeat Managementtab, then select Teamsfrom the drop-down menu.

Figure1:The Backupify/Datto SaaS Protection 2.0 dashboard(click to enlarge)

Teams Management page

The Teams Management page has two major components:

The Overview pane, which displays a graphic representation of Teams management.

TheREFRESHbuttonsearches and discovers new Teams in the Office 365 environment on demand.

The Manage Teams pane lets you view Teams and change their protection status.

TheAuto Addswitch in the Manage Teams panel lets you automatically protect Teams that you created in Office 365.

TheProtect Allbutton will protect unprotectedTeams.

Figure 2:The Teams Management page (click to enlarge)

Overview

Status Overview

TheStatus Overviewbar uses different colors to represent the status of each Team:

Active(green):Backupify/Datto SaaS Protection 2.0 is actively backing up the Team.

Paused(blue):Backups are enabled, but currently paused.

Archived(black):Backupify/Datto SaaS Protection is no longer backing up this Team, but you can restore its data.

Unprotected(grey):Backupify/Datto SaaS Protection 2.0 is detecting this Team, but you have not yet enabled backups on the Teams Management page.

For more information on seat statuses, read Datto SaaS Protection for G Suite and Office 365: Seat statuses.

Figure 3:The Overview panel (click to enlarge)

REFRESH

By default, Backupify/Datto SaaS Protection will look for changes once per day. To force Backupify/Datto SaaS Protection 2.0 to back up new changes in your Teams' data, make sureAuto Addis switched on, then click the Refresh button. When you refresh, the system will also search for new Teams in the Office 365 environment.

IfAuto Addis enabled, the refresh process will occur with newly discovered Teams.

IfAuto Addis disabled, the system will not protect newly discovered Teams; they will require manual inclusion.

Figure 4:The Refresh feature (click to enlarge)

Move your cursor over the progress bar in theStatus Overviewsection of theOverviewpanel to view the number of Teams you have for each category versus your total number of Teams.

Figure 5:Number of Teams for each category (click to enlarge)

Manage Teams

TheManage Teamspanel displays all Teams detected by Backupify/Datto SaaSProtection 2.0.

Figure 6:The Manage Teams panel (click to enlarge)

The options in this panel include the following:

A.Search:Use the search bar to find individual Teams within your Backupify/Datto SaaS Protection 2.0 instance. You can filter your Teams by keywords.

B. Auto Add:Click the blue slider to enable or disableAuto Add forTeams. Enabling Auto Add will automatically back up any Teams you create from that point forward.

C.Protect All:Click to protect all Teams, except the ones that you havePausedorArchived.

D.Click the checkboxes next to any of the four statuses to hide or return them to the Teams list.

E.Click to list your Teams in reverse alphabetical order.

F.Click tochange the status of a Team.

To export a list of all Teams to Backupify/Datto SaaS Protection 2.0, click theExport CSVfrom the ellipsis menu in the Manage Teams section of the page. Refer to Figure 8 for an example.

Figure 7:The Manage Teams panel (click to enlarge)

Auto Add

In theManage Teams panel, you can enable Auto Add for all Team-related items. When you enable Auto Add:

Backupify/Datto SaaS Protection 2.0 will automatically back up any Teams you create from that point forward.

Backupify/Datto SaaS Protection 2.0 will not add any Teams that existed at the time you enabled Auto Add; you must add them manually in theManage Teamspanel.

Figure 8:The Auto Add feature (click to enlarge)

Protect All

In the Manage Teams panel, you can clickProtect Allto protect all seats, except seats that you havePausedorArchived.

Full protection will take a few minutes to activate eligible seats.

You can refresh the page to view updated seat statuses.

Figure 9:The Manage Teams panel (click to enlarge)

Additional Resources

Backupify/Datto SaaS Protection 2.0 for Office 365: Protecting Microsoft Teams data

Topic

This article discusses creating, managing, and deleting employee accounts in the Datto Partner Portal.

Environment

Datto Partner Portal

Description

A Datto Partner Portal organization login account can create individual employee accounts, so multiple employees can manage and service Datto devices. Datto's tools share access information, so your employees can log in to each one by using the same username and password. Setting different levels will also affect access to the SaaS store and SaaS NFR accounts.

Only use the Manage Employees page to give your employees Partner Portal access.

To give your customers access to the Partner Portal, use the Manage Clients page.

Employee account passwords expire after 90 days of inactivity.

Index

Creating new employees

Billing contacts

Changing an existing employee's password

Deleting a current employee

Employee deletion alerts

Employee roles

Additional Resources

Creating new employees

1. Choose the Admintaband selectManage Employees.

Figure 1: Manage Employees (click to enlarge)

2. Click the Add Employees button.

Figure 2: Add Employees (click to enlarge)

3. Enter all relevant employee information and assign the employee a role. Roles dictate which Partner Portal features an employee can access. See the Employee roles section of this article for more details.

4. Click theCreate Employee button. If you are creating accounts for multiple employees, check the Add another employee box to cycle to the next employee.

To enable two-factor authentication, you must enter a phone number.

Figure 3: Employee information and role (click to enlarge)

5. You will receive a popup confirming the new employee's addition.

Figure 4: Add Employee confirmation (click to enlarge)

6. The new employees will get an email containing temporary credentials for login. This email will also go to the primary email address for the main Datto Resale Portal Account.

Figure 5:Email Login Credentials (click to enlarge)

Billing contacts

Partner employees that you designate as billing contacts can discuss billing matters and receive invoices from Datto. To identify an employee as a billing contact, select Yes under Is employee a billing contact? in the Add employee modal shown in Figure 3.

Employees assigned the role of Tech cannot be billing contacts.

Adding a new technician to Zendesk

1. Make a new employee account and assign them the role of Tech.

2. Have the new technician log into the Partner Portal. Doing so creates the Zendesk account.

3. Have the technician log into Zendesk with their Datto credentials.

Editing anExisting Employee's Profile

Adjustingexisting employees' access will notimpact their history or their future use of the Datto Academy & Ticket Portal.

Editing an Existing Employee's Profile

1. From the Manage Employees window, click the pencil icon in line with that employee's name. Doing so will open a screen with the employee's details.

Figure 6: Editing employees on the Manage Employees screen (click to enlarge)

2. Edit the relevant details - email address, role, phone number - and then click Save Changes.

Figure 7: The Edit Employees modal (click to enlarge)

Changing an existing employee's password

1. Password changes are self-administered. On the Partner Portal login screen, have the employee click Forgot your password? They will then receive an email with a reset link.

Figure 8: Password reset from the Employee Login screen (click to enlarge)

Deleting a current employee

You cannot use a removed user's email address to re-register for 48 hours.

1. Click the wastebasket icon next to the employee's name.

Figure 9: Deleting employees on the Manage Employees screen (click to enlarge)

2. A confirmation window will pop up. Click theDelete Employeebutton to confirm the deletion.

NOTE:Users cannot remove their user accounts.

Figure 10: Employee deletion confirmation window(click to enlarge)

Employee deletion alerts

You will get an email alert whenever someone removes an employee from one of your resellers.

Employee roles

Access levels by role are as follows.

Admin

Full account access to all features

SaaS Protection clients

Business

Access to the Partner Store, the SaaS Store, and the ability to purchase Shadow Protect licenses

Access to all Admin pages except status pages, Device Audit, and RoundTrips

Access to Integrations, Manage Clients and Manage Employees under the Admin tab

No access to Recovery Launchpad

Can be designated as a billing contact

Tech

Access to all status pages, Ticket Portal, integrations, and APIs

No access to any marketing or store features

Cannot view SaaS Protection accounts that are NFR

Cannot manage employees or users

Access to Recovery Launchpad

Account Admin access in Datto Network Manager

Cannot be designated as a billing contact

Cannot set up SaaS Protection clients

Account Admins in Datto Network Manager have access to all networks on the account but cannot modify user information.

Sales and Marketing

Access to marketing materials and pricing sheets

Can purchase items through the store

Cannot manage employees or users

Do not have access to Recovery Launchpad

For Partner Portal roles for EMEA accounts, the levels are:

Admin

Manage employees, customize device status, and configure reseller email addresses, as well as all roles listed below (Devices, Invoices, Orders, Pricing, and Support)

Set up SaaS Protection clients

Devices

Device status, device audit, Recovery Launchpad, and private cloud status

Cannot view SaaS Protection accounts that are NFR

Cannot create new SaaS Protection clients

Invoices

View invoices and contracts

Orders

View the store and place orders

Pricing

View pricing and marketing materials

Support

View the Knowledge Base, tickets, and cloud requests

Additional Resources

Datto Partner Portal: How do I manage my billing contacts?

Topic

This article describes fiber optic transceiver selection for Datto Networking Managed Switches.

Environment

Datto Switches

Description

When using fiber connections in a Datto network, it is important to use the correct transceiver and cable combinations.

Types of fiber optic cable

There are two basic types of fiber optic cable:

Multi-Mode Fiber (MMF): This type is best for short runs, usually 550 meters or less.

Single-Mode Fiber (SMF): This type is best for longer runs.

The type of cable you use must match with a corresponding transceiver.

Datto Networking transceiver options

Multi-Mode:

DNW-SFP-1 GB-SX (Multi-Mode, 1 GB speed)

DNW-SFP-10 GB-SR (Multi-Mode, 10 GB speed)

Single-Mode:

DNW-SFP-1 GB-LX (Single-Mode, 1 GB speed)

DNW-SFP-10 GB-LR (Single-Mode, 10 GB speed)

Only the Datto E24 switch supports 10 GB transceivers. All other Datto switches have 1 GB Small form-factor pluggable (SFP) ports.

Determining the cable type

The easiest way to tell the cable type is by the color of the wire.

Orange: MMF-type, 1 GB throughput (OM1 or OM2 fiber types)

Aqua: MMF-type, 10 GB throughput (OM3 or OM4 fiber types)

Lime green: MMF-type, 40 GB throughput (OM5 fiber type)

Yellow: SMF-type, variable throughput (OS1 or OS2 fiber types)

Determining the speed of an SMF cable

On a single-mode fiber cable, you can identify the speed by connector type:

SC or ST: Usually 1 GB or slower

LC: Usually 1 GB or faster (Datto transceivers accept an LC connection)

For the most accurate identification, check the connector on the other side of the run.

Additional Resources

The Difference Between OM1, OM2, OM3, and OM4 Multimode Fibers (external link)

Single-Mode Fiber: How Much Do You Know? (external link)

Issue

You are able to install the Datto Windows Agent on Windows Server 2008 R2 SP1, but during the initial reboot after the install, Windows Server boots into recovery mode.

Environment

Datto Windows Agent

Windows 2008 R2 SP1

Cause

The Windows Server is missing Windows update KB3033929 (external link).

Resolution

Apply the security patch to your protected machine by using either your built-in Windows update utility or by running the standalone installer from Microsoft (external link). After applying the patch, the affected system should boot normally.

Topic

This article describes the local and off-site networking requirements and best practices for Datto Business Continuity & Disaster Recovery (BCDR) appliances and the Datto Cloud Continuity for PCs solution.

As of January 3, 2017, Datto appliances no longer support SNMP.

Environment

Datto SIRIS

Datto ALTO

Datto NAS

Datto Cloud Continuity for PCs

Description

Network link speed requirements

Network architecture considerations

WAN uplink considerations

Network MTU considerations

Port access and IP whitelist requirements

Agent-based and agentless solution requirements

Internet access requirements for protected machines

Virtual SIRIS considerations

Additional Resources

Network link speed requirements

A 100 Mbps network cannot efficiently transfer large datasets between the protected machines and a Datto appliance. You must have a gigabit network connection between all protected machines and the Datto appliance over your LAN.

All SIRIS 3 and 4 devices, as well as Datto NAS 3 and 4 series (except for the DN-3A), must use a gigabit connection. They will not function on a slower connection.

Datto strongly recommends placing the Datto appliance and all protected machines on the same LAN. If you must set up backups over a WAN, you will need a 50 Mbps dedicated uplink for every terabyte of protected data. Otherwise, backups will not be reliable. Even if you meet this requirement, the latency between endpoints will significantly decrease backup throughput. The higher the latency, the lower the performance.

Any device function performed through a site to site VPN/MPLS will be subject to degraded performance.

Network architecture considerations

Datto expects that you will deploy BDR appliances in a secure LAN environment. Inbound access from untrusted WAN hosts should be blocked at the edge of the network (via the router/firewall) to limit the accessibility of appliance network daemons and services. For more information, see Secure Deployment Best Practices For Datto Appliances.

WAN uplink considerations

To reliably synchronize with the Datto Cloud, ensure that your connection is at least 1 Mbps (125 KBps) uplink per terabyte of protected data stored locally on the Datto device. To check how much data your Datto appliance is currently protecting, see this article.

For every 1 Mbps of upload capacity that you dedicate to off-site traffic, you will be able to upload approximately 10 GB of change per day.

Examples

2 Mbps of upload capacity would net approximately 20 GB of change uploaded per day.

10 Mbps of upload capacity would net approximately 100 GB of change uploaded per day.

100 Mbps of upload capacity would net approximately 1 TB of change uploaded per day.

Offsiting 1 TB of change over a 1 Mbps uplink will take approximately 100 days. For images this large, Datto recommends using the RoundTrip service to send the original base image offsite.

Network MTU considerations

The Datto appliance will most reliably communicate with our monitoring servers when you set the router's MTU size to 1500 bytes. Since the Datto appliance is also using a 1500 byte MTU size, this will prevent packet fragmentation, which can cause issues with communication to our monitoring servers.

Port access and IP whitelist requirements

Ports 25566 and 25568 (listed as 6001-47000 when WinNAT is enabled) must be open.

Depending on your network security configuration, you may need to whitelist python.map.fastly.net for optimal device communication.

Additional port access requirements will vary, depending on the type of agent deployed. See the following resources for more information.

Agent-based and agentless solution requirements

For networking requirements specific to Datto's various agent and agentless backup solutions, see the following articles:

Getting started with the Datto Windows Agent

Getting started with the ShadowSnap Agent

Getting started with the Datto Linux Agent

Getting started with the Datto Mac Agent

Getting started with agentless backups

Internet access requirements for protected machines

Datto strongly recommends enabling IPMI on Datto appliances that include this feature and configuring the IPMI port with a static IPv4 address. Enabling IPMI will allow you to access the device for remote troubleshooting if you cannot access the GUI.

The Datto appliance must have access to the Datto Cloud for backup replication and remote device management. Also, all ICMP packets must be allowed through the firewall.

Datto recommends disabling any application-layer filtering of traffic destined for or originating from your Datto appliance.

For device management, to synchronize time, and to download operating system updates, all backup appliances must be able to resolve the following Datto sites in the local DNS:

dattobackup.com

datto.com

device-packages.dattobackup.com

device-images.datto.com

ntp.dattobackup.com

For operating system maintenance, the Datto appliance must also be able to resolve the following community sites in the local DNS:

ntp.ubuntu.com - Ubuntu managed Network Time Portal server, used to synchronize time

us.archive.ubuntu.com - Ubuntu managed application repository

security.ubuntu.com - Ubuntu managed application repository

ppa.launchpad.net - Ubuntu managed application repository

All Datto appliances must have outbound access the following IP ranges for Cloud infrastructure, DNS failback, and device management:

IP Range

Ports

UDP/TCP

Purpose

8.8.8.8

53

Both

DNS

206.201.138.10

206.201.138.11

206.201.138.15

206.201.138.20

123

UDP

NTP

8.34.176.0/23

443

TCP

Datto Portal

162.244.87.51

443

TCP

Cloud restores

162.244.85.60

443

TCP

Image / package server

162.244.87.0/24

443 and 80

TCP

Device Web

198.49.95.0/24

21

TCP

Bandwidth testing

206.201.136.0/23

80, 2200, and 443

TCP

Device Web and cloud storage

The Datto appliance must have outbound access to port 22 (TCP) for data synchronization and port 1194 (TCP) for hybrid virtualizations, as well as VPN tunneling and off-site storage. Depending on your country, the Datto appliance will require outbound access to the following IP address ranges:

United States

8.34.176.0/23 (Pennsylvania)

8.34.165.0/24(Pennsylvania)

8.34.181.0/24(Pennsylvania)

162.244.84.0/24(Pennsylvania)

162.244.85.0/24(Pennsylvania)

198.49.95.0/24(Pennsylvania)

198.137.226.0/24(Pennsylvania)

206.201.136.0/23 (Pennsylvania)

198.137.225.0/24 (Utah)

206.201.133.0/24(Utah)

208.53.34.0/23(Utah)

208.53.53.0/24(Utah)

Canada

192.171.102.0/24 (Toronto)

198.137.227.0/24 (Calgary)

206.201.134.0/24 (Toronto)

EMEA

185.217.56.0/24 (UK)

185.217.58.0/24 (Iceland)

198.137.225.0/24 (Germany)

185.217.57.0/24 (Germany)

185.217.59.0/24 (Germany)

ANZ (Australia and New Zealand)

103.109.129.0/24 (Sydney, Australia)

103.109.130.0/24 (Melbourne, Australia)

Singapore

103.109.128.0/24

It is normal to see the Datto appliancerepeatedly connecting to one or more of the IP addresses listed above as it checks in with our monitoring servers.

To learn which Cloud storage node your Datto device uses, open the backup appliance's GUI. On the Overview screen, you will see replication information similar to the example shown in Figure 1.

Figure 1: Offsite server IP address (click to enlarge)

Virtual SIRIS considerations

When performing an off-site hybrid virtualization on a virtual device bridged to your local network, ensure you have enabled promiscuous mode and forged transmits on the port group or virtual switch to which the vSIRIS is connected.

Additional Resources

Getting started with the Datto Windows Agent

Getting started with the Datto Mac Agent

Getting started with the Datto Linux Agent

Getting started with the ShadowSnap Agent

Getting started with agentless backups

Question

How do I access my Backupify for Office 365 account?

Environment

Backupify for Office 365

Answer

Login procedure

To log in to your Backupify account, go to https://app.backupify.com/login. For Office 365 accounts use the Log in using Backupify Credentials section.

Figure 1: Backupify for Office 365 login (click to enlarge)

The email address isthe administrative account for the Office 365 domain that was specified during setup.

Use the password that was created at setup or the most recent if it has since been updated. This password is not the password to log in to Microsoft's online portal; it is specific to the Backupify application.

Managing multiple O365 accounts

When managing multiple Office 365 accounts, each browser session can only access one account at a time. To manage an Office 365 account, log in to that specific account and then log out when done.

Resetting a password

To reset your password, click the Forgot your password? link and you will receive instructions emailed to to the administrative account for the Office 365 domain.

-

To contact Backupify/Datto SaaS Protectionsupport, click here to submit a support request, orclick here for more contact options.

Issue

After performing a restore such as a Bare Metal Restore (BMR), or image export, the restored server encounters a winload error referencing \Windows\System32\Drivers\viostor.sys. The error presented is often,“The operating system couldn’t be loaded because the digital signature of a file couldn’t be verified”,with a status of 0xc0000428.

Environment

Datto SIRIS

Datto ALTO

Microsoft Windows

Cause

The driver viostor.sys (used by Datto as a standardized interface for drive management) conflicts with certain hardware environments running Windows.

Figure 1: Winload error (click to enlarge)

Resolution

1. Press Enter followed by F8 to load the Advanced Boot Options screen.

2. Select Disable Driver Signature Enforcement and press Enter.

Figure 2: Advanced Boot Options (click to enlarge)

If you need to disable the driver permanently to ensure reboots are successful, or you are receiving a different winload error referencing viostor.sys,follow the steps below.

Edit the registry

Once the OS loads, open the Windows Registry Editor and navigate toHKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services Viostor. Double-click the Start parameter and set the Value data to 4, then click OK.

Figure 3: Registry Editor(click to enlarge)

Offline systems

If you are editing the registry from an offline system, such as the Windows Recovery Environment or an install ISO, you will first need to load the offline registry hive by clicking File Load Hive.

Figure 4: Load Hive (click to enlarge)

Once you've made the changes in the registry, click File Unload Hive.

Topic

This article explains how to set up two-factor authentication for Datto SaaS Protection, Datto Partner Portal, Datto RMM, and Backupify Direct users.

Environment

Datto Partner Portal

Datto SaaS Protection

Backupify/Datto SaaS Protection for G Suite and Office 365

Datto RMM

Description

You must set up two-factor authentication (2FA) with your application to access your account. If you haven't already done so, the Partner Portal or the Backupify login page will prompt you to enable two-factor authentication at your next login.

Why two-factor authentication?

Enable two-factor authentication

Download and install the Authy app

Changing your information

Enabling 2FA for all users

Why two-factor authentication?

To learn more about two-factor authentication, see What is two-factor authentication (2FA)? (external link).

Conventional password protection offers a single layer of security. Passwords are vulnerable to divulgence through human error and defeat through increasingly sophisticated forms of automated attack.

Two-factor authentication provides additional security. After entering your password, the authentication software contacts you via trusted means, such as your mobile phone number, and requests additional verification. This extra protection dramatically reduces the success rate for malicious access attempts.

Enable two-factor authentication

1. Navigate to your Partner Portal or Backupify login page, enter your account credentials, then click theLOG INbutton.

For Datto partners, including SaaS Protection users, navigate to the Partner Portal login page.

For Backupify Direct users, navigate to the Backupify login page.

Figure 1:The Login window (click to enlarge)

2. Choose an authentication method, then click theEnable 2FAbutton.

Figure 2:The select Authentication Method prompt (click to enlarge)

The next step will vary depending on the authentication method you selected.

Third-Party Authenticator App

Open your authenticator app and scan the QR code to complete the setup.

Figure 4:Setup via third-party authenticator app (click to enlarge)

For additional information, see How do I set up an external authenticator app for the Datto Partner Portal?

Authy

Follow the steps in the Download and install the Authy App section of this article.

SMS/Voice

1. Enter your phone number, then click the Enable 2FA button.

If this is a mobile phone number, you will receive a text with the verification code.

If Datto detects a likely non-mobile number, you will see the prompt shown in Figure 3. The dialog box, however, will contain additional instructions about how to set up the Authy application. The same conditions apply to users who reside in Canada since the Portal will not be able to determine if the number provided is from a non-mobile phone.

2. Enter the code in the2FA Verification window and click theSubmitbutton.

After the Portal admin enables 2FA for your company, users will not see the Remind me in 48 hours option.

Once you enable 2FA for all users, see Partner Portal: User Settings to learn more about viewing employee enrollment status.

Figure 5:Enable 2FA prompt (click to enlarge)

Resending Tokens

The method to re-send an authentication token will vary according to your chosen authentication method:

Third-party app: Check your mobile device for a new token.

Email: Click Email to receive a new token via email.

SMS: Click SMS or Phone Call to receive a new token via text message or phone call.

Figure 6:The 2FA verification modal (click to enlarge)

Once you submit the verification code, 2FA activation is complete.

Download and install the Authy app

Datto recommends the Authy 2FA app (external link)for logging into the Datto Partner Portal with two-factor authentication. You can download the following versions:

Mobile app: You can authenticate via your mobile phone via push notification or token. You will only be able to authenticate via mobile if you provided a cell phone number.

Desktop app: This applets you authenticate via desktop app push notification or token. You can use the desktop app if you use either your desk phone or mobile phone.

Chrome extension: The Chrome extension lets you authenticate from the Google Chrome browser via push notification or token. You can use the desktop app if you use either your desk phone or mobile phone.

Datto also lets you authenticate with your preferred third-party 2FA solution if necessary. Consult your application's setup guide for configuration instructions if you choose to leverage a solution not described in this article.

Figure 7:The Authy download page (click to enlarge)

Changing your information

You can change employee names or phone numbers used for 2FA with partner accounts from the Partner Portal user settings page.

Enabling 2FA for all users

Partner Portal Admins can require 2FA for all Portal users in their company.

1. In the Datto Partner Portal, click your username in the top right-hand corner, then select Company Settings from the drop-down menu.

2. In the Authentication Settings card, click Enable to activate 2FA for all of your company's Portal users. After enabling, users who have not set up 2FA will see a prompt to do so the next time they log in.

Once you enable two-factor authentication for your company, you cannot disable it.

Figure 8:The Authentication Settings card (click to enlarge)

Logging in on trusted networks

If you log in from an IP address that your Partner Portal admin has whitelisted as a trusted network, you will only receive the authentication prompt every three weeks instead of being prompted on each login.

Trusted network whitelistingis unavailable foraccounts belonging to end-user clients of Datto partners; these accountsmust authenticateon every login.

Additional Resources

What is two-factor authentication? (external link)

How do I set up an external authenticator app in the Datto Partner Portal?

How do I use the Authy Mobile app to log into the Datto Partner Portal?

How do I use the Authy Desktop app to log into the Datto Partner Portal?

How Do I log into the Datto Partner Portal by using the Authy Chrome extension?

How Do I edit my employees’ phone numbers in the Partner Portal for two-factor authentication?

How do I change my user settings in the Datto Partner Portal?

Datto Partner Portal: Organization settings

Datto RMM: AnnouncingDatto RMM's new Single Sign-on (SSO) Experience

Topic

This article provides links to Datto RMM tools for remote access to Mac Catalina operating systems.

Environment

Datto RMM

Description

You can remotely access devices that are running Mac OS Catalina by using either Splashtop or Datto RMM's new HTML5 based solution, Web Remote. Click the links below for details on each method.

Remote takeover tools (Datto RMM Online Help)

Web Remote BETA (Datto RMM Online Help)

Splashtop Remote Screenshare Integration (Datto RMM Online Help)

Topic

How do I set up two-factor authentication for my end users?

Environment

Datto Partner Portal

Description

As the administrator, you can enable two-factor authentication for end users at your clients' sites.Two-factor authentication requires that each of your clients with permission to access your firm's Partner Portal account have an associated mobile phone number. Employees authenticate via their phones.

Procedure

To start using two-factor authentication, both the end user and the administrator must take action:

End Users:Eachend user should download and set up the Authy app on the mobile device associated with their phone number. Authy is available for free for Windows, iOS, and Android.

Admin: Each client profile must have a mobile phone number on record. To edit a client's profile:

1. In the Partner Portal, click Admin and select Manage Clients from the drop-down menu.

Figure 1: Manage Clients(click to enlarge)

2.On the Manage Clients page, edit each employee's profile to include their mobile phone number.

Figure 2: Edit user phone numbers(click to enlarge)

Authenticating

When logging into the Partner Portal, clients will be prompted to enter an authentication key.

Figure 3: Two-factor authentication prompt (click to enlarge)

At this point, the end user must authenticate via ANY ONE of the following options:

Authy OneTouch. Entering credentials into the Partner Portal triggers an alert in the Authy app on the tech's mobile device. Swiping the alert completes the authentication.

Request the portal to send an SMS token to the relevant phone number. Enterthe key in the Token or Security Key field, then clickSign Into complete the authentication.

Lost phones

If you lose your phone, you can continue accessing your Partner Portal account after performing a 2-factor authentication reset or resetting your phone number once you have a new one.

If you have the same phone number as before, you only have to reinstall the Authy app to regain access.

If your phone number has changed, go to https://www.authy.com/phones/change to reset your number. Click the I don’t have access to my phone button at the bottom of the screen to get started. Once submitted, the process can take up to 72 hours to complete.

Consider installing Authy on multiple devices that use the same phone number (e.g., iPhone and iPad).

Topic

This article explains the nature of a differential merge backup and describes the Force a Differential Mergefeature on Datto appliances.

Environment

Datto SIRIS

Datto ALTO

Description

What is a Differential Merge?

A differential merge allows a backup agent to traverse the live backup dataset of the protected server, compare it to the protected system volumes, and back up new changes.

A differential merge is not to be confused with a Differential Backup Chain.The process applies the same concept as a VSS differential backup. Since each new incremental is compiled into a 'full' live dataset to accomplish the Inverse Chain, the difference from the 'last full' is usually just the size of a new incremental.

This process functions as a form of consistency checking and can resolve problems with backups by auditing for and correcting errors, such as corruption.A Differential Merge can also allow an agent to proceed with incremental backups in a situation that might otherwise require an incremental chain to restart with a new full backup.In theProtecttab of the appliance GUI, a backup running as a Differential Merge will appear to be the size of a full backup. However, it should only consume the space of an incremental backup on the storage array, and theManage Recovery Points page will record the transfer type accurately.

Distinguishing a Differential Merge from a Full Backup

A differential merge will appear as a 'Differential' backup on the Manage Recovery Points page of the Datto appliance GUI.

When it is running, a differential merge will appear as a large data transfer across the network between the Datto deviceand the protected system.

If the transfer is a full backup, you will see the available storage space on your Datto appliance decreasing at a 1-to-1 ratio to the amount of data reported as transferred in the backup progress bar of the Datto appliance'sProtect page.

Force a Differential Merge

To force a differential merge, follow these steps:

Open the GUIfor the Datto device.

Click on the Protect tab.

Find the agent that you wish to configure.

Click Configure Agent Settings for that agent.

Go to the Advanced section, and scroll to Force a Differential Merge, as shown in Figure 1.

Click theForce Differential Merge button. The next scheduled backup will be a differential merge.

Figure 1:Force a Differential Merge (click to enlarge)

Topic

This article contains all release notes for Datto Network Manager.

Environment

Datto Network Manager

Description

Datto Network Manager is thenetworking industry’s first cloud management user interface designed to serve the needs of MSPs. Periodically, Datto may release updates to Network Manager that affect the functionality of or impact certain devices. For firmware release notes for specific devices, see the release notes in their respective sections.

Index

2020

Release 2020-01-30

Release 2020-01-17

Release 2020-01-02

Previous years

2019

Releases

Release 2020-01-30

Improvements

To eliminate confusion, renamed Incoming Port to Source Port in the Custom Traffic Policies settings for routers

Release 2020-01-17

Improvements

Addedfunctionality to allow DHCP reservations outside the DHCP range for D200 routers

Added functionality for the API to validate the model type before adding a device to the network

Introduced consistency between GET and PUT router API methods

Added functionality for the API to return the device's uplink IP address

Release 2020-01-02

Improvements

Added descriptions for routers and managed power devices on the Device Details page

Added functionality to use the selected network's firmware version for all device configuration pages; any devices not on the selected version will display a warning but still allow configuration

Added functionality toonly display features applicable to your network's firmware version

Improved the way that the Device Details page displays device attributes

Introduced functionality to extend the life of Datto Mobile App sessions from 24 hours to 30 days

2019

Hotfix 2019-12-05

Release 2019-12-04

Release 2019-11-20

Release 2019-11-11

Release 2019-10-22

Release 2019-10-08

Release 2019-09-25

Release 2019-09-11

Release 2019-08-27

Release 2019-08-14

Release 2019-07-17

Release 2019-07-03

Release 2019-06-18

Hotfix 2019-12-05

Bug fixes

Resolved an issue which prevented users from adding networks to accounts that did not already contain a network

Release 2019-12-04

Improvements

Released 802.11r, 802.11k and WiFi scheduling from beta

Redesigned the left navigation bar to minimize click-throughs and improve the user experience

New users now default to the Network Viewer role rather than the Network Editor role.

Added a link to the Partner Portal on the Users page in Network Manager for easier access to user management

For switches, routers and managed power devices: added the ability to jump to any device of the same kind from a drop-down menu on the Status and Config pages

Bug Fixes

Resolved an issue that caused Access Points to reboot twice when rebooted from Network Manager

Release 2019-11-20

Improvements

Increased the size of pop-up dialog boxes for greater visibility

Bug Fixes

Resolved an issue that prevented users from saving two switch ACLs containing any duplicate rules

Resolved an issue preventing users with limited privileges from viewing and managing their silenced devices

Resolved an issue where users were unable to save Site-to-Site VPN settings on their router after deleting another router that was acting as a VPN client

Release 2019-11-11

Improvements

Added a pop-up warning before enabling or disabling ports for Managed Power devices

Hid the Create Network Group and Create Network buttons from users that do not have permission to perform these actions

Added the ability for users to configure DHCP Reservations for hostnames that contain hyphens on the D200

Changed the name of the Outages column to Cloud Connection in device overview pages to more accurately reflect the information presented in the column

Bug Fixes

Resolved an issue that prevented users from making multiple changes to D200 site-to-site VPN configuration

Resolved an issue that prevented users with the Network Viewer role from viewing switches on their networks

Resolved an issue that caused users of Microsoft Edge to see the word 'undefined' appear in the Recent Events table

Resolved an issue that prevented users from creating a new network in an empty network group

Release 2019-10-22

Improvements

Introduced networking events and critical event-level email alerts

Added an option to enable Dynamic Frequency Selection (DFS) for supported access points and jurisdictions

Improved the formatting of the Last Seen time for individual network clients

Reduced time before the device is marked DOWN from 30 minutes to 10 minutes or less

Added ability to set device description field during bulk CSV imports

Bug Fixes

Various bug fixes and enhancements

Release 2019-10-08

Improvements

It is no longer possible to delete users from Network Manager. Use the Datto Partner Portal to delete users. See Partner Portal: Managing employee accounts and roles for more information.

Bug Fixes

Resolved an issue that sometimes caused Access Points to be labeled 'Down' erroneously

Release 2019-09-25

Various bug fixes and enhancements

Release 2019-09-11

Various bug fixes and enhancements

Release 2019-08-27

Various bug fixes and enhancements

Release 2019-08-14

Bug Fixes

Resolved an issue which could cause device model names to display inconsistently

Release 2019-07-17

Improvements

Improved logout functionality in the Network Manager UI

Various bug fixes and enhancements

Release 2019-07-03

Improvements

Enabled Automatic Upgrades behavior on all access points running firmware versions other than 6.1.5, 6.4.15, or 6.5.2

Bug Fixes

Resolved an issue related to exporting information from the All Networks page

Release 2019-06-18

Initial product release

New Features

Added the Audit Logs feature

Added band steering for Datto Access Points

Added Locate mode for Datto Access Points

Question

How do I configure firewall and port forward settings on Datto Routers?

Environment

Datto Network Manager

Answer

Accessing firewall configuration options

1. In the Datto Network Manager Navigation menu, click Manage, then select Routers from the expanded options.

Figure 1: The Navigation menu (click to enlarge)

2. Click the name of the router you want to configure.

Figure 2: The Routers page (click to enlarge)

3. SelectFirewall from the expanded router options in the Navigation menu.

Figure 3: Expanded router option (click to enlarge)

Configuring router options

Port forwards

This section lets you forward a specific port from the router's WAN interface to an IP address on your LAN. For example, you could enable outside access to an internally-hosted web server by adding a port forwarding entry with:

an Incoming Port and Destination Port of 80.

the Destination IP of the server's local LAN IP address.

You can configure the following port forward options:

Device name: The hostname of the device requesting access

Incoming port: The port or range of ports through which traffic from the internet will enter the router; incoming ports and destination ports should be the same unless otherwise specified

Protocol: The transfer protocol forwarded traffic will use (TCP, UDP, or all)

Destination IP: The internal address of the forwarded traffic

Destination port: The port on the internal device through which forwarded traffic will travel

Add/Remove: Adds or removes a port forwarding rule

Figure 4: Port forwards(click to enlarge)

Custom traffic policies

This feature requires D200 firmware release 1.0.7 or later.

This section lets you configure access control lists (ACLs) to allow or deny traffic movement through the router. You can use these ACLs to:

control where internal traffic can go.

useport forwarding entries to control what internal resources traffic from the internet can reach.

You can configure the following custom traffic policy options:

Policy name:A descriptive name letting admins know the policy's purpose

Action: Specify the action to take (block or allow)

Protocol:Specify the protocol to which the policy applies (TCP, UDP, or all)

Source IP: Designate an originating external IP address to which the policy will apply

Source port: Specify a port through which allowed traffic would enter the network

Destination IP: Specify an individual IP address or range of internal IP addresses that can receive permitted traffic

Destination port: Designate a port on the device through which to receive allowed traffic

Add/Remove: Adds or removes a custom traffic policy

Figure 5: Custom traffic policies(click to enlarge)

Topic

This article explains the process to perform a granular MicrosoftSQL database restore using Ontrack PowerControls. Ontrack PowerControls supports SQL 2005, SQL 2008, SQL 2008 R2, SQL 2012, and SQL 2014 and can read MDF, LDF, NDF, and BAK files.

To restore an Exchange server, see SIRIS, ALTO, and NAS: Exchange mailbox restore with Ontrack PowerControls (Kroll restore).

Datto appliances use Ontrack PowerControls version 9.3. Newer versions of this software are unsupported.

Environment

Datto SIRIS

Datto ALTO

Ontrack PowerControls

Microsoft SQL Server

Description

The restore process has several steps:

Download Ontrack for SQL

Check the Microsoft SQL Server datastore

Mount a file restore

Use Ontrack PowerControls to connect the data source and SQL target

Copy source target

Download Ontrack PowerControls

1. Download and install Ontrack PowerControls for Microsoft SQL Server on a Windows PC that can connect to the Microsoft SQL Server.

2. Log in to the web interface for your Datto appliance. Go to the Advanced menu and click Granular Restore. Under Kroll Ontrack PowerControls for Microsoft SQL Server, click the Executable and the License File links to download each file.

Figure 1:Download Ontrack PowerControls for MS SQL Server (click to enlarge)

If you need to restore Microsoft SQL Server 2016, use the Kroll Ontrack PowerControls for Microsoft Exchange and SharePoint installer and license. Then, follow the steps described in this article to complete the restoration. To learn how to installKroll Ontrack PowerControls for Microsoft Exchange and SharePoint, see our Exchange article.

3. Once you've downloaded the executable and the license file, you can install and activate the program. You do not need to install PowerControlson the MS SQL server, but you must be able to connect to the SQL server from the machine on which you install it.

Check the Microsoft SQL Server datastore

1. To navigate to the correct location to retrieve your data, you must know where your SQL server stores this data. To do so, go into the Microsoft SQL Server program. Right-click the top-level server, and choose Properties. This example shows SQL Server 2008. Other versions of SQL Server may differ.

Figure 2:SQL Server 2008 (click to enlarge

2. In the Server Propertieswindow, click the Database Settings option.

Figure 3:Database Settings (click to enlarge)

Note the location of the Data and Log files. You will need this information later.

Mount a file restore

1. To start the file restore, click the Restore tab of the Datto appliance.

Figure 4:Start a Restore (click to enlarge)

2. Choose the SQL server from which you want to restore data and select File Restore. Then, choose the recovery point that has the data that you need.

3. Click Start File Restore.

Figure 5:Mount Recovery Point (click to enlarge)

4. Click the Mount button, and make a note of the Samba Share information.

Figure 6: Samba Share information (click to enlarge)

Use Ontrack PowerControls to connect the data source and SQL Target

1. In the Ontrack program, go to the File menu and clickOpen Source.

Figure 7:Open Source (click to enlarge)

2. Navigate to the data source, choose the *.mdf file, and click Open.

Figure 8:Select the data file (click to enlarge)

3. In the Data Wizard window, click the Add... button.

Figure 9:Data Wizard (click to enlarge)

4. Add the log (*.ldf) file.

Figure 10:Add the *.LDF file (click to enlarge)

5. You will see the Data Wizard with both the *.MDF and *.LDF files listed.

Figure 11:Source files added (click to enlarge)

6. Click the Finish button. A green bar will display progress.

Figure 12:Open Source progress (click to enlarge)

Copy source to target

1. The Data Wizard prompts you to select your target server. Enter your credentials to connect to the Microsoft SQL Server. Then, choose the database you need to restore. In Figure 13, it is connecting to the localhost and connecting to the DattoDummyDataSQL database.

Figure 13:Connect to Target Server (click to enlarge)

2. When you click Finish, you will see a window with both the Source and Target visible. You can drag and drop the table you wish to restore. Figure 14 depicts a drag and drop of the dbo.employeesdemo table from the Datto file restoration to the DattoDummyDataSQL live database.

Figure 14:Moving a table from the file restore to the live database (click to enlarge)

Once you've dropped the file into the target, you'll see a progress window, as shown in Figure 15.

Figure 15:Copy Progress (click to enlarge)

3. When the copy progress has finished, you have restored your data and can now click Close.

Figure 16:Copy Progress Finished (click to enlarge)

Additional Resources

Ontrack PowerControls User Guide Version 9.3 for SQL (external link)

Topic

This article describes the procedureto restore Exchange mailboxes by using Kroll Ontrack PowerControls.

To restore a SQL server, see SIRIS, ALTO, and NAS: Granular SQL restore with Ontrack PowerControls.

Environment

Datto SIRIS

Datto ALTO

Ontrack PowerControls for Exchange Version 9.3

Description

If you are restoring from an ALTO 3, proceed toSection 2: Licensing Information. If you are restoring from any other ALTO appliance that is not on per-agent pricing,see Exchange Mailbox Restore With Kroll Ontrack For ALTO(Kroll Restore) to get started.

Index

Licensing Information

System Requirements

Performing the Restore

Offsite Restore Preparation

Configuring Microsoft Office Outlook

Obtaining the Ontrack PowerControl License

Ontrack PowerControl Licensing for Previously-Installed Instances

Configuring the Ontrack PowerControl Data Wizard

Licensing Information

The Kroll Ontrack PowerControls for Exchangelicensesbundled with the Datto SIRIS are for Exchange Databases for 500 users or less.

Ontrack PowerControls licenses expire after a set period. If the licenseon your deviceshows expired, you'll need to provision one from the same location. Datto provides this license on SIRIS devices at no additional charge].

ALTO users not on per-agent pricing mustpurchase this service at an additional cost. Contact your Sales Executive, or navigate to thePurchasing & Billing Service Billing category on the Datto Partner Portal, if you need to purchase a PowerControls license for an ALTO appliance.

If your Exchange Database contains more than 500users, contact Datto Technical Support to start a recovery. If time is a critical factor, ask your support technician how long the recovery may take; large databases can take several hours or more to process, depending ontheir size. Be sure to note the number of mailboxes you need, as shown in the figure below.

Figure 1:Mailbox Limit Reached (click to enlarge)

Datto appliances use Kroll Ontrack PowerControls version 9.3to perform Exchange restores. Other versions of this software are unsupported.

System Requirements

Software

Supported Operating Systems:

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows 7

Windows 8

PowerControls supports 32-bit and 64-bit versions of the operating systems listed above. Operating systems must have the latest service packs installed.

Supported Source Microsoft Exchange Database (offline):

PowerControls supports the following versions of Microsoft Exchange Server asoffline source databases:

Microsoft Exchange Server 2000

Microsoft Exchange Server 2003

Microsoft Exchange Server 2007

Microsoft Exchange Server 2007through SP3

Microsoft Exchange Server 2010 through SP3

Microsoft Exchange Server 2013 through SP1

Microsoft Exchange Server 2016

Supported Target(live) Microsoft Exchange Server:

PowerControls supports the following versions of Microsoft Exchange Server as live targets:

Microsoft Exchange Server 2007through SP3

Microsoft Exchange Server 2010 through SP3

Microsoft Exchange Server 2013 through SP1

Microsoft Exchange Server 2016

Microsoft Office (Microsoft Outlook)

Microsoft Office Outlook 2007 and later (32-bit versions only).

Tip:If installing Outlook in a disaster recovery situation, install Outlook without configuring an email; that will suffice for this requirement.

Hardware

Intel Pentium-compatible processor

1024 MB RAM minimum

200 MB of free hard disk space for the installation of Ontrack PowerControls

Monitor with 800 x 600 or higher screen resolution

Performing the Restore

Offsite Restore Preparation

To do a Kroll restore from an offsite recovery point, follow the steps in Mounting a Secure FTP File Restore in the Recovery Launchpad to create the cloud share. You can then use Netdrive to mount the SFTP share to a local environment with the required software installed.

Alternatively,download the needed EDB file to your local environment, and instead of performing Step 7, use the path to the EDB file's download location. If the file is too large to download, consider a Reverse Roundtrip.

When you have completed these steps, proceed to the Configuring Microsoft Office Outlook stepof this article.

Do not leave offsite file restores mounted longer than necessary. Leaving restores mounted when they are not in use can affect your offsite retention usage, and may result in overage charges.

Configuring Microsoft Office Outlook

1. Make sure that you installed Office Outlook, and that it has run once.

2. Set up an email account on an Exchange Server.

3. For versions of Outlook that distinguish betweenCorporate Email, use Corporate Email when configuring Outlook.

4 Re-run Outlook and connect to the Exchange Server.

Obtaining the Ontrack PowerControls License

Click the Advanced tab, then select theGranular Restoretab of the Datto web interface.

Figure 2:Download & License Provisioning (click to enlarge)

This option will not appear in the Device UI on ALTO 2 continuity devices.Contact Datto Technical Support for assistance with performing a mailbox restore on an ALTO 2.

Ontrack PowerControls Licensing for Previously-Installed Instances

If you are followingthis procedurefor a previously-installed version, be sure to download the file into the same folder in which you already installed PowerControls. The default path for PowerControls installations is:C:\Program Files (x86)\Kroll Ontrack\Ontrack PowerControls\. Then, proceed to Performing Exchange Message Level or Mailbox Level Restoration .

Installing Ontrack PowerControls

1. Install and configure Outlook as described inConfiguring Microsoft Office Outlook, above.

2. Turn off any disk utility or antivirus program running in the background.

3. Download and run the installer from the Datto appliance'sAdvanced Granular Restore tab.

4. SelectInstall Ontrack Power Controlsto start the installation process.

Figure 3:Install Ontrack PowerControls (click to enlarge)

5. The install wizard may prompt you to install additional required components before you can install the software, as shown in Figure 4. Select OK to install them.

Figure 4:Additional components required (click to enlarge)

6. ClickNext to begin the installation.

Figure 5:InstallShield Wizard for Ontrack PowerControls (click to enlarge)

7. Once the installation completes, proceed to the next section of this article.

Installing the License File

1. LaunchOntrack PowerControls for Exchange.You will see the prompt shown in Figure 6. ClickApply License.

Figure 6:InstallShield Wizard for Ontrack PowerControls (click to enlarge)

2. Inthe License Informationwindow, click the navigation button highlighted in Figure 7. Browse to the file you downloaded from your Datto appliance or received from your Datto Sales Executive. Then, click Close.

Figure 7:Browse button (click to enlarge)

Performing Exchange Message Level or Mailbox Level Restoration

1. On your Datto appliance, perform a Local File Restore of the recovery point from which you would like to restore. Make a note of theSamba Share path of the restore.

Figure 8:Samba Share path (click to enlarge)

Configuring the Ontrack PowerControls Data Wizard

1. LaunchOntrack PowerControls. You will see the Data Wizard shown in Figure 9. If the Data Wizard does not appear automatically, you can launch it by clickingFile Use Wizard in the Ontrack PowerControls UI.

2. Click Browse, then navigate to the Samba share path in the file name section.

Figure 9:Data Wizard (click to enlarge)

3. Navigate through the directory tree of your file restore and locate the EDB file you would like to restore. Select the EDB file, and click Open.

Figure 10:EDB file selection (click to enlarge)

4. In the Data Wizard, theEDB Path,Log File Path, andTemporary File Path fields will auto-populate. ClickNext to continue.

Figure 11:Data Wizard with required path information (click to enlarge)

5. Select theTarget Typeto which you would like to restore the contents of the EDB (Figure 12.1), and then use theBrowse button to select theTarget (Figure 12.2). When you finish making your selections, clickNext to continue.

Figure 12:Target selection (click to enlarge)

6. The Data Wizard will display the message,"Now Processing Data File,"as it processes the EDB file. The processing takes place in three stages:

Pre-scanning the log files (integrity check)

Scanning the log files (playing the log files)

Hashing the EDB file (building a folder hierarchy)

If Ontrack PowerControls encounters corrupt or missing log files during log playing, you will have the option to continue without playing the logs. If you choose to continue, Ontrack PowerControls will process the EDB without logs.

7. The Data Wizard will close. You will see the results of your recovery displayed in the Source and Target panes in the main Ontrack PowerControls window.

8. For advanced information about working with or managing your recovery, or for information about recovering from non-EDB sources, see the Ontrack PowerControls User Guide (external PDF).

To prevent conflicts with retention operations on your Datto appliance, remove the Local File Restore you used for the Exchange mailbox restore once you've completed the mailbox recovery.

Figure 13:Main window, displaying EDB source and PST target (click to enlarge)

Additional Resources

Ontrack PowerControls User Guide, Version 9.3 for Exchange (external link)

Topic

This article describes the Networking Status page, and how to use it to access the Datto Networking Portal view for your devices.

The Datto Networking Appliance (DNA) can perform these steps in 4G LTE Failover mode.

Environment

Datto Access Points

Datto Switches

Datto Managed Power

Datto Networking Appliance (DNA)

Datto Network Manager

Description

The Networking Status page in the Partner Portal provides a high-level overview of your managed networks and their respective devices. Each device contains a Device Web hyperlink to access the device in the Datto Networking Portal, its cloud management interface.

The Datto Networking Appliance will display its management interface when clicking Device Web.

The device management interface

The device management interface is the tool used to manage configuration options for a networking device.

Most devices use Datto Network Manager as their management interface.

The Datto Networking Appliance (DNA) has a dedicated management interface.

Navigating to the management interface

Navigate to networking.datto.com.

Log in with your Partner Portal credentials. If you are redirected to the main Partner Portal, select the Status dropdown, and click Networking Status.

Select the Device Web icon.

Figure 1: Networking Status and Device Web (click to enlarge)

If you do not see your devices listed here, contact Datto Technical Support for further assistance.

Networking Status

Figure 2: Networking Status - Standard View (click to enlarge)

New devices will display in a table separate from existing managed networks. For more information on registering a device, read this article.

ClickAdd Deviceto add a device to a network manually.

The Networking Status page offers two view-types for displaying information about your networks, Standard, and Compressed.

Standard View

The following information will display for each network in Networking Status in Standard View:

Network name: Each table represents one network and devices within it. The name of the network displays on the top left.

If a device in the network is using the Failover feature, a Failover icon will display next to the network name. Hovering your mouse over the icon will display all devices in failover.

Device: This columndisplays the name of the device.

Device Web: This icon directs you to the respective management interface of the device.

Model:This section displays the model of the device.

Last Check-in:This section shows when the device last successfully checked in to Datto's management servers.

Uptime: This section showshow long the device has been powered on and operating

Clients: This column showshow many clients are connected to the device

Last 24 Hours: This part of the pagedisplays a graphic representing device check-in attempts over the last 24 hours. Green represents a successful check-in; red represents a failed check-in. The following devices will show different shades of green that represent additional details alongside a successful check-in:

Access points: Light green indicates the access point is in repeater mode; dark green indicates the access point is in gateway mode.

Managed Power: Light green indicates the managed power unit is connected via WiFi; dark green indicates the managed power unit is connected via Ethernet.

Client: This section displays the client configured for shared access to the network. For information on configuring a client for shared access, read this article.

Tickets:This column shows how many support tickets are associated with devices in this network.

DNA Online: This column shows how many DNAs are checking in, and the total amount in your network.

AP Online: This section showshow many access points are checking in, and the total amount in your network.

SW Online: This headingdisplays how many switches are checking in, and the total amount in your network.

Compressed View

The following information will display for each network in Networking Status in Compressed View:

Figure 3: Compressed View (click to enlarge)

Client:This column shows the client configured for shared access to a network. For information on configuring a client for shared access, read How do I set up shared access for Datto Networking from the Partner Portal?

Network Group:This column displays the network group.

Network name: This heading displays the name of a network.

If a device in a network is using the Failover feature, a Failover icon will display next to the network name. Hovering your mouse over the icon will display all devices in failover.

Tickets: This section shows how many support tickets are associated with devices in a network.

Devices Online: This column shows how many devices are checking in, and the total amount in your network.

Last Check-in:This column displays how long ago a device last successfully checked in to Datto's management servers.

Uptime: This heading shows how long a device has been powered on and operating.

Clients: This heading shows how many clients are connected to a device.

Last 24 Hours: The page displays a graphic showing device check-in attempts over the last 24 hours. Green represents a successful check-in; red represents a failed check-in. The following devices will show different shades of green that represent additional details alongside a successful check-in:

Access points: Light green indicates the access point is in repeater mode; dark green indicates the access point is in gateway mode.

Managed Power: Light green indicates the Managed Power unit is connected via WiFi; dark green indicates the Managed Power unit is connected via Ethernet.

Additional Resources

Datto Networking Appliance: Getting Started

Issue

Screenshot verification fails with the error message,"FATAL: No bootable medium found! System halted."

Environment

Datto SIRIS

Datto ALTO

Cause

The virtual machine could not find an active partition, volume with valid boot information, or a valid operating system. If this is happening with the Linux agent, see the article Linux Screenshot Fails With A "No Bootable Medium" Error Message.

Solution

Verify that the volume the operating system resides on is part of the backup job.You can check this in Agent Configuration: Volume Level Backup Control.

Figure 1shows an example of the OS partition (C:\) being excluded from backups.

Figure 1:Volume Level Backup Control (click to enlarge)

Verify that no other partitions are set as active (bootable) on the protected machine.

If the system has a System Reserved volume, try excluding it from future backups and deleting it in the Volume Level Backup Control options. To remove the System Reserved volume, click the Delete button under the Delete Dataset header for the System Reserved entry. After excluding and removing the System Reserved volume, take a new backup and then schedule a screenshot for the new backup.

Topic

This article describes the process to manage your Datto Managed Power unit through the Datto Networking portal.

Environment

Datto MP60

Overview

On April 16, 2019, Datto will proactively update our server certificates;MP60s not upgraded to firmware version 6.4.16 by this date will no longer check in, preventing device management, reporting, and automatic upgrades. See this article for important information.

1. To access your Managed Power unit, navigate to the Datto Partner Portal in a web browser, and log in with your partner credentials. Click Status Networking Status, as shown in Figure 1.

Figure 1:Networking Status (click for larger image)

2. Select the AccountandNetworkassociated with your Managed Power unit.

3. SelectPower.

4. You will see a list ofPower Devices. Select the power device you would like to manage.

Figure 2: Selecting an MP60 in theDatto Managed Networking portal (click for larger image)

5. You will see the Power DeviceStatus page shown in Figure 3.

Figure 3: Power Device Status(click for larger image)

The Power Device Status page displays the following information:

A.Device Name: Lists the user-friendly name of the Managed Power unit. Click the edit icon to change the device's name.

B.Device Information: Displays system information about your Managed Power unit. The information shown is:

Last Checkin:Displays the last time the power device checked in with Datto's monitoring servers.

Uptime:Provides system uptime since the power device's last reboot.

Model: Lists the power device's specific hardware mode.

MAC:Displays the power device's unique MAC address.

Firmware Version: Provides the firmware version of the power device's onboard software.

Connection Type:Indicates whether the power device is connected to the local network via Ethernet or WiFi.

IP:Displays the IP address of the power device.

Surge Protection:Indicates whether the power device's surge protection features are on or off.

C.Total Power Strip Consumption: Displays a live graph detailing per-outlet power consumption. Mouse over any section of the report for detailed information.

D.Ping Test: Allows you to perform ping tests from the power device to a specified destination. See the Ping Test Power Cycle section of this article for more information.

E.Port Management: Enables an operator to perform the following management actions on a per-outlet basis:

Label:Allows you to apply a descriptive name to each outlet, so that you can more-readily identify the type of device connected to it.

Power Enabled: Checking this box powers the selected on. Unchecking the box will immediately power the outlet off.

Actions:If an outlet has its power enabled, the Power Cycle action will allow you to cycle the power for a specific outlet off and then back on. The Power Cycle action will be unavailable if power to the outlet is not enabled.

Power Cycle Delay: Allows you to define in seconds when an outlet will power back on when it has been power cycled.

Ping Test Power Cycle: Allows you to automatically have the Managed Power unit reset a power if it determines it cannot reach a particular site or host. See the Ping Test Power Cycle section of this article for more information.

F.Scheduled Activity: Allows you to enable, disable, or power cycle one or more ports on the power device on a designated, recurring schedule. ClickAdd Action to save the action to theCurrently Scheduled Actionsqueue.

G. Currently Scheduled Actions:Lists scheduled actions created through theScheduled Activity interface. Click the gear icon next to each action to remove it.

Ping Test Power Cycle

Overview

The Ping Test Power Cycle feature allows you to configure the power device to reset an outlet automatically if it determines that it cannot reach a particular site or host. A common use case would be to proactively reset a modem or router, but you can also use this feature to reset any other type of unresponsive device.

Procedure

1. Each port in thePort Management interface has a dropdown in the Ping Test Power Cycle column, from which you can select a pre-defined ping test, as shown in Figure 4.By default, theNonevalue is selected, meaning no action will be taken if a test fails.Use the dropdown to select a list, which the power device will check against, and determine if that port should be reset if the ping test fails.

Figure 4: Port Management interface with Ping Test Power Cycle dropdowns highlighted

(click for larger image)

In the above example, the operator has applied the "Default List" to Port 1, the router. Every 5 minutes, the power device will ping the hosts on that list. If the test fails, the appliance will power cycle the router. If any of the pings are successful to any of the hosts on the list, no action is taken, and the test will repeat in 5 minutes. If the ping test fails and the router is rebooted, the appliance will try again in 5 minutes. After 5 consecutive reboots, the Managed Power unit will stop power cycling the port.

2. You can create up to six custom ping test lists by clicking the Ping Test link in the Manage pane. Each list requires one host, and can have up to four hosts. When creating lists, ensure that the host entries are correct and will respond to pings. A host can be any device that is plugged in to the power device which is capable of responding to pings.

Figure 5: Customizing ping test lists(click for larger image)

You can also configure the following Ping Test Settings that will applied to all ping tests:

A: Power cycle if: This can be either when all hosts fail, or any host fails.

B: Power cycle after: Allows you to define that a ping test will power cycle an outlet after a specified number of fail tests.

C: Time between tests: Allows you to define how many minutes are in-between one test and another.

D: Stop testing after: Allows you to state that, after a set number of consecutive power cycles, all testing will cease.

E: Skip test during maintenance window:If set toYes, all tests will not run during the maintenance window set for your network. This ensures that routine upgrades or other maintenance will not generate failed ping tests and unwanted port resets.

Question

How do I integrate ConnectWise Manage 2.0 with my Datto device?

Environment

ConnectWise Manage 2.0

Datto ALTO

Datto SIRIS

Datto NAS

Answer

To integrate ConnectWise Manage 2.0 with your Datto device you must first set up an API Member in ConnectWise and then use the Integrations page of the Datto Partner Portal to enable the Integration.The Integration lets the Datto device create tickets, configurations, and agreements in your ConnectWise managed environment.

Figure 1: The ConnectWise 2.0 configuration page (click to enlarge)

Prerequisites

Before starting, ensure that your setup meets the following criteria:

You are running ConnectWise version 2017.6 or later.

You have access to add and edit API Members within ConnectWise.

You have access to the setup tables (for example, connection type).

Device Alert Setup

Alert functionality

When your Datto device creates an alert, Datto's ConnectWise integration immediately opens a service ticket on your ConnectWise service board.You will see mention of Device alerts and Agent alerts during the setup process on the Partner Portal, below.

Setting the alert email address

For a device or agent alert to create a ticket, you must first set an email address for that type of alert. Filling in the email address field enables alert messaging on the Datto device, and tells it where to send alert emails.

Datto does not currently support screenshot alert ticket creation via the ConnectWise integration. You may be able to get alerts using an email parser that automatically creates tickets for each email it receives. Datto does not support this procedure.For information on setting up an email parser, see ConnectWise University (external link).

API Member Setup

Unlike the previous Datto/ConnectWise Manage integration, you do not need to configure the integrator table within ConnectWise. Instead, you will create a new API Member. Once set, Datto will authenticate with ConnectWise via public & private API member keys.

Setting up the new API

1. Within ConnectWise, access the API Members section by clicking System Members, and then selecting the API Members tab.

2. Click the + icon to add a new API member.

3. Select the API license class.

4. Select the Admin System Role ID.

5. Complete the rest of the required fields.

6. Click the Save icon to create the member.Several new tabs will then appear at the top of the page.

Figure 2: Setting up the new API, steps 1-6 (click to enlarge)

7. Select the API Keys tab.

8. Click the + icon to create a new API key.

When prompted, add a description for the API key and click Save. ConnectWise will automatically generate a public and private key. Take note of the private key, as it will only display upon creation.

When configuring an API key and selecting Save for the first time, you will see a message stating this is the new integration, not the legacy ConnectWise Integration.

Figure 3: Setting up the API in ConnectWise (click to enlarge)

Navigating to the ConnectWise 2.0 Integrations Management Page

1. In the Partner Portal, clickAdmin, then choose Integrationsfrom the drop-down menu.

Figure 4:The Partner Portal (click to enlarge)

2. Select ConnectWise from the menu bar.Enter your credentials when prompted. Host and Company Name are the same as your ConnectWise credentials. Enter the API Member public key and API Member private key that you generated during the API Member step above. Once confirmed, click Authenticate.

Figure 5:The ConnectWise authentication page (click to enlarge)

ConnectWise 2.0 Setup Options

Header options

Figure 6:The ConnectWise 2.0 header (click to enlarge)

In the header, select ConnectWise as the integration type. You can also choose to enable or disable integration on a global level.

Making a configuration type

Now you can make a configuration type specifically for Datto devices. If no configuration types exist during first time setup, Datto will create one for you.

1. Open the setup tables by clicking System > Setup Tables.

2. Search for Configuration,then select the Configuration Types (not Configuration Status) table.

3. Name the configuration type whatever you’d like. Take note of the name as you will use it again later in the setup process.

4. Under Configuration Type, choose the configuration type that is set up specifically for your Datto devices.

Figure 7:Configuration type (click to enlarge)

Set Default Values

This section lets you specify default values for each device reporting to your integration.When you are finished configuring default values, click Save Settings to save.

Figure 8:Set Default Values (click to enlarge)

Service Board

Choose what service board receives alert-generated tickets from the Datto device.

Ticket Status

Choose the default status for new tickets.

Service Type

Choose the default service type.

Service SubType

Choose the default service subtype.

Datto Device Alerts

Choose whether global device alerts generate an email, a service ticket from the selected service board, or both.For redundancy, Datto strongly recommends configuring your integration to receive both email and ConnectWise alerts.

Datto Agent Alerts

Choose whether alerts from individual agents on the Datto device generate an email, a service ticket from the selected service board, or both.For redundancy, Datto strongly recommends configuring your integration to receive both email and ConnectWise alerts.

Manage Device Settings

This section displays information about the Datto devices in the fleet, including device names, serial numbers, models, settings, company names, and integration status.After you’ve selecteddefault values, you can begin associating your Datto Devices with ConnectWise Companies and update any settings specific to the device.

Figure 9: Manage device settings(click to enlarge)

Within the Manage Device Settings table, clickEditfor the desired device.

Figure 10: Edit device(click to enlarge)

Search for and select a ConnectWise company you would like to associate with the device. Then select a contact within that company.

If you’d like to use the default values you have just configured, click Save Settings to submit the modal.

To change any settings for this device only, uncheck Use Default Device Settingsand make any desired updates.

Agreement:ConnectWise will now auto-associate an AgreementID to a ConfigurationID. You will see a new Agreement drop-down in Device Settings, which lets you choose an agreement based on the company. This setting lets you specify and track agreements for each configuration.

Once the device is associated with a company, you can enable the integration for that device. Click the Integration Enabled toggle for the device to enable the device through the ConnectWise Integration.

If you have any problems or questions, contact Datto Technical Support.

Question

How do I set up an Autotask integration with my Datto device?

Environment

Datto SIRIS

Datto ALTO

Datto NAS

Autotask PSA

Answer

Prerequisites

Configure the Autotask integration in the Partner Portal

Configure Autotask PSA

Resource permissions in Autotask PSA

Datto Alert Ticket and Configuration Item in Autotask PSA

The Datto Alerts tab in Autotask PSA

Additional Resources

Prerequisites

Before starting, ensure you have met the following prerequisites:

You have anAdministratorSecurity Level in Autotask PSA.

You have access to the credentials of an Autotask PSA user account with anAPI UserSecurity Level.

You have a valid email configured for both device alerts (in the Datto Partner Portal) and agent alerts (on the Datto device).

Datto Networking devices cannot be monitored or managed through Autotask PSA at this time.

Autotask PSA will not generate tickets from the device to your service board without valid emails entered for both device alerts and agent alerts.

You can only connect one Datto reseller account to an instance of PSA.

Configure the Autotask integration in the Partner Portal

Configuration steps

1. Access the Datto Partner Portal by logging in with your account credentials.

2. From the top menu, selectAdmin,then chooseIntegrationsfrom the drop-down menu.

Figure 1:The Partner Portal (click to enlarge)

3. SelectAutotaskin the options bar.

Figure 2:The Integrations page(click to enlarge)

4. Enter the username and password of a Autotask PSAAPI Useraccount, then clickAuthenticate.

Figure 3:Autotask PSA authentication(click to enlarge)

You will be redirected to the Integrations/Autotask PSA page (Figure 4).

Figure 4:The Autotask PSA Integration page(click to enlarge)

This page is made up of three sections that let you customize and manage the Autotask PSA Integration for all your Datto devices:

Authenticate

Default Settings

Manage Device Settings

For more information about the advanced Datto integration, visit the following online PSA help article: The Advanced Datto BCDR Integration.

Authenticate

In this section of the Autotask PSA/Integration page, you will see the following:

(A)The username you entered for authentication in a greyed-out box.

(B)You will also see a button to enable or disable the Autotask Integration.

Figure 5:The Authenticate section (click to enlarge)

Autotask PSA offers an API User (API-only) Security Level for integration developers. The security level provides full System Administrator access to Autotask PSA modules, features, and data via the Autotask Web Services API, with no access to the Autotask user interface.

Datto recommends you utilize an API username and password and remove the ability to expire a password.

Default settings

Ticket category

A ticket category determines the layout of theTicket DetailandNew/Edit Ticketpages, shows you the available fields, and informs you of the available picklist options.

You can chooseany available category from the Ticket Categorydrop-down (Figure 6). The ticket settings will automatically populate based on the category selected.

Figure 6:The Ticket Category section (click to enlarge)

TheDatto Alertticket category is created automatically by Autotask PSA and is the default ticket category for the integration. This ticket category lets you display a Datto specific layout within the PSA.

In addition to the category-specific preset settings, this section lets you customize your integration further through individual drop-down boxes. When you finish configuring your settings, clickSave Settings.

Manage Device Settings

This section contains a list of all integrated Datto devices, which you can sort by the following criteria:

Device Name

Serial Number

Device Model

Settings

Autotask Company Name

Integration Enabled

Figure 7:The Manage Device Settings section (click to enlarge)

Click the pencil icon on the far right to customize the default options for specific devices (Figure 8).

Figure 8:The Manage Device Settings section (click to enlarge)

Integration Enabledmust be toggled on for each Datto appliance for alerts to function for a device (Figure 9).

Figure 9:The Manage Device Settings section (click to enlarge)

If this is a first-time set up for an individual device, select the device name from theManage Device Settings section of the page.In the following dialog box, populate theAutotask Company Namefield.

Figure 10:The individual device configuration modal.(click to enlarge)

Configuring device alerts

The Datto Device and Agent Alerts settings allow you to define where the integration should send each type of alert. There are three options for each alert type:

Email:This setting sends the alert via email, but it will not create a ticket in Autotask. If the email address for alerting is your support address, you may receive a ticket due to a redirect to Autotask's incoming email processing system. These tickets would not respect the configuration settings from the device (Company, Contact, etc.)

Autotask:This setting creates a ticket in Autotask via a backend connection using the resource entered earlier during authentication, but it will not send an email.You must have an email address entered for Device & Agent alerts to utilize this setting.

Both:This setting creates a ticket in Autotask and sends an email to the address you specify. Due to incoming email processing in Autotask, you may get duplicate tickets if the email address is the support address.

Datto appliances will not create Autotask tickets for screenshot alerts.

For more information on configuring Device Alerts, visit the SIRIS, ALTO, and NAS: Configuring email alerts for Datto backup devices in the Partner Portal article.

For more information on configuring Agent Alerts, visit the SIRIS, ALTO, and NAS: Configuring alert, warning, and log digest emails on a Datto Appliance article.

Figure 11:Datto Device Alerts(click to enlarge)

Configure Autotask PSA

After the initial configuration in the Datto Partner Portal, you must configure further

settings in Autotask PSA.

1. Log into Autotask PSA.

If you are already logged into PSA when the integration is enabled, you must log out, and then log back in to see the changes.

2. Move your cursor over the Autotask Menu icon AdminExtensions & Integrations(from the sidebar menu).

Figure 12:Autotask PSA admin menu(click to enlarge)

3. Expand thesection labeledDatto, thenclickAdvanced Datto Integration(Figure 13).

If you have not configured and enabled the Autotask integration in the Datto portal, you will be unable to continue.

Figure 13:Autotask PSA Admin- Extensions and Integrations(click to enlarge)

Resource permissions in Autotask PSA

You must individually enable PSAresources to use the Advanced Datto Integration. You allow permissions on theAdvanced Datto Integrationpage. This page lists all active resources and displays their default department, security level, and primary location.

Resources with permission to access Datto will be able to see:

Links on Ticket pages and grids.

Links on the Configuration Item pages and grids.

The CRM Configuration Item Mapping page.

Configuring resource permissions:

To set resource permissions, visit the following online help article: Resource permissions for the advanced Datto Integration.

Datto Alert Ticket and Configuration Item in Autotask PSA

When the integration is configured, Autotask PSA creates an alert ticket. The following Datto-specific information is available on the Ticket page by default:

Ticket Category: Datto Alert

Ticket Type: Alert

Datto Device insight: This insight displays a variety of details about the Datto device. The icons at the top, from left to right, allow you to:

Navigate to the device web interface to remotely connect to the device.

Open the Device at a Glance page to see an overview of the device.

Figure 14:Datto Device insight(click to enlarge)

Configuration Item insight: This insight displays a variety of details about the configuration item.

Figure 15:Configuration Item insight(click to enlarge)

Click the name of the configuration to open theEdit Configuration Itempage. This page displays the nightly status information shared by the Datto device.

Figure 16:The Edit Configuration Item screen(click to enlarge)

The Datto Alert tab in Autotask PSA

Two new Datto-specific tabs are available in Autotask PSA:Datto AlertsandDattoDevices.Both tabs are configured based on the device data synced from Datto to Autotask PSA.

Accessing the Datto Alerts screen

1. From the Autotask PSA dashboard, click the+sign in the tab strip, or click the dashboard icon, then selectAdd new tab.

2. SelectStart with a copy of a default tab.

3. ClickDatto Alerts or Datto Devices,then clickFinish.

On the Datto Alerts tab, you will see widgets that display tickets generated from alerts, broken down by various metrics. You will also see configuration items created from Datto devices.

Figure 17:The Alerts tab(click to enlarge)

Figure 18:The Datto Devices tab(click to enlarge)

Additional Resources

Map discovered devices to a contact and contract (Autotask PSA Online Help)

Configuring Email Alerts For Datto Backup Devices In The Partner Portal

How Do I Configure Alert, Warning, And Log Digest Emails On A Datto Appliance?

Topic

This article describes setting up and using the REST API with Datto device integrations.

Environment

Datto Partner Portal

Datto REST API

Description

Datto’s new REST API lets vendors create a dynamic integration experience in a more reliable and scalable way. It is also available for MSPs that have an experienced technical background.

Creating an integration with Datto’s REST API provides an easy way to retrieve readily available device, agent, and backup status information. The Datto REST API uses the industry-standard Swagger UI for an interactive documentation experience that allows developers to trial responses from their own devices on their portal accounts.

How do I access the API Configuration Options?

1. Log into the Datto Partner Portal.

2. Click the Admin tab, then select Integrations from the drop-down menu.

Figure 1: The Datto Partner Portal(click to enlarge)

3. On the Integrations page, click the BCDR button at the top of the screen.

Figure 2: The Integrations page(click to enlarge)

3. The Business Continuity and Data Recovery integration information panes will now open. Click the Enable API button in the top portion of the pane.

Figure 3:The REST API pane(click to enlarge)

4. The Datto REST API is now enabled, and configuration options will now appear.

Figure 4: Datto REST API options(click to enlarge)

REST API Configuration options

Disable API:disables the Datto REST API

Documentation: Expands the REST API documentation pane

Regenerate Key: generates a new public API key

Reveal: displaysthe secret key's actual characters on-screen

Accessing Datto REST API documentation

Click the Documentation button in the REST API options pane. The pane will expand and open the API documentation, including basic API options and options for the individual endpoints.

Figure 5: Datto REST API options(click to enlarge)

REST API documentation pane options

Authorize: The REST API uses a basic authentication scheme, with an automatically generated public API key/secret API key.

Server: This drop-down menu shows what server the API is currently communicating with, and lets you select different available servers.

REST API endpoint options

The REST API documentation provides a menu of all configurable endpoints. You can use the Try It Out button to change parameters within each endpoint:

1. Click an endpoint to expand its options.

Figure 6: API endpoint options(click to enlarge)

The endpoint will expand, showing all parameters accepted in the URL, as well as the JSON representation of the responses from the server.

Previewing API call results with the Swagger UI

The swagger UI lets you change endpoint parameters, run "preview" API calls, and view detailed results of the change at the presentation and code levels.

In this view,you can:

change each parameter and get a preview of the change's effect

see the responses generated by each preview request as a Curl command and URL

see the HTTP response codes generated when the server responds to the API call preview

download the JSON code block generated by your trial API calls

A Datto device must be associated with the Partner Portal account for these options to function.

Figure 7: Expanded endpoint documentation(click to enlarge)

To change parameters and preview an API call:

1. Click the Try it out button in the upper right-hand corner.

Figure 8: The Try it out button(click to enlarge)

2. Edit fields will open for each parameter. Make the changes you want, then click the Execute bar. to make the new API call.

Figure 9: Editable parameters and making the API call (click to enlarge)

3. In the Responses pane beneath the Execute bar, you can view the Curl commands, request URL, HTTP code, response headers, and response code block generated by the preview API call. Click the Download button to download the code block as a JSON file. Click Clear to reset the API call preview.

Figure 10: The Responses section of the endpoint preview (click to enlarge)

Question

How do I find my integration API key?

Environment

Integrations

Partner Portal

Answer

This article explains how to find yourXML/RSS API key in the Partner Portal. This key is used for a variety of integrations, such as Labtech and ITGlue, as well as other integrations and custom scripts.

The API key is also needed to set up Autotask Endpoint Management. This is not to be confused with normal Autotask / Connectwise integrations.For information about these platforms, see the Additional Resources section of this article

Enabling RSS/XML Integration and finding your key

1. Go to the Partner Portal at https://portal.dattobackup.com.

2. Go to the Admin menu, and click Integrations:

Figure 1:Admin Integrations (click for larger image)

3. In the XML tab, make sure the XML service is enabled:

Figure 2:Enabling XML integration (click for larger image)

4. Under the New XML section, click on any of the links: Device Information, Alerts Sent Recently, or Device Alert Information. The32 character API Key will be displayed automatically under the XML API Key section.

Figure 3:API key (click for larger image)

Additional Resources

Autotask Integration Setup

ConnectWise Integration Guide

Question

What are integrations, and how do they work?

Environment

Autotask PSA

Datto RMM

Answer

What are integrations?

Integrations are tools for passing information from endpoint systems to the platforms that MSPs use for managing their business. They allow for automation and broad problem triage without requiring the partner to use many platforms at once.

For example, if a Datto appliance triggers a critical backup error:

a ticket will automatically generate at the MSP's service desk, and

the ticket will assign to a queue or to a technician who can look into the issue.

What are the types of integrations systems?

There are two types of systems:

Remote Monitoring and Management (RMM) toolsallow partners to monitor and manage endpoints - computers, servers, network hardware, and more. RMM allows you to access and control remote systems, run scripts, install or update software, and monitor resources. Datto currently supports the following RMM integrations:

Datto RMM

ConnectWise Automate (formerly LabTech)

Professional Services Automation (PSA) tools are business management tools for reporting, ticketing, billing, and other tasks. A PSA tool may track how many Datto device issues have occurred. The tool will also receive alerts from the integration and create service tickets.Datto currently supports the following PSA integrations:

Autotask PSA

ConnectWise Manage (formerly named ConnectWise)

Kaseya

What data passes over the integration?

Any device information to be passed to an integration platform should be in the Device Information XML feed.Any information that would be in an alert email will transmit via the integration to a ticket.

How is the data passed?

The integration commandeers the normal alerting process. On reaching an alert condition, the following steps occur.

The alert process first checks to see if an email address exists.

If there is no address, the process aborts; if an address does exist, the next step is to generate the information (agent, error, timestamp, and so on).

The integration determines the alert delivery method (email, integration, or both).

The alert transmits via the configured method.

Entering any email address, even an invalid one, into the Agent configuration will activate the alert functionality. Partners may elect to use a dummy email address to turn on alerts without generating duplicate emails.

Figure 1: The integrations alert process (click to enlarge)

Topic

This article describes the process for configuring alert, warning, and log digest emails on a Datto appliance.

Environment

Datto SIRIS

Datto ALTO

Datto NAS

Description

Configuring Agent Alerts

Configuring iSCSI or NAS Share Alerts

Critical Alert Types

Configuring Agent Alerts

Access the Datto appliance's GUI.

Click theProtecttab.

Find the agent you wish to configure.

Click the agent'sConfigure Agent Settingslink.

Go to theReporting & Alertingsection and scroll toEmail Notifications.

SelectAdd Email Recipientand then add your email (if needed). Otherwise, go to the next step.

Check the box under the category (Weekly reports, backup reports, critical logs, log digests, and screenshot notifications)for which you wish to be notified.

SelectApplytosetchangesfor the specific agent you are changing. SelectApply to Allto set these changes for all agents on the device.

To disable notifications for an email recipient, uncheck all configured notifications, and clickApply. The email address will drop into the Unconfigured category.Click the wastebasket icon to remove the recipient address entirely.

Figure 1: Configuring email notifications (click to enlarge)

If the email address is the same as the one listed in theDevice Registration / Support Contact field on your appliance's Local Users / Contact page, you will be unable to remove it.

Configuring iSCSI or NAS Share Alerts

Access the Datto appliance's GUI.

Click theFile Sharetab

ClickNetwork Attached Storage.

Find the share you wish to configure

ClickConfigure Share Settingsfor that agent.

Go to theReporting & Alertingsection and scroll toEmail Notifications.

SelectAdd Email Recipientand then add your email (if needed). Otherwise, go to the next step.

Check the box under the category (Weekly reports, backup reports, critical logs, log digests, and screenshot notifications)for which you wish to be notified.

SelectApplytosetchangesfor the specific shareyou are changing. SelectApply to Allto set these changes for all shareson the device.

To disable notifications for an email recipient, uncheck all configured notifications, and clickApply. The email address will drop into the Unconfigured category.Click the wastebasket icon to remove the recipient address entirely.

You cannot change or delete the primary email address associated with a Datto appliance from the GUI. You must do so from the Datto Partner Portal. See this article to learn more.

Critical alert types

Screenshot Notifications

Toggle these options to enable email alerts for each successful screenshot, failed screenshot, or both.

Weekly Backup Reports

This option sends a full report of all backups taken during the calendar week. Your Datto appliance will send this report every Sunday at midnight.

Backup Warnings

This option sends a warning email each time a backup fails to complete. Thisdoes not necessarily signify an error andbackups may resume without intervention.

Critical Errors

This option triggers an alert when a backup failureis caused by a specific error and is unlikely to resume without intervention.

Log Digests

Selecting this option sends a report containing the last 500 log entries for the agent and as a result, can be large.

Question

How do I configure alerts using the BCDR Status page in the Datto partner portal?

Environment

Datto Partner Portal

Answer

This article explains how to set up hardware and account alerts for your Datto device inthe Partner Portal using the BCDR Status page.

Agent-specific alerts

You can only configure agent-specific alerts and reports (such as log digests), through your Datto device's GUI. See the Datto alerts and notifications resource guide to learn more about alerts and notifications.

Procedure

1. Log into the Datto Partner portal and clickthe Status tab, then select BCDR Statusfrom the drop-down menu.

Figure 1:The Partner Portal (click to enlarge)

2. Type the device name in the search bar at the top right, then select the device from the main window.

Figure 2: Device backup status(click to enlarge)

3. Click the Device Alerts button.

Figure 3: TheDevice Alertsbutton (click to enlarge)

4. You will now see the Alert Settings screen.

Figure 4: The Alert Settings screen(click to enlarge)

Configurable Alerts

Device Hardware Alert

Configure this option to provide notifications if there is a hardware issue or a SMARTstatus alert for the device.

Device Not Seen Alert

This alert will sendif theappliance fails tocheck in with the Datto remote monitoring servers within a specific length of time (60 minutes by default). Do not change this value to anything less than 20 minutes as the devices check in once every 10 minutes.

Sync Completion Alert

This alert will send if the appliancehas not reached full sync within a set period (14 days by default). Set this value to two days or higher to avoid persistent alerts.

High Local Activity Alert

This alert will send if the total change written to the appliance's storage (includes all snapshots, screenshots, offsite data, device updates, etc.) in a 24-hour window, from 4:00 am EST to 4:00 am EST the following day, exceeds a set amount (5 GB by default).

Low Disk Space Alert

This alert will send if your applianceis running low on disk space. You can set the threshold for remaining space before receiving the alert.

External IP Alert

This alert will send if the external (public) IP address of the network where the Datto is communicating from changes.

Deletion Alert

This alert will send if more than a set amount of data (5 GB by default) is deleted from the appliance.

Protecting half device's storage capacity

This alert will send if the total amountof protected data surpasses half the device's capacity. The alert triggers when the total amount of data to protect exceedswhat the appliance shouldsupport.

For more information about this alert, refer to the following article: Properly sizing a Datto Appliance.

9. Clone Alerts to Another Device

Configure these alerts, and clone them to other Datto devices.

Configuring Email Alerts for Billing and Marketing Emails

Location:Admin Portal Email Alerts

Figure 5: Portal Email Alerts (click to enlarge)

If you are a Microsoft Exchange Online user, and you do not receive all alert emails, check the Clutter folder for the missing messages.

What's new:

Partners canchange the default addresses usedfor sending emails.

By default, Datto sends a "New Appliance Shipped"email to the primary and billing email address.

You canchange this by checking the different boxes or adding a separate email.

All alerts sent will have "Email Type:"at the bottom of the email, and will match the type in the portal.

Figure 6: TheEmail Alert Settings screen(click to enlarge)

Integrated Alerts

Autotask and Datto RMM can integrate with Datto's alerting. Alerting can also integrate with third-party applications, including ConnectWise, BrightGauge, ITGlue, and many others. The following links will direct you to external Knowledge Base content for further details and support.

ConnectWise: https://kb.datto.com/hc/en-us/articles/115005025766

Autotask: https://kb.datto.com/hc/en-us/articles/217098966-Autotask-Setup-Guide

BrightGauge: https://support.brightgauge.com/hc/en-us/articles/210609503

ITGlue: https://kb.itglue.com/hc/en-us/articles/219392807-Integrating-with-Datto

Kaseya: https://www.kaseya.com/

Additional Resources

Datto Alerts and Notifications Resource Guide

Question

How do I transfer ownership of an AP to a new account or new network?

Environment

CloudTrax

Answer

If you wish to move an AP to an entirely different master account, you will need to delete the AP from the current network it is associated with, and then add it to a network within the new master account. In CloudTrax go to: Manage > Access Points > List View > select drop-down Action tool in far right field > Delete

If you wish to transfer the AP to a different network under the control of the same master account, you can choose to move the AP to the selected network. In the CloudTrax master account, go to: Manage > Access Points > List View > select drop-down Action tool in far right field > Select Move to Network > select desired network.

If you're using a User Management, the user moving the access point must have "Network Editor" permissions on both the originating network and destinationnetwork.