Backup and recovery

A backup and recovery strategy should be drawn up for each device and protects against:

The last backup created can be restored in the shortest possible time, thus preventing major production downtime. Apart from creating backups, it is also important to define a restore process.

Backup and recovery are not exclusively security matters, but help to minimize downtime in case of security incidents.

A process both for creating a safety copy as well as a process to restore it should be defined. Security aspects should also be taken into consideration when doing so.

If a completely automated backup solution is used, the backup system itself is mostly accessible in the network and thus also vulnerable; manual ("offline") backups are better here. Offsite backups, i.e. backups that are stored locally separated, have the advantage that they can be restored even in the case of a local incident where the machine itself is not affected.

A wide variety of implementations are thus available and conceivable.

Since the TwinCAT boot projects and all necessary information are stored as files on the file system of the respective operating system, file-based security is sufficient in this case.

Beckhoff provides a backup and recovery solution in the form of the "Beckhoff Service Tool (BST)". For more information on the BST, see: Infosys entry on BST.

If your Industrial PC is shipped with BitLocker encryption enabled for the system partition, then the key to decrypt the partition during an unattended boot is protected by the Trusted Platform Module (TPM) on the mainboard of the device. The TPM module provides the Windows kernel with the key for decryption only if the measurement of the early startup process shows that previously trusted software with a known configuration has been started and that neither the software nor the configuration nor the next software to be started (i.e. the kernel) has been manipulated.

A full backup must include the boot partition and the system partition. If you back up the entire boot disk as a raw device, your backup contains the encrypted system partition. In addition to the backup, you must also export a recovery key. A recovery key is especially needed to restore and use the backup on another hardware. Please keep this recovery key in a safe and secure place. It is also strongly recommended to always have a recovery key on hand in case legitimate changes have been made to the software and configuration that are part of the early startup process. This can be the case, for example, if the boot sequence of the firmware (BIOS) is changed by authorized persons.

If BitLocker encryption is enabled, there is an alternative to a full backup of the partitions including the encrypted system partition: you can temporarily disable the encryption of the system partition and create an offline backup as usual. Please do not forget to re-enable the encryption afterwards.