Backup and recovery

A backup & recovery strategy should be drawn up for each device. In all cases of data loss due to defective storage media, or corrupt data due to improper shutdown or security issues, the last backup can be restored in a very short time. This allows work to continue without large-scale production losses. Apart from creating backups, it is also important to define the restore process.

Backup and recovery are not exclusively security matters, but help to minimize downtime in case of security incidents.

A process both for creating a safety copy as well as a process to restore it should be defined. Security aspects should also be taken into consideration when doing so.

If a completely automated backup solution is used, the backup system itself is mostly accessible in the network and thus also vulnerable; manual ("offline") backups are better here. "Offsite" backups, i.e. backups that are stored locally separated, have the advantage that they can be restored even in the case of a local incident where the machine itself is not affected.

A wide variety of implementations are thus available and conceivable.

Since the TwinCAT boot projects and all necessary information are stored as files on the file system of the respective operating system, file-based security is sufficient in this case.

Beckhoff provides a backup and recovery solution in the form of the "Beckhoff Service Tool (BST)".

• For more information on the BST, click here: Infosys entry on BST.

If your IPC is shipped with BitLocker encryption enabled for the system partition, then the key to decrypt the partition during unattended boot is protected by the Trusted Platform Module (TPM) on the main board of the device. The TPM module provides the decryption key to the Windows kernel if and only if the measurement of the early startup process shows that trusted software has been started so far with a well-known configuration and that neither the software nor the configuration nor the next software to start has been tampered with (which is the kernel). A complete backup needs to comprise the boot partition and the system partition. If you back up the complete boot disk as a raw device, then your backup contains the encrypted system partition. In addition to the backup, you must also export a recovery key. Particularly, a recovery key is needed to be able to restore and use the backup on a different hardware. Please keep this recovery key in a safe and secured place. Also, it is strongly suggested to always have a recovery key for the occasion that legitimate modifications have been made to the software and configuration which is part of the early boot process. This can for instance happen if the boot sequence of the firmware (BIOS) is changed by authorized persons.

With BitLocker encryption enabled an alternative to a complete backup of the partitions with the encrypted system partition exists: You can temporarily disable the encryption of the system partition and take an offline backup as usual. Please do not forget to re-enable the encryption afterwards.