Release notes for Acronis Cyber Cloud 21.02

Release date: February 2021

Overview

With this update release, the Acronis flagship cloud product offers enhancements and addresses issues found in previous releases.

What's new

Acronis Cyber Protect

Microsoft 365 and Google Workspace promo

The Acronis hosted cloud storage used for the following backups of personal resources of Microsoft 365 and Google Workspace is becoming free:

1. Microsoft 365 mailbox
2. Microsoft 365 OneDrive
3. Gmail mailbox
4. Google Drive

There is no charge for the number of protected Microsoft 365 Teams and SharePoint Online sites.

• The storage usage generated by these two workloads will still be charged.
• This is applicable to the "Cyber Protect (per workload)" edition.​

The promo will be available starting with the Acronis Cyber Cloud 21.02 release and last until June 2021.

Device Control for Data Loss Prevention (DLP)

Device Control is a feature of the "Cyber Protect (per workload)" edition that neutralizes the primary data loss vector – uncontrolled use of peripheral devices and local ports on corporate endpoint computers. Device Control is an optional module of a protection plan and it is enforced on all workloads where this plan is activated.

Access Settings

The basic DLP component that neutralizes the primary data loss vector – peripheral devices and local interfaces.

• Contextual controls over local data access and transfer operations on workloads
• Workload types – physical, virtual
  • Windows PC / workstation / server
• Peripheral devices and ports
  • Removable storage, optical drives, MTP-connected mobile devices, floppy drives, Bluetooth adapters, local/network printers
  • USB and FireWire ports
• Clipboard copy/paste operations
  • Inter/intra-application selectively
  • Between guest and host Windows clipboards
  • Screenshot captures (PrintScreen, any app)
• Redirected peripherals – from remote terminals (BYODs) to virtual application, desktop, and VDI sessions
  • Mapped drives, clipboard, USB ports
• Access control options depend on the device/port type
  • Deny, allow, read-only
    • Removable, optical, floppy, mobile devices
    • Redirected mapped drives
    • USB and FireWire ports
  • Deny, allow
    • Bluetooth, printers, clipboard
    • Redirected USB ports
    • Redirected clipboard – incoming and outgoing data selectively

Allowlists

• Device types allowlist
  • Grant full access regardless of access settings
  • Subclasses
    • USB HID, Bluetooth HID, USB and FireWire network cards, USB scanners and still image devices, USB audio devices, and USB cameras
    • Intra-application clipboard operations
• USB devices allowlist
  • Grant read-only or full access regardless of access settings
  • Device model
    • Vendor ID and product ID
  • Unique device
    • VID, PID, and serial number

Alerts and notifications

• Real-time alerts and notifications on blocked operations and denied device access
  • Use device on a USB or FireWire port
  • Copy data from device
  • Copy data to device
• OS notification and service alerts
  • Workload end users
  • On/off for all peripherals and ports together
• Device control alerts in the service console
  • Tenant and partner administrators
  • On/off selectively for each device/port type
  • Alert type – warning
  • Status, message, date/time, plan name, device type and operation, user, and process

Antimalware Protection for Linux

Supported Features

• Real-Time Protection provides automatic protection that checks a Linux OS for suspicious activity in real time.
  • Action on detection -- Block and Notify, Quarantine
  • Scan Modes
    • Smart on-access – monitor all system activities and scans files when they are accessed for reading or writing.
    • On-execution – scans only executable files when they are launched.
• Scheduled Scan check for viruses according to the specified schedule
  • Action on detection – Block and Notify, Quarantine
  • Scan Type – Quick scan , Full scan ( scan archive files )
• Exclusions – Trusted files and folders

Supported distributives

• CentOS, CloudLinux, Ubuntu.

Unsupported Features

• Behavior engine
• Exploit prevention

Updates via peer-to-peer and from cloud

A spare connectivity channel is available for the agents from the networks where peer-to-peer update distribution in used.

If the updater agent is not available, the regular agent will connect and download updates from Acronis Cloud directly.

Media Builder

• Create Windows-based and Linux-based media
• Burn to USB, ISO, or WIM
• Inject drivers for Windows-based media
• Windows-based media can be created without installing any other software (without ADK)
• Customize media:
  • Network configuration
  • Automatic registration on the management server
  • Automatic recovery from a specified location

Registration under personal Google application

To avoid throttling from Google, a new registration method for Google Workspace workloads is introduced

• To add a Google Workspace organization, a user needs to create a new project in the Google Workspace account, and then enter or import the following:
  • The email of a Super Administrator of the Google Workspace account
  • A private key of the service account that the project uses
• The old method of registration is still available

Register Microsoft 365 organization in unit

In big organizations there is a need to use multiple Microsoft 365 or Google Workspace accounts in different organizational units

• Full functionality will be fully available for unit administrators or customer administrators at the unit level
• Customer administrator users have several feature limitations at the customer level for working with workloads registered in units.

  Customer administrators cannot:

  • Perform discovery of workloads
  • Delete workloads
  • Send as email
  • View, create, apply, edit, run, or delete protection plans

Enhanced security mode for a customer

This mode allows only encrypted backups. If an encryption password is not set on the protected device, backups will fail.

All operations that require providing the encryption password to a cloud service are not available.

Enhanced security mode cannot be disabled after the tenant is created.

Disaster Recovery

IPsec Multisite VPN Support

• IPsec Site-to-Site VPN connectivity support.
• Multisite support by using the IPsec connectivity option.
• Easy customer onboarding:
  • Simple configuration: a recommended default configuration is available, along with a video guide.
  • Switching from the L2 Open VPN connectivity with IP reassignment does not require redeployment.
• Focus on solution security: only secure protocols and algorithms are used. Authentication keys are stored encrypted.
• Transparent connections status and troubleshooting.

Custom DNS configuration

• Now it is possible to set up custom DNS settings for disaster recovery cloud servers.
• The DNS settings on the cloud servers are renewed with the next request to the Cloud DHCP server.

File Sync & Share

File Sync & Share for Android app updated

• Added the option to take photos from within the app.
• Improved user experience while working with .pdf files:
  • Improved page loading and rendering speed, performance for documents with many links, and password-protected documents.
  • Added support for embedded digital signatures.
  • Introduced the option for free-text annotations to scale automatically based on the content that is entered.
  • Improved search performance within the document pages.
• Added support for Android 11.
• Added support for the Spanish language.

Updated Components

Acronis Cyber Protection agent

• Acronis Cyber Protection Agent for Windows (v. 15.0.26473)
• Acronis Cyber Protection Agent for Mac (v. 15.0.26473)
• Acronis Cyber Protection Agent for Linux (v. 15.0.26473)

See separate Acronis Cyber Protection agent release notes here.

API changes

You can find the history of changes in Acronis Cyber Cloud API in the dedicated API change log document.

Fixed issues

This section describes issues that have been fixed in this update.

Acronis Cyber Protect

Acronis Cyber Protection Agent

• [ABR-303497] Backup of a restored Hyper-V virtual machine may fail with "Process 'service_process.exe' has failed" error in some cases.
• [ABR-278789] The "Unmount" option appears in right-click context menu in Windows Explorer for non-mounted volumes (for example C: drive) after agent installation.
• [ADP-12422] "Failed to install kernel module file_protector" error during installation of Agent for Linux onto Oracle Linux 7.9 x64 and CentOS 8.3 x64.
• [ADP-12017] Disk health monitoring: "An image backup of this disk is not recommended at this point as the added stress can cause the disk to fail." alert appears when there is APFS volume present on a Windows machine.

Bootable media

• [ABR-299551] Recovery performed during reboot may fail in case there is complex network configuration in the live OS.

Common

• [ABR-305322] A workload may take unexpectedly long time to appear in Cyber Protection console after initial registration in some cases.
• [ABR-304678] Protection plan may be shown as applied to a workload in Cyber Protection console, but in fact it is not applied in rare cases.
• [ABR-304517] Wrong Acronis system report file extension is generated in some cases: .ZIP instead of .tar.bz2.
• [ABR-301853] Multiple agents may appear as offline after network maintenance in Acronis datacenter.
• [ABR-301100] File-level backup may fail with "Cannot create a backup of the specified type in archive 'XXXXX' because it contains backups of another type. A backup archive can contain backups of one type only" error in rare cases.
• [ABR-293555][ABR-303737] Manual backup cannot be started - "Run now" button is greyed out in rare cases.
• [ABR-271170] An existing archive can't be selected to backup Microsoft SQL instance with "The file name should contain one of the required variables: '[Machine Name], [Unique ID]'" error.
• [ARC-292] Incorrect backup storage usage is reported in Cyber Protection console for partner-hosted storage in rare cases.
• [PLTFRM-25891] Backup may fail with "error:0906D06C:PEM routines:PEM_read_bio:no start line" error due to outdated RSA keys which are not regenerated automatically.
• [PLTFRM-24135] Cloud-to-Cloud (C2C) backups are queued for more than 24 hours in some cases.

Cyber protection

• [AMP-4911][AMP-4598][AMP-4738] Third party software may work slowly when Behavior engine or Real-time protection is enabled in Anti-Virus & Anti-Malware module.
• [ADP-12533] An activity "Scanning the backups to discover the malware" may get stuck in rare cases.
• [ADP-12329] A false-positive alert about VirtIO disk health appears in some cases.
• [ADP-12297] Windows Update displays GUID in "Installing software updates" activity details instead of user-friendly name.

Dashboards and reports

• [ADP-12646] List of auto-discovery agents is limited to 30 even if there are more capable agents online under tenant.
• [ADP-12515] Daily activities report is sent to wrong additional e-mail address due to duplicate report schedules in rare cases.
• [ADP-12372] Administrator cannot open the Operations reports tab in management console with "403 Forbidden" error in rare cases.
• [ADP-11881] "Data sources" in reports show incomplete data in rare cases when there were old protection plans applied (created prior to 20.10 release).
• [ADP-10949] Empty backup plan name ("-") is shown for some workloads in "Protected resources" widget of Operations report.

Disaster recovery

• [DRAAS-21929] Hanged activity in "Pending" status persists in "Activities" tab: "Setting up disaster recovery infrastructure for protection plan" in some cases.
• [DRAAS-21248][DRAAS-22041] Opening Disaster Recovery tab in Cyber Protection console results in "The disaster recovery service is not available. A server error." message in some cases.

Google Workspace

• [ABR-304885] G Suite agent cannot be added when branded URL is used within a tenant.

Microsoft 365

• [ABR-306653] Microsoft 365 mailbox backup may fail with "Cannot back up Office 365 mailbox item Id [Archive Server]: bad request" error in some cases.
• [ABR-306231] Microsoft OneDrive backup may fail with "Changes loading loop detected" error while backing up OneDrive files" error in some cases.
• [ABR-306145] Changes of size of Microsoft 365 backup are not reflected after vault refresh.
• [ABR-305910] Microsoft OneDrive backup may stuck at 10% in rare cases.
• [ABR-305512] Microsoft Teams backup may fail with "Full backup enforced: Could not load Changes: Resync required: Error: 410 GET" error.
• [ABR-304865] Recovery of mailbox may fail with error "O365MailboxItemRestoreError" error.
• [ABR-304431] Recovery of Microsoft SharePoint Online library items with conflicting names may fail.
• [ABR-302035] Recovery of Microsoft SharePoint Online site completes with warning if the recovered file name starts with space symbol.
• [ABR-297968] Microsoft SharePoint Online and Microsoft Teams backup completed with "Failed to process change event List/Restore" warning if site has list with template '600' (External List).
• [ABR-294070] Applying a protection plan fails if Microsoft SharePoint Online site contains very long site URL.
• [ABR-293360] Browsing of a backup of Microsoft SharePoint Online fails if backup size is greater than 350GB.
• [ABR-258326] Microsoft 365 mailbox backup fails with "Non-system logon cannot access XXXXX folder" error for mailboxes with enabled audit.
• [DF-2668] Catalog indexing fails with timeout error on huge Microsoft SharePoint archive (>2TB).

File Sync & Share

• [AFDC-1293] Sync (upload) fails with "The system cannot find the path specified" error for existing files if the path is longer than 260 symbols.

Management Portal and Platform Core

• [PLTFRM-25980] Warning message "Please try to refresh the page. If the error persists, please contact support." is shown sporadically when opening Clients.

• [PLTFRM-25766] It is not possible to register more than 50 instances of Acronis Cyber Infrastructure within a partner.
• [PLTFRM-25247] "Totals" section is displayed on Overview page for customer in Management Portal ("Totals" should be displayed only for partner).
• [PLTFRM-25161] Incorrect name of compressed usage report file in case reports are generated in locale which uses "/" separator for dates and time format (example: Japanese locale).
• [PLTFRM-25090] It is not possible to switch an edition if legacy offering item "Cloud to cloud backup" is present in the source edition.
• [PLTFRM-23032] Audit log cannot be opened in some cases.

Known issues and limitations

This section describes issues that are currently known and provides solutions to avoid the issues where possible.

Acronis Cyber Protection

Common

• [PLTFRM-18969] It is not possible to protect Microsoft SQL on a machine with a workstation operating system, in the case Agent for Hyper-V is also installed among local agents.
• [ABR-255521] The number of total runs and successful runs is zero for the Microsoft Office 365 resources.
• [ABR-240431] It is possible to apply an existing protection plan with the "Cloud" backup destination, even if the cloud storage quota was exceeded for a tenant. The plan will fail upon execution.
• [ABR-228827] If some backup is removed via the Data Recovery (Web Restore) console, this change is not reflected in the service console while browsing the backup location, until the service console is refreshed.
• [ABR-196710] The backup location on the network share usage is duplicated in the case when there is a different network share with the same name registered as a backup location (shares rotation scenario).
• [ABR-189620] The "Activities summary" widget shows activities out of the defined date "Range" scope (excessive activities may be shown).
• [ABR-184900] Local backup usage is not reported for backups stored on a network share with enabled deduplication.
• [ABR-183764] Local backup usage is not updated for all virtual machine backups after deleting and re-adding a network location.
• [ABR-182313] Local backup usage size is duplicated after reconnecting a locally attached storage (LAS) to a new Agent for VMware (Virtual Appliance).
• [ABR-178648] The installer does not remove/update old libraries if the previous update was interrupted.
• [ABR-154655] The protection plan may have the "Backup succeeded" status, even if this plan is completed with warnings. Alerts and activities still show the proper status of the plan.
• [ABR-113452] If a machine was re-registered under a different account without revoking the existing protection plan from it, this plan may still continue to run unexpectedly.

Backup

• [ABR-115270] The "[All Profiles Folder]" template in a file level backup does not support a custom profile path.
• [ABR-87244] File-level recovery from a disk/volume backup of NTFS volumes with the enabled native deduplication does not work.

Recovery

• [ABR-190404] It is not possible to recover from the Large Scale Recovery backup produced by the "LSR" tool if the backup is split into multiple separate files (multi-volume).
• [ABR-183082] Recovery of a Linux machine having some volumes with the XFS file system completes with the "Failed to process the boot loader configuration." warning. The machine is bootable despite the warning.
• [ABR-158677] "Intel(R) 82574L Gigabit Network Connection" NIC is not properly recognized by Windows 10 after recovery of an image to a VMware Workstation virtual machine by using the bootable media.
• [ABR-129075] When browsing a folder in a backup during the file-level recovery via the service console, some child folders may not appear in the list after sorting by type if the folder contains many elements. To show all items of the folders, you need to scroll down in order to load the entire content of a parent folder and perform sorting only after that.
• [ABR-127666] Files/folders may still be available for a recovery from backups saved in the cloud, even if these files/folders were removed from a source device and the backups that contain these files were already cleaned up during retention.

Applications

• [ABR-162925] Application items (databases and/or mailboxes) cannot be recovered from the application-aware entire machine backup if the databases are located on mount points (the database path is redirected to another location).
• [ABR-74984] The "Next backup" time is not displayed for a machine that has only application-level protection plans applied to it.

macOS

• [ABR-207057] The Bulgarian language is missing in the "Recovery HD" menu (bootable media for Mac), due to a lack of support of the Bulgarian language in macOS.
• [ABR-141823] There are incorrect backup items in a protection plan after updating Mac OS X to 10.13 High Sierra with conversion from HFS+ to APFS (some backup items are missing).
• [ABR-137886] Backing up Mac with Apple RAID configured fails with the "No volumes were found when processing the 'Fixed Volumes' template" error. Apple RAIDs are not supported.

Virtualization

• [ABR-296485] Agent for Virtuozzo Hybrid Infrastructure (virtual appliance) may crash when performing VM recovery from backup captured from another platform (for example from physical machine or VMware VM), if there is 1GB RAM available on the appliance.

  Solution: increase the RAM of the virtual appliance to 4GB.

• [ABR-242166] An application-aware backup of a Hyper-V virtual machine may fail when executing the WMI query, with the "WMI 'ExecQuery' failed executing query." or "Failed to create a new process via WMI" errors, when the backup is performed on a host under a high load, due to no response from WMI.
• [ABR-235983] A protection plan using policy rules such as "/dev/sdaX" or "/sdaX" applied to a VMware or Hyper-V virtual machine fails with the "Nothing to back up. The operation has been terminated." error, when performed by Agent for VMware/Hyper-V.
• [ABR-234935] There are duplicated activities in the Activities summary, after the backup of a virtual machine running on a Hyper-V cluster.
• [ABR-234935] An incorrect number of Total runs/Number of successful runs for a Hyper-V cluster is shown on the Operations tab.
• [ABR-234935] The number of email notifications is equal to the number of Hyper-V cluster nodes for one VM backup activity.
• [ABR-192213] VMware virtual machines with an empty "vc.uuid" (InstanceUUID) vSphere property are not listed in the service console.
• [ABR-189882] Backup of a Hyper-V virtual machine fails if it contains an ampersand symbol in the names of its virtual disks.
• [ABR-173002] Run VM from a backup on a Hyper-V host fails, if the backup is located on the same volume as the path selected for the mounted VM disks.

  Solution: select a different volume for the mounted VM disks path. The space will be consumed only for changes generated inside the mounted VM and it will not occupy the entire size of the virtual disk.

• [ABR-137564] Cross-platform recoveries (when the backup was created not by Agent for Hyper-V) into a new Hyper-V virtual machine by Agent for Hyper-V always produces the Gen 1 version of virtual machine.
• [ABR-115430] A "backup is missing for X days" alert is activated even if the backup plan is not scheduled, but has this alert option enabled in its settings.
• [ABR-104081] A VM replication plan may fail due to network disconnects between source and target ESXi hosts even if the "Error handling" option is enabled.
• [ABR-95961] A backup task periodically fails on snapshot creation for some Virtuozzo containers after some time on a host with a high load.
• [ABR-85645] Backup of a virtual machine with Active Directory may complete with warning "MFT bitmap is corrupted."

Management Portal and Platform Core

• The read-only role is available for selection while customer tenant is in Cyber Backup - Standard and Cyber Protect - Standard editions, yet it should not be due to licensing limitations.
• [ABR-138058] Sending backup notifications is turned off after disabling and then returning back the Cyber Protection role to a user.
• [ABR-136810] An unclear error is shown if a destination tenant was not found while moving a tenant.
• [ABR-136694] The "Bad request" message appears if a large number is specified for the Storage quota.
• [ABR-203902] The error message "The number of registered and deleted storage registrations exceeds 50" is shown during storage re-registration.
• [ABR-203243] Logout is done correctly while a user is logged in via a branded URL; however, logout is not done for a non-branded URL.
• [ABR-173628] Active Directory Connector - mapping is not saved when one or more Distinguished Names (DNs) are invalid.
• [ABR-131711] Lack of salutation text in the "Quota exceeded" email notification.
• [PLTFRM-20333] A Hyper-V host may consume two "Server" licenses, in cases when it is backed up as a physical machine and there are also VMs or Microsoft applications running on this host and which are backed up by other types of backup agents.
• [PLTFRM-20414] Compute points usage from the original edition is not displayed for a customer in the report after the edition switch and tenant move, for example, when the edition is switched from Standard to Disaster Recovery.
• [PLTFRM-2340] The "Tenant was moved" audit event description shows tenant IDs instead of names.
• [PLTFRM-18229] Improve the error message for the RPC GetRedirect method, in case a customer has no storage.