You can't secure what you don't acknowledge.SM

Tuesday, March 18, 2008

Ever wonder how real-time imaging software works?

I use Acronis TrueImage Echo for my backups. It's a really handy way of performing live backups and I hear from a lot of folks how they love it. If you've ever wondered how the software is actually able to make backups of the live Windows system without having to reboot into a DOS-like interface, here's how it's done. This is from Acronis support engineer Michael Lee - re-printed with permission:

The SnapAPI module is in charge of all I/O operations on the hard disk of Acronis software working in Windows. It also allows to create backups under running Windows with a lot of files being open for reading and writing without any necessity to reboot the computer in DOS or any other special mode.

Once Acronis True Image initializes the backup process of a volume (which logically corresponds to a single partition, if there are no Dynamic Disks), Acronis Snapshot Manager flushes the file system mounted to that volume temporarily freezing all the operations on the system volume. Immediately thereafter, the Snapshot Manager driver creates a point-in-time view of the system volume and a bitmap describing the used sectors on this volume. Once the bitmap is created, the filter driver unfreezes the I/O operations on the system volume. It generally takes just several seconds to create a point-in-time view of the volume. After that, the operating system continues working as the imaging process is under way.

Acronis True Image reads the sectors on the system volume according to the created bitmap. Once a sector is read, the appropriate bit in the bitmap is reset. In its turn, the Acronis driver continues working to hold the point-in-time view of the system volume. Whenever the driver sees a write operation directed at the system volume, it checks whether these sectors are already backed-up, if they are not, the driver saves the data on the sectors that will be overwritten to a special buffer created by the software, then it allows the sectors to be overwritten.

Acronis True Image backs up the sectors from the special buffer, so that all the sectors of the point-in-time view of the system volume will be backed up intact. Meanwhile, the operating system continues working and the user will not notice anything unusual in the operating system functionality.

1 comment:

  1. Acronis is the best DR software out there kicks V2i or Livestate from Symantec