General information

Application area

To ensure the security, stability and recoverability of an IT system, IT administrators should create data protection concepts. This document is intended to provide guidelines for this in relation to the products mentioned in the product validity. The data protection concept includes product-specific recommendations as well as general recommendations and guidelines for creating a data protection concept for the system environment and backup implementation/organization. The following chapters only form a manufacturer-specific, application-specific subset, the so-called data protection plan. This contains technical information for creating data backups and restoring systems and should be integrated into a generally valid, customer-specific data backup concept for IT operations.

Further information

For general information and recommendations on creating a data security concept, please refer to the modules from the IT baseline protection concept of the Federal Ministry for Information Security:
(Status of the 2023 edition published in February 2023): https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/IT-Grundschutz-Kompendium/IT-Grundschutz-Bausteine/Bausteine_Download_Edition_node.html 

Data backup plan – specific requirements for estos products

Type and scope of the data to be backed up

ProCall Windows Client 

Configuration settings made by the user (such as added data sources, redirection profiles, etc.) are saved as follows and must be taken into account when backing up data:

In the registry

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ESTOS\UCServer4\Client
HKEY_CURRENT_USER\SOFTWARE\ESTOS\UCServer4\Client

In the file directory

%APPDATA%\estos\ProCall <Version>
or C:\Users\<username>\AppData\Roaming\estos\ProCall <Version>

Example: 

%APPDATA%\estos\ProCall 8            
bzw. C:\Users\<username>\AppData\Roaming\estos\ProCall 8

In order to be able to use the configuration settings for a later restore, it is recommended that you do so:

• To export the above data in the registry and save it in a .reg file.
• To save the specified data from the file directory.

ProCall mobile (Android/iOS)

The ProCall mobile app does not store any security-relevant data locally on the smartphone.

ProCall MacOS client

The ProCall client for MacOS does not save any data locally.

ProCall UCServer 

The files not included in the installation (startup files, log files, local SQLite databases, etc.) should be backed up. The amount of data is small, so a regular full backup is recommended.

General

Securing via the following (possibly combined) mechanisms may be preferable:

• Mirroring of the disk partition(s) (e.g. via RAID-1)
• Snapshot(s) of the computer in a virtualized environment
• Backup/restore the disk partition(s)

In addition, the (possibly changed) service properties should be documented so that the information is available for recovery. These cannot be backed up.

Example screenshot: UCServer Properties – Local Computer – General – Service

ProCall Enterprise

Manual backup

A backup can be carried out manually using the data import/data export functions.

The functions can be found in the UCServer administration in the "File" menu.
The data to be backed up (see screenshot) is saved in a zip archive. The zip archive can then be imported as a restore during the installation of the UCServer.

It is recommended to activate all checkboxes for the backup.

Example screenshot: Export settings

Automatic backup

If the backup is not to be performed manually, but registry entries and directory entries are to be backed up automatically, you can proceed as described under "ProCall DataCenter".

ProCall DataCenter

The following data should be backed up regularly:

Directories

<ucserver-root directory>\ClientInstall      (or C:\Program Files\estos\UCServer\ClientInstall)
<ucserver-root directory>\config
<ucserver-root directory>\database
<ucserver-root directory>\linestates
<ucserver-root directory>\logs
<ucserver-root directory>\pending
<ucserver-root directory>\userstates

Registry

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\UCServer4\Server
Computer\HKEY_CURRENT_USER\SOFTWARE\ESTOS\UCServer4\Admin

ProCall UC media server 

The following data should be backed up regularly:

Directories

The UC media server network interface settings are persisted on the machine on which the UC media server is installed in the following directory:

<ucmediaserver-root directory>\emswindows\etc      
(or C:\Program Files\estos\UCServer\MediaService\emswindows\etc)

If the created log files are also to be backed up, the target directory specified in <ucmediaserver-rootverzeichnis>\logparams.txt must also be backed up. 
The UC media server logging settings are persisted on the machine on which the UC media server is installed in the following directory:

<ucmediaserver-root directory>\logparams.txt

If TLS encryption is used, the .pem file should also be secured.
This is stored in the <ucmediaserver-root directory>.

ProCall UC web server 

The following data should be backed up regularly:

Directories

The UC web server settings (network interfaces, logging, etc.) are persisted in the following directory:

<ucserver-root directory>\config
(See "Specific requirements for the UCServer")

No settings are saved in the UC web server installation folder itself.

ProCall chat/journal DB

In ProCall DataCenter and possibly also in ProCall Enterprise, chat and journal data (along with various other data) are stored in an SQL server database.
A suitable backup mechanism must be defined at SQL server level.

The following data should be backed up regularly:

SQL server database

The location of the database is specified in the UCServer administration on the "Database" page.

In ProCall DataCenter, the database is used by all UCServers in the multi-server environment.

The content is usually of great importance, which is why the database should be backed up regularly. Otherwise it cannot be restored in the event of data loss.

ProCall configuration/user DB (ProCall DataCenter only)

With ProCall DataCenter, the configuration data is stored in an SQL server database. 
A suitable backup mechanism must be defined at SQL server level.

The behavior of all UCServers participating in the multi-server environment is defined via the DB.

The database should be backed up regularly - especially after major changes – as otherwise the configuration of the multi-server environment must be reset from scratch via the UCServer administration after a data loss.

The following data should be backed up regularly:

SQL server database

The location of the database is specified in the UCServer administration on the "Multi-server database" page.

If the user administration is not used with an Active Directory server (see page "User database" in the UCServer administration), the user data is also contained in this database!

Microsoft Active Directory (AD) – user administration

If "User management with Active Directory Server" is active on the UCServer (see in the UCServer administration on the "User database" page), the UCServer saves data in the user, group and computer objects in the Active Directory.

The following data should be backed up regularly:
(A suitable security mechanism must be defined at Active Directory level)

Attribute

Without a schema extension, this only affects the "extensionName" attribute.
This attachment is not reserved exclusively for the UCServer; other applications can also store data here.

With schema extension, the UCServer saves data in all attributes that are assigned to the UCServer.
You can see which attributes are involved under "Advanced" on the "User database" page in UCServer administration.
In this case, the attributes are used exclusively by UCServer.  Further information can be found under the link schema reference.

Specific specifications for the Redis database (ProCall DataCenter only)

The user data in the Redis database is volatile and does not need to be backed up.

MetaDirectory Enterprise

The following data should be backed up regularly:

Directories

<Metadirectory-root directory>\config
<Metadirectory-root directory>\database
<Metadirectory-root directory>\wwwroot

ECSTA

The configuration of an estos ECSTA is completely in the registry.

The following data should be backed up regularly:

Registry

The entry can be found under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\<ECSTA>.

Example for ECSTA for Atos Unify Openscape 4000:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\ECSTACA4000p3

To save the configuration, it can be exported to a .reg file (e.g. using the regedit.exe system tool).

Restoring the ECSTA installation (from scratch) to an old status is achieved by:

• Installing the ECSTA driver
  Cancel the configuration started at the end of the installation!
• Restore the configuration by importing the backed up .reg file
• Adding an instance of the driver in "Phone Driver Options Advanced"

Licenses

The license keys of all installed applications/components should be saved or noted in one place so that they can be re-entered if necessary.

Frequency, timing and generations

General

An event-dependent data backup must be carried out before major changes are made.

ProCall UCServer 

This applies in particular to changes such as more extensive changes to the end user base, changes to the multi-server environment (adding/removing servers, changes to connected databases) and version changes (update, upgrade, ...).

MetaDirectory

Before major changes, such as extensive changes to the replicators, version changes (update, upgrade, ...), an event-dependent data backup must be carried out.

Data recovery

ProCall Windows client 

In the event of problems or data loss, the UCClient can be (possibly uninstalled and) reinstalled (e.g. using packaging methods) to restore it to a functional state.
If only files and registry entries that were created by the setup during the UCClient installation have been lost, a repair installation is sufficient.

Configuration settings made by the user (such as added data sources, redirection profiles, etc.) are lost during a complete uninstallation and must be made again after a new installation.
These configuration settings are retained during an update installation and a repair installation.

To restore the configuration settings, the files created during the data backup can be restored.
This is recommended:

• Import the saved data from the .reg file into the registry.

• Copy the backed up data from the file directory to the data directory.

The UCClient must not be executed during this step.

ProCall mobile (Android/iOS)

If the app is no longer functional, it can be reinstalled (and uninstalled if necessary) to restore it to a functional state.
The user must know the UCConnect ID in order to be able to reconnect to the UCServer via the login dialog. As a rule, the UCConnect ID or the local UCServer is automatically provided via the invitation e-mail sent by the administration. 
Some app settings may be reset to the default settings, especially if the app is installed on another smartphone. 

ProCall MacOS client

If the app is no longer functional, it can be reinstalled (and uninstalled if necessary) and is then functional again.

ProCall UCServer

If the UCServer does not start or crashes during startup, the cause can be found in damaged or deleted UCServer installation files or a damaged or deleted service definition of the "estos UCServer".
In this case, a repair installation of the UCServer is recommended. 
All files not included in the installation remain untouched (startup files, log files, local SQLite databases, etc.). 
The UC media server and UC web server components are also repaired here.
The service definitions of UCServer, UC media server, and UC web server are removed and newly created with default settings.

Alternatively, the UCServer can be reinstalled. If the files that are not included in the installation (startup files, log files, local SQLite databases, etc.) are to be retained, this can be specified during the uninstallation process.

ProCall Enterprise

Restoration can be carried out using the zip file created and saved during data export. The zip file can be specified during the installation of the UCServer as part of the wizard. This is then used to reinstall and restore the UCServer.

The installation should be carried out in the identical UCServer version.

If the backup was not performed manually, but directory and registry entries were backed up automatically, you can proceed as described under "ProCall DataCenter".

ProCall DataCenter

Restoring the UCServer installation to an old status is achieved by:

• Installation of the UCServer (in the identical version).
  Caution: Cancel the "estos UCServer - Setup" that starts automatically at the end of the installation in the first dialog.
• Restore the backed up folders in <ucserver-rootdirectory>
• Restore additional adjustments made in the service definitions
• Restoring the registry entries
• Start UCServer service

ProCall UC media server

The backed up data can be restored after a UCServer installation by copying the backed up directories.

ProCall chat/journal DB

During a restore of the database, the UCServer or all UCServers of the multi-server environment must be stopped.

ProCall configuration/user DB (ProCall DataCenter only)

During a restore of the database, the UCServer or all UCServers of the multi-server environment must be stopped.

MetaDirectory

Restoring a MetaDirectory installation to an old status is achieved by:

• Installation of MetaDirectory (in an identical version)
• Restore the backed up folders in <metadirectory root folder>

ECSTA

Restoring the ECSTA installation to an old status is achieved by:

• Installing the ECSTA driver
  Please cancel the configuration started at the end of the installation!
• Restore the configuration by importing the backed up .reg file
• Adding an instance of the driver in "Phone Driver Options Advanced"

Further information

Data export via the UCServer administration

Data import via the UCServer administration

Privacy-friendly default settings (Art. 25 GDPR)