State of knowledge

23 April 2025

Product validity

ProCall Business, ProCall Enterprise, ProCall DataCenter, ECSTA, MetaDirectory 


General information

Area of application

To ensure the security, stability and recoverability of an IT system, IT administrators should create data backup concepts. This document is intended to provide guidelines in relation to the products mentioned in the product validity. The data backup concept includes product-specific recommendations as well as general recommendations and guidelines for creating a data backup concept for the system environment and backup implementation/organisation. The following chapters only form a manufacturer-specific, application-specific subset, the so-called data backup plan. This contains technical information for creating data backups and restoring systems and should be integrated into a generally applicable, customer-specific data backup concept for IT operations.

Further information

For general information and recommendations on creating a data protection concept, please refer to the building blocks from the IT-Grundschutz concept of the Federal Ministry for Information Security:
(status of the 2023 edition published in February 2023): https:// www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/IT-Grundschutz-Kompendium/IT-Grundschutz-Bausteine/Bausteine_Download_Edition_node.html

Data backup plan - Specific requirements for estos products

Type and scope of the data to be backed up

ProCall Client for Windows 

Configuration settings made by the user (such as added data sources, redirection profiles, etc.) are saved as follows and must be taken into account when backing up data:

In the registry

KeysContent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ESTOS\UCServer4\ClientContains the settings made by the administrator during setup (including UCServer host name and port, enforce TLS, use DNS service records, user may specify a different server)
HKEY_CURRENT_USER\SOFTWARE\ESTOS\UCServer4\ClientContains the settings made by the user such as different server, user name (if not Windows session), language, use Outlook.addin, UCConnect settings (VPNless mode)
HKEY_CURRENT_USER\Software\ESTOS\UCServer4\CtiMainContains settings that the user makes on the client. These include settings for language, logging, window positions, journalisation, call window, audio output, "unprocessed" tab, sum bubbles, hotkeys, callback and call forwarding, calendar synchronisation, contact information and search.
HKEY_LOCAL_MACHINE\Software\ESTOS\UCServer4\CtiMainContains settings that the administrator specifies on the client. If keys are set here, these keys are ignored in HKEY_CURRENT_USER\Software\ESTOS\UCServer\CtiMain as they are specified by the administrator. This is a subset of the keys from HKEY_CURRENT_USER\Software\ESTOS\UCServer\CtiMain, which contain settings (such as language) or authorisations (such as whether calendar synchronisation can be used), but not runtime keys (such as the window position)

In the file directory

DirectoryContent
%APPDATA%\estos\ProCall <Version>
  • actions.xml: local setting - custom actions see "Actions" settings tab
  • AdmServerSettings.xml: Cache - profile settings that are controlled by the server
  • AppointmentSignaling.xml: Cache - for summation bubble signalling of appointments
  • bluetoothphones.xml: local setting - setting for phonebook and call journal synchronisation of mobile phones
  • cachedlocation.xml: Cache - the location settings
  • <user>_server_ClientContactCache.xml: Cache - favourites and monitor groups and contacts
  • contacthistory.xml: local setting - last selected contacts in the conversation window
  • databases.xml: local setting - config of client-side data sources, is not synchronised
  • forwardprofiles.xml: Cache - forwarding profiles
  • Monitor*Layout.xml and floatlayout.xml: - local setting - arrangement of windows and groups in the main window and monitor window
  • presenceprofiles.xml: Cache - presence profiles

A backup is recommended for files that represent a local setting. The cache files can be backed up optionally.

%LOCALAPPDATA%\estos\ProCall <Version>Contains log files, temporary caches, downloaded content from "Share content". Normally no backup necessary.

In order to be able to use the configuration settings for a later restore, it is advisable to

  • export the data mentioned in the registry and save it in a .reg file.
  • back up the above data from the file directory.

ProCall Mobile App (for Android/iOS)

The ProCall Mobile app does not store any security-relevant data locally on the smartphone.

ProCall Client for MacOS

The ProCall Client for MacOS does not save any data locally.

ProCall UCServer 

The files not included in the installation (startup files, log files, local SQLite databases, etc.) should be backed up. The amount of data is small, so a regular full backup is recommended.

General

Securing via the following (possibly combined) mechanisms may be preferable:

  • Mirroring of the disc partition(s) (e.g. via RAID-1)
  • Snapshot(s) of the computer in a virtualised environment
  • Backup/restore of the disc partition(s)

In addition, the (possibly changed) service properties should be documented so that the information is available for recovery. These cannot be backed up.

Example screenshot: UCServer Properties - Local computer - General - Service

Certificates and secrets

Certificate/Secret

Referencing
TLS certificate used for "TAPI clients" (port 7220), "Administration" (port 7221) and "UC clients (port 7222)

Are taken from the Windows certificate store. The fingerprint of the certificate to be used can be found in the ListeningInterfaces.xml file (see config folder of the UCServer) in the corresponding line in the CertHash="xxxx" attribute.

TLS certificate for "UC Media Server (Port 8888 or 8433)

Is accessed via a referenced .pem file, which is referenced in the ListeningInterfaces.xml in the corresponding line in the "CertContainerFile" attribute with a complete path. It is also referenced again in "...\UCServer\MediaService\emswindows\etc\kurento\kurento.conf.json".

TLS certificate for the UCWeb HTTPS (port 7225)

The content is entered in the UCServer\config\ cer_000000000000000000000000000000000008.ecert, as well as in the ListeningInterfaces.xml and eucwebconfig.json files.

UCServer ↔ UCWeb

Secret of the UCServer is in the registry → see backup instruction

Secret of the UCWeb is in the config folder → see backup instruction 

Key for JWT tokens

Contained in the UCWeb config folder → see backup instructions 

UCServer admin password

hashed in the UCServer registry → see backup instructions

ProCall Enterprise

Manual backup

A backup can be carried out manually using the data import/data export functions.

The functions can be found in the UCServer administration in the "File" menu.
The data to be backed up (see screenshot) is saved in a zip archive. The zip archive can then be imported as a restore during the installation of the UCServer.

It is recommended to activate all checkboxes for the backup.
Example screenshot: Export settings

Automatic backup

If the backup is not to be performed manually, but registry entries and directory entries are to be backed up automatically, the procedure described under "ProCall DataCenter" can be followed.

ProCall DataCenter

The following data should be backed up regularly for each UCServer:

Directories

DirectoryContent
<ucserver-rootdirectory>\ClientInstall (e.g. C:\Program Files\estos\UCServer\ClientInstall)
  • Status of when which computers and users last connected/logged in
  • Update service information and definitions (UCServer client update service).
<ucserver-rootdirectory>\config
  • Subdirectory default: is not changed - backup normally not necessary
  • Subdirectory hwids: Hardware IDs - backup not normally necessary
  • Subdirectory largeimages: If large images are stored for users, these are saved here.
  • Subdirectory swprofiles - the following information is stored here:
    • swprofile_*.xml The profiles (user administration / profiles)
    • Grouping attributes (GroupingAttributes.xml)
    • Note: When using ProCall DataCenter, this data is also stored and synchronised in the configuration database
  • Subdirectory users: User settings for favourites and monitor groups and contacts. Also contained in the database for ProCall DataCenter.
  • Files: Configuration files and TLS certificates that are not stored in the Windows certificate manager, e.g. for UCWeb. Note: Some configuration files are filled from the configuration database, but not all
<ucserver-rootdirectory>\database
  • With ProCall Enterprise and use of the SQLite database, the chat and journal database is located here, as well as various other local databases that are used for faster contact resolution or for manual contact assignment.
  • With ProCall DataCenter, the chat and journal database is outsourced to an SQL server (see Backup chat and journal database). However, the cache for fast contact resolution and the database for manual contact assignment are also stored locally under ProCall DataCenter.
<ucserver-rootdirectory>\linestatesOffline timestamp for all lines (including client lines) - backup not normally necessary
<ucserver-rootdirectory>\logs

Log files - backup not normally necessary

<ucserver-rootdirectory>\pending

Not yet sent "Call not answered" mails

<ucserver-rootdirectory>\userstates

Presence and absence notification of users. When using ProCall DataCenter, this is already included in the Config DB.

Registry

KeysContent
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\UCServer4\ServerHashed or encrypted passwords and user/account names: Admin password, WebService password; JWT token-shared secret; separate logging/tracing settings; fine-tuning such as ADMaxRead
Computer\HKEY_CURRENT_USER\SOFTWARE\ESTOS\UCServer4\AdminAdmin settings: Connection data of the last connection; encrypted credentials of the last connection, if applicable; manually set additional log settings for the admin

ProCall UC Media Server service

The following data should be backed up regularly for each UC Media Server service:

Directories

DirectoryContent
<ucmediaserver-rootverzeichnis>\emswindows\etc      
(bspw. C:\Program Files\estos\UCServer\MediaService\emswindows\etc)
Settings regarding network interfaces of the UC Media Server
<ucmediaserver-rootverzeichnis>\logparams.txtThe created log files. Backup optional.


If TLS encryption is used, the .pem file should also be backed up.
The file used is referenced in the <ucmediaserver-root directory>. The correspondingly referenced .pem file must be backed up. See also the backup instructions for certificates.

Outsourced MediaServer

In the case of ProCall DataCenter, a media server can also be outsourced to a remote system. Please note that in this case, not only the media server service, but all installed services must be backed up.

ProCall UC Web Server

The following data should be backed up regularly:

Directories

The UC Web Server settings (network interfaces, logging, etc.) are persisted in the following directory:

<ucserver-rootverzeichnis>\config
(see "Specific requirements for the UCServer")

No settings are saved in the UC Web Server installation folder itself.

ProCall Chat/Journal database

In ProCall DataCenter and possibly also in ProCall Enterprise, chat and journal data (along with various other data) are stored in an SQL server database.
A suitable backup mechanism must be defined at SQL server level.

Folgende Daten sollten regelmäßig gesichert werden:

SQL Server database

The location of the database is specified in the UCServer administration on the "Database" page .

In ProCall DataCenter, the database is used by all UCServers in the multi-server environment.

The content is usually of great importance, which is why the database should be backed up regularly. Otherwise it cannot be restored in the event of data loss.

ProCall configuration/user DB (ProCall DataCentre only)

With ProCall DataCenter, the configuration data is stored in an SQL server database.
A suitable backup mechanism must be defined at SQL server level.

The behaviour of all UCServers participating in the multi-server environment is defined via the database.

The database should be backed up regularly - especially after major changes - as otherwise the configuration of the multi-server environment must be reset from scratch via the UCServer administration after a data loss.

The following data should be backed up regularly:

SQL Server database

The location of the database is specified in the UCServer administration on the "Multi-server database" page .

If the user administration is not used with an Active Directory server (see page "User database" in the UCServer administration), the user data is also contained in this database!

Microsoft Active Directory (AD) - User administration

If "User administration with Active Directory Server" is active on the UCServer (see in the UCServer administration on the "User database" page), the UCServer saves data in the user, group and computer objects in the Active Directory.

The following data should be backed up regularly:
(A suitable backup mechanism must be defined at Active Directory level)

Attributes

Without schema extension, this only affects the "extensionName" attribute.
This attribute is not reserved exclusively for the UCServer; other applications can also store data here.

With schema extension , the UCServer saves data in all attributes that are assigned to the UCServer.
Which attributes are involved can be seen under "Advanced" on the "User database" page in the UCServer administration.
In this case, the attributes are used exclusively by UCServer.
Further information can be found under the Schema reference link.

Redis Datenbank (nur ProCall DataCenter) 

Die Nutzdaten in der Redis Datenbank sind flüchtig und müssen nicht gesichert werden.

MetaDirectory Enterprise

The following data should be backed up regularly for each MetaDirectory server:

Registry

These are not normally present, but if they are, they can be optionally saved.

KeysContent

HKEY_LOCAL_MACHINE\Software\estos\MetaDirectory\Diagnostic

Special keys to enable extended debugging

HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\MetaDirectory\Server

Special log file and database connection settings
HKEY_CURRENT_USER\Software\ESTOS\MetaDirectory\Admin  

Admin settings: Connection data of the last connection; encrypted credentials of the last connection, if applicable; window position, etc.

Directories

DirectoryContent
<MetaDirectory-rootdirectory>\configConfiguration of the MetaDirectory and the replicators set up
<MetaDirectory-rootdirectory>\database
  • Replicated data. If not backed up, it must (and can) be replicated again from the sources, possibly with considerable time expenditure
  • Statistical data regarding the use of replications and telephone directories (e.g. number of requests per hour)
  • If user management is activated: User database
<MetaDirectory-rootdirectory>\wwwrootConfiguration of "Services", "Terminals" and "Templates/Websites". Only needs to be saved if these settings have been manually adjusted in the admin and/or if the website templates have been manually adjusted.

ECSTA 

The configuration of an estos ECSTA is stored completely in the registry.

The following data should be backed up regularly for each ECSTA:

Registry

KeysContent

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\<ECSTA Name> incl. all substructures

Example of ECSTA for Mitel OpenScape 4000:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\ECSTACA4000p3

Complete configuration of the ECSTA (instance-specific settings such as PBX connection and line list, but also log level etc.)
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\ProvidersThe TSP providers registered in the system


To save the configuration, it can be exported to a .reg file (e.g. using the regedit.exe system tool).

Licences

The licence keys of all installed applications/components should be saved or noted in one place so that they can be re-entered if necessary.

Manual changes

If manual changes have been made to files, directories or registry entries that are not described here, these must also be backed up automatically or manually.

Frequency, timing and generations

Allgemein

An event-dependent data backup must be carried out before major changes are made .

ProCall UCServer 

This applies in particular to changes such as more extensive changes to the end user base, changes to the multi-server environment (addition/removal of servers, changes to connected databases) and version changes (update, upgrade, ...).

MetaDirectory 

This applies in particular to changes such as more extensive changes to the replicators and version changes (update, upgrade, ...).

Data recovery

ProCall Client for Windows  

In the event of problems or data loss, the UCClient can be (uninstalled and) reinstalled (e.g. using packaging methods) to restore it to a functional state.
If only files and registry entries that were created by the setup during the UCClient installation have been lost, a repair installation is sufficient.


Configuration settings made by the user (such as added data sources, redirection profiles, etc.) are lost during a complete uninstallation and must be made again after a new installation.
These configuration settings are retained during an update installation and a repair installation.

To restore the configuration settings, the files created during the data backup can be restored.
It is recommended to do this:

  • import the saved data from the .reg file into the registry.
  • copy the saved data from the file directory to the data directory.

The UCClient must not be executed during this step.

ProCall Mobile App (for Android/iOS)

If the app is no longer functional, it can be (possibly uninstalled and) reinstalled in order to restore it to a functional state.
The user must know the UCConnect ID in order to be able to reconnect to the UCServer via the login dialogue. The UCConnect ID or the local UCServer is usually provided automatically via the invitation email sent by the administration.
Some app settings may be reset to the default settings, especially if the app is installed on a different smartphone.

ProCall Client for MacOS

If the app is no longer functional, it can be reinstalled (and uninstalled if necessary) and is then functional again.

ProCall UCServer 

If the UCServer does not start or crashes during startup, the cause can be found in damaged or deleted UCServer installation files or a damaged or deleted service definition of the "estos UCServer".
In this case, a repair installation of the UCServer is recommended.
All files not included in the installation remain untouched (startup files, log files, local SQLite databases, etc.).
The UC Media Server and UC Web Server components are also repaired.
The service definitions of UCServer, UC Media Server and UC Web Server are removed and recreated with default settings.

Alternatively, the UCServer can be reinstalled. If the files that are not included in the installation (startup files, log files, local SQLite databases, etc.) are to be retained, this can be specified during the uninstallation process.

Certificates and secrets

After reinstalling Windows or changing the DNS name, the computer normally requires a new certificate. TLS must be set up again so that the UCServer can use this new certificate:

  1. After the files and registry entries have been restored, first start the start menu entry "UCServer PRODUKTNAME Server Setup".
  2. There, select the only possible option "Update this UCServer PRODUCT NAME" and keep pressing until you reach the network interfaces.
  3. Check the TLS settings of each individual interface and enter the new certificate.

If this is not the case, it is possible to use the existing certificates.

ProCall Enterprise

A restore can be performed using the zip file created and saved during the data export. The zip file can be specified during the installation of the UCServer as part of the wizard. This is then used to reinstall and restore the UCServer.

The installation should be carried out in the identical UCServer version.

If the backup was not performed manually, but directory and registry entries were backed up automatically, you can proceed as described under "ProCall DataCenter".

ProCall DataCenter

Restoring the UCServer installation to an old status is achieved by

  • Installing the UCServer (in the identical version).
    Attention: Cancel the "estos UCServer - Setup" automatically started at the end of the installation in the first dialogue.
  • Restore the backed up folders in <ucserver-rootdirectory>
  • Restore additional customisations made in the service definitions
  • Restoring the registry entries
  • Restore the TLS settings of the individual interfaces and import new certificates if necessary
  • Start UCServer service

ProCall UC Media Server 

The backed up data can be restored after a UCServer installation by copying the backed up directories.

ProCall Chat/Journal database 

During a restore of the database, the UCServer or all UCServers of the multi-server environment must be stopped.

ProCall Configuration/User DB (only ProCall DataCenter)

Während eines Restore der Datenbank muss der UCServer bzw. alle UCServer der Multi-Server-Umgebung gestoppt sein.

MetaDirectory 

Restoring the MetaDirectory installation to an old status is achieved by

  • Installing the MetaDirectory (in the identical version)
  • Stopping the estos MetaDirectory service
  • Restore the backed up folders in <Metadirectory root folder>
  • Restore TLS encryption if necessary
  • The "estos MetaDirectory" service must then be restarted.

Restore TLS encryption

If TLS encryption is used, the fingerprint of the certificate to be used must be determined in the Windows certificate store and the value in the XML attribute "CertHash" in the file <MetaDirectory-Rootfolder>\config\ListeningInterfaces.xml must be replaced with the fingerprint of the new certificate for each entry.

  • The "estos MetaDirectory" service must then be restarted.

ECSTA 

Restoring the ECSTA installation to an old status is achieved by:

  • Installing the ECSTA driver
    Please cancel the configuration started at the end of the installation!
  • Restore the configuration by importing the saved .reg file
  • Add an instance of the driver in "Phone Driver Options Advanced"

Ff the recovery is carried out as part of a new installation of the Windows operating system, the .reg files must be imported before all TSP instances (including non-estos instances) are set up!

Background: The key "*\Telephony\Providers" contains all instances registered in the system and the assignment of the instances is done by a sequential number which is otherwise assigned incorrectly.

If this cannot be ensured, the following (manual) alternative method can be used for backup/restore:

Backup

  1. Back up the registry HKEY_LOCAL_MACHINE\SOFTWARE\ESTOS\<ECSTA-Name> including the subkeys (Provider<x>)
  2. Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers, determine and remember the name of the ECSTA file (e.g. ecsmxone.tsp)

Recovery

  1. Install ECSTA and cancel the wizard to create an instance
  2. Manually add a new TSP instance under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers:
    1. Create new REG_SZ ProviderFilename<n>, with n = next free value (should match the value in NumProviders)
    2. Enter the name of the tsp file as the value ecsmxone.tsp
    3. Create a new REG_DWORD ProviderID<n> (same n as above) and remember it (we need the decimal value below, not hex)
    4. Enter the value from NextProviderID in ProviderID<n>
    5. Increase the values in NextProviderID and NumProviders by one each
  3. In the saved reg file, replace the path "Provider<x>" with "Provider<ID saved in 2c>" and save
  4. Import the modified reg file
  5. If the telephony service is running, restart it or reboot the computer

Licenses

Online licenses

Online licences are stored in the UCConnect server account. If the same UCConnect account is used for the new installation, the licences are automatically transferred.

ProCall DataCenter licenses

ProCall DataCenter licences are stored in the configuration database and do not normally need to be entered again.

Offline licences

 The licence keys of all installed applications/components must be restored manually by entering them in the applications. As the hardware ID usually changes when the systems are completely reinstalled, the licence must be rebound. 

If the licence has already been rebound to another hardware, it may be necessary to contact estos office staff to rebind the licence to a new hardware."

Manual Changes  

If manual changes have been made to files, directories or registry entries that are not described here, these must also be made again (by restoring or entering them manually).

Further information

Data export via the UCServer administration

Data import via the UCServer administration

Privacy-friendly default settings (Art. 25 GDPR)