CubeBackup for Google Workspace Technical Specifications
Overview
This document provides a detailed technical overview of CubeBackup for Google Workspace to assist in understanding, deploying, and managing CubeBackup within a Google Workspace environment.
Product Description
Supported Google Workspace Editions and User Types
- Google Workspace Editions:
- Google Workspace Business/Enterprise
- Google Workspace for Nonprofits/Education
- G Suite Legacy
- User Types:
- Active Users
- Cloud Identity Users
- Archived Users and Suspended Users need to be reactivated before a successful backup.
Functionality
Backup and recovery for Google Workspace data, including:
- Gmail messages and labels
- Google Drive data including Google native files in Docs, Sheets, Slides, Drawing and shortcuts. (Google Sites and Forms data are not supported)
- Shared drive files and folder structures
- Google Calendar
- Google Contacts
Key Features
- Incremental Backups: Only new and modified data is downloaded for each backup task
- Comprehensive Backups: Email labels, folder structures, file share permissions, created and modified time, multiple versions of every minor change, etc.
- Automatic and periodic Backups: Set automatic backup schedules and customize backup intervals.
- Unlimited version history: Backup snapshots are preserved for an unlimited period of time, even for deleted users.
- Customized data retention policy: Flexible configuration to accommodate different data regulations.
- Automatic backups for new users: Automate user management and license assignment.
- Parallel Backups and restore: Efficiently back up and restore multiple users simultaneously.
- Multi-admin support and Self-service portal: Allow role-based admin access and individual users to perform self-service data recovery.
- Multi-tenancy backups: Manage backups for multiple Google Workspace domains on a single CubeBackup instance.
- Granular Restores: Ability to restore specific versions of individual files and messages.
- Cross-user and cross-domain restoration: Facilitate data restoration for deleted users and data migration between different domains.
- Data export: Download backups to local machines.
- File exclusion rules: Exclude unnecessary files and remove existing backups for users and shared drives.
- Powerful search tools: Global search and advanced searching features help easily locate required data.
- Email Notifications: Receive alerts for backup status and issues on a daily basis.
- Data encryption: Data encryption in transit and at rest.
- Throttling settings: Option to configure bandwidth conservation during work hours.
System Requirements
Hardware Requirements
- CPU: Minimum 2 cores.
- Memory: Minimum 4 GB RAM. 6 GB or more is recommended for optimal performance.
- Network Connectivity: Stable internet connection for data transfer to Google servers and network or cloud storage. The internet bandwidth should be at least 50 Mbps.
Storage Requirements
- Local storage for data index: Minimum 10 GB available for local data index (data index size will expand based on the number of backup users).
- Storage for the backup data: Both on-premises storage and private cloud storage are supported. Generally, backup storage space should be double the size of your current Google Workspace data to accommodate a complete backup and future changes.
Supported On-premises Storage
- Local disk within the company's physical or virtual servers.
- Network-Attached Storage (NAS).
- SAN and on-premises data center.
Supported Cloud Storage and storage classes included
- Amazon S3 (customized storage class can include Standard, Standard-IA, OneZone-IA, Glacier-IR, Intelligent Tiering)
- Google Cloud storage (customized storage class can include Standard, Nearline, Coldline, Archive)
- Microsoft Azure Blob storage (customized access tier can include Hot, Cool, Cold)
- Backblaze B2
- Other S3-compatible storage
Software Requirements
CubeBackup is a 64 bit application, so it requires a 64 bit OS. Both Windows and Linux are supported.
Windows
Both Windows Server and Windows Desktop are supported:
- Windows Server 2016 64-bit and above.
- Windows 10 64-bit and above.
Linux
The following Linux distributions are supported:
- CentOS(RHEL) 7 (x86_64) and above
- Ubuntu 20 (x86_64) and above
- Debian 9 (x86_64) and above
- openSUSE 13 (x86_64) and above
Docker
CubeBackup's docker image is based on Debian and can be only run on Linux distributions.
- Docker version 1.10 or later
Architecture
Components
- Backup server: Manages backup tasks, data encryption, and data transfer.
- Storage: Configurable to use local disks, NAS, or private cloud storage (e.g., Google Cloud storage, Amazon S3, Azure Blob Storage, Backblaze B2, or other S3-compatible storage).
Data Flow
When CubeBackup initiates a backup session, it securely transfers data from Google Workspace to the designated backup storage location. Here's a detailed overview of this process:
- Authentication and Authorization: CubeBackup connects to Google Workspace APIs using OAuth tokens to authenticate and authorize data access.
- Data Retrieval and Encryption: As data is retrieved, CubeBackup performs additional integrity checks and encrypts it using your private encryption key.
- Secure Data Transmission: Encrypted data is transmitted to your backup storage destination over a secure HTTPS connection.
Security Features
- Role-based access for the CubeBackup web console
- Immutable audit log for the CubeBackup web console
- HTTPS/TLS connection for web console access and data during transmission
- AES 256-bit and RSA 2048-bit encryption for data in the backup repository
- IP Whitelist for web console and API access
- Two-Factor Authentication for web console login
- Google OAuth 2.0 Authentication: Secure authorization for accessing Google Workspace data
Integration and Extensibility
- API Support: CubeBackup APIs for administrators to integrate the backup service with your own systems.
- Hooks: CubeBackup hooks for administrators to set up real-time backup status updates, track restore and export events, and execute customized hook scripts automatically.
- CLI Support: CubeBackup provides commands for administrators to archive backup data, remove specific backups, recover admin accounts, trigger email notifications and update credentials.
Configuration and Deployment
Deployment Options
- Local Deployment: Suitable for organizations that prefer to manage their data in-house. Requires a compatible operating system and sufficient hardware to host and run the CubeBackup server.
- Docker Deployment: Ideal for organizations looking for a scalable and easily manageable solution. Requires Docker and can be run on any system that supports Docker, regardless of the underlying OS.
- Cloud Platform Availability: CubeBackup VM images are readily available on AWS Marketplace, Azure Marketplace, and Google Cloud Marketplace. This availability facilitates quick deployment within these popular cloud platforms.
Installation Steps
Installation on a local machine or cloud VM.
Configuration of backup storage path and storage credentials for cloud storage deployment.
Integration with Google Workspace:
Note:
All necessary permissions are granted to your own Google Cloud Platform (GCP) service account. CubeBackup Inc. does not require direct access to your Google Workspace data, ensuring that your information remains secure and under your control.- Required APIs: The service account should have the following APIs enabled to function correctly:
- Admin SDK API
- Gmail API
- Google Calendar API
- Google Drive API
- People API.
- OAuth Scopes Authorization: Authorization for specific Google OAuth scopes must be configured via the Google Admin console.
- https://www.googleapis.com/auth/admin.directory.domain.readonly,
- https://www.googleapis.com/auth/admin.directory.user.readonly,
- https://www.googleapis.com/auth/admin.directory.orgunit.readonly,
- https://www.googleapis.com/auth/admin.directory.group.readonly,
- https://mail.google.com/,
- https://www.googleapis.com/auth/drive,
- https://www.googleapis.com/auth/calendar,
- https://www.googleapis.com/auth/contacts
- Required APIs: The service account should have the following APIs enabled to function correctly:
4. Configuration of backup user list, retention policies and other options in the CubeBackup web console.
Maintenance and Support
Upgrading CubeBackup
- Upgrade Notification: Upon login, the CubeBackup web console automatically displays notifications for available updates, including bug fixes and feature enhancements. Administrators can easily upgrade to the latest version by following the on-screen prompts directly within the web console.
Server Maintenance
- Storage Migration: CubeBackup includes a built-in migration tool that facilitates the seamless change of existing backups to a new storage location.
- Server Migration and Disaster Recovery: Connect to existing backups from a new installation, ensuring smooth transition and reliable disaster recovery.
Troubleshooting and Support Resources
- Error reports and logging: All backup and restore errors are logged within the histories and reported via email notifications. For detailed analysis, the CubeBackup diagnostic file can be downloaded from <host_ip/domain_name>/diagnose.zip.
- Technical Support: CubeBackup support team available at [email protected]
- Online resources and FAQs: Documentation base available at CubeBackup Docs.
Licensing and Compliance
Licensing Model
CubeBackup licensing is user-based, ensuring that organizations only pay for what they need, with the flexibility to scale as they grow. The pricing plans for CubeBackup licenses are:
- $5 USD/User/Year for Business/Enterprise plan.
- $2 USD/User/Year for a Education/Nonprofits plan.