Cove Data Protection Implementation
Deploy comprehensive backup and disaster recovery using Cove Data Protection. This project covers protecting servers, workstations, and Microsoft 365 with cloud-first backup, recovery testing, and standby image configuration for rapid failover.
Project Overview
What We're Building
┌─────────────────────────────────────────────────────────────────────┐
│ Cove Data Protection Architecture │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ Protected Workloads │
│ ┌─────────────────────────────────────────────────────────────┐ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │
│ │ │ Windows │ │ Linux │ │ Hyper-V │ │ Microsoft│ │ │
│ │ │ Servers │ │ Servers │ │ VMs │ │ 365 │ │ │
│ │ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │ │
│ │ │ │ │ │ │ │
│ └───────┼────────────┼────────────┼────────────┼──────────────┘ │
│ │ │ │ │ │
│ └────────────┴─────┬──────┴────────────┘ │
│ │ │
│ ┌────────▼────────┐ │
│ │ Cove Agent │ │
│ │ Local Backup │ │
│ └────────┬────────┘ │
│ │ │
│ ┌────────▼────────┐ │
│ │ Cove Cloud │ │
│ │ (Encrypted) │ │
│ │ │ │
│ │ ┌─────────────┐ │ │
│ │ │Recovery │ │ │
│ │ │Console │ │ │
│ │ └─────────────┘ │ │
│ │ ┌─────────────┐ │ │
│ │ │Standby │ │ │
│ │ │Images │ │ │
│ │ └─────────────┘ │ │
│ └─────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────┘Prerequisites
- Cove Data Protection subscription
- Partner portal access
- Servers/workstations to protect
- Microsoft 365 tenant (for M365 backup)
- Network bandwidth assessment completed
Part 1: Portal Configuration
Step 1: Partner Portal Setup
Navigate to: Cove Partner Portal
Create Organization:
- Navigate to Manage → Organizations
- Click Add Organization
- Configure:
- Organization Name
- Contact Email
- Billing Configuration
- Timezone
Organization Hierarchy:
Partner Account
├── Client A Inc
│ ├── Servers (5)
│ ├── Workstations (25)
│ └── M365 (50 users)
├── Client B Corp
│ ├── Servers (10)
│ ├── Workstations (100)
│ └── M365 (200 users)
└── Internal IT
└── Servers (3)Step 2: Configure Default Settings
Navigate to: Settings → Default Backup Settings
Server Defaults:
| Setting | Recommended Value |
|---|---|
| Backup Schedule | Every 8 hours |
| Local Speed Vault | Enabled (if available) |
| Priority Restore | Enabled |
| Archiving | 365 days |
| Document Selection | System State + All Fixed Drives |
Workstation Defaults:
| Setting | Recommended Value |
|---|---|
| Backup Schedule | Every 24 hours |
| Backup Window | 8 PM - 8 AM |
| Priority Restore | Disabled |
| Archiving | 90 days |
| Document Selection | Documents, Desktop, AppData |
Part 2: Server Backup Deployment
Step 3: Install Backup Agent
Download and Install:
# Download installer from portal
$installerPath = "C:\Temp\CoveBackupSetup.exe"
$clientName = "ClientA-SRV01"
$encryptionKey = "YourSecureEncryptionKey123!"
# Silent install
Start-Process -FilePath $installerPath -ArgumentList `
"/S",
"/CLIENTNAME=$clientName",
"/ENCRYPTIONKEY=$encryptionKey",
"/DATADIR=C:\Backup\CoveData" `
-Wait -NoNewWindow
# Verify installation
Get-Service -Name "Cove Data Protection"Mass Deployment Script:
# deploy-cove-agents.ps1
$servers = @(
@{Name="SRV-DC01"; ClientName="ClientA-DC01"},
@{Name="SRV-FILE01"; ClientName="ClientA-FILE01"},
@{Name="SRV-SQL01"; ClientName="ClientA-SQL01"}
)
$installerShare = "\\fileserver\software\Cove"
$encryptionKey = Read-Host -AsSecureString "Enter Encryption Key"
foreach ($server in $servers) {
$session = New-PSSession -ComputerName $server.Name
Invoke-Command -Session $session -ScriptBlock {
param($installer, $clientName, $key)
Copy-Item "$installer\CoveBackupSetup.exe" "C:\Temp\" -Force
Start-Process "C:\Temp\CoveBackupSetup.exe" -ArgumentList `
"/S",
"/CLIENTNAME=$clientName",
"/ENCRYPTIONKEY=$key" `
-Wait
} -ArgumentList $installerShare, $server.ClientName, $encryptionKey
Remove-PSSession $session
Write-Host "Deployed to $($server.Name)" -ForegroundColor Green
}Step 4: Configure Server Backup Selection
System State Selection:
Selection Name: Windows-Server-Full
Includes:
- System State:
- Active Directory (if DC)
- System Registry
- Boot Files
- COM+ Database
- Certificate Services (if CA)
- Drives:
- C:\ (System Drive)
- D:\ (Data Drive)
- Applications:
- SQL Server (if installed)
- Exchange (if installed)
- SharePoint (if installed)
Excludes:
- C:\Windows\Temp\*
- C:\Temp\*
- *.tmp
- *.log (except application logs)
- pagefile.sys
- hiberfil.sysSQL Server Specific:
Selection Name: SQL-Server-Backup
VSS Writer: SQL Server VSS Writer
Includes:
- All User Databases
- System Databases (master, model, msdb)
- Transaction Logs
Schedule:
- Full Backup: Every 24 hours
- Log Backup: Every 15 minutes
Recovery Options:
- Point-in-time recovery: Enabled
- Log truncation after backup: EnabledStep 5: Configure Local Speed Vault
Enable Local Cache:
# Configure local vault location
$vaultPath = "D:\CoveSpeedVault"
# Ensure directory exists with proper permissions
New-Item -ItemType Directory -Path $vaultPath -Force
icacls $vaultPath /grant "SYSTEM:(OI)(CI)F" /T
icacls $vaultPath /grant "Administrators:(OI)(CI)F" /T
# Configure in Cove agent
# (Done via portal: Device → Settings → LocalSpeedVault)Speed Vault Settings:
| Setting | Value |
|---|---|
| Vault Location | D:\CoveSpeedVault |
| Maximum Size | 500 GB (or 2x largest backup) |
| Retention | 7 days |
Part 3: Workstation Backup
Step 6: Deploy Workstation Agent
Deployment Options:
| Method | Best For |
|---|---|
| Direct Download | Individual workstations |
| GPO Deployment | Domain-joined workstations |
| RMM Deployment | NinjaOne, Datto RMM, etc. |
| Intune Deployment | Entra ID joined devices |
RMM Deployment Script (NinjaOne):
<#
.SYNOPSIS
Deploy Cove Backup agent via NinjaOne
.NOTES
Schedule: Once (on new device)
Run As: SYSTEM
#>
$installerUrl = "https://cdn.cloudbackup.management/maxdownloads/mxb-windows.exe"
$installerPath = "$env:TEMP\CoveSetup.exe"
$clientName = $env:COMPUTERNAME
$orgName = "YourOrg" # Replace with NinjaOne custom field if dynamic
# Check if already installed
if (Get-Service -Name "Cove Data Protection" -ErrorAction SilentlyContinue) {
Write-Output "Cove already installed"
exit 0
}
# Download installer
Invoke-WebRequest -Uri $installerUrl -OutFile $installerPath
# Install with partner credentials (use secure method in production)
Start-Process $installerPath -ArgumentList `
"-partner-name", "YourPartner",
"-partner-password", "$env:COVE_PARTNER_PASSWORD",
"-organization-name", $orgName,
"-device-name", $clientName `
-Wait -NoNewWindow
# Verify
$service = Get-Service -Name "Cove Data Protection" -ErrorAction SilentlyContinue
if ($service -and $service.Status -eq "Running") {
Write-Output "Installation successful"
Ninja-Property-Set backupAgent "Cove"
} else {
Write-Error "Installation failed"
exit 1
}Step 7: Workstation Backup Selection
Standard Workstation Profile:
Selection Name: Workstation-Standard
Includes:
- User Profiles: C:\Users\*
- Documents
- Desktop
- Downloads
- Pictures
- AppData\Roaming
- System State: Enabled
Excludes:
- C:\Users\*\AppData\Local\Temp\*
- C:\Users\*\AppData\Local\Microsoft\Windows\INetCache\*
- C:\Users\*\Downloads\*.iso
- C:\Users\*\Downloads\*.exe
- *.pst (separate backup required)
- Recycle Bin
Schedule:
- Frequency: Every 24 hours
- Window: 8:00 PM - 6:00 AM
- Defer if on battery: YesPart 4: Microsoft 365 Backup
Step 8: Configure M365 Backup
Navigate to: Organization → M365 Backup → Add Subscription
Connect Azure AD Application:
- Create App Registration in Azure AD
- Grant Required Permissions:
- Exchange:
full_access_as_app - SharePoint:
Sites.FullControl.All - OneDrive:
Files.ReadWrite.All
- Exchange:
- Create Client Secret
- Enter credentials in Cove
Permissions Required:
| Service | Permission | Type |
|---|---|---|
| Exchange | Exchange.ManageAsApp | Application |
| SharePoint | Sites.FullControl.All | Application |
| OneDrive | Files.ReadWrite.All | Delegated |
| Teams | TeamSettings.ReadWrite.All | Application |
Step 9: Configure M365 Backup Policy
Exchange Online:
Backup Scope: All Mailboxes
Includes:
- User Mailboxes
- Shared Mailboxes
- Group Mailboxes (Microsoft 365 Groups)
- Archive Mailboxes
Items:
- Email Messages
- Calendar Items
- Contacts
- Tasks
- Notes
Frequency: Every 4 hours
Retention: 365 daysSharePoint Online:
Backup Scope: All Sites
Includes:
- Team Sites
- Communication Sites
- OneDrive for Business
- Microsoft Teams Sites
Excludes:
- System Sites
- Personal Sites (if separate OneDrive backup)
Frequency: Every 8 hours
Retention: 365 days
Version History: Last 5 versionsOneDrive for Business:
Backup Scope: All Users
Frequency: Every 8 hours
Retention: 365 days
Includes:
- All Files and Folders
- Version HistoryPart 5: Recovery Procedures
Step 10: Document Recovery Procedures
File-Level Recovery:
- Navigate to Restore → [Device Name]
- Browse to recovery point
- Select files/folders
- Choose destination:
- Original location
- Alternate location
- Download to local machine
Bare Metal Recovery:
1. Boot from recovery media (USB/ISO)
2. Connect to network (DHCP or static IP)
3. Select "Recover System Image"
4. Enter device credentials
5. Select recovery point
6. Confirm target disk
7. Begin restoration
8. Reboot into recovered systemVirtual Machine Recovery:
- Navigate to Restore → [VM Name]
- Select recovery point
- Choose recovery type:
- Restore to original location
- Export as VHD/VMDK
- Mount for file extraction
Step 11: Test Recovery Procedures
Recovery Testing Schedule:
| Recovery Type | Frequency | Scope |
|---|---|---|
| File Recovery | Monthly | Random file from each server |
| Full Server | Quarterly | One server per quarter |
| Bare Metal | Annually | Test VM or spare hardware |
| M365 Mailbox | Monthly | Random mailbox items |
| M365 SharePoint | Quarterly | Full site recovery |
Recovery Test Documentation:
# Recovery Test Report
**Date:** 2026-02-03
**Tester:** IT Admin
**Device:** SRV-FILE01
## Test Details
- Recovery Type: File Recovery
- Recovery Point: 2026-02-02 22:00
- Files Recovered: D:\Shared\Finance\Q1Report.xlsx
## Results
- Recovery Started: 10:15 AM
- Recovery Completed: 10:18 AM
- Duration: 3 minutes
- Status: SUCCESS
## Verification
- File hash verified: ✓
- File opens correctly: ✓
- Data integrity confirmed: ✓Part 6: Standby Image Configuration
Step 12: Configure Standby Images
Enable Standby Image:
- Navigate to Device → [Server Name] → Standby Images
- Click Enable Standby Image
- Configure:
- Recovery Target: Azure/Hyper-V/VMware
- Instance Size: Match source server
- Update Frequency: After each backup
Standby Image Settings:
Server: SRV-DC01
Standby Target: Azure
Instance Type: Standard_D4s_v3 (4 vCPU, 16 GB RAM)
Virtual Network: Prod-VNet-Recovery
Boot Test: Enabled (Weekly)
Boot Test Notification: it-team@company.comStep 13: Configure Boot Testing
Automated Boot Testing:
Schedule: Weekly - Sunday 3 AM
Test Duration: 10 minutes
Verification:
- VM boots successfully
- OS responds to ping
- RDP port accessible
- Key services running
Actions:
- Screenshot capture
- Email notification
- Auto-shutdown after testBoot Test Report:
Boot Test Results - SRV-DC01
Date: 2026-02-02 03:00
Status: PASSED
Checks:
✓ VM provisioned successfully
✓ Boot completed in 2m 34s
✓ Network connectivity verified
✓ RDP port 3389 responding
✓ Active Directory services running
✓ DNS responding
Screenshot: [Captured]
VM Shutdown: Automatic at 03:12Part 7: Monitoring and Reporting
Step 14: Configure Alerts
Alert Conditions:
| Alert | Condition | Priority |
|---|---|---|
| Backup Failed | Any failure | High |
| Backup Overdue | 48+ hours since last backup | High |
| Low Storage | < 10% cloud storage remaining | Medium |
| Agent Offline | Device not seen for 24+ hours | Medium |
| Recovery Point Old | No recovery points < 7 days | High |
Notification Setup:
Email Notifications:
Recipients: it-team@company.com
Frequency: Immediate for High, Daily digest for Medium
Webhook (Optional):
URL: https://slack.com/webhook/xxx
Events: Backup failures onlyStep 15: Generate Reports
Schedule Reports:
- Navigate to Reports → Scheduled Reports
- Create reports:
Executive Summary:
Report: Executive Backup Summary
Schedule: Weekly - Monday 8 AM
Recipients: executives@company.com
Content:
- Total protected devices
- Backup success rate
- Data protected (TB)
- Recovery tests completedOperations Report:
Report: Operations Detail
Schedule: Daily - 7 AM
Recipients: it-team@company.com
Content:
- Backup job summary
- Failed backups (with errors)
- Devices needing attention
- Storage usage trendsStep 16: Dashboard Setup
Create Custom Dashboard:
- Backup success rate (24h)
- Protected vs Unprotected devices
- Storage consumption trend
- Recent failures
- Recovery point currency
Part 8: Disaster Recovery Runbook
Step 17: Create DR Runbook
Runbook: Complete Server Failure
# Disaster Recovery Runbook: Server Failure
## Scenario
Primary server unrecoverable - need full restore
## Prerequisites
- Standby Image enabled for server
- Azure/VMware environment ready
- Network configuration documented
## Procedure
### Phase 1: Assessment (0-15 minutes)
1. Confirm primary server is unrecoverable
2. Notify stakeholders of DR activation
3. Access Cove Recovery Console
### Phase 2: Activate Standby (15-30 minutes)
1. Navigate to Standby Images → [Server]
2. Click "Start Virtual Machine"
3. Configure networking:
- IP Address: [Document IP]
- DNS: [Document DNS]
- Gateway: [Document Gateway]
4. Verify boot completion
### Phase 3: Validation (30-45 minutes)
1. Connect via RDP/SSH
2. Verify critical services:
- Active Directory (if DC)
- SQL Server (if DB)
- Application services
3. Test client connectivity
### Phase 4: Failover DNS (if needed)
1. Update DNS records to point to standby
2. Reduce TTL before failover
3. Monitor DNS propagation
### Phase 5: Documentation
1. Record DR activation time
2. Document any issues
3. Schedule post-incident reviewVerification Checklist
Server Backup:
- Agents deployed to all servers
- Backup selections configured
- Local Speed Vault enabled (where applicable)
- First full backup completed
- Backup verification successful
Workstation Backup:
- Agents deployed to workstations
- Profile-based selections active
- Backup schedule running
- Test file recovery successful
Microsoft 365:
- Azure AD app registered
- Permissions granted
- All mailboxes discovered
- SharePoint sites protected
- OneDrive backup enabled
Disaster Recovery:
- Standby images enabled for critical servers
- Boot testing configured
- DR runbook documented
- Recovery test completed
Troubleshooting
| Issue | Cause | Solution |
|---|---|---|
| Backup stuck at 0% | VSS issue | Restart VSS writers |
| Slow backup | Network congestion | Schedule off-hours |
| Agent offline | Service not running | Restart Cove service |
| M365 auth failed | Token expired | Re-authenticate app |
Resources
Questions? Reach out in our community Discord!