5 2 0:About Backup
Overview
SEP sesam is a highly efficient enterprise backup solution designed for heterogeneous environments, enabling reliable backup and restore of various operating systems, applications, emails, databases, and virtual platforms. With SEP sesam, the backup process ensures that file system and application data is securely copied and stored from primary to secondary storage. The storage can be located anywhere, onsite or offsite, on disk or tape, at physical or remote locations, or even in the cloud.
Backup, at its core, is the process of capturing and storing a copy of data at a specific point in time. In SEP sesam, it involves two primary elements: a backup task that determines the data to be included (what) and a backup event that specifies the storage location for the data (where), and can be scheduled to specify the timing of the backup execution (when). The data is stored as a saveset on a data carrier. A saveset is a collection of data, including files and directories, that is copied to a backup medium through backup process. Multiple savesets can make up a backup, as additional copies are generated through migration and replication.
When backup tasks are executed with different backup levels, they create a backup chain on the backup storage. A backup chain is a sequence of full, differential, and incremental backups, accompanied by a backup metadata file. The chain starts with a full backup, capturing a comprehensive snapshot of the specified data. Subsequent differential and incremental backups track and capture changes made to the data since the last backup. Some backup methods use Changed Block Tracking (CBT) for incremental backups, a technology that enhances backup efficiency for virtual machines.
Key features
SEP sesam offers a wide range of key features and benefits that can be used to implement robust backup and restore solutions tailored to specific needs:
- Support for diverse operating systems: SEP sesam is compatible with a wide range of operating systems, including Windows, Linux, Unix, as well as legacy systems like Novell Netware and VMS.
- Protection of heterogeneous environments: SEP sesam is designed to provide backup and restore solutions for various applications, databases, and virtual machines. It supports multi-hypervisor environments, including Citrix, Hyper-V, VMware, and more. It also offers backup and restore capabilities for databases such as Oracle, SAP, MS SQL, IBM DB2, and applications like MS Exchange, SharePoint, and HCL Domino. This broad support enables data protection across diverse environments with different operating systems, applications, emails, databases, and virtual platforms. See also SEP sesam Extensions.
- Backup strategy implementation: A comprehensive backup strategy is an essential part of protecting any business from data loss (e.g., disk failure, malware/ransomware attacks, human error). An efficient data protection strategy helps recover lost data quickly and seamlessly and ensures business continuity when all preventive measures fail.
- Versatile storage solutions: SEP sesam provides many storage options, supporting backup to tape, disk, and cloud storage. This allows choosing the best storage strategy for the environment, with tape storage offering long-term archiving and offline protection, disk storage delivering fast backup and restore performance, and cloud integration taking advantage of scalability and accessibility of cloud platforms.
- Reliability and resilience of the backup process: SEP sesam offers failover events to help minimize backup failures and ensure the continuity of backup processes. A failover backup event acts as a contingency plan in case the original backup event encounters issues due to an unavailable data storage (media pool or data store). A failover media pool can be assigned to a media pool to ensure storage availability if the primary media pool becomes unavailable due to lack of space, missing free media, unreachable RDS, or other issues.
- Deduplication, migration and replication: SEP sesam optimizes backup and restore operations through data deduplication, migration and replication. These capabilities improve storage utilization, reduce backup times, and enhance data availability. Deduplication minimizes storage requirements by eliminating redundant data, while migration and replication enable efficient transferring or creating additional copies of data for enhanced data protection.
- Retention and backup chain management: SEP sesam offers options to define retention times for backed-up data, ensuring compliance and data lifecycle management. Retention policies help manage backup chain dependencies and preserve the integrity of backup chains for restores to specific points in time.
- Permission management: SEP sesam permissions (ACLs) define the actions that user groups or specific users can perform in SEP sesam, such as accessing and viewing objects, or modifying objects.
- Disaster recovery solutions: In addition to standard backups, SEP sesam provides specialized disaster recovery solutions. It offers Bare Metal Recovery for Linux and BSR Pro for Windows, allowing organizations to recover entire systems in the event of catastrophic failures. SEP sesam self-recovery is also available, enabling recovery from various disaster scenarios.
Backup levels
SEP sesam provides four different backup levels: full, differential, incremental and copy. The backup level is specified when creating a backup event or performing an immediate start of the backup.
When planning your backup strategy, it is essential to consider the advantages and disadvantages of different backup levels, particularly in terms of time and storage space. A common approach is to use a combination of FULL, DIFF, and/or INCR backups as part of a structured backup chain.
SEP sesam retention management ensures that all backups in a chain are kept as long as the most recent backup remains valid. Long chains with many backups can become inefficient and vulnerable, potentially leading to restore failures due to storage limitations or prolonged restore times. Since there is no built-in limit for backup chain length, SEP AG recommends scheduling regular FULL backups and limiting the number of consecutive incremental backups to a maximum of 100.
The following backup levels are available:
- FULL backup
- Full backup captures all data specified by the backup task, regardless of whether changes have occurred. It creates a complete snapshot of the data at the current point-in-time. A full backup might take longer to perform, but offers straightforward restore where only one saveset is required to restore the entire dataset. Full backups serve as the starting point for subsequent differential (DIFF) and/or incremental (INCR) backups, forming a backup chain.
- Information about the backup status is stored in the SEP sesam database. Note that on Windows the archive bits are not automatically deleted. To purge the archive bits, the command -o clear_archive can be used in the backup options.
- DIFF (differential) backup
- Differential backup captures data that has changed or been created since the last full backup. Each differential backup creates a point-in-time backup of all changes since the last full backup, disregarding all other intermediate differential and incremental backups. A differential backup is faster to perform than a full backup, but two savesets are required for restore – the saveset from the last full backup and the saveset from the most recent differential backup.
- INCR (incremental) backup
- Incremental backup captures the changes made since the last backup, whether it was a full, differential, or incremental backup. Incremental backups are space-efficient, fast, and provide the most frequent data captures in a backup chain. For restore, the last full saveset, the last differential saveset (if it exists) and all subsequent incremental backup savesets are required, which may extend the restoration time. The restore process sequentially applies these savesets to restore data to a specific point-in-time. SEP sesam offers generation restore, which offers high level of granularity and flexibility for data recovery. Each incremental backup creates a new generation of the data. The exact point in time can be selected for restore and SEP sesam applies the incremental backups sequentially from the last full backup, replaying the changes made over time.
- COPY backup
- Copy backup is a full backup that operates independently of other backups. It creates a standalone backup of the data at that moment. It is useful for archival purposes or for creating a backup copy for specific use cases. Copy backups are not part of a backup chain and don't impact other differential or incremental backups in a backup chain.
![]() |
Note |
Differential (DIFF) and incremental (INCR) backups rely on a full backup as a reference point. If no initial FULL backup exists, the first DIFF or INCR backup is automatically performed as a FULL backup to maintain the backup chain and ensure data consistency. |
Backup procedure
The backup procedure in SEP sesam consists of a standard process for file systems and application data, with variations for SEP sesam extensions that involve additional tasks or different options. SEP sesam offers preset task types, such as file system backups (type Path), Exchange, MySQL, SAP HANA, and more. It also provides specialized task types for virtual environments, enabling full VM backups and single file restore (SFR).
It is recommended to use the specific backup procedure corresponding to the data you intend to back up, as special methods are employed for different data types. For comprehensive information on supported extensions, their features, and associated backup procedures, refer to SEP sesam Extensions and the SEP sesam OS and Database Support Matrix.
In the Web UI, the backup configuration assistant provides a guided and user-friendly process for configuring backups, including client setup, backup task creation, and scheduling. The assistant automatically detects and displays the supported backup types based on the selected client, helping you configure the backup accordingly. However, not all backup types and advanced options are currently available in the Web UI. If specific settings or backup types are missing, the SEP sesam GUI can be used instead.
In the GUI, the backup procedure consists of the following steps:
- Creating a backup task.
- Begin by selecting the data that needs to be backed up. This involves specifying the files, directories, or applications that are to be included in the backup.
- Creating a backup schedule.
- Define the backup schedule based on your requirements. Specify the frequency, timing, and recurrence of the backups to ensure regular and consistent data protection.
- Creating a backup event.
- Determine where and how you want your data to be backed up. Select the backup storage destination and configure any specific options or parameters for the backup process.
With this procedure you can automate the backup operations, minimizing the need for manual intervention. SEPuler, the SEP sesam scheduling service, continuously monitors schedules and manages execution of data protection tasks. When a scheduled or manually triggered event is detected, it initiates the execution of the corresponding task.
To prevent possible task conflicts and efficiently manage the tasks in the execution queue, SEP sesam uses event priorities.
SEP sesam Server self-backup
To protect the SEP sesam Server and prepare for potential failures, the SEP sesam Server self-backup must be configured. This process involves setting up a dedicated backup task named SESAM_BACKUP to back up SEP sesam configuration files, logs, and database. Additionally, this task triggers the export of the bootstrap database, which contains all necessary configuration and backup history details required for disaster recovery.
It is recommended to run the self-backup daily in COPY or FULL mode.
![]() |
Warning |
If SEP sesam self-backup is not configured and performed at least once a week, this violates the license agreement. As a result, you will not be entitled to support in the event of a disaster. |
For more information, see SEP sesam Server Disaster Recovery.
Automating backup process
In dynamic virtual environments where new virtual machines (VMs) are created and deleted on a regular basis, SEP sesam can automate the backup process to adapt to these dynamic environments. This eliminates the need for manual intervention and reduces the chances of missing critical VMs from the backup schedule.
Before initiating the backup job on the virtualization host, a pre-backup script performs a discovery of the VM inventory and identifies any new virtual machines (VMs) that have been created since the last backup. SEP sesam then automatically generates dedicated backup tasks for each new VM and adds them to the task group. This task group is specifically designed to perform backup of the virtual environment, ensuring that all VMs are included in the backup process.
For more information, see Automating Backup Process.
Parallel backups
SEP sesam incorporates multi-streaming technology, known as Sesam Multiplex Stream (SMS), which enables extremely fast simultaneous backups from multiple data sources on a single drive.
With SMS, the data from different streams is divided into packets, each assigned a unique identifier, and copied to the backup media. These packets are not stored contiguously but rather interspersed with packets from other streams. The identification markers embedded within the packets allow SMS to accurately restore the original data stream during the reading process.
SMS also has the capability to distribute savesets across multiple media that still have available space, as indicated by the media properties parameter known as "End of Media" (EOM).
The number of parallel streams that can be used during backup to the backup drive is determined by the "Max. channels" parameter in the Drive properties. The number of available data streams depends on the type of server license (for example, ONE enables 1 backup stream). See Licensing for more details.
Backup data encryption and compression
To ensure the security and confidentiality of backup data, SEP sesam offers the following encryption types:
- Backup task encryption for savesets: SEP sesam allows encryption to be applied to savesets at the backup task level. This encryption can be enabled when configuring the backup task properties under the Encryption & Compression tab. Supported encryption algorithms include Advanced Encryption Standard (AES) 256-bit encryption and Blowfish (bf64) encryption.
- Si3 encryption for Si3 deduplication store: SEP sesam provides Si3 encryption for Si3 deduplication store.
- Hardware-based LTO encryption for LTO tape drives: SEP sesam supports hardware-based encryption for LTO tape drives, managed at the media pool level.
To enable data encryption, an encryption key (password) needs to be created. The encryption key is stored in the SEP sesam database or, for backup task encryption, you have the option to keep it external. The encryption key stored in the SEP sesam database is itself encrypted and used for automatic decryption during restore operations. If the encryption key is not stored by SEP sesam, you will be prompted to enter it before starting the restore process using the restore wizard. Note that he password length is limited to 28 characters, and it should not contain special characters such as underscores, hyphens, or spaces.
In addition to encryption, SEP sesam also offers data compression as an option. When compression is enabled, the size of the backup data is reduced, optimizing storage utilization.
![]() |
Note |
When encryption or compression is enabled, performing single file restore is not possible. |
Note that when using the cpio archive format under Linux, compression is not available. The cpio format requires the size of the items to be known at the beginning of the backup process, which is not compatible with dynamic compression.
See also
Backup Chain Dependencies — Backup Strategy Best Practices — GFS Backup Retention Strategy — Automatic Retention (EOL) Management — Advanced Backup Features and Platform Support — SEP sesam Server Disaster Recovery