Analytics & Cookies

We use self-hosted Matomo analytics. By default we measure anonymously with no cookies. Enable cookies to give us a clearer picture and help us improve your experience. You can change this anytime.

Advanced Engineering

Enterprise Backup Architecture: Block-Level Engineering Deep Dive

ShadowCradle operates where most backup products don't dare go - every 64 KB block is individually hashed, deduplicated, optionally compressed, encrypted, and verified. A kernel-mode CBT driver tracks writes in real time. CoW layers make iSCSI snapshots mount in milliseconds. The result: 1–2 minute incrementals, mathematically verifiable integrity, and bare-metal recovery over the network.

1–2 min
Incremental backup (CBT driver)
< 20 ms
iSCSI CoW mount init
~2 GB/s
Block integrity hashing speed
AES-256
Per-block, zero-knowledge
Independent by Design

Every Component Stands Alone

The iSCSI server, backup engine, block store, and recovery layer are fully independent subsystems. Deploy what your environment needs - skip what it doesn't. No monolithic dependencies, no forced lock-in.

Standalone Target

iSCSI Server

Expose any snapshot as an iSCSI target - on the same machine or on a remote host across the network. Runs without touching the backup pipeline. Mount on a different machine to recover a downed server without moving a single byte first.

Mode-Agnostic

Backup Engine

Smart, Compressed, Local Raw, or Appliance mode - each is a self-contained pipeline. Switch modes per-volume, per-schedule, or per-policy. The engine never assumes what the consumer will do with the data it produces.

Multi-Source

Recovery Layer

Restore from local chain, appliance, S3, or a combination of all three simultaneously. Multi-source ingestion means the fastest available source serves each block - local cache first, then LAN appliance, then WAN. No single point of recovery failure.

Configure the Agent - Pick Your Backup Mode
Smart

Bitmap-indexed, 64 KB blocks. Fastest incrementals.

Compressed

Smart + LZ4 or Zstd. 40–70% smaller at full speed.

Local Raw

Sector-level copy. No transformation, maximum auditability.

Appliance

LZ4-compressed POST to appliance. Agent is stateless.

Local CacheOptional Add-On

Combine Compressed + Appliance. A local copy keeps your most recent data on-machine for near-instant recovery. The appliance receives the same data simultaneously - two independent copies, one backup run.

COMPRESSED+APPLIANCE
Recover in minutes, not hours - NVMe speeds + network fill for missing blocks

When the local cache lives on an SSD USB drive or internal NVMe, recent snapshots restore at full drive speed - no network bottleneck. For blocks not in the local cache (older snapshots or evicted data), the appliance fills them over the network in parallel. The result: the vast majority of any restore is served locally at 1–7 GB/s, with only the missing delta fetched from the appliance.

Core Architecture

The 7-Phase Backup Pipeline

Every backup - full or incremental - passes through a deterministic seven-phase pipeline with timing at each stage. No shortcuts, no silent failures.

01

SCAN

Enumerate all partitions, detect filesystem types, compute stable partition UIDs - GPT GUIDs for GPT tables, blake3 fingerprints for MBR disks. ~2–5 seconds on a typical 1 TB drive.

01
02

MAP

Build compact block change bitmaps - per-block blake3 hashes for every partition. Multi-threaded: 40–60% faster on quad-core systems. Produces the foundation for sub-minute incremental detection.

02
03

DETECT

Select the fastest available change-detection method: CBT kernel driver (real-time, ~1 min), VSS/USN Journal (near-real-time, ~2 min), or per-block hash comparison (universal fallback). Skip 90–99% of unchanged blocks.

03
04

COPY

Read only changed blocks. Check the content-addressable store - identical blocks are referenced, not re-written. At 400 MB/s sustained throughput, 10 GB of actual changes copies in ~25 seconds.

04
05

VERIFY

Sample-verify written blocks by re-reading and comparing blake3 hashes. CRC32 validates every block change bitmap. Configurable sample rate - defaults to 5% for low overhead with strong assurance.

05
06

COMMIT

Commit the new snapshot atomically. Write delta manifests, updated block change bitmaps, and rich snapshot metadata. The appliance manages all snapshot sequencing and block relationships server-side - no client-side chain management required.

06
07

CLEANUP

Release VSS shadow copies and volume locks. Remove the atomic crash-recovery state file. The backup is now permanent, verifiable, and available for instant restore or iSCSI mount.

07
Change Tracking

CBT Kernel Driver - Real-Time Block Tracking

ShadowCradle ships a kernel-mode CBT (Changed Block Tracking) driver for Windows. It operates as a volume filter that intercepts every write to disk at the IRP_MJ_WRITE level - the lowest possible OS hook - and marks the affected 64 KB blocks in a real-time bitmap stored in non-paged kernel pool.

When backup starts, the driver hands back only the dirty block list - no scanning, no hashing, no guessing. A 1 TB volume with 2% daily change completes its incremental backup in 1–2 minutes instead of 10–40 minutes.

CBT Driver Stack
ShadowCradle Agent
CTTypes DLL Wrapper
CBTManager.dll (User-Mode)
DeviceIoControl ↔ Kernel
cbt_driver.sys - IRP_MJ_WRITE intercept
NTFS Volume (real-time bitmap)
All Strategies - Priority Order
MethodHow It WorksSpeedTime / 1 TB
Windows - CBT Kernel DriverKernel intercepts every IRP_MJ_WRITE. Real-time dirty bitmap in non-paged poolFastest1–2 min / 1 TB
Windows - VSS Volume BitmapVSS FSCTL_GET_VOLUME_BITMAP query at snapshot timeFast2–3 min / 1 TB
Windows - NTFS USN JournalFile change journal converts to block ID ranges, skips 99%+ of volumeFast2–5 min / 1 TB
Linux - inotify + CoW Snapshotinotify events + CoW snapshot compare for mounted filesystemsStandard3–8 min / 1 TB
All - Block Hash ComparisonUniversal: compare per-block blake3 hashes against prior snapshot bitmapFallback10–20 min / 1 TB
40 Minutes → 1 Minute: The USN Journal Fast-Path

Without CBT, USN Journal converts NTFS file change events to block ranges - skipping 99% of the volume on a typical overnight incremental. With the CBT driver installed, that number reaches 99.9%+, pushing the same job under 2 minutes.

Backup Architecture

Fully Chain Free Based Backup Streaming

The agent streams each backup directly to the ShadowCradle appliance. We independently store each section of each snapshot and map it to deliver minimum space usage, maximum performance, and optimal reliability. No chains. No rebuilds. No waiting.

Fully Chain Free
Snapshot Streaming

The agent streams each backup directly to the ShadowCradle appliance. No local storage, no local block store - the appliance independently stores each section of each snapshot with full deduplication, snapshot management, and metadata. Hash blocks, send new ones, restore done.

  • Zero local storage required on the protected machine
  • Restore in seconds - appliance serves snapshots and blocks directly
  • Appliance deduplicates across all clients - shared block store
  • Interrupted backups resume automatically from last block sent
  • Ideal for desktops, laptops, and servers without large local storage
Appliance Intelligence

Beyond Backup Storage - The Appliance Computes

Cloud-native backup stops at storing data. The ShadowCradle appliance is a full compute node that actively verifies, scans, estimates, and guarantees your backups. It boots Windows VMs from every snapshot to confirm they'll actually start when you need them. It runs antivirus on mounted volumes before any restore touches your network. It measures real restore throughput and backs it with a calculated RTO - not a guess.

< 4 min
VM boot verification
SLA-backed
RTO estimation
Pre-restore
AV scan on mount
Air-gap
No internet required
Security

On-Appliance Antivirus Scanning

Every backup can be mounted read-only and scanned by ClamAV or integrated AV engines before any restore touches your production network. Stops re-infection at the gate - even if ransomware bypassed the sentinel check at backup time.

Verification

Windows Boot VM Verification

The appliance spins up each Windows snapshot as a Hyper-V / KVM guest over the CoW iSCSI layer. If it reaches the login screen, the backup is marked "boot-verified." Runs automatically after every full backup - no manual testing required.

SLA

RTO Estimation & Guarantees

The appliance measures actual local restore throughput (block size × link speed × dedup ratio) and computes a real RTO for each snapshot. MSPs can export RTO reports per client and SLA-back them - "this 500 GB workload restores in under 90 minutes, guaranteed."

Performance

1–10 Gbps Local Restore Speed

Restores run over LAN - not the internet. A local NVMe appliance delivers 1–10 Gbps to recovery targets vs. the 50–200 Mbps ceiling of most cloud providers. A 500 GB restore that takes 6 hours from cloud finishes in under 10 minutes locally.

Resilience

Full Air-Gap Operation

The appliance needs zero internet connectivity to protect, restore, or verify machines. Ransomware often targets cloud credentials first - an air-gapped appliance on a dedicated VLAN has no credentials to steal and no cloud surface to attack.

Efficiency

Cross-Client Block Deduplication

The appliance deduplicates across every protected machine in a single shared block store. A Windows Server OS block stored from machine A is never re-uploaded from machine B. Cloud-native solutions typically deduplicate per-tenant - not per-block across the fleet.

Appliance vs. Cloud-Only - Capability Matrix
CapabilityShadowCradle ApplianceCloud-Only
Antivirus scan before restore✓ On-device ClamAV / AV engine scan- Not available
Boot verification (Windows VM)✓ Auto-tested after every full backup- Requires separate hypervisor infra
RTO estimation✓ Calculated + SLA-reportable per client~ Estimated from cloud benchmarks
Restore bandwidth✓ 1–10 Gbps local NVMe✗ 50–200 Mbps internet throttle
Air-gap / offline operation✓ Zero internet required✗ Requires continuous connectivity
Cross-client deduplication✓ Shared block store across all clients~ Per-tenant only (no cross-org dedup)
Instant iSCSI expose + PXE BMR✓ Built-in CoW iSCSI target on agent- Requires separate BMR workflow
Pre-restore ransomware isolation✓ Scan on air-gapped VLAN before restore- Network path exposes risk
Copy-on-Write Engine

CoW Layer - iSCSI Snapshots in < 20 ms

When ShadowCradle exposes a backup snapshot as an iSCSI target (for live-mount or BMR), a Copy-on-Write (CoW) layer sits between the consumer and the read-only backup blocks. Writes go to the CoW file; reads hit the CoW first, falling back to the backup store.

Traditional pre-allocation (ftruncate 1 TB) blocks mount for 30+ seconds. ShadowCradle's lazy CoW uses a compact bitmap (1 bit per 512-byte sector - just 128 KB for a 1 TB volume) so the mount completes in ~20 ms - a 1,500× improvement.

~20 ms mount init - 1,500× faster than pre-allocation
Bitmap flushes every 30 s + on unmount - crash-safe resume
128 KB bitmap tracks a 1 TB volume (1 bit / 512-byte sector)
CoW file grows lazily - disk usage = only data written
CoW Mount Time Comparison
Traditional pre-allocation (ftruncate 1 TB)30+ seconds
Blocking filesystem metadata update
ShadowCradle lazy CoW (bitmap-tracked)~20 ms
1,500× faster - mount returns immediately
Three-File CoW Architecture
.cow
Data File
Starts at 0 bytes, grows on write
.bitmap
Bitmap File
1 bit/sector, 128 KB per TB
.meta
Metadata
Crash flag, flush time, sector count
Bitmap Intelligence

Compact Block Tracking - Tiny Overhead, Maximum Speed

Every partition is tracked with a compact bit array - one bit per 64 KB backup block. A 1 TB volume's entire change map fits in about 2 MB of memory. Checking whether any single block has changed is an O(1) bit read regardless of volume size.

When comparing the current state to the prior backup, a single bitwise XOR across the two bitmaps instantly produces the changed block list - no full-volume scanning, no re-hashing everything. Just a few milliseconds of bit operations over a compact data structure.

1 bit per 64 KB block - entire 1 TB volume tracked in ~2 MB
O(1) lookup - instant changed-block check for any block offset
Bitwise XOR of two bitmaps identifies all changed blocks in milliseconds
Bitmaps persisted to disk - crash-safe resume from last known state
On-the-Fly Compression

Compress as You Go - Zero Extra Passes

Every block is compressed inline during the COPY phase - immediately after reading and before writing to the block store. No second pass, no temporary uncompressed files on disk. The block is transformed once, in a single streaming pipeline:

Per-Block Inline Pipeline
Read 64 KB block from volume
Blake3 hash → dedup check vs. block store
LZ4 / Zstd compress (new blocks only)
AES-256-GCM encrypt (if enabled)
Write to block store / stream to destination
LZ4: ~1.5 GB/s encode speed - ideal for throughput-sensitive backups
Zstandard: highest ratio, 40–70% storage reduction - ideal for archival
Codec stored per-block - same archive can mix LZ4 and Zstd freely
Block Change Bitmap - 1 Bit per 64 KB Block
Block 0
1
Changed
↑ back up
Block 1
0
Clean
↑ skip
Block 2
1
Changed
↑ back up
Block 3
0
Clean
↑ skip
Block 4
1
Changed
↑ back up
···
Block N−1
0
Clean
↑ skip
Block N
1
Changed
↑ back up

On a 1 TB volume with 1% daily change, only ~160,000 of 16,000,000 blocks have bit=1 - the other 99%+ are skipped entirely.

Content-Addressable Storage - Block Hash → Storage Path
64 KB Block
──── hash ──→
Source data (any changed block)
Bytes 0–1
Dir Level 1
256 top-level dirs (00–FF)
Bytes 2–3
Dir Level 2
256 sub-dirs per L1 (00–FF)
Bytes 4–7
Sub-bucket
65,536 addressable slots
Bytes 8–31
Block filename
24-byte unique block identifier

The 256×256 directory tree gives 65,536 top-level buckets - no single directory grows unwieldy even at petabyte scale. Any block is located with a constant-time O(1) path lookup using its hash as the address - no index table, no scanning.

Bare Metal Recovery

iSCSI Expose + PXE Boot BMR

ShadowCradle doesn't just protect machines - it can become a boot target. From the Windows agent, any backup snapshot can be exposed as a local iSCSI target. A replacement machine boots from it over PXE - no USB, no imaging, no downtime waiting for a restore to complete.

PXE Boot BMR Flow
ShadowCradle Agent (Windows)
Exposes selected backup snapshot as local iSCSI target on port 3260
PXE Bootstrap
Replacement machine boots via PXE - receives IP, OS image, and iSCSI target info
iSCSI Remote Boot
Machine mounts the CoW-wrapped backup snapshot as its boot disk over the network
CoW Live Session
All writes go to CoW file on the source host. Original backup data untouched
Optional: Commit to Disk
BMR wizard restores the full snapshot to local NVMe/SSD while the system runs - transparent to the user
Boot in Minutes, Not Hours

The replacement machine is running the original OS in minutes - the CoW mount is instant. Full local restore happens in the background while the user works.

No USB, No Physical Media

Pure network-based BMR. No imaging USB drives, no shipping media. Any PXE-capable machine can become the recovery target.

Original Backup Untouched

The CoW layer absorbs all writes. The backup snapshot remains byte-for-byte intact - multiple simultaneous recoveries can boot from the same snapshot.

Works from Appliance or Local Chain

Expose any snapshot - from a local chain, S3, or the ShadowCradle appliance - as an iSCSI target. BMR source is wherever the backup lives.

Remote Machine Recovery - Use Any Machine to Recover Any Server
Recovery Flow - Downed Server, Remote Machine
Machine A - Failed Server
The protected server that went down. Its backup chain lives on the appliance (or local chain on another disk).
Appliance / Local Chain
iSCSI target exposed from the appliance (or from Machine A's backup chain on any reachable host). No need to restore data before booting.
Machine B - Recovery Host
Any machine on the LAN or WAN connects to the iSCSI target. Boots Machine A's last snapshot instantly via CoW mount - ~20 ms. Machine B doesn't need to be identical hardware.
Multi-Source Ingestion
While Machine B runs, the recovery layer ingests blocks from all available sources in parallel: local cache (fastest), LAN appliance, and WAN. The fastest source per block wins.
Background Commit to Disk
The full snapshot is written to Machine B's local NVMe in the background. Once complete, Machine B becomes fully self-hosted - iSCSI dependency drops away.
Near-Instant Start

The CoW iSCSI mount takes ~20 ms. Machine B is running the failed server's OS within minutes - while the full restore happens in the background. Users may never notice the outage.

Multi-Source Block Ingestion

Local cache serves the most recent hot data first. The appliance fills remaining blocks over LAN. If both are available, they run in parallel - every block is fetched from the fastest reachable source.

Any Machine, Any Location

Machine B doesn't need to be on the same LAN. If the appliance is reachable over WAN, recovery works remotely - a data center machine can recover a branch office server without physical presence.

Original Snapshot Untouched

The CoW layer absorbs all writes. The backup snapshot on the appliance stays byte-for-byte intact - multiple machines can recover from the same snapshot simultaneously.

Storage Innovation

Content-Addressable Block Store

Every block is identified by its blake3 cryptographic hash. Identical blocks across snapshots, machines, and time are stored exactly once. Incremental backups store only delta manifests - tiny reference files pointing at blocks already in the store. A 0.1% incremental produces a ~288 KB manifest instead of re-writing gigabytes.

Blocks organized by hash prefix - 256×256 directory sharding for fast lookup at any scale
Point-in-time recovery: replay Full + any ordered set of incrementals
20–50% typical space savings - cross-snapshot deduplication, zero redundancy
Incremental Chain - Real Storage Sizes
Full Backup
500 GB(8,000,000 blocks)
Baseline - all blocks written. ~21 min at 400 MB/s
Incremental #1 (after patches)
420 MB(6,720 changed blocks)
0.08% change - ~3 sec to copy at 400 MB/s + 2 min CBT detect
Incremental #2 (daily activity)
185 MB(2,960 changed blocks)
0.04% - under 2 min total backup window
Incremental #3 (idle system)
52 MB(832 changed blocks)
0.01% - completes in ~90 seconds including overhead
Any point-in-time restores by replaying Full + selected incrementals. The block store never duplicates data - identical blocks are referenced, not re-written, across every snapshot in the chain.
iSCSI + Cloud Architecture

Direct-to-Cloud Streaming for SAN & VM Volumes

Back up volumes exposed via iSCSI protocol - SAN LUNs, VM disk images, remote NAS - without requiring a full mount. Blocks stream from the iSCSI target through a local SSD/NVMe cache, hashed, compressed, and uploaded to S3 or the appliance in parallel.

CHAP Authentication1–16 Parallel StreamsLRU Cache (10–500 GB)Block DeduplicationSnapshot ComparisonPoint-in-Time Recovery
iSCSI Backup Data Flow
iSCSI Target
SAN LUN, VM volume, or remote NAS
Discovery + CHAP Auth
Automatic discovery, persistent connection mgmt
Block Reader
64 KB block reads, configurable parallelism (1–16 streams)
Local SSD Cache
LRU eviction, prefetch for sequential I/O, 10–500 GB
Hash + Compress
Blake3 dedup check, LZ4 / Zstd compression in parallel
Cloud / Appliance
S3 or HTTPS appliance streaming simultaneously
Output Destination - Choose One
S3 Cloud
AWS, MinIO, Spaces
OR
Appliance
HTTPS streaming
OR
Local Path
NVMe / NAS / USB
Storage Flexibility

Six Output Modes - One Engine

The same backup pipeline drives four standalone modes. Add the optional Local Cache hybrid for near-instant recovery without network dependency.

SMARTDefault
Content-Addressable Deduplication
  • Blocks stored once by blake3 hash - zero redundancy
  • Delta manifests reference blocks, never duplicate them
  • Point-in-time recovery: Full + ordered deltas
  • 20–50% storage savings on typical incremental chains
COMPRESSEDSpace-Optimized
SMART + Per-Block Compression
  • LZ4 (fastest, ~1.5 GB/s encode) or Zstandard (best ratio)
  • Configurable compression level 1–9
  • Combined dedup + compression: 40–70% storage reduction
  • Codec stored per-block - mixed archives fully supported
S3 CLOUDCloud-Native
Direct to Cloud with LRU Cache
  • Snapshots stored independently in S3-compatible storage
  • Local SSD cache (1–500 GB) for hot-path restore speed
  • Parallel upload streams + exponential-backoff retry
  • Deduplication + compression on every upload - pay only for unique data
APPLIANCESnapshot Streaming
Snapshot Streaming to Appliance
  • Agent streams each backup directly - appliance manages snapshots
  • Appliance owns the block store, snapshots, and all metadata
  • Resume-capable: only missing blocks re-uploaded on interruption
  • Restore starts in seconds - no chain assembly required on client
LOCAL RAWDirect Copy
Sector-Level Raw Copy - Zero Transformation
  • Unprocessed sector copy: no compression, no deduplication, no chain
  • Full-fidelity output for forensic imaging, compliance, or audits
  • NTFS sparse file optimization - only sectors with data written
  • Maximum simplicity and auditability - what you see is what you get
LOCAL CACHEOptionalHybrid
Compressed + Appliance - Near-Instant Recovery
COMPRESSEDAPPLIANCE=Near-Instant Recovery
Local Compressed copy maintained alongside appliance streaming
Recovery reads from local cache first - zero network wait, zero cloud latency
Multi-source ingestion: appliance fills gaps while local cache serves hot data
Most recent snapshots always local - network outage cannot delay recovery
Security Architecture

Defense in Depth - At Every Layer

Zero-Knowledge

AES-256-GCM Per-Block Encryption

Every 64 KB block encrypted individually. 12-byte nonce + 16-byte auth tag per block. Block offset as AAD prevents block-swap attacks. Just 28 bytes overhead per block (0.04%).

Transport Security

TLS 1.3 in Transit

All appliance and cloud communications use TLS 1.3. Certificate pinning supported. Credentials and keys never travel unencrypted.

Data Integrity

Blake3 Integrity Hashing

Every block hashed with blake3 - ~2 GB/s on modern CPUs (4× faster than SHA-256), cryptographically secure, and natively parallelizable. Any hash mismatch triggers automatic rejection.

Pre-Backup Guard

Ransomware Sentinel Detection

15 sentinel files placed in 3 strategic OS locations. Pre-backup integrity check detects ransomware modification across 5 file types in < 50 ms before any backup proceeds.

Key Management

Scrypt Key Derivation

Password-derived encryption keys via Scrypt (N=2¹⁴). Secrets never stored in plaintext. Config files enforce OS-level read permissions.

Reliability

Atomic Write + Crash Safety

All checkpoint files written atomically via temp-file + os.replace(). Power loss mid-backup = clean resume from last checkpoint - never a corrupt or partial snapshot.

AES-256-GCM Block Encryption Layout (per 64 KB block)
Block Data
64 KB plaintext → ciphertext
12-byte Nonce
Random per block
16-byte Auth Tag
GCM tamper detection
AAD: Block Offset
Prevents block-swap attacks

Overhead: just 28 bytes per 64 KB block (0.04%). Keys are derived via Scrypt (N=2¹⁴) and never stored in plaintext. Block offset as AAD prevents block-swap attacks without any extra computation.

Sentinel Grid - 3 Locations × 5 File Types = 15 Monitors
PPTX
Win Folder
PPTX
User Home
PPTX
Prog Files
XLSX
Win Folder
XLSX
User Home
XLSX
Prog Files
DOCX
Win Folder
DOCX
User Home
DOCX
Prog Files
HTML
Win Folder
HTML
User Home
HTML
Prog Files
TXT
Win Folder
TXT
User Home
TXT
Prog Files
Pre-backup: all 15 files hashed in < 50 ms
Compare current hash vs. stored baseline - any delta = alert
Backup pipeline halted until operator confirms
Ransomware Shield

Stop Infected Backups Before They Happen

ShadowCradle places 15 sentinel files across three strategic OS locations. Before every backup, all 15 are re-hashed (< 50 ms total) and compared to their baseline. Ransomware that modifies any sentinel file triggers an immediate halt.

5 file types per location (PPTX, XLSX, DOCX, HTML, TXT)
3 OS locations: System, User Home, Program Files
Thread-safe singleton - < 50 ms per full check
Works on NTFS, ext4, XFS, FAT32, APFS, and ReFS
By the Numbers

Performance That Scales

1–2 min
Incremental backup with CBT driver
1% change on 1 TB volume
< 20 ms
iSCSI CoW mount initialization
1,500× faster than pre-allocation
~400 MB/s
Sustained backup throughput
NVMe source, local appliance
~2 GB/s
Blake3 hashing throughput
4× faster than SHA-256 on modern CPU
40–70%
Typical storage reduction
Dedup + Zstandard compression
0
Corrupt or partial backups - ever
Atomic checkpoints + verify pass
Platform Support

One Agent - Every Major OS

Windows
Windows 10, 11, Server 2016–2025
  • CBT kernel driver (IRP_MJ_WRITE intercept, real-time bitmap)
  • VSS snapshot creation + NTFS USN Journal fallback
  • Sparse file optimization (NTFS hole-punching)
  • iSCSI target exposure - expose any backup for PXE/BMR
  • Physical drive + partition backup (GPT and MBR)
Linux
Ubuntu 20.04+, CentOS 8+, Debian 11+
  • EXT4 / btrfs filesystem support
  • inotify change event monitoring
  • CoW snapshot comparison for iSCSI volumes
  • Direct-to-cloud streaming (S3-compatible)
  • iSCSI target backup from SAN and NAS volumes
macOS
macOS 10.15 (Catalina)+
  • APFS filesystem support
  • FSEvents change tracking
  • Full partition and drive imaging
  • S3 and appliance streaming modes
Observability

Prometheus-Native Metrics Out of the Box

Every backup emits rich per-job telemetry - blocks written, compression ratios, deduplication savings, throughput, and duration. Metrics retained 30 days by default and exportable to any Prometheus-compatible stack.

Per-backup throughput (MB/s)
Block-level compression ratio tracking
Deduplication savings in bytes
Pre-backup system diagnostics (disk, VSS, connectivity)
Post-write integrity verification reports
prometheus metrics output
sc_backup_blocks_written{snapshot_id="snap_20240301"}10240
sc_backup_throughput_mbps{snapshot_id="snap_20240301"}87.4
sc_backup_compression_ratio{codec="zstd"}0.62
sc_backup_dedup_savings_bytes{snapshot_id="snap_20240301"}52428800
sc_backup_duration_seconds{type="incremental"}1184
sc_integrity_verify_pass{sample_rate="5%"}1

Why This Engineering Translates to Real Business Value

Smaller Storage Bills

Content-addressable dedup + Zstd compression cut storage 40–70% vs. naive full-image backups. You pay for unique data, not duplication.

Faster Backup Windows

CBT driver + USN Journal push 1 TB incrementals under 2 minutes. Backup jobs complete while production workloads run unaffected.

Verifiable Integrity

Every block carries a blake3 hash. You can independently re-hash any backup and confirm against stored metadata. No vendor trust required.

Crash-Safe by Design

Atomic checkpoints mean power failure mid-backup = clean resume - not a corrupt snapshot that silently fails on restore day.

Pre-Backup Ransomware Check

15 sentinel files catch encryption activity before any backup commits. You never inadvertently seal an encrypted snapshot into your retention chain.

Remote BMR Without Physical Media

iSCSI expose + PXE boot turns any replacement machine into a network recovery target. Full system available to users in minutes, restore to disk in background.

Ready to See the Engineering in Action?

Start a 30-day free trial - our team provisions your appliance and walks you through the pipeline firsthand.

No credit card required · Cancel anytime · 60-day free trial