Solution overview

Xopero Unified Protection includes an AirGap solution designed to enhance data security. This functionality is based on the physical isolation of the backup repository from the network, helping to minimize the risk of data breaches, for example those caused by ransomware attacks. The AirGap architecture ensures that backup data remains inaccessible to entities operating within a compromised IT environment. By combining strict access control with automated backup processes, the solution increases infrastructure resilience and provides a foundation for a secure disaster recovery strategy.

General information

The Xopero AirGap solution is a data protection method that uses xSAIR (Secure AirGap Immutable Repository) technology to create an isolated backup environment and store an additional backup copy fully separated from the primary network.

AirGap is based on a cluster of two Xopero Unified Protection (XUP) appliances connected in a back-to-back configuration, where the second, redundant device remains disconnected from the network most of the time, preventing any communication with it. The redundant device is powered on only for replication purposes.

The replication process is initiated by powering on the inactive XUP appliance via iDRAC (Integrated Dell Remote Access Controller). After data transfer is completed, the system automatically powers the device off, restoring the isolated AirGap state. Due to its physical disconnection from the network, the backup copy stored on the isolated device remains inaccessible to cyber threats, providing effective protection against ransomware attacks.

AirGap solution characteristics

The AirGap system is based on communication between two interconnected XUP devices — offline and online:

1. XUP offline device remains powered off most of the time. It includes only data storage and, optionally, a backup agent. The device is equipped with an active iDRAC interface used for remote startup and shutdown.

2. XUP online device can operate in one of two variants:

   1. Standard — includes an active management interface, a backup agent, and data storage.

   2. Limited — does not include the management interface; it contains only the backup agent and data storage.

Connection architecture and replication process

The AirGap data replication process is fully automated, eliminating the need for manual intervention to maintain physical separation of resources. The system manages the connection state of the backup repository, enabling access only during data transfer and isolating it immediately afterward.

Component configuration

The AirGap component integration process follows these principles:

1. The XUP online unit connects its backup agent and data storage to the management service (hosted on a XUP device, external server, or SaaS).

2. The data storage of the XUP offline unit is then connected to the management service via backup agent installed on the XUP online device.

3. Data replication is performed through a task executed by the backup agent on the XUP online device.

Power automation (PRE/POST scripts)

To ensure unattended communication with the offline device, the process uses event-driven scripts:

1. PRE script — executed before the data replication process begins. It powers on the XUP offline unit via the iDRAC interface and waits until it is fully operational.

2. POST script — executed immediately after the replication task is completed. It safely powers off the XUP offline unit using the iDRAC interface.