Force Smartguard to run

Hello,

I'm running a VM which encrypts its volume. As such, I only want to take snapshots when the machine is either shut down or hibernating, in order to ensure that no sensitive data from primary memory (RAM) is captured in the snapshot. Otherwise it would kind of defeat the purpose of encrypting the volume in the first place, since the volume keys (among other things) are probably retrievable from the primary memory snapshot.

Note that encryption is done by the guest, not the host, so Parallels doesn't have an opportunity to encrypt primary memory data as well (if it even does that normally).

My problem is that SmartGuard triggers seemingly randomly during the day (it's most certainly not random, but I haven't tried to determine the exact time), and because of that I have to more or less guess when SmartGuard will take the snapshot and shutdown the machine in time. If I don't, I have to skip the snapshot and guess again.

If I'm not at my desk when SmartGuard triggers, it may automatically freeze the VM and take the snapshot anyway (with the sensitive data in the clear) after a certain amount of time after the notification appeared and I haven't asked it to skip the snapshot.

Both these things make SmartGuard a tad useless and even dangerous for my use-case. Instead, I take manual snapshots. This is also pretty cumbersome long term, as I always need to go through a routine where I delete the oldest snapshots when I take new ones. I also need to remember to do all this at the correct frequency for my backup scheme. In short, I'd really like to use SmartGuard.


So, is there a way to manually trigger a SmartGuard snapshot? Better, is there a way to setup SmartGuard so that it only takes snapshots when the virtual machine is shutdown, *and* have it immediately trigger as soon as the machine shuts down and/or Parallels is started?

Sub-question: All I can find in the documentation I found is that SmartGuard only lets Time Machine backup the latest snapshot. What if multiple snapshots have been taken between two Time Machine runs? Are they all backed up as they should, or does Time Machine only backs up the very latest snapshot?

Thanks.

 

Totally agree, there should be an option to either

1) run it now or to
2) set the time of the day when it runs
3) and definitely an option on when to run it (mid-session, only on startup, only on shutdown)

Many apps don't like being restarted mid-session as they deal with backends that are far out of sync with where a snapshot was taken (aka outlook)

 

I know this is a very old thread... Most likely you found the answers you were looking for a long time ago... But, myself, having struggled with the pairing of TimeMachine and Parallel's SmartGuard snapshots, and the very poor documentation on the subject, decided to share what I discovered. Basically I needed to truly understand how the snapshots worked, and if I could rely on them in case I ever needed to restore a VM from a snapshot using TimeMachine (and the snapshots). In other words, I had the same "Sub-question" that you had, and then some.
So, here it goes...

First, disclaimer: I do NOT work for Parallels and I am in no way, shape, or form the final authority on the software. I did do extensive testing though, and the results of all my testing, which involved going through several iterations of waiting for snapshots to be automatically created, and test recovering the VM several times using TimeMachine, at different stages (with no snapshot yet taken, with 1 snapshot taken, with two, and more snapshots taken, with both the VM powered on and off), AND, yes, my TimeMachine drive IS encrypted.

I'll first give you the bottom line of all my testing, and then I will expand.

Bottom line: Yes. It all works. Perfectly. Seamlessly.

Now, you're thinking "That does not answer any of my questions!" But it does. In an Apple philosophy kind of way... As in, Apple (and in this case Parallels) says you do not need to know, so you do not need to know. Of course, we The Users disagree. We DO need to know.

So, here's my expanded answer:

1- I will put this one first, because you mentioned you are doing the encryption in the guest. That presents the problems you mentioned. You actually can keep on doing that. But, if you really want your data and your backups safe, and you want the final results that you described, you need to (also) encrypt your TimeMachine backup drive itself. Yes, I am saying that if you want to have your VM encrypted at the guest level, and you want your backup safely encrypted when the VM is powered on, you must encrypt your TimeMachine drive backup as well (host level). If you do that, it really does not matter if the VM is powered on or not. The backup will be encrypted on the backup drive (TimeMachine), and you (or anyone else) will only be able to restore the VM to that specific powered on state (and access any sensitive data) if they have the decryption password of the encrypted TimeMachine backup drive. Makes sense? (Yes, I know you will be encrypting twice here. But that's the price you pay for what you want to achieve.)
2- Number one pretty much takes care of your encryption situation. Now on to how SmartGuard Snapshots actually do work really well with TimeMachine... I thoroughly tested each and every single scenario I mention here:
a) If there aren't yet any SmartGuard snapshots of the VM: TimeMachine backs up the entire .pvm file, however large it is, regardless of whether the VM is powered on or not. Again, if you have the backup drive encrypted, you are safe, even with the VM powered on.
b) If there is already 1 SmartGuard snapshot, AND TimeMachine has at least one full backup of the entire .pvm file, THEN it keeps the full .pvm backup, does not back it up again, and backs up the snapshot.
c) If there is already 1 SmartGuard snapshot, BUT TimeMachine never had a chance to backup the entire .pvm, THEN it backs up the full .pvm, AND then it backs up the snapshot.
d) And the pattern repeats itself... If there are 2 or more SmartGuard snapshots, TimeMachine will back up the full .pvm file only if it wasn't backed up before, and it will do the same for any SmartGuard snapshots that it hasn't yet backed up. That is, if the snapshot has already been backed up before, it is already backed up, and it is not backed up again. But any new snapshots that weren't yet backed up WILL be backed up. However many (non-backed up) snapshots there are.

If you follow my reasoning 1 thru 2, a thru d, you see that everything gets backed up, quite efficiently, without data duplication.

Now you may ask (I did!): "Ok. How does the restore work?" That was my main question, because I wanted to make sure I could rely on SmartGuard and TimeMachine configured this way. It is quite simple, actually. When/If you want to restore, you simply enter TimeMachine, browse to the folder that contains the .pvm file, and click "Restore". TimeMachine/Parallels SmartGuard will automatically calculate which SmartGuard Snapshot was the closest one taken prior to the TimeMachine backup and restore the main first full .pvm backup, and then apply the latest SmartGuard Snapshot, which will bring your machine to the closest state it was in, when the last snapshot was taken, before the last backup was taken, for the date that you choose.

Practical example:
1- TimeMachine runs and backs up your entire .pvm, say, 01/01/2030.
2- SmartGuard takes a snapshot 01/02/2030.
3- TimeMachine runs and backs up the 01/02/2030 snapshot on 01/03/2030.
4- SmartGuard takes a snapshot 01/04/2030.
5- TimeMachine runs and backs up the 01/04/2030 snapshot on 01/05/2030.
5- SmartGuard takes a snapshot 01/06/2030.
6- At this point, on 01/07/2030, you experience a catastrophic failure of your drive and you lose the .pvm completely.
7- After resolving the problem with the drive, you enter TimeMachine, browse to the folder where the .pvm file resides. Go back in time to 01/06/2030, and you click restore. TimeMachine knows it has a good full backup of the .pvm from the first original backup, and it also knows that the latest available backed up SmartGuard Snapshot for the date you chose (01/06/2030) is from 01/04/2030. It restores the .pvm file exactly as it was as of 01/04/2030, which is the latest good backup/SmartGuard Snapshot combination per the restore date chosen.

I know I typed a book here. (And I am not the best writer ) But I hope I explained everything.

Best, Raphael