[FAQ] Backup & Archive – Frequently Asked Questions

Flosum Backup & Archive runs on an Amazon EC2 instance and connects to Salesforce SaaS externally.

• Nginx handles proxy requests and enables SSL.

• User Pool Service manages access control.

• MySQL stores app configuration settings.

• Local storage options include:

  • SSD (gp2 or gp3)

  • S3 object storage

Runs inside a GCP Virtual Machine and connects externally to Salesforce SaaS.

• Nginx for proxy/SSL

• Google Identity Platform for access control

• MySQL for configuration storage

• Local CSV storage on SSD

Runs inside an Azure VM with Salesforce SaaS access.

• Nginx for proxy/SSL

• Azure Active Directory for access control

• MySQL for app settings

• Storage options:

  • SSD (gp2 or gp3)

  • S3-compatible storage

MySQL (running in a Docker container) stores configuration data but does not store customer backups.

Only one EC2 instance is needed for a standard self-hosted deployment.

Use the following commands to:

1. Run

2. Update

3. Verify

Yes, data is encrypted both in transit and at rest using the SHA-256 algorithm.

Yes, you can choose between SSD (gp2/gp3) or S3/S3 Glacier for your local storage needs.

• Global manages Salesforce connections and controls user access with AWS Cognito (or respective identity providers).

• Local Storage serves as temporary data storage during processing.

• SSD (gp2)

• SSD (gp3)

• S3 Glacier Instant Retrieval

• S3 Glacier Flexible Retrieval

• Proxy requests to the Docker container

• Manages SSL termination and certificates

• Enables HTTPS for secure communication

To minimize guesswork and restore only affected data. Flosum compares changes between:

• The backup before the data loss (Recovery Point)

• The backup after the incident (Known Corruption Point)

Only the changed records are restored, ensuring precision and speed.

No, only one job (backup, restore, archive, or search) can run at any given time.

The overlapping backup is skipped. The next unscheduled slot will capture any changes missed. Composite Backups resume and capture all deltas since the last successful run.

In Salesforce, History objects lack insert/update permissions. This is a Salesforce platform-level restriction, not a Flosum limitation.

When checking a completed backup job, the app displays record counts indicating how many records are stored in the backup and how many were processed in that job.

• Total: Count of all records currently stored in the Backup & Archive app for a specific object (e.g., Accounts, Contacts).

• Clicking on an object row opens the Records Table, showing:

  • All = Added + Changed + Deleted

  • Added = New records captured in this job

  • Changed = Existing records that were updated

  • Deleted = Records removed since the last backup

Example:

For example, a new backup was created yesterday and captured 40 Case records from your org. The Total would show 40 Case records. Today, you added 10 new Cases and updated 5 existing Cases.

Today's backup will show:

Summary:

• Total = All records stored

• All / Added / Changed / Deleted = Changes in this specific backup job

Icons and indicators on the "Add Child Objects" screen convey important relationships between parent and child objects, especially during deletions while archiving:

Yellow Warning Triangle (Cascade Delete)

• The child object has a dependent (cascade delete) relationship with the parent.

• These are considered Dependent objects in Salesforce.

• Optional to include in the archive.

• If excluded, child records will be deleted when the parent is archived and deleted.

• This reflects Salesforce’s native cascade behavior.

Red Lock Icon (Restricted Delete)

• The child object has a Restricted Delete relationship with the parent object.

• These objects are automatically included in the archive template and cannot be excluded.

• In Salesforce, restricted delete relationships prevent the parent record from being deleted unless the related child records are deleted first.

• Required to archive to prevent errors.

This error occurs when the RecordTypeId from the archived data no longer exists or is inaccessible in the current org.

Root Causes:

• The archived record has an implicitly assigned RecordTypeId that:

  • No longer exists in the current org.

  • It is not visible/accessible to the restore user (running user).

  • Was tied to a past configuration or managed package.

Solution:

• Exclude the RecordTypeId field during restore.

• Salesforce will auto-assign the default Record Type.

• Prevents cross-reference errors and completes the restore.

This happens when the FromAddress is not recognized or validated in your Salesforce org.

Salesforce only allows:

• Organization-Wide Email Addresses

• Email-to-Case routing addresses

• Email addresses of active users

If the FromAddress in your backup (e.g., [email protected]) isn’t validated, Salesforce will return:

• INVALID_OR_NULL_FOR_RESTRICTED_PICKLIST

• INVALID_FIELD_VALUE

This error occurs because Salesforce is enforcing a restriction on the FromAddress field of the EmailMessage object. The error refers to ValidatedFromAddress, but the issue lies with the value in the FromAddress field, which must be validated and authorized in Salesforce.

Internally, Salesforce uses a field called ValidatedFromAddress to ensure that the FromAddress is among the list of authorized senders. To avoid this error during a restore or insert, exclude the ValidatedFromAddress field from your restore request for EmailMessage records.

The "Query All Files" permission is sensitive and should be assigned only to trusted system or integration users.

Required when:

• Backing up or restoring files not explicitly shared with the user.

If not granted:

• Only shared files will be backed up.

• Some files visible via record access may be skipped.

• Restore may miss file attachments that weren’t captured.

Impact:

• Incomplete file backup and restore.

• Risk of data gaps in shared or collaborative environments.