Working with Backup and Restore

Using the Backup/Restore Center tool, you can create backups of configuration files and settings. Use the backups to restore a stable configuration if changes have caused problems. Before the Backup Center dialog box appears you will be prompted to enter the root password. You can select from a list of packages to be backed up.

Backup Center

When you import files or configurations, ensure that each component is selected individually.

For more information about using backup and restore, refer here.

Exporting Data Configuration to Local File

Select the configurations to export to a local file. When you select Administration > Backup/Restore Center > Export data/configurations to a local file in the Backup Center screen, you will be asked to specify the packages to export. Before the Backup Center dialog box appears, you will be prompted to enter the root password.

Table: List of Appliance Specific Services

ServicesDescriptionAppliance Specific
ESADSG
Appliance OS Configuration
Export the OS configuration (networking, passwords, and others) but not the security modules data.
Note
In the OS configuration, the certificates component is classified as follows:
  • Certificates that include Consul-related certificates, Insight certificates, and certificates of the Protegrity products installed on the appliance. Ensure that this option is not selected if the configurations must be imported on a different system in the cluster.
  • Management and Web Service Certificates that are used by the Management and Web Services engine for authenticating client and server.
Directory Server And Settings
Export the local directory server and authentication settings.
Export Consul Configuration and DataExport Consul configuration and data
Backup Policy-Management *2
Export policy management configurations and data, such as, policies, data stores, data elements, roles, certificates, keys, logs, Key Store-specific files and certificates among others to a file.
 
Backup Policy-Management Trusted Appliances Cluster*2
Export policy management configurations and data, such as, policies, data stores, data elements, roles, certificates, keys, logs, Key Store-specific files and certificates among others to a specific cluster node for a Trusted Appliances Cluster.
Note
It is recommended to use this option with cluster export only.
 
Backup Policy-Management Trusted Appliances Cluster without Key Store*1
Export policy management configurations and data, such as, policies, data stores, data elements, roles, certificates, keys, logs among others, but excluding the Key Store-specific files and certificates to a specific cluster node for a Trusted Appliances Cluster.
Note
This option excludes the backup of the Key Store-specific files and certificates.
It is recommended to use this option with cluster export only.
 
Policy Manager Web UI Settings
Export the Policy Management Web UI settings that includes the Delete permissions specified for content and audit logs.
 
Export All PEP Server Configuration, Logs, Keys, Certs
Export the data (.db files, license, token elements, etc.), configuration files, keys, certificates and log files.
 
Export PEP Server Configuration Files
Export all PEP Server configuration files (.cfg).
 
Export PEP Server Log Files
Export PEP Server log files (.log and .dat).
 
Export PEP Server Key and Certificate Files
Export PEP Server Key and Certificate files (.bin, .crt, and .key).
 
Export PEP Server Data Files
Export all PEP Server data files (.db), license, token elements and log counter files.
 
Application Protector Web Service
Export Application Protector Web Service configuration files.
  
Export Storage and Share Configuration Files
Export all configuration files including NFS, CIFS, FTP, iSCSI, Webdav.
  
Export File Protector Configuration Files
Export all File Protector configuration files.
  
Export ETL Jobs
Export all ETL job configuration files.
  
Export Gateway Configuration Files
  
Export Gateway Log Files
  
Cloud Utility AWS
Exports Cloud Utility AWS CloudWatch configuration files.

*1 Ensure that only one backup-related option is selected among the options Backup Policy-Management, Backup Policy-Management Trusted Appliances Cluster, and Backup Policy-Management Trusted Appliances Cluster without Key Store. The Backup Policy-Management option must be used to back up the data to a file. In this case, this backup file is used to restore the data to the same machine, at a later point in time.

*2The Backup Policy-Management Trusted Appliances Cluster option must be used to replicate the data to a specific cluster node in the Trusted Appliances Cluster (TAC). This option excludes the backup of the metering data. It is recommended to use this option with cluster export only.

If you want to exclude the Key Store-specific files during the TAC replication, then the Backup Policy-Management Trusted Appliances Cluster without Key Store option must be used to replicate the data. Doing this excludes the Key Store-specific files and certificates, to a specific cluster node in the TAC.

This option excludes the backup of the metering data and the Key Store-specific files and certificates.

It is recommended to use this option with cluster export only.

For more information about the Backup Policy-Management Trusted Appliances Cluster option or the Backup Policy-Management Trusted Appliances Cluster without Key Store option, refer to the section Appendix C: TAC Replication of Key Store-specific Files and Certificates in the Protegrity Key Management Guide 9.1.0.0.

If the OS configuration export is selected, then only the network setting and passwords, among others, are exported. The data and configuration of the security modules are not included. This data is mainly used for replication or recovery.

Before you import the data, note the OS and network settings of the target machine. Ensure that you do not import the saved OS and network settings to the target machine as this creates two machines with the same IP address in your network.

If you need to import all appliance configuration and settings, then perform a full restore for the system configuration. The following will be imported:

  • OS configuration and network
  • SSH and certificates
  • Firewall
  • Services status
  • Authentication settings
  • File Integrity Monitor Policy and settings

To export data configurations to a local file:

  1. Login to the CLI Manager.

  2. Navigate to Administration > Backup/Restore Center.

  3. Enter the root password and select OK.

    The Backup Center dialog box appears.

  4. From the menu, select the Export data/configurations to a local file option.

  5. Select the packages to export and select OK.

  6. In the Export Name field, enter the required export name.

  7. In the Password field, enter the password for the backup file.

  8. In the Confirm field, re-enter the specified password.

  9. If required, then enter description for the file.

  10. Select OK.

  11. You can optionally save the logs for the export operation when the export is done:

    1. Click the More Details button.

      The export operation log will display.

    2. Click the Save button to save the export log.

    3. In the following dialog box, enter the export log file name.

    4. Click OK.

    5. Click Done to exit the More Details screen.

    The newly created configuration file will be saved into /products/exports. It can be accessed from the CLI Manager, the Exported Files and Logs menu, or the Import tab available in the Backup/Restore page, available in the Web UI.
    The export log file can be accessed from the CLI Manager, the Exported Files and Logs menu, or the Log Files tab available in the Backup/Restore page, available in the Web UI.

Exporting Data/Configuration to Remote Appliance

You can export backup configurations to a remote appliance.

Important : When assigning a role to the user, ensure that the Can Create JWT Token permission is assigned to the role.
If the Can Create JWT Token permission is unassigned to the role of the required user, then exporting data/configuration to a remote appliance fails.
To verify the Can Create JWT Token permission, from the ESA Web UI navigate to Settings > Users > Roles.

Follow the steps in this scenario for a successful export of the backup configuration:

  1. Login to the CLI Manager.

  2. Navigate to Administration > Backup/Restore Center.

  3. Enter the root password and select OK.

    The Backup Center dialog box appears.

  4. From the menu, select the Export data/configurations to a remote appliance(s) option and select OK.

  5. From the Select file/configuration to export dialog box, select Current (Active) Appliance Configuration package to export and select OK.

  6. In the following dialog box, select the packages to export and select OK.

  7. Enter the password for this backup file.

  8. Select the Import method.

    For more information on each import method, select Help.

  9. Type the IP address or hostname for the destination appliance.

  10. Type the admin user credentials of the remote appliance and select Add.

  11. In the information dialog box, press OK.

    The Backup Center screen appears.

Exporting Appliance OS Configuration

When you import the appliance core configuration from the other appliance, the second machine will receive all network settings, such as, IP address, and default gateway, among others.

You should not import all network settings to another machine since it will create two machines with the same IP in your network. It is recommended to restart the appliance after receiving an appliance core configuration backup.

This item shows up only when exporting to a file.

Importing Data/Configurations from a File

You can import (restore) data from a file if you need to restore a specific configuration that you have previously saved. When you import files or configurations, ensure that each component is selected individually. During data configurations import, you are asked to enter the file password set during the backup file creation. Export and import Insight certificates on the same ESA. If the configurations must be imported on a different ESA, then do not import Certificates. For copying Insight certificates across systems, refer to Rotating Insight certificates.

To import data configurations from file:

  1. Login to the CLI Manager.

  2. Navigate to Administration > Backup/Restore Center.

  3. Enter the root password and select OK.

    The Backup Center dialog box appears.

  4. From the menu, select the Import data/configurations from a file option and select OK.

  5. In the following dialog box, select a file from the list which will be used for the configuration import.

  6. Select OK.

  7. In the following dialog box, enter the password for this backup file.

  8. Select Import method.

  9. Select OK.

  10. In the information dialog box, select OK.

    The Import Operation Has Been Completed Successfully message appears.

    Consider a scenario when importing a policy management backup that includes the external Key Store data. If the external Key Store is not working, then the HubController service does not start post the restore process.

  11. Select Done.

    The Backup Center screen appears.

Reviewing Exported Files and Logs

You can review the exported files and logs.

To review exported files and logs:

  1. Login to the CLI Manager.

  2. Navigate to Administration > Backup/Restore Center.

  3. Enter the root password and select OK.

    The Backup Center dialog box appears.

  4. From the menu, select the Exported Files and Logs option.

  5. In the Exported Files and Logs dialog box, select Main Logfile to view the logs.

  6. Select Review.

  7. To view the Operation Logs or Exported Files, select it from the list of available exported files.

  8. Select Review.

  9. Select Back to return to the Backup Center dialog box.

Deleting Exported Files and Logs

To delete exported files and logs:

  1. Login to the CLI Manager.

  2. Navigate to Administration > Backup/Restore Center.

  3. Enter the root password and select OK.

    The Backup Center dialog box appears.

  4. From the menu, select the Exported Files and Logs option.

  5. In the Exported Files and Logs dialog box, select the Operation Logs and Exported Files.

  6. Select Delete.

  7. To confirm the deletion, select Yes.

    Alternatively, to cancel the deletion, select No.

Backing Up/Restoring Local Backup Partition

The backup is created on the second partition of the local machine.

Thus, for example, if you make an OS full backup in the PVM mode (both Appliance and Xen Server are set to PVM), enable HVM mode, and then reboot the Appliance, you will not be able to boot the system in system-restore mode.

XEN Virtualization

If you are using virtualization, and have backed up the OS in HVM/PVM mode, then you can to restore only in the mode you backed it up (refer here).

Backing up Appliance OS from CLI

It is recommended to perform the full OS back up before any important system changes, such as appliance upgrade or creating a cluster, among others.

To back up the appliance OS from CLI Manager:

  1. Login to the Appliance CLI Manager.

  2. Proceed to Administration > Backup/Restore Center.

    The Backup Center screen appears.

  3. Select Backup all to a local backup-partition.

    The following screen appears.

    Backup Confirmation Screen

  4. Select OK.

    The Backup Center screen appears and the OS backup process is initiated.

  5. Login to the Appliance Web UI.

  6. Navigate to Dashboard.

    The following message appears after the OS backup completes.

    Notification Message

    CAUTION: The Restore from backup-partition option appears in the Backup Center screen, after the OS backup is complete.

Restoring Appliance OS from Backup

To restore the appliance OS from backup:

  1. Login to the Appliance CLI Manager.

  2. Navigate to the Administration > Reboot and Shutdown > Reboot.

    The Reboot screen appears.

  3. Enter the reason and select OK.

  4. Enter the root password and select OK.

    The appliance reboots and the following screen appears.

    Console Screen

  5. Select System-Restore.

    The Welcome to System Restore Mode screen appears.

    System Restore Screen

  6. Select Initiate OS-Restore Procedure.

    The OS restore procedure is initiated.

Last modified January 21, 2025