サポートと今すぐチャット
サポートとのチャット

One Identity Safeguard for Privileged Passwords 7.5.2 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Backup and Retention

Use the Backup and Retention settings to manage your Safeguard for Privileged Passwords backups and archive servers.

It is the responsibility of the Appliance Administrator to configure the Safeguard for Privileged Passwords backup and retention settings.

Go to Backup and Retention:

  • web client: Navigate to Backup and Retention.
Table 22: Backup and Retention settings
Setting Description
Archive servers Where you add and manage archive servers for storing backup files and session recordings.

Audit Log Maintenance

Where you define the audit logs to be archived and purged as well as a schedule for performing the audit log archival task.

Backup and Restore Where you initiate or schedule a backup, upload or download a backup file, or specify the archive server where a backup file is to be stored.
Backup Retention Where you enable (or disable) backup retention and set the maximum number of backup files you want Safeguard for Privileged Passwords to store on the appliance.

Authorize VM Compatible Backups

Where you authorize the download of Safeguard for Privileged Passwords hardware appliance backups which can then be uploaded and restored to a Safeguard for Privileged Passwords virtual machine.

About backups

One Identity Safeguard for Privileged Passwords backs up the following:

  • All settings, except:

    • Appliance IP address
    • Network Time Protocol (NTP) configurations
    • Domain Name System (DNS) configuration
  • Audit logs
  • All information about Safeguard for Privileged Passwords objects:

    • Accounts
    • Account groups
    • Assets
    • Asset groups
    • Entitlements
    • Partitions
    • Users
    • User groups

Safeguard for Privileged Passwords encrypts and signs the data before it makes it available for downloading to an off-appliance storage. Only a genuine Safeguard for Privileged Passwords Appliance can decrypt the backup after it is uploaded to the appliance. Backups downloaded from virtual appliances can only be uploaded and restored to a virtual appliance. Backups downloaded from hardware appliances can only be uploaded and restored to a hardware appliance. A hardware backup can be downloaded as virtual compatible once the hardware appliance has been authorized for VM Compatible Backups. A VM compatible backup can be uploaded and restored to a virtual appliance.

Archive servers

Archive servers are external physical servers where you store backup files and session recordings. Use the Archive Servers page on the Backup and Retention settings view to configure and manage archive servers.

You can configure an automatic backup schedule and specify which archive server will be used to automatically archive during a scheduled backup or when manually running a backup. For more information, see Backup settings..

For more information, see Archive backup..

To view and manage archive servers

  1. Navigate to Archive Servers settings:
    • web client: Navigate to Backup and Retention > Archive Servers.
  2. The Archive Servers page displays the following information about previously configured archive servers.
    • Name: The name of the archive server.
    • Archive Method: The transfer protocol type being used.
    • Network Address: The network DNS name or IP address used to connect to the server over the network.
    • Storage Path: The file path where you want to store backup files on the archive server.
    • Authentication Type: The type of authentication used to access the archive server, such as Password, Directory Account, or SSH Key.
    • SSH Host Key Fingerprint: The fingerprint of the SSH key that Safeguard for Privileged Passwords uses to authenticate to the asset.
    • Description: Information about the archive server.
  3. Use these tool bars buttons to perform operations.
    • Add: Add an archive server. For more information, see Adding an archive server..
    • Remove: Delete the selected archive server configuration.
    • Edit: Modify the selected archive server configuration.
    • Refresh: Update the list of archive server configurations.

Adding an archive server

Use the Archive Servers page on the Backup and Retention settings view to configure archive servers, which can then be selected to archive a backup file or assigned to an appliance to store its session recordings.

To configure an archive server

  1. Go to archive servers settings:

    • web client: Navigate to Backup and Retention > Archive Servers.
  2. Click Add and provide the following.

  3. Enter the display Name for the archive server. Limit: 100 characters.
  4. Enter Description information about the archive server. Limit: 255 characters.
  5. For Archive Method, select a transfer protocol type:
    • CIFS: Common Internet File System
    • SCP: Secure Copy Protocol
    • SFTP: Secure File Transfer Program
  6. For Network Address, enter a network DNS name or the IP address used to connect to the server over the network. Limit: 255 characters.
  7. If you select SCP or SFTP, enter the Port used by SSH to log in to the managed system. Not applicable for CIFS archive mode.
  8. For Storage Path, enter the file path where you want to store backup files on the archive server. Limit: 255 characters.
  9. For Authentication Type, select the type of authentication to be used to access the archive server:
    • Password (default)
    • Directory Account
    • SSH Key (Available if an Archive Method of SCP or SFTP is selected.)
  10. If Directory is the Authentication Type:

    1. Account Name: Click Browse to select the service account to be used to access the archive server.
    2. If you selected the Archive Method of SCP or SFTP, you can select Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server.
  11. If Password is the Authentication Type:
    1. For Account Name, you can do one of the following:
      • As an Appliance Administrator, if you also have Asset Administrator permission or are a Delegated Partition Owner, you can click Browse to select the service account to be used to access the archive server. If a Network Address was entered, you will see the managed accounts for the Network Address or no associated Network Address.

        Once you select an account, a Reset button is available to clear the managed account selection and Network Address is set to the selected account's network address.

      • Enter the Account Name instead of browsing for a managed account.
    2. Password: Enter the service account password.
    3. If you selected the Archive Method of SCP or SFTP, you can select Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server.
  12. If you selected the Archive Method of SCP or SFTP and selected SSH Key as the Authentication Type, proceed with these steps.

    1. For Account Name, you can do one of the following:
      • As an Appliance Administrator, if you also have Asset Administrator permission or are a Delegated Partition Owner, you can click Browse to select the service account to be used to access the archive server. If a Network Address was entered, you will see the managed accounts for the Network Address or no associated Network Address.

        Once you select an account, a Reset button is available to clear the managed account selection and Network Address is set to the selected account's network address.

      • Enter the Account Name instead of browsing for a managed account.
    2. In SSH Key Generation and Deployment Settings, select one of the following settings:
      • Automatically generate and deploy a new SSH Key: Enter the Password. Optionally, select Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server.
      • Automatically generate a new SSH Key that I will deploy myself: Optionally, select Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server.
      • Import an SSH Key that I will deploy myself: Browse to select the SSH Key file.

        NOTE:Safeguard for Privileged Passwords does not currently manage the options for an authorized key. If an imported key has any options configured in the authorized keys file on the asset, these options will not be preserved when the key is rotated by Safeguard for Privileged Passwords.

        1. Click Browse. On the Import an SSH Key dialog, click Browse then select the Private Key File.

        2. Enter a Password, if desired. A password is required if the private key is encrypted.

        3. Click Import.

        4. Optionally, select Auto Accept SSH Host Key to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server.

  13. Test Connection: Click this button to verify that the appliance can communicate with this archive server. For details, see:

  14. Click OK.

Once you have configured your archive servers, you need to designate a target archive for both your backup files and session recordings. For backup files, see Archive backup.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択