Safeguard for Privileged Passwords allows you to define and schedule an audit log management task to purge audit logs from the Safeguard for Privileged Passwords Appliance and archive older audit logs to a designated archive server. Archiving audit logs allows you to keep critical and relevant data online and current while eliminating or archiving audit logs that are no longer required.
To define and schedule when to perform an audit log archival task:
Select Run Every to run the job along per the run details you enter. (If you deselect Run Every, the schedule details are lost.
To specify the frequency without start and end times, select from the following controls. If you want to specify start and end times, go to the Use Time Window selection in this section.
Hours: The job runs per the minute setting you specify. For example, if it is 9 am and you want to run the job every 2 hours at 15 past the hour starting at 9:15 am, you would select Runs Every 2 Hours @ 15 minutes after the hour.
Days: The job runs on the frequency of days and the time you enter.
For example, Every 2 Days @ 11:59:00 PM runs the job every other evening just before midnight.
Weeks The job runs per the frequency of weeks at the time and on the days you specify.
For example, Every 2 Weeks @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 am on Monday, Wednesday, and Friday.
Months: The job runs on the frequency of months at the time and on the day you specify.
For example, If you select Every 2 Months @ 1:00:00 AM along with First Saturday of the month, the job will run at 1 am on the first Saturday of every other month.
Select Use Time Windows if you want to enter the Start and End time. You can click add or - delete to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.
For example, for a job to run every ten minutes every day from 10 pm to 2 am you would enter these values:
Enter Every 10 Minutes and Use Time Windows:
Start 12:00:00 AM and End 2:00:00 AM
An entry of Start 10:00:00 PM and End 2:00:00 AM will result in an error that the end time must be after the start time.
If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.
For a job to run two times every other day at 10:30 am between the hours of 4 am and 8 pm, you would enter these values:
For days, enter Every 2 Days and set the Use Time Windows as Start 4:00:00 AM and End 20:00:00 PM and Repeat 2.
|
Note: This option is only available if you have configured an archive server. For more information, see Adding an archive server. |
It is the responsibility of the Appliance Administrator to manage Safeguard for Privileged Passwords backups.
As a best practice, store backups on an archive server that is external from the appliance so that the backup image is available for restoration even if there is a catastrophic disk or hardware failure. Keep only a minimum number of backup files on the appliance. After you download or archive the backup files, use Delete to remove them from the desktop client application. You can set the maximum number of backup files you want Safeguard for Privileged Passwords to retain on the appliance in Backup and Retention settings.
|
NOTE: When a backup is created, the state of the sessions module is saved which can be either the joined sessions module (SPS) or the earlier embedded sessions module (SPP). Restoring a backup restores the sessions module to the state when the backup was taken, regardless of the state when the restore was started. |
Navigate to Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.
The Safeguard for Privileged Passwords Backup and Restore page lists this information for the backups that are currently in the database.
Property | Description |
---|---|
Date | The date of the backup. |
Time | The time of the backup. |
Progress |
The status of the backup: Running or Complete. |
File Size (MB) | The size of the backup file in megabytes. |
Appliance Name | The name of the appliance. |
Appliance Version | The version of the Safeguard for Privileged Passwords Appliance. |
User |
The name of the user that created the backup. |
Last Archived Date | The date the selected backup ran. |
Archive Server Name | The name of the server on which the backup was archived. |
Use these toolbar buttons to manage Safeguard for Privileged Passwords backups.
Option | Description |
---|---|
Create a backup copy of the data that is currently on the appliance. For more information, see Run Now. | |
Remove the selected backup file from the Backups page and the Safeguard for Privileged Passwords database. | |
Update the list of backup files on the Backups page. | |
Where you configure an automatic backup schedule. For more information, see Backup settings. | |
Save the selected backup file in a location on your appliance. For more information, see Download. | |
Retrieve a backup file from a file location and add it to the Backups page list. For more information, see Upload. | |
|
Overwrite the current data and restore Safeguard for Privileged Passwords to the selected backup. For more information, see Restore. |
|
Store a backup file on an external archive server. For more information, see Archive backup. |
Safeguard for Privileged Passwords makes a copy of the current database.
|
Caution: If you restore a backup that is older than the Maximum Password Age set in the Login Control settings, all user accounts (including the bootstrap administrator) will be locked out and you will have to reset all of the user account passwords. To avoid this situation, you can reset the Maximum Password Age to zero before you perform the backup, then reset it after the restore. |
|
TIP: As a best practice, perform backups more frequently than the Maximum Password Age setting. |
|
Caution: Safeguard for Privileged Passwords can not restore any access request workflow events in process at the time of a backup. |
Settings is where you configure an automatic backup schedule.
If you schedule a backup and a backup has already occurred for that interval (Minute, Hour, Day, Week, or Month), Safeguard for Privileged Passwords will not execute another backup until the following minute, hour, day, week, or month. For example, if a backup has already occurred today and you set the backup schedule to run a daily backup, Safeguard for Privileged Passwords will not run the backup until tomorrow.
The backup schedule window end time must be after the start time.
To schedule backups
In the Backup Settings dialog, specify the backup schedule. Select Backup Every to run the job along per the run details you enter. (If you deselect Backup Every, the details are lost.)
To specify the frequency without start and end times, select from the following controls. If you want to specify start and end times, go to the Use Time Window selection in this section.
Hours: The job runs per the minute setting you specify. For example, if it is 9 am and you want to run the job every 2 hours at 15 past the hour starting at 9:15 am, you would select Runs Every 2 Hours @ 15 minutes after the hour.
Days: The job runs on the frequency of days and the time you enter.
For example, Every 2 Days @ 11:59:00 PM runs the job every other evening just before midnight.
Weeks The job runs per the frequency of weeks at the time and on the days you specify.
For example, Every 2 Weeks @ 5:00:00 AM and Repeat on these days with MON, WED, FRI selected runs the job every other week at 5 am on Monday, Wednesday, and Friday.
Months: The job runs on the frequency of months at the time and on the day you specify.
For example, If you select Every 2 Months @ 1:00:00 AM along with First Saturday of the month, the job will run at 1 am on the first Saturday of every other month.
Select Use Time Windows if you want to enter the Start and End time. You can click add or - delete to control multiple time restrictions. Each time window must be at least one minute apart and not overlap.
For example, for a job to run every ten minutes every day from 10 pm to 2 am you would enter these values:
Enter Every 10 Minutes and Use Time Windows:
Start 12:00:00 AM and End 2:00:00 AM
An entry of Start 10:00:00 PM and End 2:00:00 AM will result in an error that the end time must be after the start time.
If you have selected Days, Weeks, or Months, you will be able to select the number of times for the job to Repeat in the time window you enter.
For a job to run two times every other day at 10:30 am between the hours of 4 am and 8 pm, you would enter these values:
For days, enter Every 2 Days and set the Use Time Windows as Start 4:00:00 AM and End 20:00:00 PM and Repeat 2.
|
Note: This option is only available if you have configured an archive server. For more information, see Adding an archive server. |
You configure the maximum number of backup files you want Safeguard for Privileged Passwords to store on the appliance on the Backup retention page.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy