The configuration of SPS can be exported to your local machine from the Basic Settings > System > Export configuration page. The configuration export in itself is always a one-time action that cannot be configured in policies. However, the system backup (System backup), that contains the configuration export in addition to other items, can be configured as a scheduled policy and is saved to a backup server.
The exported file is a gzip-compressed archive. On Windows platforms, it can be decompressed with common archive managers such as the free 7-Zip tool.
The name of the exported file is <hostname_of_SPS>-YYYMMDDTHHMM.config, the -encrypted or -gpg suffix is added for password-encrypted and GPG-encrypted files, respectively. Because the configuration export contains highly sensitive information, it is strongly suggested that you use encryption when generating the export.
For details on how to export the configuration of SPS, see: Exporting the configuration of SPS.
Manually archiving the configuration.
Reinstalling a SPS machine and restoring its configuration.
Migrating the configuration of an already installed SPS to a freshly installed SPS of the same version and therefore creating a machine with an identical configuration.
Configuration XML file
Every change of the configuration of SPS. You can also access these changes at AAA > Accounting in a search interface.
Certificates, for example:
CA certificates
TSA certificates
Signing CA
Stored key files, for example:
Trusted keys
User keys
RDP5 RSA key
User Preferences that are configured at User Menu > Preferences.
Certificates and corresponding private keys in your private keystore that are configured at User Menu > Private Keystore . Only the content of the Permanent keystore is exported.
Custom Report Logo configured at Reporting > Configuration.
Plugins and any data persisted by plugins.
Local Credentials Store (the SQLite database) configured at Policies > Credential Stores.
The system backup contains the configuration export in addition to other items. It can be configured as a scheduled policy and is saved to a backup server.
Because the configuration export, which is part of the system backup contains highly sensitive information, it is strongly suggested that you use encryption when generating the export. For details on encrypting the configuration export part, see: Encrypting configuration backups with GPG.
For details on how to perform a system backup of SPS, see: Creating configuration backups. It is a two-step process:
Create a backup policy at Policies > Backup & Archive/Cleanup > Backup policies.
Assign that policy to the system backup at Basic Settings > Management > System backup > System backup policy.
Select Encrypt configuration.
For details on how to restore the configuration and data of SPS from a complete backup, for example, after a hardware replacement, see: Restoring SPS configuration and data.
Recovery in case of errors.
config directory:
One configuration export file per scheduled backup.
db directory:
A database dump from SPS's connection metadata database, one .sql file overwritten with the actual dump on a daily basis.
reports directory:
The scheduled daily, weekly, monthly system reports that are accessible at Reporting > Reports are saved in .pdf files.
rrd directory:
The output files of the internal system monitoring tool (Munin). These are the files that are used in generating graphs/charts on the Basic Settings > Dashboard page.
sql directory:
The internal SQLite databases, for example metadata about the reports.
The connection backup, also known as data backup contains the audit files and connection metadata of a connection. It can be configured as a scheduled policy and is saved to a backup server.
For details on how to perform a connection backup of a connection, see: Creating data backups. It is a three-step process:
Configure a system backup. Restoring a data backup works only if a matching system configuration and metadata is available, that is, if a system backup is restored first.
Create a backup policy at Policies > Backup & Archive/Cleanup > Backup policies.
Navigate to <Protocol name> Control > Connections. Select the connection you want to back up. Select the previously created backup policy in the Backup policy field.
For details on how to restore the configuration and data of SPS from a complete backup, for example, after a hardware replacement, see: Restoring SPS configuration and data.
Saving the created audit trail files and indexing metadata of a connection to a remote share. This is a copy operation in terms of data files.
Recovery: In case of a hardware replacement, creating configuration export, system backup and connection backups is essential.
Migration: Creating a machine identical to another SPS machine.
The audit trails of the connection, that is, the .zat files storing the recorded activities of the administrators. For details on audit trails, see Audit Policies.
The index of the audit trail that makes the content of the audit trail searchable. For details on indexing audit trails, see Indexing audit trails.
|
NOTE:
Audit trails and index files are large. This means that backing up a connection requires a significant amount of free hardware space. Make sure you have enough free hardware space for those connections that you want to back up. |
The connection archive, also known as data archive contains the audit files and connection metadata of a connection. In terms of contents, it is similar to a connection backup. It can be configured as a scheduled policy and is saved to an archive server. Archiving transfers data from SPS to an external storage solution, cleanup removes (deletes) old files. Archived data can be accessed and searched, but cannot be restored (moved back) to the SPS appliance.
For details on how to perform a connection archive of a connection, see: Archiving or cleaning up the collected data. It is a two-step process:
Create an archive policy at Policies > Backup & Archive/Cleanup > Archive/Cleanup policies.
Navigate to <Protocol name> Control > Connections. Select the connection you want to archive. Select the previously created archive policy in the Archive/Cleanup policy field.
|
Caution:
Hazard of data loss! Never delete an Archive Policy if data has been archived with it. This will make the already archived data inaccessible. Do not "remake" an Archive Policy (that is, deleting an Archive Policy and then creating another one with the same name but different parameters). This will make data inaccessible, and identifying the root cause of the issue complicated. If you want to change the connection parameters (that is when you perform a storage server migration), you must make sure that the share contents and file permissions are kept unmodified and there are no archiving or backup tasks running. On the other hand, if you want to add a new network share to your archives, proceed with the following steps:
It is also safe to extend the size of the network share on the server side. |
Moving the created audit trail files and indexing metadata of a connection to a remote share. This is a move operation in terms of data files. Archived data can be accessed and searched, but cannot be restored (moved back) to the SPS appliance.
Freeing up hardware space on SPS.
The audit trails of the connection, that is, the .zat files storing the recorded activities of the administrators. For details on audit trails, see Audit Policies.
The index of the audit trail that makes the content of the audit trail searchable. For details on indexing audit trails, see Indexing audit trails.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy