立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 6.7.4 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Messaging settings (desktop client) Password Management settings Safeguard Access settings SSH Key Management settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP Glossary About us

Download a backup

Safeguard for Privileged Passwords allows you to save a selected backup file in a location on your computer. Safeguard for Privileged Passwords copies the selected backup file; it does not remove the backup from the list displayed on the Backup and Restore page. To remove a file from the list display, select the file and click Remove.

To download the backup file

  1. Go to Safeguard Backup and Restore:
    • web client: Navigate to  Settings | Backup and Retention | Safeguard Backup and Restore.
    • desktop client: Navigate to Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.
  2. Select a backup file and click Download.
  3. Based on your client:
    • web client: The .sgb file is downloaded to the browser's Download folder as defined in the browser settings. The file has a name similar to the following which includes the date: 946d66a4fecb4359a8b01fab75519d80_Safeguard_Backup_20200617-165625.sgb
      When y
    • desktop client: Browse to select a location of your choice. Give the file a name and click OK.

Upload a backup

Safeguard for Privileged Passwords allows you to retrieve a Safeguard Backup File (.sgb) from a file location and add it to the Safeguard for Privileged Passwords Backup and Restore page list for the appliance. For more information, see Restore a backup.

Safeguard for Privileged Passwords detects all attempted uploads of an invalid backup. If a backup is GNU Privacy Guard (GPG) encrypted, a message like the following displays: The uploaded file could not be validated as a genuine Safeguard backup image. It has been blocked from the appliance. An audit event is created for the failed backup load with the error reasons which include an invalid signature.

To upload a backup file

  1. If a GPG public key was used to encrypt the backup, the private key holder must decrypt the Safeguard Backup File (.sgb) before it can be uploaded to Safeguard for Privileged Passwords. For more information, see Backup protection settings.
  2. To upload Safeguard Backup File (.sgb), go to Safeguard Backup and Restore:
    • web client: Navigate to  Settings | Backup and Retention | Safeguard Backup and Restore.
    • desktop client: Navigate to Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.
  3. Click  Upload.
  4. Browse to select the backup file and click Open. The Uploading backup file progress bar displays. When complete, the file is uploaded and is now available to be restored. For more information, see Restore a backup.

Restore a backup

Safeguard for Privileged Passwords allows you to restore the data on your appliance with data from a selected backup. Safeguard for Privileged Passwords does not restore the appliance IP address, NTP settings, or the DNS settings.

To verify that the settings are correct after a restore, go to:

  • web client: Navigate to  Settings | Appliance | Appliance Information.

  • desktop client: Navigate to Administrative Tools | Settings | Appliance | Appliance Information.

There are special considerations for restoring a clustered appliance. For more information, see Using a backup to restore a clustered appliance.

Caution: If you restore a backup that is older than the Maximum Password Age set in the Local Login Control settings, all user accounts (including the bootstrap administrator) will be disabled and you will have to reset all of the user account passwords or SSH keys. If your bootstrap administrator's password is locked out, you can reset it from the Recovery Kiosk. For more information, see Admin password reset.

Version considerations when restoring a backup

An Appliance Administrator can restore backups as far back as Safeguard for Privileged Passwords version 2.2.0.6958. Only the data is restored; the running version is not changed.

If the administrator attempts to restore a version earlier than 2.2.0.6958, a message like the following displays: Restore failed because the backup version '[version]' is older than the minimum supported version '2.2.0.6958' for restore.

You cannot restore a backup from a version newer than the one running on the appliance. The restore will fail and a message like the following displays: Restore failed because backup version [version] is newer then the one currently running [version].

The backup version and the running version display in the Activity Center logs that are generated when Safeguard starts, completes, or fails a restore.

To restore the Safeguard for Privileged Passwords appliance from a backup

  1. Go to Safeguard Backup and Restore:
    • web client: Navigate to  Settings | Backup and Retention | Safeguard Backup and Restore.
    • desktop client: Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.
  2. Select a backup. If the backup file is not listed, you can  Upload the .sgb backup file. For more information, see Upload a backup.
  3. Click Restore.
    If a problematic condition is detected, Warning for Restore of Backup displays along with details in the Restore Warnings, Warning X of X message. Click Cancel to stop the restore process and address the warning or click Continue to move to the next warning (if any) or complete the process.
  4. If the backup is protected by a password, the Protected Backup Password dialog displays. Type the password in the Enter Backup Password text box. If the password entered is not correct, the OK button is disabled and you cannot proceed. For more information, see Backup protection settings.
  5. When the Restore dialog displays, enter the word Restore in the box and click OK.

    Safeguard for Privileged Passwords automatically restarts the appliance, if necessary.

  6. After restoring from backup verify that the following are set correctly.

    • Check the archive server in the automated backup schedule. If necessary, set the correct archive server. For more information, see Archive backup.

    • Check the archive server in the session archive settings. If necessary, set the correct archive server. If you used the embedded sessions module and had an archive server configured, the archive server must be configured to play back the archived sessions.

    • If you restored a backup to a different appliance, managed networks will no longer have any assigned appliances. Password and SSH key management and discovery tasks will fail. For more information, see Managed Networks.
  7. Once the appliance is fully operational, it asks you to restart the Windows desktop client. All modifications to Safeguard for Privileged Passwords objects since the backup was created will be lost.

Caution: After a restore, requesters, approvers, and reviewers will not have access to any access request workflow events that were in process at the time of the backup. The Activity Center displays those workflow events as incomplete.

Archive backup

Safeguard for Privileged Passwords allows you to store backup files on an external archive server.

To archive a backup file

The archive server must be set up. For more information, see Adding an archive server.

  1. Go to Safeguard Backup and Restore:
    • web client: Navigate to  Settings | Backup and Retention | Safeguard Backup and Restore.
    • desktop client: Administrative Tools | Settings | Backup and Retention | Safeguard Backup and Restore.
  2. Select the backup to be archived.
  3. Proceed to archive the backup:
    • web client: Click  Archive. On the Archive Servers dialog, choose an archive server.
    • desktop client: Click  Archive and select Archive Backup. In the Archive Servers dialog, choose an archive server. You can add an archive server from the Archive Servers dialog by clicking the Add Archive Server toolbar button.

Safeguard for Privileged Passwords copies the backup file to the archive server.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级