立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 7.5 - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Backup and Restore

It is the responsibility of the Appliance Administrator to manage Safeguard for Privileged Passwords backups.

As a best practice, store backups on an archive server that is external from the appliance so that the backup image is available for restoration even if there is a catastrophic disk or hardware failure. Keep only a minimum number of backup files on the appliance. After you download or archive the Safeguard Backup Files (.sgb), use Delete to remove them. You can set the maximum number of backup files you want Safeguard for Privileged Passwords to retain on the appliance in Backup and Retention.

For maximum backup protection, Appliance Administrators can configure the cluster wide GPG public key or password encryption. Either will protect all subsequent backups generated from each appliance in the cluster. GPG protection will apply when downloaded or archived. Password protection will apply when generated. For details, see:

  • Go to Backup and Restore:
    • web client: Navigate to Backup and Retention > Backup and Restore.

    The Backup and Restore page lists this information for the backups that are currently in the database.

    Table 21: Backup and Restore: Properties
    Property Description
    Date The date of the backup
    Progress

    The status of the backup: Running or Complete

    File Size (MB) The size of the backup file in megabytes
    Appliance Name The name of the appliance
    Appliance Version The version of the SPP Appliance

    Protection Type

    Hover over an icon to view the type of protection:

    • (default) Standard protection: No password or GPG key is required.
    • GPG public key protection: A private key is required to upload the backup to be restored.
    • Password protection: A password is required to restore the backup.
    User

    The name of the user that created the backup

    Last Archived Date The date the selected backup ran
    Archive Server Name

    The name of the server on which the backup was archived

    File Name

    The Safeguard backup file name which is an .sgb file.

    Use these toolbar buttons to manage SPP backups.

    Table 22: Backup and Restore: Toolbar
    Option Description
    Run Now

    Create a backup copy of the data that is currently on the appliance. For more information, see Run Now..

    Remove

    Remove the selected backup file from the Backups page and the SPP database. The backup is immediately removed.

    Download

    Save the selected backup file in a location on your appliance. For more information, see Download a backup..

    Download VM Compatible

    Use this option to download a VM compatible backup, which can then be uploaded and restored on a SPP virtual machine. In order to download a VM compatible backup it must have been created with password or GPG public key protection settings. To enable the option to download a VM compatible backup of a hardware appliance, see Authorize VM Compatible Backups.

    IMPORTANT: You cannot upload a backup to hardware that has been downloaded from hardware as VM compatible.

    Upload

    Retrieve a backup file from a file location and add it to the Backups page list. For more information, see Upload a backup..

    Restore

    For the selected backup file, overwrite the current data and restore SPP to the selected backup. For more information, see Restore a backup..

    Archive

    Store the selected backup file on an external archive server. For more information, see Archive backup..

    Settings
    Refresh

    Update the list of backup files on the Backups page.

  • Run Now

    You can click Run Now to manually trigger and create a new backup. If password or GNU Privacy Guard (GPG) encryption is set for appliance or on the primary appliance for cluster-wide encryption, those encryption settings are enforced when you select Run Now.

    If you have selected Send to archive server, the backup will be sent to the archive server. For more information, see Backup settings..

    To create a new backup

    1. Navigate to Backup and Restore:
      • web client: Navigate to Backup and Retention > Backup and Restore.
    2. Click  Run Now. In the web client, an Adding backup file progress bar displays to let you know the process is Running.
    3. If password encryption is required on an appliance or a primary appliance for cluster-wide backup encryption, you are prompted to enter the password. If encryption is set, make sure the password or private GPG key is available for restoring the backup later, if necessary. For more information see, Backup and restore, Backup protection settings.
    4. Verify that the Safeguard Backup File (.sgb) has been created.

    Caution: If you restore a backup that is older than the Maximum Password Age set in the Local Login Control settings, all user accounts (including the bootstrap administrator) will be locked out and you will have to reset all of the user account passwords. To avoid this situation, you can reset the Maximum Password Age to zero before you perform the backup, then reset it after the restore.

    TIP: As a best practice, perform backups more frequently than the Maximum Password Age setting.

    Caution: SPP can not restore any access request workflow events in process at the time of a backup.

    CAUTION: When restoring a backup that was created with a Hardware Security Module integration in place, the encryption key used at the time of the backup creation needs to still be present and accessible by the SPP appliance. If not, the appliance will not be able to verify the Hardware Security Module configuration used to encrypt the data in the backup. You will be allowed to continue with the restore, however the SPP appliance will most likely Quarantine in the process, so this is not recommended.

    Download a backup

    SPP allows you to save a selected backup file in a location on your computer. SPP copies the selected backup file; it does not remove the backup from the list displayed on the Backup and Restore page. An Appliance Backup Downloaded event is generated and sent to the audit log when a backup is downloaded from the appliance. The event will note if the backup was downloaded as VM compatible. To remove a file from the list display, select the file and click Remove.

    To download the backup file

    1. Go to Backup and Restore:
      • web client: Navigate to Backup and Retention > Backup and Restore.
    2. Select a backup file:

      • Download: Use this option to save the selected backup file in a location on your appliance.

      • Download VM Compatible: Use this option to download a VM compatible backup, which can then be uploaded and restored on a Safeguard virtual machine. In order to download a VM compatible backup it must have been created with password or GPG public key protection settings. This is only available on hardware appliances once Authorize VM Compatible Backups has been requested and approved.

        IMPORTANT: You cannot upload a backup to hardware that has been downloaded from hardware as VM compatible.

    3. The .sgb file is downloaded to the browser's Download folder as defined in the browser settings. The file has a name similar to the following which includes the date: 946d66a4fecb4359a8b01fab75519d80_Safeguard_Backup_20200617-165625.sgb

      NOTE: There is no difference in the downloaded backup filename for regular download versus VM Compatible download.

    Upload a backup

    SPP allows you to retrieve a Safeguard Backup File (.sgb) from a file location and add it to the SPP Backup and Restore page list for the appliance. For more information, see Restore a backup..

    An Appliance Backup Uploaded event is generated and stored in the audit log when a backup is successfully uploaded to the appliance. An Appliance Backup Upload Failed event is generated and stored in the audit log when a backup upload fails on the appliance.

    Backups generated and downloaded from a virtual machine can only be uploaded to a virtual machine. Backups generated and downloaded on hardware appliances can only be uploaded to a hardware appliance. Backups generated and downloaded as VM compatible on hardware appliances can only be uploaded to virtual machines.

    To upload a backup file

    IMPORTANT: Once you start uploading a backup, do not leave or refresh the page. Doing so will cause the browser to lose track of the upload and you will have to restart the process.

    1. If a GPG public key was used to encrypt the backup, the private key holder must decrypt the Safeguard Backup File (.sgb) before it can be uploaded to SPP. For more information, see Backup protection settings..
    2. To upload Safeguard Backup File (.sgb), go to Backup and Restore:
      • web client: Navigate to Backup and Retention > Backup and Restore.
    3. Click  Upload.
    4. Browse to select the backup file and click Open. The Uploading backup file progress bar displays. When complete, the file is uploaded and is now available to be restored. For more information, see Restore a backup..
    相关文档

    The document was helpful.

    选择评级

    I easily found the information I needed.

    选择评级