Skip to content

Reinstating a failed PAM Server

This section details the process required to restore a failed standalone PAM Server. It also outlines the different process available to restore a cluster.

Restoring a standalone PAM Server

If you have a standalone deployment then the following steps will apply to restoring your PAM Server.

Prerequisites

Before starting your restore make sure the following prerequisites are met:

Prerequisite Description
Recent Osirium backup file Ensure the Osirium backup file is available and accessible. See Data and Configuration backup for more information on backup file requirements.
Ports Ensure TCP ports 443 and 9002 are open as they are required for the PAM UI and PAM Client.

TCP 2380 (etcd, i.e. key-value store), 2390 (cluster setup API), 2391 (cluster delegation API), 5432 (postgres, i.e. database)

For a full list of ports used by the server click here .

Master Encryption Key Ensure you have the Master Encryption Key (MEK) of the PAM Server you are restoring.
Unmount external drives If you have any external drives configured then unmount from the existing server.
Hardware & Software Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements.

Prerequisites
Software downloads Download the Osirium PAM version you want to restore onto.

To download the latest PAM Server software release package for deployment into your infrastructure, click here.

To download earlier versions of the PAM Server software packages, please contact Osirium support by clicking here.

Restore a standalone PAM Server procedure

The diagram provides a high-level overview of the process for restoring a standalone PAM Server.

Standalone PAM Server restore procedure flowchart

Standalone restore procedure

Deploying the PAM Server

You will firstly need to deploy a new PAM Server to install your Osirium backup file onto.

Deployment into the different supported infrastructures may vary, therefore click on a link below to be navigated to the correct deployment steps.

Steps to restoring the PAM Server

  1. Open the console window of the new PAM Server.

  2. Within the Console window, press ENTER when prompted to start the setup and configuration.

  3. Read and accept the EULA to continue.

  4. Within the Configure Networking screen, configure the following server settings. Press TAB to navigate between the fields.

    • IP Address: Enter the IP Address which will be used to connect to the server.
    • Netmask: Enter the network mask.
    • Gateway: Enter the network default gateway IP address.
    • Primary DNS: Enter the network primary DNS IP address.
    • (Secondary DNS): Enter the secondary DNS IP address if relevant, else leave blank.

    configure networking

  5. Once completed TAB down to the OK button and press ENTER.

  6. When you get to the PAM Server Restore screen, SFTP onto the virtual appliance using the details shown on the screen.

    sftp details

  7. Copy the Osirium backup file of the PAM Server you want to restore. Once successfully copied, the screen will update and the copied Osirium backup file will appear in the list.

    Backup restore file

  8. Select the Osirium backup file and press ENTER. When prompted TAB to the OK button and press ENTER to confirm the restore.

  9. Enter the Master Encryption Key (including dashes) of the PAM Server that the backup was taken from. Select OK and press ENTER.

    Backup restore MEK

  10. Within the Enter a hostname window, enter a name to identify the server.

  11. TAB down to the OK button and press ENTER.

  12. Enter the FQDN (all in lowercase) or IP Address which will be assigned.

    Warning

    If your Osirium PAM deployment will be using the Mesh functionality which allows the PAM Server to push a copy of its Osirium backup files to a secondary PAM Server, then you must enter an FQDN and NOT an IP Address.

    FQDN or IP Address

    If the following error occurs then make sure that the hostname can be resolved and check if it has been included in the DNS A records - see Prerequisites.

    Hostname resolution error

  13. TAB down to the OK button and press ENTER.

  14. Set a password for the Primary SuperAdmin account. The username (SuperAdmin) and the password will be used later to log into the PAM UI.

  15. TAB down to the OK button and press TAB.

  16. Confirm the primary SuperAdmin account password.

  17. TAB down to the OK button and press TAB. Wait while the system is configured and restored with the backup file.

    Make a note of the https address which will be required to connect to the server via PAM.

Post restore tasks

Before allowing users to connect back onto the PAM Server:

  • Remount the external disk.

  • Before opening any device connections that use an Active Directory account, an audit needs to be manually triggered on all provisioned Active Directories. You can do this by right clicking the named Active Directory from the Manage Active Directory page, and select Trigger audit from the menu. This will allow additional fields on the Manage accounts> Active Directory accounts tab to be populated.

  • Ensure the devices are running successfully.

  • Ensure the devices are still accessible through the PAM interface.

  • Take an Osirium backup of the new PAM Server.

  • Supply users with new hostname connection details as they will have changed.

Restoring clustered deployments

If you have a clustered deployment then the restore method will depend on the backup strategy that you have adopted.