Data and configuration backup
This section covers:
Overview
The PAM Server restore procedure requires a backup so it is important that regular backups are taken and kept in accordance with your corporate backup and recovery strategy. This will enable a PAM Server to be restored when a system failure occurs.
Depending on your Osirium PAM deployment the backup requirements to restore a PAM Server will differ. In order to successfully reinstate your setup you will need to follow the correct backup guidelines and requirements.
Standalone backup requirements
If you have a standalone PAM Server deployed then an Osirium backup file will be needed to recover the server.
The PAM Server backup task can be used to create the Osirium backup file needed for reinstating a standalone failed PAM Server. The Osirium backup file can either be created on an adhoc basis or a schedule can be created and run automatically through a profile.
Generated Osirium backup files will be available for download through the Admin Interface Manage files page.
Included in the Osirium backup file
Osirium Backup files will contain the following data and configuration:
- Copy of the database which includes all user, device and profile configurations.
- Task logs.
- Templates.
- Version information.
- Encrypted passphrase. (Only if the Backup breakglass passphrase has been configured.)
- Certificates.
Storing Osirium backup files
Osirium backup files should be stored in accordance with your companies backup policy. Alternatively, they can be stored using the Osirium PAM mesh solution. See here for information on the mesh solution.
Not included in the Osirium backup file
The following files will not be included in an Osirium backup file:
- Task files (backups, techouts etc.).
- Session recordings.
Session recording files will be automatically stored on your configured external filestore which is the recommendation when using our session recording feature. An external filestore is needed for these types of files to ensure the internal disk does not get filled up.
If an external filestore has been configured then the PAM Server filestore will be moved to the external disk and the following files will be stored onto it:
- Session recordings.
- Archived session recordings.
- Osirium backup and Techout files.
- Archived task files.
External filestores can be unmounted from the failed server and remounted onto the new server.
Note
If an external filestore has NOT been configured then you will need to manually copy and backup these files from the internal filestore (/data/osirium/filestore/
) and store them with your Osirium backup file in accordance with your company policy.
Cluster backup requirements
If you have a clustered Osirium PAM deployed then you will have to ensure one of the following backup requirements are met in order to recover your system. Before choosing the backup method that best suits your company policy, make sure you fully understand the recovery process involved for each backup method.
The backup methods are:
Leader only Osirium backup file
This method requires only the restoration of the leader node using an Osirium backup file of the leader node. All followers will need to be recreated from new and local configurations will need to be manually reapplied as part of this recovery method.
You will need to implement a strategy perform Osirium backups of your leader node. You may also want to implement a strategy to perform Osirium backups of your existing followers to preserve local data for auditing purposes and store the Osirium backups inline with your company policy. Existing followers will become redundant when the leader is restored and can be deleted.
The PAM Server Osirium backup task can be used to create the backup file needed for reinstating a failed leader node. The Osirium backup file can either be created on an adhoc basis or a schedule can be created and run automatically through a profile.
Generated Osirium backup files will be available for download through the Admin Interface Manage files page.
Osirium backup files will contain the following data and configuration:
- Copy of the database which includes all user, device and profile configurations.
- Task logs.
- Templates.
- Version information.
- Encrypted KeePass (Only if the Backup breakglass passphrase has been configured.)
- Certificates.
Storing Osirium backup files
Osirium backup files should be stored in accordance with your companies backup policy. Alternatively, can be stored using the Osirium PAM mesh solution. See here for information on the mesh solution.
Not included in the Osirium backup file
The following files will not be included in an Osirium backup file:
- Task files (backups, techouts etc.).
- Session recordings.
Session recording files will be automatically stored on your configured external filestore which is the recommendation when using our session recording feature. An external filestore is needed for these types of files to ensure the internal disk does not get filled up.
If an external filestore has been configured then the PAM Server filestore will be moved to the external disk and the following files will be stored onto it:
- Session recordings.
- Archived session recordings.
- Osirium backup and Techout files.
- Archived task files.
External filestores can be unmounted from the failed server and remounted onto the new server.
Note
If an external filestore has NOT been configured then you will need to manually copy and backup these files from the internal filestore (/data/osirium/filestore/
) and store them with your Osirium backup file in accordance with your company policy.
Click here for instructions on how to restore a cluster leader using an Osirium backup file.
Virtual machine (VM) level backups
This method requires the restoration of all nodes (leader and followers) using VM level backups. Therefore, VM level backups of your PAM Cluster within your infrastructure need to be created and stored inline with your company policy.
When a leader node fails, all nodes in the cluster need to recreated using each nodes VM level backup. Once the leader is back online the nodes will be synched to ensure they are up to date with the leader node.
VM level backups will contain the following:
- PAM Server operating system.
- Copy of the database which includes all user, device and profile configurations.
- Task logs.
- Templates.
- Version information.
- Encrypted passphrase.
- Certificates.
If an external filestore has been configured then the PAM Server filestore with the following files will not be included in the VM level backup.
- Session recordings.
- Archived session recordings.
- Backup and Techout files.
- Archived task files.
Storing VM backup files
VM level backups should be stored in accordance with your companies backup policy.
Click here for instructions on how to restore a cluster using VM level backups.