Skip to content

Backing up the PAM Server

This section covers:

Standalone backup requirements

The PAM Server restore procedure requires a backup so it is important that regular backups are taken and kept in accordance with your corporate backup and recovery strategy. This will enable a PAM Server to be restored when a system failure occurs.

If you have a standalone PAM Server deployed then an Osirium backup file will be needed to recover the server.

The PAM Server backup task can be used to create the Osirium backup file needed for reinstating a standalone failed PAM Server. The Osirium backup file can either be created on an adhoc basis or a schedule can be created and run automatically through a profile.

Generated Osirium backup files will be available for download through the Admin Interface Manage files page.

Included in the Osirium backup file

Osirium Backup files will contain the following data and configuration:

  • Copy of the database which includes all user, device and profile configurations.
  • Task logs.
  • Templates.
  • Version information.
  • Encrypted passphrase. (Only if the Backup breakglass passphrase has been configured.)
  • Certificates.

Storing Osirium backup files

Osirium backup files should be stored in accordance with your companies backup policy. Alternatively, they can be stored using the Osirium PAM mesh solution. See here for information on the mesh solution.

Not included in the Osirium backup file

The following files will not be included in an Osirium backup file:

  • Task files (backups, techouts etc.).
  • Session recordings.

Session recording files will be automatically stored on your configured external filestore which is the recommendation when using our session recording feature. An external filestore is needed for these types of files to ensure the internal disk does not get filled up.

If an external filestore has been configured then the PAM Server filestore will be moved to the external disk and the following files will be stored onto it:

  • Session recordings.
  • Archived session recordings.
  • Osirium backup and Techout files.
  • Archived task files.

External filestores can be unmounted from the failed server and remounted onto the new server.

Note

If an external filestore has NOT been configured then you will need to manually copy and backup these files from the internal filestore (/data/osirium/filestore/) and store them with your Osirium backup file in accordance with your company policy.