Reinstating a failed PAM Server
This section details the process required to restore a failed standalone PAM Server.
- Prerequisites
- Restore a standalone PAM Server procedure
- Deploying the PAM Server
- Steps to restore the PAM Server
- Post restore tasks
Prerequisites
Before starting your restore make sure the following prerequisites are met:
| Prerequisite | Description |
|---|---|
| Hardware and Software | Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements. |
| Ports | For information on the ports required by PAM and used between PAM components click here. |
| Software downloads | Download the Osirium PAM version you want to restore onto. To download the latest PAM Server software release package for deployment into your infrastructure, click here. To download earlier versions of the PAM Server software packages, please contact Osirium support by clicking here. |
| Disk space | Ensure the main disk has a minimum of 5GB free disk space. |
| Recent Osirium backup file | Ensure the Osirium backup file is available and accessible. See Data and Configuration backup for more information on backup file requirements. |
| Master Encryption Key | Ensure you have the Master Encryption Key (MEK) of the PAM Server you are restoring. |
| Unmount external drives | If you have any external drives configured then unmount from the existing server. |
Restore a standalone PAM Server procedure
The diagram provides a high-level overview of the process for restoring a standalone PAM Server.
Standalone PAM Server restore procedure flowchart
Deploying the PAM Server
You will firstly need to deploy a new PAM Server to install your Osirium backup file onto.
Deployment into the different supported infrastructures may vary, therefore click on a link below to be navigated to the correct deployment steps.
- Deploy using VMWare vSphere
- Deploy using Microsoft Azure
- Deploy using Microsoft Hyper-V
- Deploy using Amazon Web Services
- Deploy using Nutanix Prism Central
Steps to restore the PAM Server
-
Open the console window of the new PAM Server.
-
Within the Console window, press ENTER when prompted to start the setup and configuration.
-
Read and accept the EULA to continue.
-
Select Restore a backup as the installation type and press ENTER.
-
Within the Configure Networking screen, configure the following server settings. Press TAB to navigate between the fields.
- IP Address: Enter the IP Address which will be used to connect to the server.
- Netmask: Enter the network mask.
- Gateway: Enter the network default gateway IP address.
- Primary DNS: Enter the network primary DNS IP address.
- (Secondary DNS): Enter the secondary DNS IP address if relevant, else leave blank.
- (DNS Suffixes): Enter the DNS Suffixes. Multiple entries can be separated with a comma, else leave blank.
Note
If you are using a .local domain, DNS suffixes MUST be added.
-
Once completed TAB down to the
OKbutton and press ENTER. -
When you get to the PAM Server Restore screen, SFTP onto the virtual appliance using the details shown on the screen.
-
Copy the Osirium backup file of the PAM Server you want to restore. Once successfully copied, the screen will update and the copied Osirium backup file will appear in the list.
-
Select the Osirium backup file and press ENTER. When prompted press ENTER to confirm the restore.
-
Enter the Master Encryption Key (including dashes) of the PAM Server that the backup was taken from. Select
OKand press ENTER. -
Within the Enter a hostname window, enter a name to identify the server.
-
Press ENTER. Wait while the system is configured and restored with the backup file.
Post restore tasks
Before allowing users to connect back onto the PAM Server:
| Post upgrade task | Description |
|---|---|
| Remount the external drives | If you had any external drives configured then remount to the new leader node. |
| Trigger AD audit | Before opening any device connections that use an Active Directory account, an audit needs to be manually triggered on all provisioned Active Directories. You can do this by right clicking the Active Directory on the Manage Active Directory page, and select Trigger audit from the menu. This will allow additional fields on the Active Directory account page to be populated. |
| Check device states | Check device status to ensure they are running successfully. |
| Check user connections | Check users can connect to devices. |
| Backup | Take an Osirium backup and VM level backup of the virtual appliance. See Backup and Recovery for further details. |
| Provide new connection details | Provide users with new hostname connection details as they will have changed. |