Scribd
Upload
200 views22 pages

16-PAM-ADMIN Backup and Restore

Uploaded by

yaohang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
200 views22 pages

16-PAM-ADMIN Backup and Restore

Uploaded by

yaohang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Backup and Restore

By the end of this session, you will be able to:

• Describe the Backup and Restore solution

• Test the procedures for Vault backup and restore


Agenda

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


Overview

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


Policy requires integration with an Enterprise
Backup Solution.

Policy requires granular point in time data


protection.

Policy requires object-level data protection.

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


• The Safes in the Vault are stored in
the Data sub-directory
• Information about users, network
areas, Safes, log records, and all
activities that occur between them is
stored in a database. Database files
are stored in the Metadata sub-
directory
• The Data and Metadata folders are
extremely important and it is
imperative to back them up regularly
• The CyberArk Vault enables you to
backup and restore a single Safe to a
Vault, as well as a complete Vault’s
data and metadata 5

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


cyberark.com
Vault backup can be implemented in two ways:

• Third-party backup software is installed on the Vault and the application has
Direct Backup access to the backup folders
(Not Recommended) • This introduces an external application to the Vault and potentially reduces the
level of security

• The PrivateArk Replicate Utility is installed on another server on the network,


Indirect Backup typically a server hosting another CyberArk PAM component
(Recommended) • The Replicate Utility pulls Vault data as encrypted files to the server
• Enterprise backup software can then backup these files

In this session we will focus on backing up using the PrivateArk Replicate Utility
6

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


► Installation
Replicate Utility
► Perform replication

► Perform restore

► Setup scheduled replications

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


Installation and Setup

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


Before installing the Replicator utility,
make sure that the backup server has the
following features and capabilities:
• At least the same disk space as the Vault
database on an NTFS volume
• Accessibility by your enterprise backup
system
• Physical security that only permits
authorized users to access it

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


You will also need to:
• Enable the Backup user
• Set the password on the
Primary Vault

10

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


cyberark.com
Install the Replicator module
and specify a path to a backup
folder for the replicated data

11

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


cyberark.com
Edit the Vault.ini to give the
Replicator utility the network
address of the Vault server

12

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


cyberark.com
• Create a Credential File for
the Backup User
• The Credential File is used by
the utility to authenticate to
the Vault
• The password for the Backup
user is changed in the Vault
and the Credential File is
updated by the utility at every
successful login

13

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


cyberark.com
Test Backup and Restore

14

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


PAReplicate.exe vault.ini /logonfromfile user.ini /FullBackup

• The backup is launched at a


command line using the
PAReplicate.exe executable
file
• The syntax of the command
as shown specifies the
vault.ini file and uses the
logonfromfile and
fullbackup switches

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


PARestore.exe vault.ini dr /RestoreSafe Linux02 /TargetSafe /LinuxRestore

• The PARestore command


enables you to restore Safes that
have previously been backed up
• Only users with the Restore All
Safes authorization in the Vault
can restore a Safe

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


Set up Scheduled Backups

17

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


• Scheduled Tasks can be created to launch backups at predetermined intervals.

"C:\Program Files (x86)\PrivateArk\Replicate\pareplicate.exe vault.ini


/logonfromfile user.ini /fullbackup"

18

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


cyberark.com
It is strongly recommended to
create two Scheduled Tasks:
• One full backup task running
every week
• A second one running every
day as an incremental backup

Logs can be found in the root


of the \Replicate folder.

19

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


cyberark.com
Summary

20

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


Summary

In this session we covered:

Backup and Restore (Replicator utility)

How to perform backups and restores

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com


You may now proceed to completing
the following exercises:

Backup And Restore


• Configure the CyberArk Replicator
Utility
• Run a Backup
• Delete the TEST Safe
• Run a Restore

Exercises

Copyright © 2021 CyberArk Software Ltd. All rights reserved. cyberark.com

You might also like