Module 8:

Disaster Recovery

McAfee ePolicy Orchestrator 5.10 (On-Prem)

Essentials

© 2018 McAfee LLC M08 - 1 McAfee LLC Confidential

 Module goals
What you will learn

By the end of this module you should be able to:

▪ Describe the Disaster Recovery feature and how it works
▪ Use a Server Task for a Snapshot
▪ Take a Snapshot from the Dashboard
▪ Explain the differences between an ePO initial installation and a
recovery installation
▪ Describe best practices for Disaster Recovery

McAfee Education Services 2

The McAfee ePolicy Orchestrator (ePO) SQL database is the central storage place for all the data your ePO server
uses, and it requires regular maintenance and care to ensure proper system operation.

What You Will Learn

In this module, you will learn about Microsoft SQL Server and McAfee ePO maintenance tasks and tools to help you
ensure proper operation.

Module Goals
The module goals are:
▪ Describe the Disaster Recovery feature and how it works
▪ Use a Server Task for a Snapshot
▪ Take a Snapshot from the Dashboard
▪ Explain the differences between an ePO initial installation and a recovery installation
▪ Describe best practices for Disaster Recovery

Important:
▪ SQL Server Management Studio for Microsoft SQL Server 2008 R2 is used for demonstration purposes. The
steps for SQL Server Express editions may differ. For more information and supported procedure, refer to the
documentation for the SQL Server version you use.
▪ The Disaster Recovery feature is not to be used in lieu of regular backups. For more information, see Technical
Articles KB66616 and KB81740.

© 2018 McAfee LLC M08 - 2 McAfee LLC Confidential

 Disaster Recovery - General

McAfee ePolicy Orchestrator 5.10 (On-Prem) Essentials

McAfee Education Services 3

© 2018 McAfee LLC M08 - 3 McAfee LLC Confidential

 Disaster Recovery Process
Disaster recovery snapshot and backup

1. Snapshot taken by a server task,

manually or automatically.
2. Snapshot records are zipped and saved
to the SQL database OrionSnapshot
table.
3. Database is backed up and the backup
file is copied to another location.

McAfee Education Services 4

The figure illustrates a simple Disaster Recovery Snapshot and backup scenario. Other recovery scenarios are
shown later in this module. Before you begin, be sure to repair the ePO server and make sure you have the
passphrase created during the initial software installation.
▪ The Snapshot is taken manually from the ePO Server Snapshot page or automatically using the ePO
Disaster Recovery Server Task. You can modify the default Disaster Recovery Server Task, as needed.
▪ The Snapshot records zipped server files from predefined folders and stores them in the database
OrionSnapshot table. You can use the Microsoft SQL Server Management Studio or BACKUP
(Transact-SQL) database feature to save the entire ePO database. (Must be DBCreator and DBOwner).
▪ Copy the backup file to another location. (Not on the ePO server.)

© 2018 McAfee LLC M08 - 4 McAfee LLC Confidential

 Disaster Recovery Process (cont’d)
ePO server simple restore

1. Restore the backup file.

2. Run the ePO Install program
(Restore ePO from an existing Disaster
Recovery database Snapshot option).
3. Snapshot records are used,
instead of creating new ones.

McAfee Education Services 5

The figure illustrates a simple Disaster Recovery restore scenario.

1. Restore the primary SQL server configuration to the restore server, using either the:
▪ SQL Server Management Studio for your SQL Server edition
OR
▪ the RESTORE (Transact-SQL) command-line process
(Must be DBOwner to overwrite an existing database or DBCreator to create a database.)
2. Re-install the ePO software on the primary server by running the ePO Install program on the primary
server. Select Restore ePO from an existing Disaster Recovery database Snapshot.
▪ Select Microsoft SQL Server to link the ePO software to the restore SQL database that had the
primary McAfee ePO server configuration restored in step 1.
3. The database records, saved during the Snapshot process, are used in the software configuration, instead
of creating new records.

The ePO restore server is now running with the exact same configuration as the primary server. The clients can
connect to the restore server and you can manage them exactly as before the primary McAfee ePO server was
removed.
If you changed the known IP address, DNS name, or NetBIOS name of the primary McAfee ePO server, when
creating the restore McAfee ePO server, the McAfee Agents will not be able to connect to the restored McAfee ePO
server. The easiest way to enable the agents to the connect to the server again is to create an A Record in DNS that
points requests from the old IP address, DNS name, or NetBIOS name of the primary McAfee ePO server to the new
information for the restore McAfee ePO server.

© 2018 McAfee LLC M08 - 5 McAfee LLC Confidential

 Disaster Recovery Overview

▪ Review KB87976 for details on the ePO 5.x Disaster Recovery Snapshot feature
▪ Uses the Snapshot process to save specific ePO server database records to the ePO SQL database
➢ Manually from the Server Snapshot page (Dashboard > McAfee ePO Server Snapshot)
➢ Automatically using the Disaster Recovery Server Task (Menu > Automation > Server Tasks)
➢ Server task enabled by default for all SQL Server editions but Express

▪ The snapshot takes a copy of these folders and files:

➢ C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\<subfolder>
➢ C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\<subfolder>

▪ Records are specific to the time the Snapshot is taken

➢ You can only run one Disaster Recovery Snapshot at a time
➢ When you run a new Snapshot, the previous one is overwritten

NOTE: Registered executable files are not backed up. You must replace those executable files when you restore the ePO
server. After the restore, any registered executables with broken paths are shown in red font on the Registered
Executables page (Menu > Configuration >Registered Executables).

McAfee Education Services 6

The ePO Disaster Recovery feature uses a Snapshot process to save specific ePO server database records to the
ePO Microsoft SQL database. The records contain the entire ePO configuration at the specific time the Snapshot is
taken.

NOTE: You can only run one Disaster Recovery Snapshot at a time. If you run multiple Snapshots, only the last
Snapshot creates any output and the previous Snapshots are overwritten.

Disaster Recovery Snapshot is enabled, by default, on all Microsoft SQL Servers, except the Express Edition.
Recommendation: McAfee does not recommend enabling Disaster Recovery Snapshot scheduling with the
Microsoft SQL Server Express Editions because of the data file size limitations.

Maximum data file size:

▪ for Microsoft SQL Server 2005 Express Edition is only 4 GB
▪ for Microsoft SQL Server 2008, 2012, 2014 and 2016 Express Editions is 10 GB

© 2018 McAfee LLC M08 - 6 McAfee LLC Confidential

 Disaster Recovery Overview (cont’d)
Basic requirements

Component Requirement

Should be up and running correctly, with a recent Snapshot saved in the SQL
Primary ePO server
database.

If you have a restore ePO server, it should closely mirror your primary ePO
Restore ePO server
server hardware.

You must know the passphrase added during the initial installation of the ePO
software. The passphrase is required to decrypt sensitive information stored
in the Disaster Recovery Snapshot.
Disaster Recovery
IMPORTANT:
Keystore encryption
- If forgotten, this passphrase cannot be recovered and you would be unable
passphrase
to restore ePO from the database containing the snapshot.
- However, if the original ePO server is still accessible & functional, then the
passphrase can be reset under Server Settings > Disaster Recovery. Once
reset, you can run another Snapshot task and backup the database again.

Access to the primary and restore servers and SQL database is required,
Administrator privileges
Example: DBCreator and DBOwner.
McAfee Education Services 7

The slide highlights basic requirements for the Disaster Recovery feature. Your deployment may include a separate
restore server, configured to closely match your ePO server.

© 2018 McAfee LLC M08 - 7 McAfee LLC Confidential

 Disaster Recovery Snapshot

McAfee ePolicy Orchestrator 5.10 (On-Prem) Essentials

McAfee Education Services 8

© 2018 McAfee LLC M08 - 8 McAfee LLC Confidential

 Disaster Recovery Snapshot – Server Task
▪ Select Menu > Automation > Server Tasks
▪ Enabled by default
▪ Has default configuration that you can
view, edit, or run
▪ Task has never run
▪ Next run displays

View, Edit, or
Run
Enabled by
default

McAfee Education Services 9

Use the Disaster Recovery Snapshot Server Task to modify the scheduled automatic Snapshots of your ePO server
configuration saved to the SQL database.

Complete these steps from the ePO console:

1. Select Menu > Configuration > Server Tasks. The Server Tasks page opens.
NOTE: For demonstration purposes, we used the Quick Filter to show only this task.
2. From the Server Tasks list, locate the Disaster Recovery Snapshot Server task in the Name column.
NOTE: The task is enabled by default. It has a default configuration you can change to meet your needs.
You can View, Edit, or Run the task from this page.
The only editable aspect of the server task is to Enable or Disable the task itself, and what the schedule to
run is: the action itself cannot be altered.

© 2018 McAfee LLC M08 - 9 McAfee LLC Confidential

 Disaster Recovery Snapshot – Server Task (cont’d)
Default configuration

Default owner and status

Start date - No end date

Runs daily at 4:00 A.M.

Next run time (daily)

McAfee Education Services 10

Using server task for snapshot (continued)

3. Click View to see the default configuration, as shown in the figure.
NOTE: The task is scheduled to run daily at 1:59 A.M., the following day, after the ePO software is installed.
Click Cancel to exit this page.

© 2018 McAfee LLC M08 - 10 McAfee LLC Confidential

 Disaster Recovery Snapshot – Dashboard

No snapshot available

View help/instructions

Dashboard > ePO Server Snapshot

McAfee Education Services 11

You use the Server Snapshot page to take a Snapshot manually. The Server Snapshot page is accessed from a drop-
down list on the main Dashboards page (Navigation bar > Dashboard or Menu bar > Reporting > Dashboards.

1. From the drop-down list at the top of the page, select McAfee ePO Server Snapshot.
2. From the McAfee ePO Server Snapshot dashboard monitor, click the Take Snapshot button.
Other options here are:
▪ Last Run At: Currently none because this is new install.
▪ View information about Disaster Recovery: Click link for help/instructions.

© 2018 McAfee LLC M08 - 11 McAfee LLC Confidential

 Disaster Recovery Snapshot – Dashboard (cont’d)

See details of current run

See details of last run

McAfee Education Services 12

Taking snapshot from dashboard (continued)

3. While the Snapshot is being saved to the database, click the See details of current run link to go to a
corresponding Server Task Log Details page.
4. After the Snapshot is saved to the database, click the See details of current last run link. Again, you are
directed to a corresponding Server Task Log Details page.

© 2018 McAfee LLC M08 - 12 McAfee LLC Confidential

 Disaster Recovery Snapshot – Dashboard (cont’d)

The Server Task Log

Details page displays
information about the
most recent Snapshot

NOTE: Snapshot is overwritten when a new one is taken.

McAfee Education Services 13

Taking snapshot from dashboard (continued)

5. The Server Task Log Details page displays information and log messages about the most recent Snapshot.
NOTE: The Snapshot is specific to the time period it is taken, and is overridden when a new one is taken.

© 2018 McAfee LLC M08 - 13 McAfee LLC Confidential

 Disaster Recovery Snapshot – Status
Green: Snapshot Successfully Saved.
Snapshot process completed successfully and it is up-to-date.

Blue: Saving Snapshot.

Snapshot process is in progress.

Red: Snapshot Failed.

An error occurred during the Snapshot process.

Gray: No Snapshot Available.

No Disaster Recovery Snapshot has been saved.

Orange: Snapshot Out of Date.

Changes to the configuration have occurred and a recent Snapshot has not been saved.

McAfee Education Services 14

The Server Snapshot monitors are color coded, so you can easily identify the snapshot’s status.

▪ Green: Snapshot Successfully Saved. Snapshot process completed successfully, and it’s up-to-date.
▪ Blue: Snapshot is Running. The snapshot is running and being saved.
▪ Red: Snapshot Failed. An error occurred during the Snapshot process.
▪ Gray: No Snapshot Available. No Disaster Recovery Snapshot has been saved.
▪ Orange: Snapshot Out of Date. Changes to the configuration have occurred, and a recent Snapshot has not
been saved.

Changes that trigger a Snapshot Out of Date status include:

▪ any extension changed
▪ the Keystore folder changed
▪ the conf folder changed
▪ the Disaster Recovery passphrase changed in Server Settings

© 2018 McAfee LLC M08 - 14 McAfee LLC Confidential

 Restore - General

McAfee ePolicy Orchestrator 5.10 (On-Prem) Essentials

McAfee Education Services 15

© 2018 McAfee LLC M08 - 15 McAfee LLC Confidential

 Restore

▪ In event of failure, you can restore the ePO database using the backup file
▪ Tools used:
▪ SQL Server Management Studio
▪ Command line (Transact-SQL)

Guidelines:

▪ You may need to stop the ePO services and close any open connections to the
ePO database before a restore
▪ You can overwrite the existing ePO database or retain your existing ePO
database by restoring the backup with a new name
Example: for comparison purposes
▪ Typically, the most recent backup file is restored, however, you can choose a
different backup set

McAfee Education Services 16

In event of failure, you can restore the ePO database using backup file.

Tools used include:

▪ SQL Server Management Studio
▪ Command line (Transact-SQL)

© 2018 McAfee LLC M08 - 16 McAfee LLC Confidential

 Database Restore - SQL

As previously reviewed, the Restore

Task, within SQL Management Studio,
gives you the ability to select which
backup to restore from, after a disaster.

McAfee Education Services 17

To restore a backup using SQL Server:

1. Launch SQL Server Management Studio and connect to the ePO database, if necessary.
2. In the left pane of the menu tree, expand the ePO server, if not already expanded.
3. Right-click on the ePO database object (EPO_<ePO_servername>), then select Tasks > Restore. The Restore
Database window opens, as shown on the next page.

© 2018 McAfee LLC M08 - 17 McAfee LLC Confidential

 Database Restore - SQL (cont’d)

Select From device,

then click ellipses (...)

Select database

Select point in time

McAfee Education Services 18

Initiating a restore (continued)

4. Make sure you are on the General tab.
NOTE: The Options tab is used for advanced configurations. For more information, refer to the Microsoft SQL
documentation.
5. In the Destination Database field, select the ePO database.
6. By default, the Restore to is set to The last backup taken.
Optionally, click the ellipses (...) and specify a specific date and time.
7. In the Source for restore section, select From device.
8. Click the ellipses (...) to specify the backup media and its location.

© 2018 McAfee LLC M08 - 18 McAfee LLC Confidential

 Recovery Installation Workflow
Before

▪ In the SQL Server Configuration Manger:

➢ Under SQL Server Services:
o Make sure SQL Browser Service is running
➢ Under the SQL Network Configuration > Protocols for the EPO SERVER:
o Make sure that the TCP/IP Protocol is enabled
▪ Update the ePO server hosts with the latest Microsoft security updates,
then turn off Windows updates during the installation process
▪ Stop remote Agent Handler services on all systems
▪ See KB59938 for details on re-installing ePO to the same version and patch level
▪ If restoring to same server, make sure ePO is uninstalled and there is no ePO folder
in the install path
NOTE: This procedure is intended for use by network and ePO administrators only.

McAfee does not assume responsibility for any damage incurred because this
procedure is intended as a guideline for disaster recovery.
All liability for use of the following information remains with the user.

McAfee Education Services 19

Verify the following before you begin:

▪ Local administrator account credentials: An account with local administrator permissions is required
to log on to the Windows server computer, to be used as the ePO server.
▪ McAfee Product License Key: If you do not have a license key, you can select Evaluation to continue
installing the software. The evaluation period is limited to 90 days. You can provide a license key after
installation is complete from within the application. For more information, see the product guide or Help.
▪ Keystore Encryption Passphrase: The Keystore Encryption Passphrase decrypts the sensitive files
stored in the Disaster Recovery Snapshot. If you do not know the passphrase, you can change it from the
Server Settings page (Menu > Server Settings > Disaster Recovery).
▪ Username and Password: Make sure you know the credentials defined previously for logging into ePO.
▪ Authentication credentials: Make sure you know the authentication type previously selected and the
appropriate credentials.
Authentication support
▪ Express supports only Windows authentication.
▪ Custom supports Windows and SQL authentication.
Authentication types
▪ Microsoft Windows authentication: Credentials for a domain administrator user account.
▪ SQL authentication: Required SQL Server permissions.
▪ SQL Server details, if using a new SQL Server installed manually or an existing SQL Server:
▪ Name of the SQL Server. (This name should be formatted using the SQL Server name or the SQL
Server name with instance name.)
▪ Dynamic port number used by your SQL Server.
▪ Release and patching level.
▪ Install directory.

© 2018 McAfee LLC M08 - 19 McAfee LLC Confidential

 Recovery Installation Workflow (cont’d)
During

▪ Select Restore ePO from an existing database snapshot option

▪ Supply same user ID/password and keycode encryption passphrase
as defined previously
▪ You can change the ports at this time
➢ You might need to enter the SQL server TCP port, to use for communication
between your ePO server and database server
➢ The ePO installation tries to connect using the default ports, 1433 and 1434.
If those ports fail, you are prompted to enter a SQL Server TCP port
▪ Monitor the installation

McAfee Education Services 20

Ensure you follow the steps identified here “during” the recovery installation process.

© 2018 McAfee LLC M08 - 20 McAfee LLC Confidential

 Recovery Installation Workflow (cont’d)
After

▪ Restart the ePO server, then verify the ePO console is accessible
▪ Verify the appropriate services have started
▪ Verify the environment contains all expected items, as captured in the Snapshot used for the
recovery

▪ If you restored ePO to a server, with a different IP address or DNS name from your previously existing server:
➢ Configure a way to allow your managed systems to connect to your new ePO server
➢ Recommended: Create a CNAME record in DNS that points requests from the old IP address, DNS
name, or NetBIOS name of the previously existing ePO server to the new information for the restored
ePO server

McAfee Education Services 21

Once the recovery installation steps are complete, ensure you follow the steps identified here.

© 2018 McAfee LLC M08 - 21 McAfee LLC Confidential

 Restore Using Snapshot

McAfee ePolicy Orchestrator 5.10 (On-Prem) Essentials

McAfee Education Services 22

© 2018 McAfee LLC M08 - 22 McAfee LLC Confidential

 Performing recovery installation
Restore ePO from an existing database snapshot option

Be sure to
select this option

McAfee Education Services 23

When restoring from an existing database snapshot, you will see many of the steps are the same as a first-time
install. This section highlights the key differences.
NOTE: Many of the steps are similar to those of a new install. One of the first noticeable differences is to select the
Restore ePO from an existing database snapshot option.

© 2018 McAfee LLC M08 - 23 McAfee LLC Confidential

 Performing recovery installation (continued)
Administrative information

Enter the same

information that
was used previously

McAfee Education Services 24

In the Administrator Information step, enter the Username and Password you used for your previously existing
server administrator account.
Also, enter the Keystore encryption passphrase you saved during the initial installation of the previously existing
McAfee ePO server, or changed in the Server Settings.

The Keystore encryption passphrase decrypts the sensitive files stored in the Disaster Recovery Snapshot.

© 2018 McAfee LLC M08 - 24 McAfee LLC Confidential

 Performing Recovery Installation (cont’d)
SQL server TCP port

McAfee Education Services 25

Click Install to continue installation.

© 2018 McAfee LLC M08 - 25 McAfee LLC Confidential

 Performing Recovery Installation (cont’d)

McAfee Education Services 26

Once the installation completes and you log back into ePO with the same account info as previous, the ePO Server
Snapshot page initially displays showing “Snapshot is Out of Date”. You will notice the restored look & feel of the
console, settings, and all captured from the previous ePO Server Snapshot.

© 2018 McAfee LLC M08 - 26 McAfee LLC Confidential

27

Knowledge Check

McAfee ePolicy Orchestrator 5.10 (On-Prem) Essentials

McAfee Education Services 27

2
7
Knowledge Check

© 2018 McAfee LLC M08 - 27 McAfee LLC Confidential

Knowledge Check #1
What does an orange snapshot status indicate?

 Snapshot failed
 Snapshot out of date
 Saving snapshot
 Snapshot saved to database

McAfee Education Services 28

© 2018 McAfee LLC M08 - 28 McAfee LLC Confidential

Knowledge Check #1 (Answer)
What does an orange snapshot status indicate?

 Snapshot failed
 Snapshot out of date
 Saving snapshot
 Snapshot saved to database

McAfee Education Services 29

© 2018 McAfee LLC M08 - 29 McAfee LLC Confidential

 Disaster recovery best practices

▪ Plan a disaster recovery strategy

▪ If using a separate restore sever, its configuration should closely mirror your primary ePO
server hardware

▪ Regularly take a Disaster Recovery Snapshot

▪ Records are specific to the time the Snapshot is taken

▪ You can run only one Disaster Recovery Snapshot at a time

▪ Regularly perform backup and copy backup file, storing them in a safe and secure location

▪ During an ePO software recovery installation, you must supply the Disaster Recovery Keystore
encryption passphrase

▪ Remember, registered executable files are not backed up. You must replace those executable
files when you restore the ePO server

McAfee Education Services 30

As a review:
▪ Plan a disaster recovery strategy. Determine how long to keep backups and where to archive them. Size,
tolerance of downtime, and hardware budget are some factors that impact your strategy.
▪ If using a separate restore sever, its configuration should closely mirror your primary ePO server
hardware.
▪ Regularly take a Disaster Recovery Snapshot. A default server task for this is enabled by default, unless
you are running an SQL Server Express Edition.
▪ Records are specific to the time the Snapshot is taken.
▪ You can only run one Disaster Recovery Snapshot at a time. When you run a new Snapshot, the previous
one is overwritten.
▪ Regularly back up database, transaction log, and ePO server Disaster Recovery Snapshot. Be sure to copy
the backup file to a safe and secure location.
▪ During an ePO software recovery installation, you must supply the Disaster Recovery Keystore encryption
passphrase defined during the initial ePO software installation. If necessary, you can change it from the
ePO Server Settings page.
▪ Remember, registered executable files are not backed up. You must replace those executable files when
you restore the ePO server.

© 2018 McAfee LLC M08 - 30 McAfee LLC Confidential

 McAfee and the McAfee logo, and McAfee® ePolicy Orchestrator® (McAfee® ePO™) are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other
countries. Other names and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC.

McAfee Confidential. McAfee restricts the re-distribution of this training material to unauthorized audiences.

© 2018 McAfee LLC M08 - 31 McAfee LLC Confidential