Schedule a Backup of the Database

You can schedule backups to occur automatically by selecting the Backup Scheduler option. Scheduled backups are offloaded to a specified external server. When you select this operation, the Backup Scheduler panel displays. If a backup schedule currently exists, the current schedule displays the month, day, weekday, and time of that scheduled backup.
capam33
You can schedule backups to occur automatically by selecting the 
Backup Scheduler 
option. Scheduled backups are offloaded to a specified external server. When you select this operation, the Backup Scheduler panel displays. If a backup schedule currently exists, the current schedule displays the month, day, weekday, and time of that scheduled backup.
Scheduled backup tasks include:
2
Configure a Backup Schedule
To schedule a database backup:
  1. Select 
    Configuration, Database.
  2. Select the
     Backup Scheduler
     tab.
    In the scheduler, the current schedule is displayed. If a scheduled is already configured, the pane displays the schedule entries.
  3. Populate the schedule fields. Most fields are self explanatory. For the 
    Protocol
     field, SCP and SFTP send files using these SSH-based protocols. NFS, CIFS, and Amazon S3 write to file mounts. Select 
    Mount
     at the bottom of the page to mount the file.
    • SCP 
      and 
      SFTP:
       Set the 
      Share Path
       in the form 
      /path
      . Enter a 
      Port
      , and select a 
      Backup Target Account
      . See Use Your Own Public Keys for SCP and SFTP File Transfers for instructions on setting up a Backup Target Account. 
      (SCP and SFTP only). In clustered implementations of 2.x versions of the product, you could specify different backup servers for each node. In 3.x implementations, you specify a single backup server for the entire cluster. However, you can specify a different
      directory
      in the share path for each node. For example,
      Server1/backupNode1
      and
      Server1/backupNode2
      .
    • NFS: 
      Set the 
      Share Path
       in the form 
      /<path_on_server>
      . Enter a 
      Hostname
       as FQDN or IP address.
       
      (Optional) Enter a non-default 
      Request Timeout
       value (in tenths of a second). If no value is specified, the default is determined by the NFS server, typically 600.
      Do not use the same NFS mount point that you are using for session recordings. The session recording and scheduled database backup processes create and delete a file with the same name to check the remote storage status. If you specify the same NFS mount point, file locking can occur as both processes attempt to create or delete the same file.
    • CIFS:
       Set the Share Path in the form 
      \\<hostname>\<share>
      Enter a 
      User Name
       and 
      Password
       to access the share account. 
      Enter the
       Domain. 
      Select the 
      SMB Version
       (Server Message Block) used by the target system. Newer versions of SMB are more secure. If you do not support older file shares (like Windows 2003), we recommend using SMB2 or SMB3, provided the CIFS system supports it.
    • Amazon S3: 
      Select the AWS S3 
      Bucket
       and the 
      AWS Provision
      , as set in 
      Configuration
      3rd Party
      AWS, 
      AWS Configured Connections, Access Key Alias – Region combination.
  4. Complete the additional fields for the option you select.
  5. (For SCP or SFTP protocols only.) Establish a secure communication that does not require an interactive login:
    1. Download the key files from
       
      the public key file.
    2. Copy these key files to the destination server, into the home directory of the user who represents 
      Privileged Access Manager
       for authentication.
    3. In the 
      .ssh
       directory of the destination server, import or append the contents of the key files into the
       authorized_keys
       file. If an authorized_keys file does not exist, create one. 
    4. Verify that the following directory and file permissions are applied or the backup fails:
      • .ssh directory:
         owner has read (r), write (w) and execute (x) permissions
      • authorized_keys
         file: owner has read (r) and write (w)
  6. (Optional) Select
     Delete After Successful Send
     to remove the backup files from local storage on the
    PAM
    server.
  7. Set the 
    Maximum Files to Keep Locally
     to specify the number of backup files that are stored locally on the server. Scheduled backup files are available for download in the file operations area. This field refers only to the local storage of backup files. The backups on external storage must be managed outside of 
    Privileged Access Manager
    .
  8. Select 
    Save Schedule 
    to set
     
    the backup
Use Your Own Public Keys for SCP and SFTP File Transfers (Optional)
You can use your own generated public keys for backup file transfers over SCP and SFTP connections, using the following process:
Complete these steps in the UI.
Create the Target Application
To create a 
CAPAM_DatabaseBackup
 target application, perform the following steps:
  1. Select 
    Credentials, Manage Targets, Applications.
    The Target Applications list appears.
  2. Select 
    Add
    The Add Target Application window appears.
  3. Select the magnifying glass next to the 
    Host Name
     field and pick the host system to which your database files are to be backed up.
  4. In the Application Name field, enter 
    CAPAM_DatabaseBackup
    . If the Target Application name is anything else, the Scheduled Backup does not work. 
  5. Select the "UNIX" 
    Application Type
  6. Select 
    OK
     to save the Application. 
Create the Backup Target Account
To create a backup target account that uses the target application, complete the following steps:
  1. Select 
    Credentials, Manage Targets, 
    Accounts
    The Target Accounts list appears.
  2. Select 
    Add
    .
    The Add Target Account window appears.
  3. Select the magnifying glass next to the 
    Application Name
     field and select 
    CAPAM_DatabaseBackup
     from the Target Applications list that appears. 
  4. Specify a unique name for the target account in the 
    Account Name
     field.
  5. Select the “SSH-2 Public Key Authentication” 
    Protocol
     option. 
  6. Do one of the following steps to specify a public key to use:
    • Select the key icon next to the 
      Private Key
       field to generate a key pair. 
    • Copy your own key pair into the 
      Public Key
       and 
      Private Key
       fields.
  7. Select 
    OK
     to save the Account. 
Schedule a Backup Using the Backup Target Account
To schedule a backup on the target database backup system, use the backup target account and perform the following steps:
  1. Select 
    Configuration
    Database
    .
  2. Select 
    Backup Scheduler
  3. Configure the Schedule and Protocol options according to Configure a Backup Schedule.
  4. Select your backup target account from the 
    Select Backup Target Account 
    drop-down list.
  5. Select the 
    Download
     button to download the public key file to the home directory of the user account that represents 
    Privileged Access Manager
     for authentication.
  6. Navigate to the 
    .ssh
     directory. Append the contents of the public key file into the authorized_keys file. If the authorized_keys file does not exist, create one.
  7. Select 
    Save 
    to save the schedule.