Schedule a Backup of the Database
You can schedule backups to occur automatically by selecting the Backup Scheduler option. Scheduled backups are offloaded to a specified external server. When you select this operation, the Backup Scheduler panel displays. If a backup schedule currently exists, the current schedule displays the month, day, weekday, and time of that scheduled backup.
You can schedule backups to occur automatically by selecting the
Backup Scheduleroption. Scheduled backups are offloaded to a specified external server. When you select this operation, the Backup Scheduler panel displays. If a backup schedule currently exists, the current schedule displays the month, day, weekday, and time of that scheduled backup.
Scheduled backup tasks include:
Configure a Backup Schedule
To schedule a database backup:
- SelectConfiguration, Database.
- Select theBackup Schedulertab.In the scheduler, the current schedule is displayed. If a scheduled is already configured, the pane displays the schedule entries.
- Populate the schedule fields. Most fields are self explanatory. For theProtocolfield, SCP and SFTP send files using these SSH-based protocols. NFS, CIFS, and Amazon S3 write to file mounts. SelectMountat the bottom of the page to mount the file.
- SCPandSFTP:Set theShare Pathin the form/path. Enter aPort, and select aBackup Target Account. See Use Your Own Public Keys for SCP and SFTP File Transfers for instructions on setting up a Backup Target Account.(SCP and SFTP only). In clustered implementations of 2.x versions of the product, you could specify different backup servers for each node. In 3.x implementations, you specify a single backup server for the entire cluster. However, you can specify a differentdirectoryin the share path for each node. For example,Server1/backupNode1andServer1/backupNode2.
- NFS:Set theShare Pathin the form/<path_on_server>. Enter aHostnameas FQDN or IP address.Request Timeoutvalue (in tenths of a second). If no value is specified, the default is determined by the NFS server, typically 600.Do not use the same NFS mount point that you are using for session recordings. The session recording and scheduled database backup processes create and delete a file with the same name to check the remote storage status. If you specify the same NFS mount point, file locking can occur as both processes attempt to create or delete the same file.
- CIFS:Set the Share Path in the form\\<hostname>\<share>.Enter aUser NameandPasswordto access the share account.Enter theDomain.Select theSMB Version(Server Message Block) used by the target system. Newer versions of SMB are more secure. If you do not support older file shares (like Windows 2003), we recommend using SMB2 or SMB3, provided the CIFS system supports it.
- Amazon S3:Select the AWS S3Bucketand theAWS Provision, as set inConfiguration,3rd Party,AWS,AWS Configured Connections, Access Key Alias – Region combination.
- Complete the additional fields for the option you select.
- (For SCP or SFTP protocols only.) Establish a secure communication that does not require an interactive login:
- Download the key files from
- Copy these key files to the destination server, into the home directory of the user who representsPrivileged Access Managerfor authentication.
- In the.sshdirectory of the destination server, import or append the contents of the key files into theauthorized_keysfile. If an authorized_keys file does not exist, create one.
- Verify that the following directory and file permissions are applied or the backup fails:
- .ssh directory:owner has read (r), write (w) and execute (x) permissions
- authorized_keysfile: owner has read (r) and write (w)
- (Optional) SelectDelete After Successful Sendto remove the backup files from local storage on thePAMserver.
- Set theMaximum Files to Keep Locallyto specify the number of backup files that are stored locally on the server. Scheduled backup files are available for download in the file operations area. This field refers only to the local storage of backup files. The backups on external storage must be managed outside ofPrivileged Access Manager.
- SelectSave Scheduleto set
Use Your Own Public Keys for SCP and SFTP File Transfers (Optional)
You can use your own generated public keys for backup file transfers over SCP and SFTP connections, using the following process:
Complete these steps in the UI.
Create the Target Application
To create a
CAPAM_DatabaseBackuptarget application, perform the following steps:
- SelectCredentials, Manage Targets, Applications.The Target Applications list appears.
- SelectAdd.The Add Target Application window appears.
- Select the magnifying glass next to theHost Namefield and pick the host system to which your database files are to be backed up.
- In the Application Name field, enterCAPAM_DatabaseBackup. If the Target Application name is anything else, the Scheduled Backup does not work.
- Select the "UNIX"Application Type.
- SelectOKto save the Application.
Create the Backup Target Account
To create a backup target account that uses the target application, complete the following steps:
- SelectCredentials, Manage Targets,Accounts.The Target Accounts list appears.
- SelectAdd.The Add Target Account window appears.
- Select the magnifying glass next to theApplication Namefield and selectCAPAM_DatabaseBackupfrom the Target Applications list that appears.
- Specify a unique name for the target account in theAccount Namefield.
- Select the “SSH-2 Public Key Authentication”Protocoloption.
- Do one of the following steps to specify a public key to use:
- Select the key icon next to thePrivate Keyfield to generate a key pair.
- Copy your own key pair into thePublic KeyandPrivate Keyfields.
- SelectOKto save the Account.
Schedule a Backup Using the Backup Target Account
To schedule a backup on the target database backup system, use the backup target account and perform the following steps:
- SelectBackup Scheduler.
- Configure the Schedule and Protocol options according to Configure a Backup Schedule.
- Select your backup target account from theSelect Backup Target Accountdrop-down list.
- Select theDownloadbutton to download the public key file to the home directory of the user account that representsPrivileged Access Managerfor authentication.
- Navigate to the.sshdirectory. Append the contents of the public key file into the authorized_keys file. If the authorized_keys file does not exist, create one.
- SelectSaveto save the schedule.