Backing up and restoring the data of the Central Node server deployed as a cluster
This scenario describes the procedure for backing up and restoring data on a Central Node server deployed as a cluster.
This procedure must be carried out on a server with the 'manager' role in the Docker swarm. To view the role, use the $ docker node ls command. In the MANAGER STATUS field, a server with the manager role has Leader or Reachable.
Backing up and restoring data on the Central Node server deployed as a cluster involves the following steps:
Creating a backup copy
You can create a backup copy using the administrator menu or in Technical Support Mode:
The backup copy of Kaspersky Anti Targeted Attack Platform contains databases (alerts database, VIP status details, the list of data excluded from the scan, notifications) and Central Node or PCN settings only.
Sign in to the management console of the server which you want to back up over SSH or through a terminal.
When prompted, enter the user name and password of the administrator account.
The application component administrator menu is displayed.
In the list of sections of the application administrator menu, select the System administration section.
Press Enter.
This opens the action selection window.
In the list of actions, select Backup/Restore settings.
Sign in to the management console of the server which you want to back up over SSH or through a terminal.
When prompted, enter the user name and password of the administrator account.
The application component administrator menu is displayed.
In the list of sections of the application administrator menu, select the Technical Support Mode section.
Press Enter.
This opens the Technical Support Mode confirmation window.
Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
Run the following command:
sudo kata-run.sh kata-backup-restore backup
You can also specify one or multiple parameters for this command(see the table below).
You can use the -h command to receive tips on using parameters.
Parameters for creating a backup copy
Required parameter
Parameter
Description
Yes
-b <path>
Create a backup copy at the specified path,
where <path> is the absolute or relative path to the directory in which you want to create the backup copy.
No
-c
Clear the directory before saving the backup file.
No
-d <number of stored files>
Specify the maximum number of files stored in the directory, where <number> is the number of files.
No
-n
Save Central Node or PCN settings.
No
-l <filepath>
Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.
If additional settings are not defined, the backup copy contains only databases (alerts database, VIP status details, the list of data excluded from the scan, notifications).
Example:
Command for creating a backup copy:
sudo kata-run.sh kata-backup-restore backup -b <path> -c -d <number of stored files> -e -q -a -s -n -l <filepath>
Saving the backup copy to the hard drive
To save the backup copy on the hard drive of your computer, run the following command:
scp <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:<name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar>
Example:
Command for downloading to the hard drive of your computer a backup copy created on a Central Node server with the IP address 10.0.0.10 under the 'admin' account on April 10, 2020 at 10 hours 00 minutes 00 seconds:
The backup copy is saved to the current directory on the hard drive of your computer.
Reinstalling the application
Remove and reinstall Kaspersky Anti Targeted Attack Platform.
Uploading a backup copy to the server
Upload your backup copy to the Central Node server by running the following command:
scp <name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar> <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:
Example:
Command for uploading a backup copy created on April 10, 2020 at 10 hours 00 minutes 00 seconds to the Central Node server with the IP address 10.0.0.10 under the 'admin' account:
Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
When prompted, enter the user name and password of the administrator account.
The application component administrator menu is displayed.
In the list of sections of the application administrator menu, select the System administration section.
Press Enter.
This opens the action selection window.
In the list of actions, select Backup/Restore settings.
Press Enter.
This opens the Backup/Restore settings window.
In the list of files containing backup copies of the application, select the file from which you want to restore the server data.
If the necessary file is not listed, upload the file containing the backup copy to the server.
Press Enter.
This opens the action selection window.
In the list of actions, select Restore <name of the backup file of the form: data_kata_<creation date and time of the backup copy>.tar>
Press Enter.
This opens the action confirmation window.
Click Restore.
The process of restoring the server data from the backup copy starts.
Server data are restored from the selected file.
The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.
If the names of the network interfaces do not match, after performing step 11 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.
Sign in to the management console of the server whose data you want to restore over SSH or through a terminal.
When prompted, enter the user name and password of the administrator account.
The application component administrator menu is displayed.
In the list of sections of the application administrator menu, select the Technical Support Mode section.
Press Enter.
This opens the Technical Support Mode confirmation window.
Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
Run the following command:
sudo kata-run.sh kata-backup-restore restore
You can also specify one or multiple parameters for this command (see the table below).
You can use the -h command to receive tips on using parameters.
Data restoration parameters
Required parameter
Parameter
Command description
Yes
-r <path>
Restore data from a file containing a backup copy,
where <path> is the full path to the backup file.
No
-l <filepath>
Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.
Example:
Command for restoring the data from a backup copy:
The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.
If the names of the network interfaces do not match, after performing step 6 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.
The backup copy of server settings does not contain PCAP files of recorded mirrored network traffic. You can save and restore PCAP files on your own by copying them from the /data/volumes/dumps directory of the connected external storage. After restoring data, you must connect your external storage.
If the hardware configuration of the Central Node server on which the backup copy was created differs from the hardware configuration of the server on which you are planning to restore the server settings, you need to reconfigure the application scaling settings after restoring.