Backing up and restoring the data of the Central Node server deployed as a cluster

This scenario describes the procedure for backing up and restoring data on a Central Node server deployed as a cluster.

Backing up and restoring data on the Central Node server deployed as a cluster involves the following steps:

1. Creating a backup copy

   You can create a backup copy using the administrator menu or in Technical Support Mode:

   How to create a backup copy of the application version 7.1 or 7.1.1 in the administrator menu

   The backup copy of Kaspersky Anti Targeted Attack Platform contains databases (alerts database, VIP status details, the list of data excluded from the scan, notifications) and Central Node or PCN settings only.

   1. Enter the management console of any functioning cluster server over SSH or using a terminal.
   2. When prompted, enter the user name and password of the administrator account.

      The application component administrator menu is displayed.

   3. In the list of sections of the application administrator menu, select the System administration section.
   4. Press Enter.

      This opens the action selection window.

   5. In the list of actions, select Backup/Restore settings.
   6. Press Enter.

      This opens the Backup/Restore settings window.

   7. In the list of actions, select New.
   8. Press Enter.

      This opens the Backup settings window.

   9. Click Back up.

   The backup copy is created.

   How to create a backup copy of the application version 7.1 or 7.1.1 in Technical Support Mode

   1. Enter the management console of any functioning cluster server over SSH or using a terminal.
   2. When prompted, enter the user name and password of the administrator account of the application component.

      The application component administrator menu is displayed.

   3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
   4. Press Enter.

      This opens the Technical Support Mode confirmation window.

   5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
   6. Run the following command:

      sudo kata-run.sh kata-backup-restore backup

   You can also specify one or multiple parameters for this command (see the table below).

   You can use the -h command to receive tips on using parameters.

   Parameters for creating a backup copy

   Required parameter	Parameter	Description
   Yes	-b <path>	Create a backup copy at the specified path, where <path> is the absolute or relative path to the directory in which you want to create the backup copy.
   No	-c	Clear the directory before saving the backup file.
   No	-d <number of stored files>	Specify the maximum number of files stored in the directory, where <number> is the number of files.
   No	-n	Save Central Node or PCN settings.
   No	-l <filepath>	Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

   If additional settings are not defined, the backup copy contains only databases (alerts database, VIP status details, the list of data excluded from the scan, notifications).

   Example: Command for creating a backup copy: sudo kata-run.sh kata-backup-restore backup -b <path> -c -d <number of stored files> -e -q -a -s -n -l <filepath>

   How to create a backup copy of the application version 7.1.2 in Technical Support Mode

   1. Enter the management console of any functioning cluster server over SSH or using a terminal.
   2. When prompted, enter the user name and password of the administrator account of the application component.

      The application component administrator menu is displayed.

   3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
   4. Press Enter.

      This opens the Technical Support Mode confirmation window.

   5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
   6. Determine the address of the worker server in the cluster on which mirrored SPAN traffic processing is enabled:

      sudo docker node ls -q | sudo xargs docker node inspect -f '{{ if eq (index .Spec.Labels "infrastructure.span") "true" }}{{ .Description.Hostname }}{{ end }}'

      The address of the worker server in the cluster on which mirrored SPAN traffic processing is enabled.

   7. Log in to the management console of this server using the SSH protocol:

      ssh admin@<server address obtained at step 6>

   8. Run the following command:

      sudo kata-run.sh kata-backup-restore backup

   You can also specify one or multiple parameters for this command (see the table below).

   You can use the -h command to receive tips on using parameters.

   Parameters for creating a backup copy

   Required parameter	Parameter	Description
   Yes	-b <path>	Create a backup copy at the specified path, where <path> is the absolute or relative path to the directory in which you want to create the backup copy.
   No	-c	Clear the directory before saving the backup file.
   No	-d <number of stored files>	Specify the maximum number of files stored in the directory, where <number> is the number of files.
   No	-n	Save Central Node or PCN settings.
   No	-l <filepath>	Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

   If additional settings are not defined, the backup copy contains only databases (alerts database, VIP status details, the list of data excluded from the scan, notifications).

   Example: Command for creating a backup copy: sudo kata-run.sh kata-backup-restore backup -b <path> -c -d <number of stored files> -e -q -a -s -n -l <filepath>

   Version 7.1.2 of the application does not allow creating a backup copy using the application administrator menu.

2. Saving the backup copy to the hard drive

   To save the backup copy on the hard drive of your computer, run the following command:

   scp <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:<name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar>

   Example: Command for downloading to the hard drive of your computer a backup copy created on a Central Node server with the IP address 10.0.0.10 under the 'admin' account on April 10, 2020 at 10 hours 00 minutes 00 seconds: scp admin@10.0.0.10:data_kata_2020_04_10T10_00_00.tar The backup copy is saved to the current directory on the hard drive of your computer.

3. Reinstalling the application

   Remove and reinstall Kaspersky Anti Targeted Attack Platform.

   When installing the application, you need to specify the same network mask for addressing servers that was specified in the backup copy of the application. If the values do not match, the Embedded Sensor encounters an error after the restoration of the application. If necessary, you can restore the component.

   After installation, you must add license keys of the same types (KATA, KATA + NDR, KEDR) to the application as were added on the server where the backup copy was created. This is necessary to restore all the Central Node, PCN, or SCN settings saved in the backup copy.

4. Uploading a backup copy to the server

   Upload your backup copy to the Central Node server by running the following command:

   scp <name of the backup file of the form: data_kata_<date and time of backup copy creation>.tar> <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:

   Example: Command for uploading a backup copy created on April 10, 2020 at 10 hours 00 minutes 00 seconds to the Central Node server with the IP address 10.0.0.10 under the 'admin' account: scp data_kata_2020_04_10T10_00_00.tar admin@10.0.0.10: The backup copy is uploaded to the current directory on the Central Node server.

5. Restoring data from a backup copy

   You can restore data from a backup copy on the Central Node server using the administrator menu or in Technical Support Mode:

   How to restore the data of the application version 7.1 or 7.1.1 in the administrator menu

   1. Enter the management console of any functioning cluster server over SSH or using a terminal.
   2. When prompted, enter the user name and password of the administrator account of the application component.

      The application component administrator menu is displayed.

   3. In the list of sections of the application administrator menu, select the System administration section.
   4. Press Enter.

      This opens the action selection window.

   5. In the list of actions, select Backup/Restore settings.
   6. Press Enter.

      This opens the Backup/Restore settings window.

   7. In the list of files containing backup copies of the application, select the file from which you want to restore the server data.

      If the necessary file is not listed, upload the file containing the backup copy to the server.

   8. Press Enter.

      This opens the action selection window.

   9. In the list of actions, select Restore <name of the backup file of the form: data_kata_<creation date and time of the backup copy>.tar>
   10. Press Enter.

       This opens the action confirmation window.

   11. Click Restore.

       The process of restoring the server data from the backup copy starts.

   The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

   If the names of the network interfaces do not match, after performing step 11 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

   How to restore the data of the application version 7.1 or 7.1.1 in Technical Support Mode

   1. Enter the management console of any functioning cluster server over SSH or using a terminal.
   2. When prompted, enter the user name and password of the administrator account of the application.

      The application component administrator menu is displayed.

   3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
   4. Press Enter.

      This opens the Technical Support Mode confirmation window.

   5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
   6. Start the data restoration process by running the following command:

      sudo kata-run.sh kata-backup-restore restore

   You can also specify one or multiple parameters for this command (see the table below).

   You can use the -h command to receive tips on using parameters.

   Data restoration parameters

   Required parameter	Parameter	Command description
   Yes	-r <path>	Restore data from a file containing a backup copy, where <path> is the full path to the backup file.
   No	-l <filepath>	Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

   Example: Command for restoring the data from a backup copy: sudo kata-run.sh kata-backup-restore restore -r <path> -l <filepath>

   The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

   If the names of the network interfaces do not match, after performing step 6 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

   If you want to restore the data of version 7.1.2 of the application on a server with application version 7.1.1 or 7.1.2, follow the steps below.

   How to restore the data of the application version 7.1.1 or 7.1.2 in Technical Support Mode

   1. Enter the management console of any functioning cluster server over SSH or using a terminal.
   2. When prompted, enter the user name and password of the administrator account of the application.

      The application component administrator menu is displayed.

   3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
   4. Press Enter.

      This opens the Technical Support Mode confirmation window.

   5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
   6. Determine the address of the worker server in the cluster on which mirrored SPAN traffic processing is enabled:

      sudo docker node ls -q | sudo xargs docker node inspect -f '{{ if eq (index .Spec.Labels "infrastructure.span") "true" }}{{ .Description.Hostname }}{{ end }}'

      The address of the worker server in the cluster on which mirrored SPAN traffic processing is enabled.

   7. Log in to the management console of this server using the SSH protocol:

      ssh admin@<server address obtained at step 6>

   8. Start the data restoration process by running the following command:

      sudo kata-run.sh kata-backup-restore restore

   You can also specify one or multiple parameters for this command (see the table below).

   You can use the -h command to receive tips on using parameters.

   Data restoration parameters

   Required parameter	Parameter	Command description
   Yes	-r <path>	Restore data from a file containing a backup copy, where <path> is the full path to the backup file.
   No	-l <filepath>	Save the command execution result to a file, where <filepath> is the name of the event log file, including the absolute path or relative path to the file.

   Example: Command for restoring the data from a backup copy: sudo kata-run.sh kata-backup-restore restore -r <path> -l <filepath>

   The settings for receiving mirrored traffic from SPAN ports are restored automatically if the names of network interfaces are the same on the server where the backup copy was created and on the server where data is being restored from the backup copy.

   If the names of the network interfaces do not match, after performing step 6 of the instructions above, you will be prompted to select the network interfaces for receiving mirrored traffic from SPAN ports.

The backup copy of server settings does not contain PCAP files of recorded mirrored network traffic. You can save and restore PCAP files on your own by copying them from the /data/volumes/dumps directory of the connected external storage. After restoring data, you must connect your external storage.

If the hardware configuration of the Central Node server on which the backup copy was created differs from the hardware configuration of the server on which you are planning to restore the server settings, you need to reconfigure the application scaling settings after restoring.

Page top