Guest

Cisco Security Manager

Security Manager 4.3 Server Backup Recommendations

Document ID: 116184

Updated: Jun 27, 2013

Contributed by David Houck, Corey Lawrence, and Jay Johnston, Cisco TAC Engineers.

   Print

Introduction

This document describes common issues encountered with Cisco Security Manager (CSM) backups and provides solutions to those issues.

Background Information

This document provides information on common problems encountered in CSM 4.3. While this document focuses on CSM 4.3, it is possible that the same problems and solutions apply to other versions as well.

The Cisco Works Common Services manages the database for all server applications. The Common Services backup/restore utilities are used in order to back up and restore the database. There are two ways to back up a CSM database:

  1. Common Services GUI
  2. CLI on the CSM server

Common Services GUI

Note: A backup request brings down all processes. During this time the server is not accessible. The processes restart automatically once the backup is complete.

The database backup is stored on the CSM server itself. If no directory name is specified, the default directory name is "0". Inside the directory, there are three folders:

  • CMF
  • RPT
  • VMS

The size of the database backup depends on the configuration and the number of devices managed by the CSM. Ensure there is enough space on the CSM server before you obtain a database backup.

  1. In order to log in to the CSM server, enter https://server_ip:1741 into your web browser.
  2. Open the Common Services Server Administration window, and navigate to Server > Backup.
  3. Click Apply, acknowledge the backup warning, and wait for the process to finish. 

CLI on the CSM Server

In order to back up data with the CLI on Windows and Solaris, enter this command:

NMSROOT/bin/backup.pl BackupDirectory [LogFile] [Num_Generations]
  • BackupDirectory - Directory that you want to be your backup directory.
  • LogFile - Log file name.
  • Num_Generations - Maximum backup generations to be kept in the backup directory.

Note: The command cannot have any spaces in it. For example: C:\> "C:\PROGRA~1\CSCOpx\bin\perl" "C:\PROGRA~1\CSCOpx\bin\backup.pl" C:\Temp

When the CSM backup is complete, the CLI returns to the command prompt. When you look in the directory "C:\Temp" there is a folder labelled with a number (most likely 0). Inside the folder labelled "0" there are three unique folders. One of the folders is labelled "vms" and contains the CSM database information.

Restore a BackUp

In order to restore the data, ensure you have the correct permissions. Open a command prompt (cmd.exe), and follow these steps:

  1. In order to stop all processes, enter:
    C:\>net stop crmdmgtd
  2. In order to restore the database, enter:
    C:\Program Files\CSCOpx\bin>C:\PROGRA~1\CSCOpx\bin\perl C:\PROGRA~1\CSCOpx\bin\restorebackup.pl -d 
    C:\Temp

    ******************************************************************************************
    Restore started at : 2012/09/21 09:04:49
    Please see 'C:\PROGRA~1\CSCOpx\log\restorebackup.log' for status.

    USER ID is ..................................... : Administrator
    OS of the backup archive is..................... : Windows
    Generation to be restored is ................... : 0
    Backup taken from............................... : C:\Temp
    Common Services version in the backup data is... : 4.0

    Common Services is installed in................. : C:\PROGRA~1\CSCOpx
    The temp folder for this restore program........ : C:\PROGRA~1\CSCOpx\tempBackupData
    Applications installed on this machine ......... : [Common Services][aus][vms]
    Applications in the backup archive ............. : [Common Services][aus][vms]
    Applications to be restored are................. : [Common Services] [aus][vms]
    req_nms_space ...................... : 2734563794
    req_temp_space ...................... : 4004774354

    Available disk space in NMSROOT................. : 62161104 Kb
    Required disk space in NMSROOT.................. : 6581384 Kb
    (The temp and NMSROOT are on same device, therefore this required disk space includes temp space)

    Copying the backup files to the temporary location [C:\PROGRA~1\CSCOpx\tempBackupData]
    preRestore of [Common Services] has started.
    preRestore of [Common Services] has completed.

    preRestore of [aus] has started.
    preRestore of [aus] has completed.

    preRestore of [vms] has started.
    preRestore of [vms] has completed.

    doRestore of [Common Services] has started.

    License check started.

    WARNING: The license details in the server are different from the backup data.
    After restoring, please check the license available in the server.

    License check completed.

    Restoring certificate.

    WARNING: Cannot evaluate the hostname, hence the certificate
    may be from this host or another host.

    [ Certificate not overwritten ]

    Restored Certificate.

    Restoring Common Services database.
    Restored Common Services database.

    Restoring CMIC data.
    Restored CMIC data.

    Restoring CMC data.
    Restored CMC data.

    Restoring Security Settings.
    Restored Security Settings.

    Restoring DCR data.
    Restored DCR data.

    Restoring Certificate key store.
    Restored Certificate key store.

    Restoring JAAS configuration.
    Restored JAAS configuration.

    JRM Job Migration started.
    JRM job Migration done.
    doRestore of [Common Services] has completed.

    doRestore of [aus] has started.
    doRestore of [aus] has completed.

    doRestore of [vms] has started.
    doRestore of [vms] has completed.

    postRestore of [Common Services] has started.
    postRestore of [Common Services] has completed.

    postRestore of [aus] has started.
    postRestore of [aus] has completed.

    postRestore of [vms] has started.
    postRestore of [vms] has completed.

    Restored successfully.
  3. Examine the log file in this location in order to verify that the database is restored. Enter:
    C:\>NMSROOT\log\restorebackup.log
  4. In order to restart the system, enter:
    C:\>net start crmdmgtd

Problem: Backup Lock File Exists

When a CSM backup is performed, it fails with an error similar to this:

Backup failed.ERROR(383): C:\PROGRA~2\CSCOpx\backup.LOCK file exists

Solution

The CSM creates a new lock file ( backup.LOCK) in the backup directory before it starts a backup. If a backup is interrupted or fails, the file does not get cleaned up. You must delete the current backup.LOCK file from the CSM server, and then execute the backup process again.

Problem: Backup Tool or Backup.pl Script Not Used

The CSM server is not backed up with the use of the backup tool in the server GUI, or with the use of the Backup.pl script on the server. Is it possible to use files backed up by an external application in order to restore the CSM?

Solution

The CSM backup process retrieves data from the databases individually. Simple file backups do not properly capture this data, and the files are not reusable to restore the CSM. However, if you completely shut down a Virtual Machine (VM), and take a snapshot of the entire VM, it can be used to restore the CSM (as long as all directories, files, and drives are captured by the snapshot).

Problem: Backup Space Requirements

Space requirements are encountered when a backup restore is performed. How much space is required for a CSM backup restore?

Solution

In order to restore a database backup, the CSM server requires three times the free space of the size of the CSM database backup. The CSM database backup is normally zipped after it is obtained. When transferred to the CSM server, it must be uncompressed. After it is uncompressed, it must be restored. The CSM restore process copies the database to a temporary location before it is installed onto the CSM server.

Related Information

Updated: Jun 27, 2013
Document ID: 116184