Cisco Physical Access Manager User Guide, Release 1.4.1
Backing Up and Restoring Data
Downloads: This chapterpdf (PDF - 811.0KB) The complete bookPDF (PDF - 61.78MB) | Feedback

Backing Up and Restoring Data

Table Of Contents

Backing Up and Restoring Data

Contents

Backing up the Cisco PAM Database

Backup Usage Notes

Scheduling Automatic Backups

Disabling Automatic Backups

Performing a One-Time Manual Backup

Archiving the Historical Events Database

Restoring a Server Backup File


Backing Up and Restoring Data


This appendix describes how to backup and restore the Cisco PAM database.

Create at least one data backup during the initial server configuration and after every upgrade. Data is backed up to a .zip file and automatically stored on the server disk drive. The file can also be downloaded to a workstation or network drive.

You can restore the data from a .zip archive only when the server is stopped.


Note You must have at least one backup to restore the server software using the recovery CD. See Reinstalling the Cisco PAM Server Software from a Recovery CD for more information.


Contents

Backing up the Cisco PAM Database

Backup Usage Notes

Scheduling Automatic Backups

Disabling Automatic Backups

Performing a One-Time Manual Backup

Archiving the Historical Events Database

Restoring a Server Backup File

Backing up the Cisco PAM Database

Use the backup option in the Cisco PAM Server Administration utility to back up all Cisco PAM data and configurations. Create at least one data backup during the initial server configuration and after every upgrade. Data is backed up to a .zip file and automatically stored on the server disk drive. The file can also be downloaded to a workstation or network drive.

The following backup options are available:

Backup all data, including live and historical events.

Backup all data but exclude all events (do not back up events).

Define an automatic backup schedule.

Copy the automatic backups to a remote server.

Perform a one-time manual backup.

Refer to the following topics:

Backup Usage Notes

Scheduling Automatic Backups

Disabling Automatic Backups

Performing a One-Time Manual Backup

Backup Usage Notes

The maximum size for a backup file is 1 gigabyte (GB) of data. An error occurs if the backup file will be larger than 1 GB, and the backup will fail.

To reduce the size of the backup, do one or both of the following:

Exclude events from the backup operation. See the automatic and manual backup instructions in this section for more information.

Remove historical events from the database to reduce the size of the backup file. See the "Archiving the Historical Events Database" section for more information. See the "Archiving Historical Events" section for instructions.

The backup password is used to restore the backup file, if necessary. Record this password in a safe location.

Manual backups are enabled only if automatic backups are disabled.

In Cisco PAM release 1.2.0 and higher, data can be restored to a server with a different high-availability (HA) configuration. For example, data from a standalone server can be restored to a server in HA mode.

To restore a backup, stop both servers in an HA configuration. The backup can be restored to either server.

Scheduling Automatic Backups

This section describes how to define automatic backups, including how to automatically save the backup files to a remote FTP or SFTP sever. Figure A-1 shows the Automatic backup window.

Figure A-1 Backup Window in the Cisco PAM Server Administration Utility

The three most recent backup files are listed at the top of the page. When a fourth backup file is added, the oldest file is deleted. You can right click a filename to save it to a local or network drive, or use the option in the following procedure to automatically copy the backup files to a remote server. The saved file includes the date (mm/dd/year) the backup occurred, the Cisco PAM version number, and other information. For example: bak-02062011-1422251.3.0_0.3.25.cpam-132.

Procedure

To define automatic backups of the Cisco PAM data and configurations, do the following:


Step 1 Log on to the Cisco PAM appliance as described in Logging on to the Cisco PAM Server Administration Utility.

Step 2 Select Setup and then Backup, as shown in Figure A-1.

Step 3 Select the Automatic backup check box.

Step 4 Enter and re-enter a password for the backup file.

This password must be entered when the backup file is used to restore the data.

Step 5 (Optional) Select the Exclude Events box to exclude events from the backup.

Events will not be backed up and cannot be restored.

To remove historical events from the main database and reduce the size of the backup file, review the "Archiving the Historical Events Database" section.

For instructions to prune old events from the main database, or to remove them from the database by creating an archive of historical events, see the "Archiving Historical Events" section.

Step 6 Define the automatic backup schedule.

a. Select the days when the backups will automatically occur:

To schedule backups for one day per month, select Date and then select a day of the month.
For example: 15.

To schedule backups once per week, select Weekday and then select a day of the week.
For example: Tuesday.

To run backups every day, select Daily.

b. Enter the Time when the automatic backups will run.

Enter the time in 24 hour format (hh:mm:ss).

For example, to run backups at 2 p.m., enter 14:00:00. To run backups at 1 a.m., enter 01:00:00.

Step 7 (Optional) Automatically copy the backups to a remote FTP or SFTP server.

a. Check the Copy to remote server check box.

The remote server settings appear, as shown in Figure A-1.

b. Select the server protocol:

FTP: for standard File Transfer Protocol servers.

SFTP: for secure file transfers using the Secure File Transfer Protocol (also known as the SSH File Transfer Protocol).

c. Enter the IP Address of the FTP or SFTP server.

d. Enter the Username for the FTP or SFTP server account.

e. Enter the Password for the FTP or SFTP server account.

f. Enter the directory Path on the for the FTP or SFTP server where the backup should be saved. The path must exist on the remote server. If the directory is not available, the backup will fail.


Note If the IP address, username, password, or path is incorrect, or if the server is not available, then the backup is not copied to the remote server. The backup is still created on the Cisco PAM server.


Step 8 Click Update to save the changes. Backups will occur according to the scheduled day(s) and time.

When the backup is complete, the new backup file is added to the top of the screen, as shown in Figure A-1.

The backup name includes the date and the server software version number.
For example: February 06, 2011 02:22:25 PM PST.

The three most recent backup files are saved to the Cisco PAM server. When a new backup file is added, the oldest file is deleted.

To manually save the backup file to another location, right-click the filename and select a save option from the browser menu.

If the backup is copied to a remote server, a copy of the file is saved to the server location configured in Step 7.

If the remote server settings are incorrect or the directory path does not exist, the file is not copied and an error message is displayed.

The backup is still saved to the Cisco PAM server even if the remote server in unavailable.


Disabling Automatic Backups

To disable automatic backups, deselect the Automatic backup check box (Figure A-2).

Figure A-2 Disabling Automatic Backups

Procedure


Step 1 Log on to the Cisco PAM appliance as described in Logging on to the Cisco PAM Server Administration Utility.

Step 2 Select Setup and then Backup, as shown in Figure A-2.

Step 3 Select the Automatic tab.

Step 4 De-select the Automatic backup check box.

Step 5 Click Update.

Step 6 (Optional) Perform a manual backup, if necessary. See the "Performing a One-Time Manual Backup" section.


Performing a One-Time Manual Backup

This section describes how to perform a one-time manual backup, including how to save the backup file to a remote FTP or SFTP sever. Figure A-3 shows the manual backup window.


Tip Manual backups are enabled only if automatic backups are disabled. See the "Disabling Automatic Backups" section.


Figure A-3 Manual Backup Window

The three most recent backup files are listed at the top of the page. When a fourth backup file is added, the oldest file is deleted. You can right click a filename to save it to a local or network drive, or use the option in the following procedure to automatically copy the backup files to a remote server. The saved file includes the date (mm/dd/year) the backup occurred, the Cisco PAM version number, and other information. For example: bak-02062011-1422251.3.0_0.3.25.cpam-132.

Procedure

To define automatic backups, do the following:


Step 1 Log on to the Cisco PAM appliance as described in Logging on to the Cisco PAM Server Administration Utility.

Step 2 Select Setup and then Backup.

Step 3 Select the Manual tab, as shown in Figure A-3.


Note Manual backups are enabled only if automatic backups are disabled. See the "Disabling Automatic Backups" section.


Step 4 Enter and re-enter a password for the backup file.

This password must be entered when the backup file is used to restore the data.

Step 5 (Optional) Select the Exclude Events box to exclude events from the backup.

Events will not be backed up and cannot be restored.

To remove historical events from the main database and reduce the size of the backup file, review the "Archiving the Historical Events Database" section.

For instructions to prune old events from the main database, or to remove them from the database by creating an archive of historical events, see the "Archiving Historical Events" section.

Step 6 (Optional) Automatically copy the backup to a remote server.

Use this option to automatically copy the backup file to a remote FTP or SFTP server.

a. Check the Copy to remote server check box.

The remote server settings appear, as shown in Figure A-3.

b. Select the server protocol:

FTP: for standard File Transfer Protocol servers.

SFTP: for secure file transfers using the Secure File Transfer Protocol (also known as the SSH File Transfer Protocol).

c. Enter the IP Address of the FTP or SFTP server.

d. Enter the Username for the FTP or SFTP server account.

e. Enter the Password for the FTP or SFTP server account.

f. Enter the directory Path on the for the FTP or SFTP server where the backup should be saved. The path must exist on the remote server. If the directory is not available, the backup will fail.


Note If the IP address, username, password, or path is incorrect, or if the server is not available, then the backup is not copied to the remote server. The backup is still created on the Cisco PAM server.


Step 7 Click Backup Now to begin the backup process and create a new .zip backup file.

When the backup is complete, the new backup file is added to the top of the screen, as shown in Figure A-3.

The file name includes the date and the server software version number.
For example: December 16, 2009 11:53:15 AM PST.

The three most recent backup files are saved to the Cisco PAM server. When a new backup file is added, the oldest file is deleted.

To manually save the backup file to another location, right-click the filename and select a save option from the browser menu.

If the backup is copied to a remote server, a copy of the file is saved to the server location configured in Step 6.

If the remote server settings are incorrect or the directory path does not exist, the file is not copied and an error message is displayed.

The backup is still saved to the Cisco PAM server even if the remote server in unavailable.


Archiving the Historical Events Database

When you copy and prune old events (as described in "Archiving Historical Events" section) the events are moved to a separate Cisco PAM database. Although the events are no longer displayed in Events and Alarms, they can still be included in system backups (see the "Understanding Live, Pruned and Archived Events" section).

Archiving these historical events removes them from the database and saves them to .zip file that can be saved to another location. The file includes a password-protected SQL script, and can be run on an offline database to view the purged events. Archiving historical events also improves system performance and reduces the size of the backup file.

You can right click a filename to save it to a local or network drive, or automatically copy the archive files to a remote FTP or SFTP server.

The historical event management settings are entered during the initial server setup. See the "Initial Setup Instructions" section for instructions.

To modify these settings, use the Cisco PAM Server Administration utility, as described in the "Archiving Historical Events" section.

Restoring a Server Backup File

Complete the procedure in this section to restore data from a backup file, or from an archive file.

Note the following when restoring data or archives:

Data can be restored only when the server is stopped.

Both servers must be stopped in an HA configuration. The backup can be restored to either server.

In Cisco PAM release 1.2.0 and higher, data can be restored to a server with a different high-availability (HA) configuration. For example, data from a standalone server can be restored to a server in HA mode.

Backup files include the Cisco PAM configuration and other data.

Archive files include only historical events that were removed from the database using the Archive function. You can view historical events recovered from an archive file using Reports, but they cannot be viewed in the Events and Alarms module. See Archiving the Historical Events Database for more information.

If an archive from release 1.2.0 or earlier is restored, you will automatically be redirected to the Events configuration page of the Cisco PAM Server Administration utility. Use this page to enter the required setting to prune and archive old events. See the "Archiving Historical Events" section for information and instructions. You cannot start the server or perform other activities until the event archiving is successfully configured.

Procedure

To restore the data from a backup or archive file, do the following:


Step 1 Verify that you have the correct backup file from either the Active or Standby server.

See Backing up the Cisco PAM Database.

Step 2 Stop the Standby server, if installed.


NoteFor redundant HA configurations, ensure that both the Active and Standby servers are stopped (in Down state). Restoring a backup while either of the servers is up will result in unexpected behavior.

If you are upgrading or reinstalling the server software, the Standby server should already be in the Down state.


a. Log on to the Standby Cisco PAM appliance.

b. Select Monitoring and then select Status.

c. In the Admin State Entry, click Stop.

d. Verify that the Admin State is Down, as shown in Figure A-4.

Figure A-4 Server Admin State (Down) for the Active Server

Step 3 Stop the Active server.


NoteFor redundant HA configurations, ensure that both the Active and Standby servers are Down (Admin State). Restoring a backup while either of the servers is up will result in unexpected behavior.

If you are upgrading or reinstalling the server software, the Standby server should already be in the Down state.


a. Log on to the Active Cisco PAM appliance.

b. Select Monitoring and then select Status.

c. In the Admin State Entry, click Stop.

d. Verify that the Admin State is Down, as shown in Figure A-4.

Step 4 On the Active server, select the Setup tab, and then select Restore, as shown in Figure A-5.

Figure A-5 Restore Window in the Cisco PAM Server Administration Utility

Step 5 Enter and re-enter the password for the backup file. This is the password entered when the backup file was created, as described in Backing up the Cisco PAM Database.

Step 6 Click Browse to locate and select the .zip backup file.

For example: bak-02102011-1141001.3.0_0.3.25.cpam-supermicro-116

Step 7 If the file is an archive file, select the Is Archived File checkbox.

See Archiving the Historical Events Database for more information.

Step 8 Click Restore and wait for the restore process to complete.

Step 9 Wait for the server to automatically restart.

A pop-up message appears informing you that the Web administrator utility is restarting.

If the Cisco PAM Server Administration utility disconnects, a browser error message may be shown. Wait approximately five minutes for the server to restart, and then refresh your browser to log in again.

Step 10 If restoring a backup from Release 1.2.0 or earlier to Release 1.3.0 or higher, you must enter the event pruning and archive settings, as shown in Figure A-6.


Note If you are upgrading from release 1.3.0 or higher, skip to Step 11.


Pruned Events are removed from the main database table and placed in a separate database, allowing you to reduce the size of the main database date while keeping them accessible on the Cisco PAM system. Pruned events are not visible in Events & Alarms, but are included in reports. Pruned events are also included in system backups.

Archived events are removed from all Cisco PAM database tables and copied to a compressed file. The file includes a password-protected SQL script, and can be run on an offline database to view the purged events. Archived events are not visible in the Events & Alarms listings or Reports, and are not included in system backups.


Tip These settings are only required if restoring a backup from Release 1.2.0 or earlier. After the restore is complete, you can make additional changes. See the "Archiving Historical Events" section for more information.


Figure A-6 Initial Setup: Event Pruning and Archiving

a. Select the Pruning tab (Figure A-6), and enter the following settings:

Live Events Window (days)—Enter a value between 0 and 500 (inclusive). This is the number of days of events that will be available on live view. All the events older than the specified days will be removed at the pruning schedule time. For example, enter 30 to keep events in the live view for 30 days. After midnight on day 30, the events are subject to pruning and archiving (depending on the schedule defined in the following steps).


NoteTo ensure that events are regularly pruned, we recommend entering 60 days or less in the Live Events Window field. Entering a value greater than 60 can cause an excessive number of event entries to accumulate in the main database and negatively impact system performance.

The number is rounded to midnight of the last day.


Schedule—define the time and frequency when events should pruned.

Date—To schedule pruning for one day per month, select Date and then select a day of the month. For example: 15.

Weekday—To schedule pruning once per week, select Weekday and then select a day of the week. For example: Tuesday.

Daily—To run pruning every day, select Daily.

Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run pruning at 2 p.m., enter 14:00:00. To run pruning at 1 a.m., enter 01:00:00.

Figure A-7 Archiving Events

b. Select the Archive tab (Figure A-7) and enter the following settings:


Tip The archive settings are required during the initial setup. After a successful restore, you can disable auto-archiving if necessary. See the "Archiving Historical Events" section.


Enter and re-enter the administrator Password. This password is used to restore the archive file (similar to backup files).

Historic Events Window (days)—Enter the number of days that events will be available for reports. After the minimum number of days the events will be archived to a compressed file. For example, enter 30 to keep events in the live view for 30 days. After midnight on day 30, the events are subject to archiving (depending on the schedule defined in the following steps).

Enter a Schedule when the historic events will be removed from the pruned database and placed into a compressed archive file (archived files are listed above the entry fields).

Date—To schedule archiving for one day per month, select Date and then select a day of the month. For example: 15.

Weekday—To schedule archiving once per week, select Weekday and then select a day of the week. For example: Tuesday.

Daily—To run archiving every day, select Daily.

Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run archiving at 2 p.m., enter 14:00:00. To run archiving at 1 a.m., enter 01:00:00.

(Optional) Select Copy to remote server to automatically copy the archived event files to a remote FTP or SFTP location.


Note Only the three most recent archive files are saved. If you do not save the archive file manually or by copying it to a remote server, then the oldest file will be permanently deleted when the fourth file is created.


FTP: for standard File Transfer Protocol servers.

SFTP: for secure file transfers using the Secure File Transfer Protocol (also known as the SSH File Transfer Protocol).

Address—the IP address or hostname of the remote server.

Username—the username required to log in to the server.

Password—the login password for the remote server.

Path—the directory path where the compressed archive will be copied. The path must exist on the remote server. If the directory is not available, the archive will fail.

c. Select Next to apply the settings and continue.

Step 11 Verify that the Active server is up.

a. Log on to the Active Cisco PAM appliance.

b. Select the Monitoring tab and then select Status, as shown in Figure A-8.

c. Verify the following:

The Admin State is Up.

The Server Mode is Active.

Figure A-8 Server Admin State (Up) for the Active Server

Step 12 If the Status is Down, click Start to manually restart the server and then verify that the Admin State is Up.

Step 13 Restart the Standby server, if installed.

a. Log on to the Standby Cisco PAM appliance.

b. Select the Commands tab, and then select Start Server.

c. Select the Monitoring tab and then select Status.

d. Verify the following:

The Admin State is Up.

The Server Mode is Standby.