Planning for disaster recovery
Planning for disaster recovery
The Nexthink Appliance provides you with different backup techniques that allow you to recover from either a partial or a full disaster:
- A partial disaster is a failure that affects one or several of the server components of Nexthink (Web Console, Engine or Portal), while the Appliance is still accessible.
- A full disaster is a complete system failure that prevents any further access to the Appliance.
The mechanisms for partial disaster recovery are automatically put in place after the installation of the Appliance. Each one of the server components in the Appliance generates a daily backup of its data for its own recovery. In this way, if any of the components crashes, you can at least get the component back to the state it had the day before the crash.
Full disaster recovery, on the other hand, requires you to save the backups to an external storage device outside the Appliance before total breakdown. You can automate this process by activating the provided mechanism to save backup files externally. If you want to install your own backup tool, first read and follow the recommendations of the article on installing third-party software in the Appliance. Beware that a serious hardware issue in your Appliance can make your data unrecoverable if you do not save it elsewhere.
Partial disaster recovery
In case of a server component malfunction, use its daily backup files for recovery. In addition to the daily backups, the server components make an automatic backup of their data before migration as well. That is useful in the case that the software upgrade process goes wrong.
To learn about the information that is saved during the backup process and how to recover from a partial disaster, read the corresponding documentation for each component:
- Web Console automatic backup and Web Console restore
- Engine automatic backup and Engine restore
- Portal automatic backup and Portal restore
Full disaster recovery
In case of a total failure of the Appliance, you need to be ready to start from anew. As a prerequisite, you must have previously saved the backups of all the server components in the Appliance to an external storage device. Remember that you can automate this process by activating external backups from the Web Console.
In addition to the server components, take a backup of the following two items to recover from a full disaster of the master Appliance:
- The product license. Since it is not included in the automatic backups, take a backup of the license file each time that you renew your subscription.
- The PKI that secures the TCP communication of the Collectors with the Engines. Take a backup of the certificates and keys in the master Appliance to avoid having to recreate them and redistribute them to the deployed Collectors.
To perform full recovery:
- Download an Appliance ISO with the same version of the Appliance that failed.
- Install the Appliance following the steps described in Installing the Appliance.
- Choose to install either the Portal or the Engine as described in Engine & Portal Installation, depending on the main server component that your Appliance was running.
- Copy the backups to the new Appliance using any SCP client.
- Restore the Web Console first as described in Restoring the Web Console to set the general parameters of the Appliance.
- Restore the installed server component: Engine or Portal, as documented in Restoring the Engine or Restoring the Portal.
- In the case of a complete failure of the appliance that hosts the Portal, restore the license file.
Activating external backups
The Appliance provides a mechanism to automate the saving of backup files to an external SMB share. This mechanism makes a copy of the daily backup of every server component (Web Console, Engine or Portal, including rule-based assignment data, if enabled) to the SMB share right after the backup file is created.
Before activating external backups, you must set up the SMB share:
- Configure the user account
- Set the permissions on the destination folder
- Share the folder
To activate external backups in the Appliance:
- Log in to the Web Console as admin from a web browser:
- Click the Appliance tab at the top of the window.
- Select the section External backup from the left-hand side menu. This item only appears in slave Appliances if the mechanism of external backup has not been centralized
- Tick the option Enable daily backups to a SMB share and fill out the form:
- SMB share path: The path of the shared folder in Windows format, that is \\server-name\shared-folder\path.
- Username: The name of the user account with the permissions to write to the shared folder.
- Domain: The name of the domain to which the user account belongs. Leave empty if the user does not have any domain.
- Password: The password of the user account.
- Optional: Tick the box Send notificiation by email to send an email to the recipients specified in the Accounts section under Notifications, each time that the system makes an external backup.
- Optional: In Copy test file to SMB share, click the COPY button to test the access to the given shared folder.
Note that you can centralize the external backup of slave Appliances when you federate them. In that way, the slave Appliance uses the same SMB share as the master Appliance for external backups.
The files saved in the SMB share for the different components have the following format:
- Web Console:
- Portal (main backup and history details of count metrics):
- Rule-based assignment data:
For advanced users, it is possible to customize the mount options of the SMB share for external backups. These are the options found after the -o flag of the mount command. By default, the Appliance mounts the SMB share using the options guest and credentials. After activating external backups via the Web Console, set additional mount options for the SMB share by editing the backup config file:
- Log into the CLI of the Appliance.
- Edit the backup configuration file of the Appliance:
sudo vi /var/nexthink/common/conf/backup-config.xml
- Inside the section BackupDirectory add a new entry to specify one or more additional options, separated by commas:
- Save your changes and exit:
The resulting configuration file should look like this:
<?xml version="1.0"?> <Configuration origin=... > <BackupDirectory enabled="true"> <Server>... ... <ExtraParameters>options</ExtraParameters> </BackupDirectory> </Configuration>