Planning for disaster recovery
The Nexthink Appliance provides you with different backup techniques that allow you to recover from either a partial or a full disaster:
A partial disaster is a failure that affects one or several of the server components of Nexthink (Web Console, Engine or Portal), while the Appliance is still accessible.
A full disaster is a complete system failure that prevents any further access to the Appliance.
The mechanisms for partial disaster recovery are automatically put in place after the installation of the Appliance. Each one of the server components in the Appliance generates a daily backup of its data for its own recovery. In this way, if any of the components crashes, you can at least get the component back to the state it had the day before the crash.
Full disaster recovery, on the other hand, requires you to save the backups to an external storage device outside the Appliance before total breakdown. You can automate this process by activating the provided mechanism to save backup files externally. If you want to install your own backup tool, first read and follow the recommendations of the article on installing third-party software in the Appliance. Beware that a serious hardware issue in your Appliance can make your data unrecoverable if you do not save it elsewhere.
Check and disable FIPS mode
Perform these steps if the appliance has FIPS mode disabled.
For example, if your initial Nexthink V6 deployment is a version below or equal to 6.30.15.7, then your deployment has FIPS mode disabled.
If the source appliance has FIPS mode disabled, you must also disable FIPS mode on the new appliance before performing the restore procedure.
Check and, if needed, disable FIPS mode:
Step 1.
Run the following command to check whether the appliance is running in FIPS mode:
Step 2. - Conditional steps
If FIPS mode is enabled, perform the following steps:
Run the following commands:
Restart the system.
Run the following commands to ensure that FIPS mode is disabled:
Partial disaster recovery
In case of a server component malfunction, use its daily backup files for recovery. In addition to the daily backups, the server components make an automatic backup of their data before migration as well. That is useful in the case that the software upgrade process goes wrong.
To learn about the information that is saved during the backup process and how to recover from a partial disaster, read the corresponding documentation for each component:
Full disaster recovery
In case of a total failure of the Appliance, you need to be ready to start anew. As a prerequisite, you must have previously saved the backups of all the server components in the Appliance to an external storage device. Remember that you can automate this process by activating external backups from the Web Console.
In addition to the server components, take a backup of the following two items to recover from a full disaster of the primary Appliance:
The product license. Since it is not included in the automatic backups, take a backup of the license file each time that you renew your subscription.
The PKI that secures the TCP communication of the Collectors with the Engines. Take a backup of the certificates and keys in the primary Appliance to avoid having to recreate them and redistribute them to the deployed Collectors.
To perform full recovery:
Download an Appliance ISO with the same version of the Appliance that failed.
Install the Appliance following the steps described in Installing the Appliance.
Choose to install either the Portal or the Engine as described in Engine & Portal Installation, depending on the main server component that your Appliance was running.
Copy the backups to the new Appliance using any SCP client.
Restore the Web Console first as described in Restoring the Web Console to set the general parameters of the Appliance.
Restore the installed server component: Engin
In the case of a complete failure of the appliance that hosts the Portal, restore the license file.
e or Portal, as documented in Restoring the Engine or Restoring the Portal.
Activating external backups
The Appliance provides a mechanism to automate the saving of backup files to an external SMB share. This mechanism makes a copy of the daily backup of every server component (Web Console, Engine or Portal, including rule-based assignment data, if enabled) to the SMB share right after the backup file is created.
Before activating external backups, you must set up the SMB share:
Configure the user account
Set the permissions on the destination folder
Share the folder
To activate external backups in the Appliance:
Log in to the Web Console as admin from a web browser:
https://<IP_address_of_Appliance>:99
Click the Appliance tab at the top of the window.
Select the section External backup from the left-hand side menu. This item only appears in secondary Appliances if the mechanism of external backup has not been centralized
Tick the option Enable daily backups to a SMB share and fill out the form:
SMB share path: The path of the shared folder in Windows format, that is:
\\server-name\shared-folder\path
Username: The name of the user account with the permissions to write to the shared folder.
Domain: The name of the domain to which the user account belongs. Leave empty if the user does not have any domain.
Password: The password of the user account.
Optional: Tick the box Send notification by email to send an email to the recipients specified in the Accounts section under Notifications, each time that the system makes an external backup.
Optional: In Copy test file to SMB share, click the COPY button to test the access to the given shared folder.
Note that you can centralize the external backup of secondary Appliances when you federate them. In that way, the secondary Appliance uses the same SMB share as the primary Appliance for external backups.
The files saved in the SMB share for the different components have the following format:
Web Console:
console-<hostname>-<timestamp>.tgz
Engine:
nxengine-<instance>-<hostname>-<timestampp>.tgz
Portal (main backup and history details of count metrics):
portal-<hostname>-<timestamp>.tgzportal-<hostname>-history_YYYYMMDD-<timestamp>.backup
Rule-based assignment data:
nxassignment-<hostname>-<timestamp>.tgz
For advanced users, it is possible to customize the mount options of the SMB share for external backups. These are the options found after the -o flag of the mount command. By default, the Appliance mounts the SMB share using the options guest and credentials. After activating external backups via the Web Console, set additional mount options for the SMB share by editing the backup config file:
Log into the CLI of the Appliance.
Edit the backup configuration file of the Appliance:
BASHInside the section BackupDirectory add a new entry to specify one or more additional options, separated by commas:
options
Save your changes and exit:
BASH
The resulting configuration file should look like this:
RELATED TASKS
Last updated