Pam Administration Backup And Restore PDF
Document Details
Uploaded by FancySarod
CyberArk University
2023
CyberArk Software
Tags
Summary
This document is a CyberArk presentation on PAM Administration. It discusses backup and restore procedures, including the Replicator utility, and best practices for security.
Full Transcript
PAM Administration Backup and Restore © 2023 CyberArk Software Ltd. All rights reserved By the end of this session, you will be able to: Agenda 1. Desc...
PAM Administration Backup and Restore © 2023 CyberArk Software Ltd. All rights reserved By the end of this session, you will be able to: Agenda 1. Describe the Backup and Restore solution 2. Test the procedures for Vault backup and restore © 2023 CyberArk Software Ltd. All rights reserved Overview © 2023 CyberArk Software Ltd. All rights reserved Replicate Policy requires integration with an Enterprise Backup Solution. Use Cases Policy requires granular point in time data protection. Policy requires object-level data protection. © 2023 CyberArk Software Ltd. All rights reserved Vault Backup Solution The Safes in the Vault are stored in the Data sub-directory Information about users, network areas, Safes, log records, and all activities that occur between them is stored in a database. Database files are stored in the Metadata sub-directory The Data and Metadata folders are extremely important and it is imperative to back them up regularly The CyberArk Vault enables you to backup and restore a single Safe to a Vault, as well as a complete Vault’s data and 5 metadata © 2023 CyberArk Software Ltd. All rights reserved Backup Considerations Vault backup can be implemented in two ways: Third-party backup software is installed on the Vault and the application has access Direct Backup to the backup folders (Not Recommended) This introduces an external application to the Vault and potentially reduces the level of security The PrivateArk Replicate Utility is installed on another server on the network, Indirect Backup typically a server hosting another CyberArk PAM component (Recommended) The Replicate Utility pulls Vault data as encrypted files to the server Enterprise backup software can then backup these files In this session we will focus on backing up using the PrivateArk Replicate Utility © 2023 CyberArk Software Ltd. All rights reserved Installation Perform replication Replicate Utility Perform restore Setup scheduled replications © 2023 CyberArk Software Ltd. All rights reserved Installation and Setup © 2023 CyberArk Software Ltd. All rights reserved Before Installing Before installing the Replicator utility, make sure that the backup server has the following features and capabilities: At least the same disk space as the Vault database on an NTFS volume Accessibility by your enterprise backup system Physical security that only permits authorized users to access it © 2023 CyberArk Software Ltd. All rights reserved Before Installing You will also need to: Enable the Backup user Set the password on the Primary Vault © 2023 CyberArk Software Ltd. All rights reserved Install the Utility Install the Replicator module and specify a path to a backup folder for the replicated data © 2023 CyberArk Software Ltd. All rights reserved Configure Vault.ini Edit the Vault.ini to give the Replicator utility the network address of the Vault server © 2023 CyberArk Software Ltd. All rights reserved Create Cred File The Credential File is used by CreateCredFile.exe backup.cred Password /username the utility to authenticate to the Vault and should be hardened backup /password Cyberark1 /ExePath "C:\Program Files The password for the Backup (x86)\PrivateArk\Replicate\PAReplicate.exe" user is changed in the Vault /IpAddress /Hostname /AppType CABACKUP /EntropyFile and the Credential File is /DpapiMachineProtection /DpapiUserProtection updated after every successful login © 2023 CyberArk Software Ltd. All rights reserved Test Backup and Restore © 2023 CyberArk Software Ltd. All rights reserved Performing a Backup PAReplicate.exe vault.ini /logonfromfile user.ini /FullBackup The backup is launched at a command line using the PAReplicate.exe executable file The syntax of the command as shown specifies the vault.ini file and uses the logonfromfile and fullbackup switches © 2023 CyberArk Software Ltd. All rights reserved Performing a Restore PARestore.exe vault.ini operator /RestoreSafe Linux02 /TargetSafe /LinuxRestore The PARestore command enables you to restore Safes that have previously been backed up Only users with the Restore All Safes authorization in the Vault can restore a Safe © 2023 CyberArk Software Ltd. All rights reserved Set up Scheduled Backups © 2023 CyberArk Software Ltd. All rights reserved Setup Scheduled Backup Scheduled Tasks can be created to launch backups at predetermined intervals. C:\Program Files (x86)\PrivateArk\Replicate\pareplicate.exe’ vault.ini /logonfromfile user.cred /fullbackup © 2023 CyberArk Software Ltd. All rights reserved Performing Periodic Backups 1 It is strongly recommended to create two Scheduled Tasks: One full backup task running every week A second one running every day as an incremental backup Logs can be found in the root of the \Replicate folder. © 2023 CyberArk Software Ltd. All rights reserved Summary © 2023 CyberArk Software Ltd. All rights reserved Summary In this session we covered: Backup and Restore (Replicator utility) How to perform backups and restores © 2023 CyberArk Software Ltd. All rights reserved Exercises You may now proceed to completing the following exercises: Backup And Restore Configure the CyberArk Replicator Utility Run a Backup Delete the TEST Safe Run a Restore © 2023 CyberArk Software Ltd. All rights reserved
