000026963 - How to back up and restore user accounts in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000026963
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Active Directory
Platform: RSA Security Analytics Server
 
IssueHow to back up and restore user accounts in RSA Security Analytics.
How do I back up my users in Security Analytics to import them into a new instance or appliance?
How do I restore my Security Analytics users from a backup?
How do I restore my users in SA after buildsticking the server appliance?
Resolution

It is possible to back up the internal and external users in the RSA Security Analytics UI in order to restore them in a new instance and/or a new appliance.  To perform this procedure, follow the steps below.


  1. Connect to the Security Analytics server appliance via SSH.
  2. Navigate to the home directory by issuing the following command:  cd ~/
  3. Retrieve the H2 Java tools and place them on the SA UI appliance by issuing the following command:  wget http://repo1.maven.org/maven2/com/h2database/h2/1.2.147/h2-1.2.147.jar
  4. Copy down all Active Directory configurations from the External Mappings and Settings tabs under Administration -> System -> Security in the Security Analytics UI, as these will not be backed up and will need to be re-added manually.
  5. Navigate to the H2 platform database directory by issuing the following command:  cd /var/lib/netwitness/uax/db
  6. Stop the Jetty service by issuing the following command: stop jettysrv
  7. Backup the H2 platform database by issuing the following command:  java -cp ~/h2-1.2.147.jar org.h2.tools.Backup -file ~/h2_platform_db_backup.zip
  8. Pull the newly created zip file from the SA server appliance and store it in a secure location.

 


After rebuilding the current Security Analytics server appliance or installing the new appliance, follow the steps below to restore the users that were previously backed up into the Security Analytics UI.


  1. Copy the H2-1.2.147.jar file retrieved in Step 3 into the root's home directory on the new Security Analytics server instance or new appliance.
  2. On the new instance or appliance, stop the Jetty service by issuing the following command:  stop jettysrv
  3. Navigate to the H2 platform database directory by issuing the following command:  cd /var/lib/netwitness/uax/db
  4. Back up the current H2 platform database with the following command:  java -cp ~/h2-1.2.147.jar org.h2.tools.Backup -file ~/h2_platform_db_backup_orig.zip
  5. Copy the original H2 platform database backup to the new SA UI appliance in the root's home directory.
  6. Restore the H2 platform database by issuing the following command:  java -cp ~/h2-1.2.147.jar org.h2.tools.Restore -file ~/h2_platform_db_backup.zip
  7. Start the Jetty service while tailing the logs by issuing the following command:  start jettysrv && tail -f /var/lib/netwitness/uax/logs/sa.log
  8. Once you see entries relating to Live or CMS you will know that the service has been fully initialized.
  9. Log into the Security Analytics UI and confirm that the user accounts have been restored.
  10. Navigate to the External Mappings and Settings tabs under Administration -> System -> Security and enter the Active Directory configurations as necessary.

 


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa65779

Attachments

    Outcomes