NRT: Disaster Recovery in Azure Deployment

Document created by RSA Information Design and Development on Sep 12, 2018
Version 1Show Document
  • View in full screen mode
 

The section tells you how to back up and restore NetWitness Platform 11.x deployed on Azure virtual hosts (also referred to as VMs in this section). The two major tasks to back up and restore 11.x data in an Azure deployment are:

  • Task 1 - Backup and Export Data
  • Task 2 - Restore and Import Data

Task 1 - Backup and Export Data

  1. Export the data by running the nw-recovery-tool --export commands as described in Disaster Recovery (Backup and Restore Instructions).

Task 2 - · Restore and Import Data

You need to refer to the 10.6.5 to 11.2 Azure Upgrade Guide to complete this task. Go to the Master Table of Contents to find all NetWitness Platform Logs & Network 11.x documents.

  1. Delete the VM.

    Do not delete the resources (for example, do not delete Disks, Network Interface, and so on).

  2. Complete the following steps for the AdminServer host, Broker host, ESA host, Endpoint host, and LogCollector host (where host = --category).

    1. Delete the all the resources except the network interface card of the older 11.2 VM.
    2. Deploy the fresh 11.2 VM with the same disk and resources and power it off.
      For detailed instructions on how to deploy a virtual host in Azure, see the 11.2 Azure Deployment Guide.
    3. Run the azure-mac-retention.ps1 from the local machine.
      See the 10.6.5 to 11.2Azure Upgrade Guide for instructions on how to run this script.
    4. Follow the procedure for the NRT restoration for the respective host as described in Restore Data on a Component Host.
    5. After you restore NRT the component host, restore the following files.

      • /etc/fstab
      • /etc/hosts (if hostname is not changed)
      • /etc/waagent.conf
      • /etc/logrotate.d/waagent.logrotate
      • /etc/krb5.conf from the <dump-dir>/unmanaged folder
  3. Complete the following steps for the LogDecoder host, Concentrator host, and Archiver host (where host = --category.

    1. Delete all the resources except the disks that are named external and the network interface card of the older 11.2 VM.
    2. Deploy the fresh 11.2 VM with the same disk and resources listed in the 11.2 Azure Deployment Guide and power it off.

      Do not create the external disk. Only create the nwhome disks.

    3. Run the azure-mac-retention.ps1 from the local machine.
      See the 10.6.5 to 11.2Azure Upgrade Guide for instructions on how to run this script.
    4. Follow the procedure for the NRT restoration for the respective hosts as described in Restore Data on a Component Host.
    5. After you restore NRT the component host, restore the following files.

      • etc/fstab
      • /etc/hosts (if hostname is not changed)
      • /etc/waagent.conf
      • etc/logrotate.d/waagent.logrotate
      • /etc/krb5.conf
Previous Topic:Disaster Recovery
You are here
Table of Contents > Disaster Recovery Azure

Attachments

    Outcomes