Restore from BackupRestore from Backup

This procedure restores deployment data from a backup.

You use this procedure for the following purposes:

• To restore data that is accidentally deleted

• To restore a malfunctioning primary instance

No administration or authentication operations can be performed while the data is restored. The restore process takes longer to complete than the backup process because the authentication services are stopped and started. The size of the internal database also determines the amount of time required to restore data. If the internal database is large, the process can take a long time.

Before you begin

• You must have a backup created on your deployment.

• You must be an Operations Console administrator.

Procedure

1. In the Operations Console, click Maintenance > Backup and Restore > Restore from Backup.

2. Under Backup Location, do one of the following:

   • Select Local Authentication Manager Server.

   • Select Windows Shared Folder.

     Note: If you are using a Windows share, RSA Authentication Manager 8.4 and later requires the SMBv2 or SMBv3 protocol. SMBv1 is no longer supported.

     • In the Windows Shared Folder field, enter the path to an existing Windows shared folder, for example, \\primary.company.net\backup_path.

     • If the shared folder requires a user name, enter the user name in the Folder User Name field, for example, Domain1\User1.

     • If the shared folder requires a password, enter the password in the Folder Password field, for example, password1.

   • Select NFS (Network File System) Shared Folder.

     In the NFS Shared Folder field, enter the NFS server host name and path to a NFS shared folder, for example, fileserver.company.net:/backup_path.

3. Under Restore Options, do one of the following:

   • Select All Data to restore deployment data.

     If you select the All Data option, no administration or authentication operations can be performed while the deployment is being restored.

   • Select Log Data Only to restore just the Administrative Audit, Runtime Audit, and System log data.

     Select this option after you promote a replica instance to transfer the historical log data from the previous primary instance to the new primary instance.

4. Click Next.

   A list of backups is displayed. If you select Log Data Only, the backups created only on the current deployment are displayed.

5. Select the backup (.RSAbackup) that you want to use, and click Next.

   You should use the last good backup created on the current deployment.

6. On the Restore from Backup page, confirm that you selected the correct backup, and do one of the following:

   • To select a different backup, click Back.

   • To restore with the selected backup, enter the password for this backup, and click Restore. The Progress Monitor page is displayed.

7. Click Done when the restore process is complete.

After you finish

• If you restore an Authentication Manager instance with a backup from another deployment, the restored certificates cannot be activated because they use the hostname from the backup. Either create new certificates, or continue to use the certificates that were present on the Authentication Manager instance before the backup was restored. For more information, see Replacing the Console Certificate.

• In a replicated deployment, synchronize each replica instance with the restored primary instance.For instructions, see Synchronize a Replica Instance.

  If you restored the primary instance with a backup that came from a different deployment, then the restore operation automatically deletes each replica instance from the current deployment. A backup that is restored from the current primary instance in the current deployment retains each replica instance.

• If the deployment includes a web tier, do the following:

  • If you restored the Authentication Manager instance with a backup that came from a different deployment, you must re-enable the virtual host. This procedure is not required for a backup that is restored from the original Authentication Manager instance in the current deployment. Do the following:

    1. Disable the virtual host. In the Operations Console, click Deployment Configuration > Virtual Host & Load Balancing, clear the check box, and click Save.

    2. Enable the virtual host. For instructions, see the chapter “Configuring a Virtual Host and Load Balancer” in the RSA Authentication Manager Setup and Configuration Guide.

  • Generate a web-tier deployment package, and run the Web-Tier Installer. For instructions, see the chapter “Installing Web Tiers” in the RSA Authentication Manager Setup and Configuration Guide.

• If the deployment includes an embedded identity router, you must download and re-install the identity router. For instructions, see Quick Setup - Connect RSA Authentication Manager to the Cloud Authentication Service with an Embedded Identity Router.

• The RADIUS server certificate on the Authentication Manager instance does not get replaced with the certificate from the backup file. To update this certificate, see Replace a RADIUS Server Certificate.