- 3 minutes to read
- Print
- DarkLight
- PDF
Backup
- 3 minutes to read
- Print
- DarkLight
- PDF
Backup options
If the client has a backup agent, we indicate installing the agent on the server that contains the remote folder that will receive the backup copy.
senhasegura offers the following options for backup:
- Backup of secrets (Break the glass): guarantees that the confidential data registered in the passwords are encrypted. The data can be stored in an external environment to the instance and protected by a master password for consultation in an emergency. The backup of passwords is not used for system restoration but for the client to access the credentials passwords even in case of total unavailability of the senhasegura solution.
- System Backup: ensures that system information such as data, senhasegura settings or the environment where it is running, programs, applications, and access records can be copied periodically to a client's backup repository following the client's security policies. This type of backup has a long reconstruction time and requires disk space for reconstitution.
- Video Backup of proxy sessions: ensures that the video recordings of proxy sessions performed through senhasegura are encrypted.
Backup of secrets and system Backup is created when the backup option is enabled and configured. For Video Backup of proxy sessions, you must select Yes in “Enable sessions file backup?”. If the system loses access to the remote backup directory, a notification via email and SIEM will be sent.
Mount Backup partition
If you want the backup to be created into a remote disk partition, go to Orbit Config Manager ➔ Settings ➔ Backup; you can configure it through CIFS or NFS or direct sending using RSYNC.
Select Mount a remote partition? to Yes.
Backup via CIFS or NFS
To senhasegura create backups via CIFS or NFS:
- Select Mounting a remote partition (via CIFS or NFS).
- Click Add remote partition.
- At the Add remote partition window, fill the Remote host and the Remote path with the server information, where senhasegura will save the backup created. E.g.,
- Remote host: myserver.com or 10.10.1.5
- Remote path: /files/backup/senhasegura
- Select the protocol:
- Samba (CIFS): will require a user with write privileges to the directory in the Remote path, or senhasegura will not be able to mount or create the backup. If necessary, add the domain if required by your host server.
- Network File System (NFS): when selecting NFS, be sure to allow the senhasegura IP in the Remote Host NFS configurations or senhasegura will not be able to mount or create the backup.
You can use a registered credential as an authentication method. To do that, access Settings ➔ System parameters ➔ System parameters ➔ Application and select the desired credential in the Remote backup credential field.
Passwords must not contain the characters \, &,
and !
in remote partition mapping.
Backup via Rsync
Requirements
- Have a user with permission to use Rsync in the target backup device
- Create a directory for the backup where the user for Rsync is the owner, for example, /home/senhauser/backup_rsync
- Rsync package installed in the backup server
To senhasegura create backups via Rsync, it's necessary to config rsync and give access to the backup server with the public key. The backup Rsync is done through the SSH key. You will need to have a user in your server with the “authorized_keys” containing the Public Key senhasegura user.
Setup Rsync backup
Step 1 - senhasegura system backup configuration
- Select Send to a remote Linux server (via RSYNC)
- Add the User from the backup server that will be used by senhasegura
- Add the backup Server hostname or IP, E.g., myserver.com or 10.10.1.5
- Add the Remote path directory to save the backup, E.g., “/files/backup/senhasegura."
Step 2 - Backup Configuration senhasegura credentials
- Access the Orbit ➔ Settings ➔ Backup menu
- Enable system and video backup
- Configure a remote partition using Rsync
- Enter username, device IP, and full path of the created backup folder.
Step 3 - Backup user's public key
- Copy the public SSH key of the root user of the senhasegura master instance to the authorized_keys file of the target device.
vim /home/rsync/.ssh/authorized_keys
- Log in to the senhasegura server using SSH, port 59022, with mt4adm user.
- Collect the public key using the command
sudo cat /root/.ssh/id_rsa.pub
:sudo cat /root/.ssh/id_rsa.pub $ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChIgNXVHrjq3ECwVytNb9k2liB5vGFNNtTDdwSYaYW/WQ8NC0yq70BxcmaQWwFddWfQIQVjMw2WZNkroTsinEZkLHBUN12eMMwNB4izo0iQ70IB8wSj2lQbl/GAYyzQCZQRo486eFHFJVIaTviDpf32D/O6qz6JGvCpRRzx7owZhuscJGfUesl/q0sCZ9DUn79TLtj/lIC+na4s5c1g/SYyO7IkdwQBkeeXJSasdqwe34gbcvbdf5dL5f00EIIEHclg5tBxmt9UQ2yRXu1GbkbdFF5tllNdUfgy4Eb7K8kCTm/djb1ljzWiZodtzas+gPWZOHWaV8nAl17Zc1+xeL shbupk
- Copy the public key from your terminal.
- Log in to the backup server used, and add the public key in the “authorized_keys” file from the user used in the User field during the senhasegura Rsync configuration
Step 4 - Test Rsync backup
- Log in to the senhasegura server using SSH, port 59022, with mt4adm user
- Use the following command:
sudo orbit backup create
- You will receive an output confirming the Rsync and transfer duration
- Check if the files are now in the Remote path from the backup server
Backup log file
To check the backup logs:
- Log in to the senhasegura server using SSH, port 59022, with mt4adm user
- Execute o comando:
tail -f /var/log/orbinibkp.log