Backup
  • 3 minutes to read
  • Dark
    Light
  • PDF

Backup

  • Dark
    Light
  • PDF

Article Summary

Backup options

Info

If the client has a backup agent, we indicate installing the agent on the server that contains the remote folder that will receive the backup copy.

senhasegura offers the following options for backup:

  • Backup of secrets (Break the glass): guarantees that the confidential data registered in the passwords are encrypted. The data can be stored in an external environment to the instance and protected by a master password for consultation in an emergency. The backup of passwords is not used for system restoration but for the client to access the credentials passwords even in case of total unavailability of the senhasegura solution.
  • System Backup: ensures that system information such as data, senhasegura settings or the environment where it is running, programs, applications, and access records can be copied periodically to a client's backup repository following the client's security policies. This type of backup has a long reconstruction time and requires disk space for reconstitution.
  • Video Backup of proxy sessions: ensures that the video recordings of proxy sessions performed through senhasegura are encrypted.

Backup of secrets and system Backup is created when the backup option is enabled and configured. For Video Backup of proxy sessions, you must select Yes in “Enable sessions file backup?”.

Caution

If the system loses access to the remote backup directory, a notification via email and SIEM will be sent.



Mount Backup partition

If you want the backup to be created into a remote disk partition, go to Orbit Config Manager ➔ Settings ➔ Backup; you can configure it through CIFS or NFS or direct sending using RSYNC.

Select Mount a remote partition? to Yes.


Backup via CIFS or NFS

To senhasegura create backups via CIFS or NFS:

  1. Select Mounting a remote partition (via CIFS or NFS).
  2. Click Add remote partition.
  3. At the Add remote partition window, fill the Remote host and the Remote path with the server information, where senhasegura will save the backup created. E.g.,
    • Remote host: myserver.com or 10.10.1.5
    • Remote path: /files/backup/senhasegura
  4. Select the protocol:
    • Samba (CIFS): will require a user with write privileges to the directory in the Remote path, or senhasegura will not be able to mount or create the backup. If necessary, add the domain if required by your host server.
    • Network File System (NFS): when selecting NFS, be sure to allow the senhasegura IP in the Remote Host NFS configurations or senhasegura will not be able to mount or create the backup.
Info

You can use a registered credential as an authentication method. To do that, access Settings ➔ System parameters ➔ System parameters ➔ Application and select the desired credential in the Remote backup credential field.


Caution

Passwords must not contain the characters \, &, and ! in remote partition mapping.



Backup via Rsync

Requirements

  • Have a user with permission to use Rsync in the target backup device
  • Create a directory for the backup where the user for Rsync is the owner, for example, /home/senhauser/backup_rsync
  • Rsync package installed in the backup server

To senhasegura create backups via Rsync, it's necessary to config rsync and give access to the backup server with the public key.

Info

The backup Rsync is done through the SSH key. You will need to have a user in your server with the “authorized_keys” containing the Public Key senhasegura user.

Setup Rsync backup

 Step 1 - senhasegura system backup configuration

  1. Select Send to a remote Linux server (via RSYNC)
  2. Add the User from the backup server that will be used by senhasegura
  3. Add the backup Server hostname or IP, E.g., myserver.com or 10.10.1.5
  4. Add the Remote path directory to save the backup, E.g., “/files/backup/senhasegura."

Step 2 - Backup Configuration senhasegura credentials

  • Access the Orbit ➔ Settings ➔ Backup menu
  • Enable system and video backup
  • Configure a remote partition using Rsync
  • Enter username, device IP, and full path of the created backup folder.

Step 3 - Backup user's public key

  1. Copy the public SSH key of the root user of the senhasegura master instance to the authorized_keys file of the target device.
    vim /home/rsync/.ssh/authorized_keys
    
    
  2. Log in to the senhasegura server using SSH, port 59022, with mt4adm user.
  3. Collect the public key using the command sudo cat /root/.ssh/id_rsa.pub:
    sudo cat /root/.ssh/id_rsa.pub
    
    $ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChIgNXVHrjq3ECwVytNb9k2liB5vGFNNtTDdwSYaYW/WQ8NC0yq70BxcmaQWwFddWfQIQVjMw2WZNkroTsinEZkLHBUN12eMMwNB4izo0iQ70IB8wSj2lQbl/GAYyzQCZQRo486eFHFJVIaTviDpf32D/O6qz6JGvCpRRzx7owZhuscJGfUesl/q0sCZ9DUn79TLtj/lIC+na4s5c1g/SYyO7IkdwQBkeeXJSasdqwe34gbcvbdf5dL5f00EIIEHclg5tBxmt9UQ2yRXu1GbkbdFF5tllNdUfgy4Eb7K8kCTm/djb1ljzWiZodtzas+gPWZOHWaV8nAl17Zc1+xeL shbupk
  4. Copy the public key from your terminal.
  5. Log in to the backup server used, and add the public key in the “authorized_keys” file from the user used in the User field during the senhasegura Rsync configuration

Step 4 - Test Rsync backup

  1. Log in to the senhasegura server using SSH, port 59022, with mt4adm user
  2. Use the following command: sudo orbit backup create
  3. You will receive an output confirming the Rsync and transfer duration
  4. Check if the files are now in the Remote path from the backup server

Backup log file

To check the backup logs:

  • Log in to the senhasegura server using SSH, port 59022, with mt4adm user
  • Execute o comando:
    tail -f /var/log/orbinibkp.log



Next steps


Was this article helpful?