Symantec Security Information Manager - Best Practices for Selective Backup and Restore
Size: px
Start display at page:

Download "Symantec Security Information Manager - Best Practices for Selective Backup and Restore"

Transcription

1 Symantec Security Information Manager - Best Practices for Selective Backup and Restore

2 Symantec Security Information Manager - Best practices for selective backup and restore The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: PN: Legal Notice Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR and subject to restricted rights as defined in FAR Section "Commercial Computer Software - Restricted Rights" and DFARS , "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

3 Symantec Corporation 350 Ellis Street Mountain View, CA Printed in the United States of America

4 Technical Support Contacting Technical Support Symantec Technical Support maintains support centers globally. Technical Support s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec s support offerings include the following: A range of support options that give you the flexibility to select the right amount of service for any size organization Telephone and/or Web-based support that provides rapid response and up-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our Web site at the following URL: All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Customers with a current support agreement may access Technical Support information at the following URL: Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Product release level

5 Hardware information Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration Customer service If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: Customer service information is available at the following URL: Customer Service is available to assist with non-technical questions, such as the following types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs, DVDs, or manuals

6 Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan Europe, Middle-East, and Africa North America and Latin America

7 Best practices for selective backup and restore This document includes the following topics: About this guide About selective backup and restore About this guide This guide presents the best practices that can be applied during selective backup and restore of items in Symantec Security Information Manager. Selective backup and restore is a feature that is introduced with the Information Manager About selective backup and restore Symantec Security Information Manager facilitates selective backup and restore of items such as event summary, incident, asset, rule, and report data. You can perform a selective backup of specific items in Information Manager. During restoration you can select a specific backup file and select items within the backup file for restoration. When you perform a selective backup, you can select multiple items for immediate or scheduled backup. The directory administrator (cn=root) logon credentials for LDAP must be provided for selective backup and restore. During restoration you can select a specific backed up file and select items within the backed up file for restoration. additionally you can restore selected items from the specified backup file. You can selectively back up and restore the following items:

8 8 Incidents data (includes incidents, alerts, and tickets data) Assets data Services Networks Policies Locations Operating systems Product configurations (includes collector, agent sensor, appliance, agent, and help desk configurations data) Published reports Published queries Rules (includes User rules and System rules) Event filters (includes User filters and System filters) Monitors (includes User monitors and System monitors) Lookup tables (includes User lookup tables and System lookup tables) Paging services Users User groups Roles Appliance configurations (includes event storage rules, incident forwarding rules, and correlation forwarding rules) Managed reports The following guidelines can help you to implement backup and restore functions effectively: Periodically perform a complete LDAP and a complete database backup to avoid any data loss during restoration of backup files. When you re-image a server, the settings available on the earlier server can be retrieved by using the backup files. For restoration be sure to provide the same domain name, host IP, and host name of the server from where the backup was taken.

9 9 If there is a discrepancy in the domain name, host IP address, and host name details that you provide, the restoration fails. After the restoration, you must manually update the host entries on the newly set server. After taking a backup of the Active Directory users, if Active Directory users are added or deleted, be sure to disable the Scheduled Synchronization option before restoring the Active Directory users. This option can be disabled by editing the already created Active Directory configuration. After the restoration, synchronize all the restored Active Directory users with the Add/Remove Users list in the Active Directory configuration. When this synchronization is completed, the Scheduled Synchronization option can be enabled again. Perform the LDAP restore operation immediately after the Information Manager server is newly setup. Otherwise, when the LDAP backup files are restored on the newly set server, the following issue occurs: The links of the events that are associated with the incidents that are generated before the LDAP restoration are broken. If you used an NFS-mounted directory for backup, during selective restore or purge you must ensure that the NFS server is running. If the NFS server is not running, then you must ensure that the Information Manager server does not use an NFS mounted directory from that NFS server. If you specify a custom path for backup file storage, then you must ensure that the db2admin user is given full permission and the SES user is given read and execute permission. A backup is triggered immediately if the user updates the schedule with the date and time that are earlier than the current date and time. My Queries, My Reports, and other user-specific filters such as incidents, alerts, and tickets are stored as user information. If you have edited the user information after a backup, those changes get deleted when you restore the backup file. The user information in the backup file replaces all the existing information. When you restore backup files of published queries with empty folders, the empty folders are not restored. However, you can restore the empty folders for My Queries and Reports. When you restore the rules of a server, you must restart the rule, correlation, and event service on all the servers in a network. Backup assets, policies, services, operating systems, and locations together as a single unit. You must also restore these items in a similar method.

10 10 Before you back up the items, ensure that there is enough space on the specified directory and on /dbsesa. Backup and restore scenarios Symantec recommends that you understand these typical scenarios for backup and restore and also their corresponding results. In these scenarios, backup and restore functions can be executed without any loss of data. For example, you take a backup of either assets or assets and policies, and you perform a restore of assets only. Information Manager restores all of the assets and policies that are mapped to these assets. Information Manager does not restore newly created policies or assets, or the policies that are not mapped to the assets at the time of backup. Table 1-1 depicts different backup and restore scenarios for various items in Information Manager. Table 1-1 Backup Assets and policies Assets and policies Only assets Backup and restore scenarios Restore Assets and policies Assets Result The assets and policies are restored to the state when the backup was taken. All the assets and policies that are mapped to these assets are restored. The following items are not restored: The policies and the assets that are created after the backup is taken. The policies that are not mapped to the assets at backup.

11 11 Table 1-1 Backup and restore scenarios (continued) Backup Assets and policies Only policies Restore Policies Result All the policies at the time of backup are restored. The following items are retained during a restore: The policies that are created after the backup. The existing mapping between assets and policies. Assets and services Assets and services Only assets Assets and services Assets In addition, the assets are retained to their state when the backup was taken. The assets and services are restored to the state when the backup was taken. All the assets and the services that are mapped to these assets are restored. The following items are not restored: The services and the assets that are created after the backup is taken. The services that are not mapped to the assets at the time of backup. Asset and services Only services Services All the services at the time of backup are restored. The following items are retained: Services that are created after the backup are retained. The existing mapping between assets and services. In addition, the existing state of assets is retained.

12 12 Table 1-1 Backup and restore scenarios (continued) Backup Assets and operating systems Assets and operating systems Only assets Assets and operating systems Only operating systems Assets and locations Restore Assets and operating systems Assets Operating systems Assets and locations Result The assets and operating systems are restored to their state when the backup was taken. All the assets and the operating systems that are mapped to these assets are restored. The operating systems that are not mapped to the assets at the time of backup are not restored. The assets are retained to the state when the backup was taken. All the operating systems at the time of backup are restored. The existing mapping between assets and operating systems are retained during restoration. The assets are retained to the state when the backup was taken. The assets and locations are restored to the state when the backup was taken.

13 13 Table 1-1 Backup and restore scenarios (continued) Backup Assets and locations Only assets Restore Assets Result All the assets and the locations that are mapped to these assets are restored. The following items are not restored: The locations that are created after the backup is taken. The locations that are not mapped to the assets at the time of backup. Assets and locations Only locations Assets Roles and users Locations Assets Roles and users The assets are retained to the state when the backup was taken. All the locations at the time of backup are restored. The locations that are created after the backup are retained. The existing mapping between assets and locations are retained during restoration. The assets are retained to the state when the backup was taken. All the assets and the corresponding policies, services, operating systems, and locations that are mapped to these assets are restored. Any other data that is associated with assets is not restored. All the roles and the users at the time of backup are restored. The roles and the users that are created after the backup is taken are retained.

14 14 Table 1-1 Backup and restore scenarios (continued) Backup Roles and users Only roles Roles and users Only users Groups and users Groups and users Groups Groups and users Users Published queries and published reports Restore Roles Users Groups and users Groups Users Published queries and published reports Result All the roles and the users that are associated with the roles at the time of backup are restored. The roles and the users that are created after the backup is taken are retained. All the users at the time of backup are restored. The roles of the users are retained to their state when the backup was taken. The users that are created after the backup is taken are retained. All the groups and users at the time of backup are restored. The groups and the users that are created after the backup is taken are retained. All the groups and the users that are associated with the groups at the time of backup are restored. The groups and the users that are created after the backup is taken are retained. All the users at the time of backup are restored. Existing groups of the users are retained. The users that are created after the backup is taken are retained. All the published queries and reports are restored. Association of queries and reports are retained to the state during backup.

15 15 Table 1-1 Backup and restore scenarios (continued) Backup Published queries and published reports Published queries and published reports Published reports Restore Published queries Published reports Published reports Result All the published queries are restored. All the published reports are restored. Since queries are not restored, the query not found error is shown if the query was not present already. All the published reports are restored. Since a backup was taken only for published reports, during restoration only the reports are restored. A query not found error is displayed whenever a report is opened that does not contain a query.

16 16

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information