Data Restore

In the event of a disaster or data loss, you can restore the backed up data to the PAM360 database. To restore the data, PAM360 provides scripts.

Steps Required for PAM360 with PostgreSQL

The following steps are applicable for the default installation of PAM360 with PostgreSQL as the backend database.

Restoring the data

Important Note:

    1. Stop PAM360 server before trying to restore data. If restoration is done while the server is running, it may lead to data corruption.
    2. Data backed up from PAM360 running on Windows can be restored only in Windows.

For Windows

  • Navigate to <PAM360_Installation_Directory>/bin folder.
  • Execute the script restoreDB.bat <backup file name> -p <Key path>. Enter your backup file name in .ezip format. Note that the backup file and the pam360_key.key file should be located in the same folder under the same path inside the PAM360 server.
  • The backed up contents would be restored to the PAM360 DB.
  • Navigate to <PAM360_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pam360_key.key (AES 256 encryption master key). PAM360 requires the pam360_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

For Linux

  • Navigate to <PAM360_Installation_Directory>/bin folder.
  • Execute the script sh restoreDB.sh <backup file name> -p <Key path>. Enter your backup file name in .ezip format. Note that the backup file and the pam360_key.key file should be located in the same folder under the same path inside the PAM360 server.
  • The backed up contents would be restored to the PAM360 DB.
  • Navigate to <PAM360_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pam360_key.key (AES 256 encryption master key). PAM360 requires the pam360_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

Steps Required for PAM360 with MS SQL Server

Prerequisite

PAM360 uses SQL server's encryption mechanism to encrypt the data. The encryption master key will be stored under <PAM360 Installation Folder>/conf directory with the name masterkey.key. For security reasons, during installation of MS SQL, we recommend moving the encryption key from the default location to a secure location. For performing disaster recovery, the master key is required.

Step 1

Install another instance of PAM360. Follow the steps for using MS SQL server as the backend (specifying a new instance of MS SQL server where the backup has to be restored). The new instance of MS SQL server should have been configured with SSL. You can do this by carrying out Steps 1, 2, 3 in this document.

Step 2

Copy the PAM360 backup file from the SQL server. By default, it will be present under /Backup folder and have the name something like pam360backup_pam360version_backupdate-time.bak (For example, pam360backup_6400_110721-1159.bak).

Step 3

Launch "Microsoft SQL Server Management Studio" (in the machine where the backedup data are to be restored - that is, another instance of SQL server) and connect to the Database Engine.

Step 4

Right-click on "Databases" and the click "Restore Database" from the displayed menu.

Step 5

In the "Restore Database" window, choose the option "From device" and click [...] button to browse the PAM360 backup file.

Step 6

In the "Specify Backup" window that opens up, choose the option "File" as the Backup media and click "Add".

Step 7

In the "Locate Backup File" window, select the PAM360 backup file and click "OK".

Step 8

  • Now, in the "Restore Database" window, select the database where the backup is to be restored and specify it in the "To database" field.
  • Under "Select the backup sets to restore", select the required "Restore column".
  • Click OK to start the restoring the database.
  • Upon completion of the restoration, a status window pops-up.

Step 9

Now, you need to restore the Master Key. As mentioned in the prerequisite section above, by default, the encryption master key will be stored under <PAM360 Installation Folder>/conf directory in the file named masterkey.key. For security reasons, if you have moved the file to some other secure location, identify that. Open the masterkey.key file and copy the password.

Step 10

Connect to the SQL server in which you have restored the PAM360 backup file.
Open "Microsoft SQL Server Management Studio" and connect the database engine.
Execute the following queries:

use write_the_name_of the restored_database;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'type_the_master_key_password';
alter master key regenerate with encryption by password = 'type_the_master_key_password';

Example:

use passtrix;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'secret';
alter master key regenerate with encryption by password = 'secret';

Execution of the above queries will help decrypt the data.

Step 11

Navigate to <PAM360_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pam360_key.key (encryption master key). PAM360 requires the pam360_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

©2019, ZOHO Corp. All Rights Reserved.

Top