Restoring Data from PostgreSQL Database

In the event of a disaster or data loss, restoring the backed-up data is critical for resuming normal operations. PAM360 offers dedicated scripts to facilitate the seamless restoration of data. This process ensures that all backed-up data can be retrieved and reloaded into the PAM360 database, preserving business continuity.

Caution

  • Stop the PAM360 server before attempting data restoration. Failing to do so may result in data corruption.
  • Data backed up from PAM360 running on Windows can only be restored on Windows.
  • Ensure that you re-install the same PAM360 build that was used before the backup. For example, if PAM360 build 7000 was previously installed, the same build must be reinstalled before restoration.
  • After re-installing the PAM360 build, make sure to start and stop the service once before using the restoreDB command.

In this guide, as listed below, you will learn the detailed procedure to restore the database backup generated on PAM360 installations with PostgreSQL as the backend database utilizing the different encryption methods.

  1. PAM360 Default Encryption
  2. Encryption using HSMs
  3. Custom Encryption

1. PAM360 Default Encryption

  1. Navigate to the <PAM360-Installation-Directory>/bin folder and execute the following command depending on the OS type of the machine where PAM360 is installed in your environment:

    For Windows:

    restoreDB.bat <Backup-File-Path> -p <Key-Path>

    For Linux:

    sh restoreDB.sh <Backup-File-Path> -p <Key-Path>
    Specify the backup file path in .ezip format. Ensure that both the backup file and the pam360_key.key file are placed in the same directory within the PAM360 server.
  2. Navigate to the <PAM360-Installation-Directory>/conf folder, open the manage_key.conf file, and specify the path to the pam360_key.key file.
  3. Execute the following command depending on the OS type. Before executing it, ensure that x11 is enabled on your PAM360 server.

    For Windows:

    updateServerConf.bat

    For Linux:

    updateServerConf.sh
  4. In the pop-up that appears, enter the default certificate name as server.keystore and the password as passtrix. This action will apply the default SSL certificate bundled with the product to your PAM360 server.
  5. Follow these steps to add your trusted SSL certificate to your PAM360 server:
    1. Login to your PAM360 account with administrator credentials and navigate to Admin >> Server Settings >> PAM360 Server.
    2. Locate the SSL certificate, enter the necessary certificate details, and save the changes. PAM360 server will be encrypted using the provided SSL certificate.

2. Encryption using HSMs

  1. Navigate to the <PAM360-Installation-Directory>/bin folder and execute the following command depending on the OS type of the machine where PAM360 is installed in your environment.

    For Windows:

    restoreDB.bat <Backup-File-Path> -p <Key-Path>

    For Linux:

    sh restoreDB.sh <Backup-File-Path> -p <Key-Path>
    Specify the backup file path in .ezip format. Ensure that both the backup file and the pam360_key.key file are placed in the same directory within the PAM360 server.
  2. Navigate to the <PAM360-Installation-Directory>/conf folder, open the manage_key.conf file, and specify the path to the pam360_key.key file.
  3. Copy the pmped.conf file located in the <PAM360-Installation-Directory>/conf folder on the server where the database backup was taken, and paste it into the same location on the server where the database is being restored. The database will be restored with the previously saved data.
  4. Copy the following jar files located in the <PAM360-Installation-Directory>/lib folder on the server where the database backup was taken, and paste them into the same location on the server where the database is being restored.
    • Entrust nShield HSM - ncipherKM.jar
    • SafeNet Luna HSM - LunaProvider.jar
  5. Additionally, if you are using the SafeNet Luna HSM in your environment, you should copy the following library files located in the <PAM360-Installation-Directory>/lib/native folder on the server where the database backup was taken, and paste them into the same location on the server where the database is being restored.
    • Windows - LunaAPI.dll
    • Linux - libLunaAPI.so
  6. Execute the following command depending on the OS type. Before executing it, ensure that x11 is enabled on your PAM360 server.

    For Windows:

    updateServerConf.bat

    For Linux:

    updateServerConf.sh
  7. In the pop-up that appears, enter the default certificate name as server.keystore and the password as passtrix. This action will apply the default SSL certificate bundled with the product to your PAM360 server.
  8. Follow these steps to add your trusted SSL certificate to your PAM360 server:
    1. Login to your PAM360 account with administrator credentials and navigate to Admin >> Server Settings >> PAM360 Server.
    2. Locate the SSL certificate, enter the necessary certificate details, and save the changes. PAM360 server will be encrypted using the provided SSL certificate.

3. Custom Encryption

  1. Copy the jar files created during the custom encryption configuration from the <PAM360-Installation-Directory>/lib folder on the server where the database backup was taken, and paste them into the same location on the server where the database is being restored.
  2. Navigate to the <PAM360-Installation-Directory>/bin folder and execute the following command depending on the OS type of the machine where PAM360 is installed in your environment.

    For Windows:

    restoreDB.bat <Backup-File-Path> -p <Custom-Encryption-Key>

    For Linux:

    sh restoreDB.sh <Backup-File-Path> -p <Custom-Encryption-Keyh>
    For PAM360 builds before 8000, use the following commands:

    For Windows:

    restoreDB.bat <Backup-File-Path> -p <Key-Path>

    For Linux:

    sh restoreDB.sh <Backup-File-Path> -p <Key-Path>
    Specify the backup file path in .ezip format. Ensure that both the backup file and the pam360_key.key file are placed in the same directory within the PAM360 server.
  3. Copy the pmped.conf file located in the <PAM360-Installation-Directory>/conf folder on the server where the database backup was taken, and paste it into the same location on the server where the database is being restored. The database will be restored with the previously saved data.
  4. Execute the following command depending on the OS type. Before executing it, ensure that x11 is enabled on your PAM360 server.

    For Windows:

    updateServerConf.bat

    For Linux:

    updateServerConf.sh
  5. In the pop-up that appears, enter the default certificate name as server.keystore and the password as passtrix. This action will apply the default SSL certificate bundled with the product to your PAM360 server.
  6. Follow these steps to add your trusted SSL certificate to your PAM360 server:
    1. Login to your PAM360 account with administrator credentials and navigate to Admin >> Server Settings >> PAM360 Server.
    2. Locate the SSL certificate, enter the necessary certificate details, and save the changes. PAM360 server will be encrypted using the provided SSL certificate.



Top