Data Restore

You can restore the backed up data from the Access Manager Plus database in the event of a disaster or data loss. To restore the lost data, Access manager Plus provides scripts.

Summary of Steps

  1. Access Manager Plus with PostgreSQL
  2. Access Manager Plus with MS SQL Server

1. Access Manager Plus with PostgreSQL

The following steps are applicable for the default installation of Access Manager Plus with PostgreSQL as the backend database.

Restoring the data

Note: Stop Access Manager Plus server before trying to restore data. If restoration is done while the server is running, it may lead to data corruption. Data backed up from Access Manager Plus running on Windows can be restored only in Windows.

For Windows:

  1. Navigate to <AMP_Installation_Directory>/bin folder.
  2. Execute the script restoreDB.bat <backup file name> -p <Key path>. Enter your backup file name in .ezip format. Note that the backup file and the amp_key.key file should be located in the same folder under the same path inside the Access Manager Plus server.
  3. The backed up contents would be restored to the Access Manager Plus DB.
  4. Navigate to <AMP_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of amp_key.key (AES 256 encryption master key). Access Manager Plus requires the amp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

For Linux:

  1. Navigate to <AMP_Installation_Directory>/bin folder.
  2. Execute the script sh restoreDB.sh <backup file name> -p <Key path>. Enter your backup file name in .ezip format. Note that the backup file and the amp_key.key file should be located in the same folder under the same path inside the Access Manager Plus server.
  3. The backed up contents would be restored to the Access Manager Plus DB.
  4. Navigate to <AMP_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of amp_key.key (AES 256 encryption master key). Access Manager Plus requires the amp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

2. Access Manager Plus with MS SQL Server

Prerequisite

Access Manager Plus uses SQL server's encryption mechanism to encrypt the data. The encryption master key will be stored under <AMP Installation Folder>/conf directory with the name masterkey.key. For security reasons, during installation of MS SQL, we recommend moving the encryption key from the default location to a secure location. The master key is required for performing the recovery.

Step 1

Install another instance of Access Manager Plus and follow the steps for using MS SQL server as the backend (specifying a new instance of MS SQL server where the backup has to be restored). The new instance of MS SQL server should have been configured with SSL. You can do this by carrying out Steps 1, 2, 3 in this document.

Step 2

Copy the Access Manager Plus backup file from the SQL server. By default, it will be present under /Backup folder and have the name something like ampbackup_ampversion_backupdate-time.bak (For example, ampbackup_6400_110721-1159.bak).

Step 3

Launch Microsoft SQL Server Management Studio (in the machine where the backedup data are to be restored - that is, another instance of SQL server) and connect to the Database Engine.

Step 4

Right-click on Databases and the click Restore Database from the displayed menu.

Step 5

In the Restore Database window, choose the option From device and click [...] button to browse the Access Manager Plus backup file.

Step 6

In the Specify Backup window that opens up, choose the option File as the Backup media and click Add.

Step 7

In the Locate Backup File window, select the Access Manager Plus backup file and click Ok.

Step 8

  1. Now, in the Restore Database window, select the database where the backup is to be restored and specify it in the To database field.
  2. Under Select the backup sets to restore, select the required Restore column.
  3. Click Ok to start the restoring the database.
  4. Upon completion of the restoration, a status window pops-up.

Step 9

Now, you need to restore the Master Key. As mentioned in the prerequisite section above, by default, the encryption master key will be stored under <AMP Installation Folder>/conf directory in the file named masterkey.key. For security reasons, if you have moved the file to some other secure location, identify that. Open the masterkey.key file and copy the password.

Step 10

Connect to the SQL server in which you have restored the Access Manager Plus backup file.
Open Microsoft SQL Server Management Studio and connect the database engine.

Execute the following queries:

use write_the_name_of the restored_database;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'type_the_master_key_password';
alter master key regenerate with encryption by password = 'type_the_master_key_password';

Example:

use passtrix;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'secret';
alter master key regenerate with encryption by password = 'secret';

Execution of the above queries will help decrypt the data.

Step 11

Navigate to <AMP_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of amp_key.key (encryption master key). Access Manager Plus requires the amp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.
Top