Data Restore

In the event of a disaster or data loss, you can restore the backed up data to the Password Manager Pro (PMP) database. To restore the data, Password Manager Pro provides scripts.

1. Steps Required

The following steps are required for disaster recovery for Password Manager Pro with PostgreSQL (OR) MySQL as the backend database.

Important Notes:

    1. Stop PMP server before trying to restore data. If restoration is done while the server is running, it may lead to data corruption.
    2. Data backed up from PMP running on Windows can be restored only in Windows.
    3. While restoring the back up, ensure that you re-install the same PMP build and architecture type that was present previously. For example: If you had PMP build 10500 and 32-bit earlier, then install the same again.
    4. Make sure you start and stop the service once each time before using the restoreDB command.

i. For Windows

  1. Navigate to <PMP_Installation_Directory>/bin folder.
  2. Execute the script restoreDB.bat <backup file name> -p <Key path>. Enter your backup file name in .ezip format. Note that the backup file and the pmp_key.key file should be located in the same folder under the same path inside the PMP server.
  3. The backed up contents would be restored to the PMP DB.
  4. Navigate to <PMP_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pmp_key.key (AES 256 encryption master key). PMP requires the pmp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

ii. For Linux

  1. Navigate to <PMP_Installation_Directory>/bin folder.
  2. Execute the script sh restoreDB.sh <backup file name> -p <Key path>. Enter your backup file name in .ezip format. Note that the backup file and the pmp_key.key file should be located in the same folder under the same path inside the PMP server.
  3. The backed up contents would be restored to the PMP DB.
  4. Navigate to <PMP_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pmp_key.key (AES 256 encryption master key). PMP requires the pmp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

2. Disaster Recovery Steps for Password Manager Pro with MS SQL Server

2.1 Prerequisite

PMP uses SQL server's encryption mechanism to encrypt the data. The encryption master key will be stored under <PMP Installation Folder>/conf directory with the name masterkey.key. For security reasons, during installation of MS SQL, we recommend moving the encryption key from the default location to a secure location and use it while performing disaster recovery.

Step 1

Install another instance of PMP with MS SQL server as the backend. You are now specifying a new instance of MS SQL server where the backup has to be restored. Ensure that the new instance of MS SQL server is configured with SSL. For details, refer steps 10.1.1 to 10.1.3 under MS SQL Configuration.

Step 2

Copy the PMP backup file from the SQL server. By default, it will be present under <MSSQL_installation_folder>/Backup folder and have the name something like pmpbackup_pmpversion_backupdate-time.bak (For example, pmpbackup_6400_110721-1159.bak). Click here to learn more about taking backups of your PMP data. The backups taken from the MS SQL database will be stored as a .bak file in the host, where the SQL server is running.

Step 3

Launch Microsoft SQL Server Management Studio (in the machine where the backed up data are to be restored - that is, another instance of SQL server) and connect to the Database Engine.

Step 4

Right-click on Databases and the click Restore Database from the displayed menu.

Step 5

In the Restore Database window, choose the option From device and click [...] button to browse the PMP backup file.

Step 6

In the Specify Backup window that opens up, choose the option File as the Backup media and click Add.

Step 7

In the Locate Backup File window, select the PMP backup file and click OK.

Step 8

  1. Now, in the Restore Database window, select the database where the backup is to be restored and specify it in the To database field.
  2. Under Select the backup sets to restore, select the required Restore column.
  3. Click OK to start the restoring the database.
  4. Upon completion of the restoration, a status window pops-up.

Step 9

Now, you need to restore the Master Key. As mentioned in the prerequisite section above, by default, the encryption master key will be stored under <PMP Installation Folder>/conf directory in the file named masterkey.key. For security reasons, if you have moved the file to some other secure location, identify that. Open the masterkey.key file and copy the password.

Step 10

Connect to the SQL server in which you have restored the PMP backup file.
Open Microsoft SQL Server Management Studio and connect the database engine.
Execute the following queries:

use write_the_name_of the restored_database;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'type_the_master_key_password';
alter master key regenerate with encryption by password = 'type_the_master_key_password';

Example:

use passtrix;
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'secret';
alter master key regenerate with encryption by password = 'secret';

Execution of the above queries will help decrypt the data.

Step 11

Navigate to <PMP_Installation_Folder>/conf folder, edit manage_key.conf and specify the location of pmp_key.key (encryption master key). PMP requires the pmp_key.key file accessible with its full path when it starts up every time. After a successful start-up, it does not need the key anymore and so the device with the key file can be taken offline.

Important Notes:

    1. Perform database restore of the .bak file and execute the above queries to set the master key using the same account with which PMP connects to the database.
    2. However, if you are using a different account to restore the database in SQL studio and to execute the Alter master key queries, then execute the additional queries given below to provide required permissions for the PMP account to read the master key.

      GRANT VIEW DEFINITION ON CERTIFICATE::PMP_CERT TO [user]

      GRANT VIEW DEFINITION ON SYMMETRIC KEY::PMP_SYM_KEY TO [user]

      GRANT CONTROL ON CERTIFICATE::PMP_CERT TO [user]

    3. The [user] in the above queries refers to the actual login name of the account used by PMP to connect to the SQL database. You can find this account's name in the JDBC URL present in the <PMP_Installation_Folder>/conf/database_params.conf file, unless the account uses Windows authentication.
    4. Execute the queries given below to verify the correct names of the CERTIFICATE and SYMMETRIC KEY:

      select * from sys.certificates

      select * from sys.symmetric_keys

 

 

©2014, ZOHO Corp. All Rights Reserved.

Top