Backup
Backup options
If the client has a backup agent, we indicate that this agent is installed on the server that contains the remote folder that will receive the backup copy.
senhasegura offers the following options of backup:
Backup of secrets (Break the glass): guarantees that the confidential data registered in the passwords are available in an encrypted format. The data can be stored in an external environment to the instance and protected by a master password for consultation in an emergency. The backup of passwords is not used for system restoration, but for the client to have access to the credentials passwords even in case of total unavailability of the senhasegura solution.
System Backup: ensures that system information such as data, senhasegura settings or the environment where it is running, programs, applications, and access records can be copied periodically to a client's backup repository following the client's security policies. This type of backup has a long reconstruction time and requires disk space for its reconstitution.
Video Backup of proxy sessions: ensures that the video recordings of proxy sessions performed through senhasegura are available in an encrypted format.
Backup of secrets and system Backup are created when the backup option is enabled and configured, Video Backup of proxy sessions it needs to be flagged as "Yes" in "Enable sessions file backup?" to be created as well.
Mount Backup Partition
If you want the backup to be created into a remote disk partition, go to Orbit Config Manager ➔ Settings ➔ Backup, you can configure it through CIFS, NFS, or direct sending using RSYNC.
Select Mount a remote partition? to Yes.
Backup via CIFS or NFS
To senhasegura create backups via CIFS or NFS:
Select Mounting a remote partition (via CIFS or NFS).
Click Add remote partition.
At the Add remote partition window, fill the Remote host and the Remote path with the server information where senhasegura will save the backup created. E.g.,
- Remote Host: myserver.com or 10.10.1.5
- Remote path: /files/backup/senhasegura
Select the protocol:
Samba (CIFS), will require a user with write privileges to the directory in the remote path, or senhasegura will not be able to mount or create the backup. If necessary, add the domain if required by your host server.
Passwords must not contain the characters \, &
and !
in remote partition mapping
Network File System (NFS), when selecting NFS, be sure to allow the senhasegura IP in the Remote Host NFS configurations, or senhasegura will not be able to mount or create the backup.
Backup via rsync
To senhasegura create backups via rsync, it's necessary to config rsync and give access to backup server with public key.
The backup rsync is done through SSH key. You will need to have an user in your server with the "authorized_keys" containing the Public Key senhasegura user.
Config rsync
- Select Send to a remote Linux server (via rsync).
- Add the User from the backup server that will be used by senhasegura.
- Add the backup Server hostname or IP, E.g., myserver.com or 10.10.1.5.
- Add the directory Remote path that will used to save the backup, E.g., "/files/backup/senhasegura".
Backup user public key
login the senhasegura server using SSH, port 59022, with mt4adm user.
Collect the public key using the command
sudo cat /root/.ssh/id_rsa.pub
:sudo cat /root/.ssh/id_rsa.pub
$ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChIgNXVHrjq3ECwVytNb9k2liB5vGFNNtTDdwSYaYW/WQ8NC0yq70BxcmaQWwFddWfQIQVjMw2WZNkroTsinEZkLHBUN12eMMwNB4izo0iQ70IB8wSj2lQbl/GAYyzQCZQRo486eFHFJVIaTviDpf32D/O6qz6JGvCpRRzx7owZhuscJGfUesl/q0sCZ9DUn79TLtj/lIC+na4s5c1g/SYyO7IkdwQBkeeXJSasdqwe34gbcvbdf5dL5f00EIIEHclg5tBxmt9UQ2yRXu1GbkbdFF5tllNdUfgy4Eb7K8kCTm/djb1ljzWiZodtzas+gPWZOHWaV8nAl17Zc1+xeL shbupkCopy the public key from your terminal.
Login into the backup server used, and add the public key in the "authorized_keys" file from the user used in User field during the senhasegura rsync configuration.
Test Rsync backup
- Login the senhasegura server using SSH, port 59022, with mt4adm user.
- Use the follwing command
sudo orbit backup create
. - You will received an output confirming the rsync and transfer duration.
- Check if the files are now in the Remote path from the backup server.
If the system loses access to the remote backup directory, a notification via email and SIEM will be sent.