Backup and Restore

The ExtraHop Discover and Command appliances have the ability to store both user customizations and administrator-configured system resources. With the Backup and Restore feature, you can restore an existing appliance in case of a failure (a total appliance loss or any failure of the appliance firmware disk), or you can migrate the saved settings to a new or larger-capacity appliance.

Daily backups occur automatically and are saved on your appliance. You can also create a manual backup at any time (for example, after you make a number of important changes). You can download a backup file of these customizations and system resources and store the file in a secured, off-appliance location.

  • Create a backup after any important configuration changes.
  • Create a script for the REST API to periodically create backups and store the files to a secure off-appliance location.
  • If preserving metrics data is important, configure an external datastore.

What types of restore operations are supported?

  • You cannot backup a larger appliance and migrate customizations to a smaller appliance.
  • You cannot backup an appliance on a newer generation of hardware and migrate to an appliance that is on a previous generation of hardware.
  • You cannot backup an appliance from one system edition to another.
  • When restoring a Command appliance that has a tunneled connection from a Discover appliance, note the following restrictions: the tunnel must be reestablished after the restore is complete and any customizations on the Command appliance for that Discover appliance must be manually recreated.
  • You can only backup and restore between appliances that are on the same major and minor version of firmware, such as 7.1.0 to 7.1.1. You cannot backup one version of firmware and restore to a previous or later version of firmware.

What is included in a backup file?

The following customizations and resources are saved when you create a backup.

  • User customizations such as bundles, triggers, and dashboards.
  • Appliance configuration settings made in the Admin UI, such as locally-created users and remote imported user groups, running configuration file settings, appliance SSL certificates, and connections to Explore and Trace appliances.

What is not included in a backup file?

The following customizations and resources are not saved when you create a backup.

  • License information for the appliance. If you are restoring to a new target appliance, you must manually re-license each.
  • Metrics stored on the local datastore. If you are restoring a backup file to the same appliance that created the backup, and the datastore is intact, existing metrics are retained. However, to plan for scenarios where metrics must be recovered on a different appliance, you can save metrics to an external datastore and then work with ExtraHop Support to restore those saved metrics to a target appliance.
  • Precision packet captures. You can download saved packet captures manually by following the steps in View and download packet captures.
  • User-uploaded SSL keys for traffic decryption.
  • Secure keystore data, which contains passwords. If you are restoring a backup file to the same appliance that created the backup, and the keystore is intact, you do not need to re-enter credentials. However, if you are restoring a backup file to a new appliance, you must re-enter the following credentials:
    • Any SNMP community strings provided for SNMP polling of flow networks.
    • Any bind password provided to connect with LDAP for remote authentication purposes.
    • Any password provided to connect to an SMTP server where SMTP authentication is required.
    • Any password provided to access external resources through the configured global proxy.
    • Any password provided to access ExtraHop Cloud services and Atlas services through the configured ExtraHop cloud proxy.
    • Any secret key provided to configure Microsoft Azure and Amazon AWS Open Data Stream targets.

What is restored from a backup file?

You are able to perform two types of restore operations; you can restore customizations only (such as changes to alerts, dashboards, triggers, custom metrics) or you can restore customizations and system resources.

Published 2018-12-06 15:34