Backing up and restoring DCA Index Server data

DCA Index Servers store all data used in Threat Director and Vulnerability Manager. Backing up data in DCA Index Servers should be part of the regular maintenance of a portal deployment.

An automatic backup procedure is described below. In the procedure, you must configure some values that specify where data is stored and how often a backup should occur. 

In rare situations you may need to restore DCA Index Server data that was previously archived. A restore procedure is described below.

Important

Frequency for backups of DCA Index Server data depends on how often you import scan files and map their contents to the contents of your BladeLogic system. If you are using vulnerability data daily, then backups should occur daily.

This topic contains the following sections:

To back up DCA Index Server data

This backup capability can store a snapshot of the data in the DCA Index Server to a local or remote repository.

This procedure requires you to modify two configuration files.

If you have installed multiple instances of the BladeLogic Portal server, you must ensure that each instance has an identical backup configuration.

  1. Configure the bmc-config.json file
    1. Open bmc-config.json for editing.
      Typically, this file resides at <install_location>/portal/configuration/bmc-config.json.
    2. In the file, search for the term ElasticSearchConfigManager. The section that includes that term appears as follows

      "com.bmc.dcaportal.index.service.core.ElasticSearchConfigManager" : {
            "indexsearch.enabled" : "true",
            "cluster.name" : "dca-index",
            "loader.maxBSAPageSize" : 1000,
            "aggregation.precision.count" : 500,
      	  "vulnerability.management.circuit.breaker" : 1500000,
      	  "circuit.breaker.threshold" : 95,
            "loader.threadPoolSize" : 5,
            "purge.interval" : 10,
              "index.backup.path" : "",
              "index.backup.timeinterval" : 1440
          },
    3. Provide the following values, as necessary:

      OptionExplanation
      index.backup.path
      Provides the path to local or remote location where data should be stored. Be sure you have correct permissions for the location you specify.
      For example, you might enter:
      "index.backup.path" : "C:\\INDEX_BACKUP", 
      index.backup.timeinterval
      Specifies how often a backup of the DCA Index Server data should occur. The value you enter is in minutes. By default, a backup occurs every 24 hours.
    4. Save bmc-config.json.
  2. Configure the elasticsearch.yml file.
    1. Open elasticsearch.yml for editing.
      Typically, this file resides at <install_location>/portal/DCAIndexService/config/elasticsearch.yml
    2. Insert the following entry anywhere in the file:

      path.repo: <Path_to_backup_directory> 

      For example, you might enter:
      path.repo: C:\\INDEX_BACKUP
      The value you enter must match the value of index.backup.path that you specified in the bmc-config.json file. 

    3. Save elasticsearch.yml.
  3. Restart the BladeLogic Portal and BMC DCA Index services.
    • (Windows):
      1. From the Windows Control Panel, select Administrative Tools > Services.
      2. Start the BMC DCA Index Service 1.7.3 (DCAIndexService) service.
        Be sure to start this service first. 
      3. Start the BladeLogic Portal service.
    • (Linux): 
      1. Enter the command: /etc/init.d/DCAIndexService start
        Be sure to enter this command first.
      2. Enter the command: /etc/init.d/BladeLogic_Portal start
  4. Repeat this procedure for each instance of the BladeLogic Portal server.

To restore DCA Index Server data

Restoring DCA Index Server data requires you to install a plug-in that provides a web-based front end to the DCA Index Server. After the plug-in is installed, there are two possible restore procedures:

Installing the plug-in for the web-based front end

  1. If your installation of BladeLogic Portal does not have Internet access, perform these preliminary steps. If your site does have Internet access, skip to step 2.
    1. Using a host that does have Internet access, visit https://github.com/mobz and download elasticsearch-head.zip.
    2. Move the downloaded file to a directory within your installation.
  2. Stop the BladeLogic Portal service.
    • (Windows):
      1. From the Windows Control Panel, select Administrative Tools > Services.
      2. Stop the BladeLogic Portal service.
    • (Linux): Enter the command: /etc/init.d/BladeLogic_Portal stop
  3. Make sure the DCA Index Server service is running.
    1. (Windows): From the Windows Control Panel, select Administrative Tools > Services, and check the status of the BMC DCA Index Service 1.7.3 (DCAIndexService) service.
    2. (Linux): Enter the command: /etc/init.d/DCAIndexService status
  4. Connect to one of the following locations:
    • (Windows): <INSTALL_DIR>\BladeLogicPortal\portal\DCAIndexService\bin
    • (Linux): /<INSTALL_DIR>/BladeLogicPortal/portal/DCAIndexService/bin
  5. Enter one of the following commands:
    • If you have Internet access:
      plugin -install mobz/elasticsearch-head
    • If you do not have Internet access:
      plugin --url file:<local_directory>/elasticsearch-head.zip --install mobz/elasticsearch-head 
      where <local_directory> is the location where you placed the downloaded ZIP file in step 1.

  6. Restart the BladeLogic Portal service.
    • (Windows):
      1. From the Windows Control Panel, select Administrative Tools > Services.
      2. Start the BladeLogic Portal service.
    • (Linux): Enter the command: /etc/init.d/BladeLogic_Portal start

Restoring the most recent snapshot

  1. Stop the BladeLogic Portal service.
    • (Windows):
      1. From the Windows Control Panel, select Administrative Tools > Services.
      2. Stop the BladeLogic Portal service.
    • (Linux): Enter the command: /etc/init.d/BladeLogic_Portal stop
  2. Make sure the DCA Index Server service is running.
    1. (Windows): From the Windows Control Panel, select Administrative Tools > Services, and check the status of the BMC DCA Index Service 1.7.3 (DCAIndexService) service.
    2. (Linux): Enter the command: /etc/init.d/DCAIndexService status
  3. Start the web-based front end for the DCA Index Server:

    • If you have Internet access, use the following URL: <host_name_for_DCA_Index_Server>:<http_port>/_plugin/head
      For example, enter portalserver.mycompany.com:9200/_plugin/head

    • If you do not have Internet access, use the following URL: http://localhost:9200/_plugin/head/

      Note

      To manage DCA Index Servers, you must use the underlying Elasticsearch search engine. Elasticsearch requires you to open the 9200 port on the node where management is being performed. This port is not used for any direct communication between the portal server and DCA Index Servers.

      For security reasons, many organizations only enable the 9200 port when performing management. Afterwards, the port is disabled. For more information, see "Disabling or enabling HTTP traffic with the DCA Index Server" in Advanced portal configuration

  4. If it is not already selected, click the Any Request tab.
  5. Stop all indices in the DCA Index Server.
    1. In the Query section, enter _all/_close.
    2. From the drop-down menu at right, select POST.
    3. Click Request.
       
  6. Restore the latest snapshot.
    1. In the Query section, enter _snapshot/dca-index-repository/dca-index-snapshot/_restore.
    2. From the drop-down menu at right, select POST.
    3. Click Request.
  7. Restart the BladeLogic Portal and BMC DCA Index services.
    • (Windows):
      1. From the Windows Control Panel, select Administrative Tools > Services.
      2. Start the BMC DCA Index Service 1.7.3 (DCAIndexService) service.
        Be sure to start this service first. 
      3. Start the BladeLogic Portal service.
    • (Linux): 
      1. Enter the command: /etc/init.d/DCAIndexService start
        Be sure to enter this command first.
      2. Enter the command: /etc/init.d/BladeLogic_Portal start
  8. Confirm that all vulnerability management asset and vulnerability data is available.

Restoring the most recent snapshot to a corrupted data folder

In situations where the DCA Index Server's data folder (<INSTALL_DIR>/BladeLogicPortal/portal/DCAIndexService) has become corrupted, you must perform a restore procedure like the one described above but you must also run a command to manually create a repository for metadata.

  1. Stop the BladeLogic Portal service.
    • (Windows):
      1. From the Windows Control Panel, select Administrative Tools > Services.
      2. Stop the BladeLogic Portal service.
    • (Linux): Enter the command: /etc/init.d/BladeLogic_Portal stop
  2. Make sure the DCA Index Server service is running.
    1. (Windows): From the Windows Control Panel, select Administrative Tools > Services, and check the status of the BMC DCA Index Service 1.7.3 (DCAIndexService) service.
    2. (Linux): Enter the command: /etc/init.d/DCAIndexService status
  3. Start the web-based front end for the DCA Index Server:

    • If you have Internet access, use the following URL: <host_name_for_DCA_Index_Server>:<http_port>/_plugin/head
      For example, enter portalserver.mycompany.com:9200/_plugin/head

    • If you do not have Internet access, use the following URL: http://localhost:9200/_plugin/head/

      Note

      To manage DCA Index Servers, you must use the underlying Elasticsearch search engine. Elasticsearch requires you to open the 9200 port on the node where management is being performed. This port is not used for any direct communication between the portal server and DCA Index Servers.

      For security reasons, many organizations only enable the 9200 port when performing management. Afterwards, the port is disabled. For more information, see "Disabling or enabling HTTP traffic with the DCA Index Server" in Advanced portal configuration

  4. If it is not already selected, click the Any Request tab.

  5. Stop all indices in the DCA Index Server.
    1. In the Query section, enter _all/_close.
    2. From the drop-down menu at right, select POST.
    3. Click Request.
  6. Create a repository for metadata to replace the corrupted repository.
    1. In the Query section, enter the following:

      _snapshot/dca-index-repository
      {
       "type": "fs",
       "settings": {
       "location": "<Snapshot location>"
       }
      }
    2. From the drop-down menu at right, select PUT.
      For example, the web-based front end would look something like this:
       
    3. Click Request.
  7. Restore the latest snapshot.
    1. In the Query section, enter _snapshot/dca-index-repository/dca-index-snapshot/_restore.
    2. From the drop-down menu at right, select POST.
    3. Click Request.
  8. Restart the BladeLogic Portal and BMC DCA Index services.
    • (Windows):
      1. From the Windows Control Panel, select Administrative Tools > Services.
      2. Start the BMC DCA Index Service 1.7.3 (DCAIndexService) service.
        Be sure to start this service first. 
      3. Start the BladeLogic Portal service.
    • (Linux): 
      1. Enter the command: /etc/init.d/DCAIndexService start
        Be sure to enter this command first.
      2. Enter the command: /etc/init.d/BladeLogic_Portal start
  9. Confirm that all vulnerability management asset and vulnerability data is available.
Was this page helpful? Yes No Submitting... Thank you

Comments