Backup and disaster recovery

In the event of a failure, you can fully restore Hyper-scalable PAS by recovering or restoring the PostgreSQL data, ensuring a Redis server is also available, building a new Deployment and deploying it, and then setting the Deployment to active. To restore Hyper-scalable PAS, perform the steps below.

Determining how to restore Hyper-scalable PAS

  • If the database is still intact and both it and the Redis server are still at their original URIs, you can reuse the last Deployment package to create as many Web and Background nodes as needed. For steps on how to reuse the Deployment package, refer to the section Deploying Hyper-scalable PAS software to Web, Background, and TCP Relay nodes in the installation chapter of this guide.
  • If the database has been corrupted or destroyed, but both the database and Redis servers are still using the same URI, restore the database and then reboot the node servers. Hyper-scalable PAS should recognize the database and resume service.
  • If the database or Redis URIs have changed, do the following:
    1. Update URIs using Centrify-PAS-ModifyInstallation script to update the certificate. To do this, see Updating the TCP Relay or TCP Relay Logging Certificate.
    2. Create a new deployment: Centrify-PAS-NewDeployment.
    3. Deploy it.
    4. Change the active deployment.

Manually rebuilding and restoring Hyper-scalable PAS

To manually rebuild and restore a Hyper-scalable PAS instance, perform the following steps:

Note:   Manual back up and restore is your responsibility and is not performed in any way by Hyper-scalable PAS.

  1. Restore your latest backup of the PostgreSQL data to the new database server. Find the URIs and credentials for both the Redis and Postgres servers.
  2. Run Centrify-PAS-ModifyInstallation with parameters for what has changed. For example, if the certificate has not changed, you do not need certificate parameters. Alternately, for example: if the database host has changed, you must provide all database parameters. The parameter options are mostly identical to Centrify-PAS-NewInstallation. The only exception is -Config, which is not accepted.

  1. Create a new Deployment package by running the Centrify-PAS- NewDeployment.ps1 command on the Management node.
  2. Copy this Deployment to new Windows Server nodes and install (using command Centrify-PAS-Deploy) new Web, Background, and TCP Relay nodes.
  3. From the Management node, activate the Deployment using the Centrify-PAS-SetActiveDeployment.ps1 command. Pass in the Deployment ID that you either set as a parameter or received as output from the Centrify-PAS-NewDeployment.ps1 script.
  4. Ensure that the load balancer can send traffic to the Web nodes.
  5. On the Management node, list out the nodes (using command Centrify-PAS-NodeList) and forcibly remove (using Centrify-PAS-ForceRemoveNode) any nodes from previous Deployment IDs that no longer exist or cannot talk to the database.

Maintaining a snapshot

As a method of backup, it is important to maintain an accurate snapshot of your VMs. The following comprise a snapshot for Hyper-scalable PAS:

  • A copy of the configuration directory you created during the installation process.
  • A copy of a regular full pg_dump of the postgres database.