Kaspersky Security Center 14 Windows
14
English

Contents

Backup copying and restoration of Administration Server data

Data backup allows you to move Administration Server from one device to another without data loss. Through backup, you can restore data when moving the Administration Server database to another device, or when upgrading to a newer version of Kaspersky Security Center. Also, you can use data backup to move Administration Server data from Kaspersky Security Center Windows under management of Kaspersky Security Center Linux (moving data from Kaspersky Security Center Linux to Kaspersky Security Center Windows is not supported).

Note that the installed management plug-ins are not backed up. After you restore Administration Server data from a backup copy, you need to download and reinstall plug-ins for managed applications.

Before you back up the Administration Server data, check whether a virtual Administration Server is added to the administration group. If a virtual Administration Server is added, make sure that an administrator is assigned to this virtual Administration Server before the backup. You cannot grant the administrator access rights to the virtual Administration Server after the backup. Note that if the administrator account credentials are lost, you will not be able to assign a new administrator to the virtual Administrator Server.

You can create a backup copy of Administration Server data in one of the following ways:

  • By creating and running a data backup task through Administration Console.
  • By running the klbackup utility on the device that has Administration Server installed. This utility is included in the Kaspersky Security Center distribution kit. After the installation of Administration Server, the utility is located in the root of the destination folder specified at the application installation.

The following data is saved in the backup copy of Administration Server:

  • Database of Administration Server (policies, tasks, application settings, events saved on the Administration Server).
  • Configuration details of the structure of administration groups and client devices.
  • Repository of distribution packages of applications for remote installation.
  • Administration Server certificate.

Recovery of Administration Server data is only possible using the klbackup utility.

In this section

Backup of Administration Server data task

Data backup and recovery utility (klbackup)

Data backup and recovery in interactive mode

Data backup and recovery in silent mode

Using the klbackup utility to switch managed devices under management of another Administration Server

Backup and restoring Administration Server data when using MySQL or MariaDB
Page top
[Topic 3667]

Backup of Administration Server data task

Creating a Backup of Administration Server data task

Backup task is an Administration Server task; it is created through the Quick Start Wizard. If a backup task created by the Quick Start Wizard has been deleted, you can create one manually.

To create an Administration Server data backup task:

  1. In the console tree, select the Tasks folder.
  2. Start creation of the task in one of the following ways:
    • By selecting New → Task in the context menu of the Tasks folder in the console tree.
    • By clicking the Create a task button in the workspace.

The Add Task Wizard starts. Follow the instructions of the Wizard. In the Select the task type window of the Wizard select the task type named Backup of Administration Server data.

The Backup of Administration Server data task can only be created in a single copy. If the Administration Server data backup task has already been created for the Administration Server, it is not displayed in the task type selection window of the Backup Task Creation Wizard.

Configuring the Backup of Administration Server data task

After creating a backup task, you can configure the task settings.

To configure the Backup of Administration Server data task:

  1. In the console tree, select the Tasks folder.
  2. In the context menu of the Backup of Administration Server data task, select Properties.

The properties window of the Backup of Administration Server data task opens. The following properties are available:

  • General

    In the General section, you can specify the task name, view the task creation date, the last command date, the statuses of the task launches, and task results.

  • Notification

    In the Notification section you can specify the settings for storing tasks, as well as configure the notifications about the task execution results.

  • Schedule

    In the Schedule section, you can specify a schedule for task start.

  • Destination

    In the Destination section, you can specify the path to the folder for storage backup copies of Administration Server data.

  • Settings

    In the Settings section, you can set the backup protection password and number of backup copies if needed.

    You can also create a shadow copy of the logical disk storing the %ALLUSERSPROFILE% folder and copy the Administration Server database. To do this, you must enable the Use a file system snapshot for data backup option, and then and specify the name and password of an account that has the permission to create snapshots.

  • Revision history

    In the Revision history section, you can track the task modification. Every time you save changes made to the task, a revision is created.

Page top
[Topic 3670]

Data backup and recovery utility (klbackup)

You can copy Administration Server data for backup and future recovery using the klbackup utility, which is part of the Kaspersky Security Center distribution kit.

The klbackup utility can run in either of the two following modes:

Page top
[Topic 3673]

Data backup and recovery in interactive mode

Expand all | Collapse all

To create a backup copy of Administration Server data in interactive mode:

  1. Run the klbackup utility located in the Kaspersky Security Center installation folder.

    The Backup and Restore Wizard starts.

  2. In the first window of the Wizard, select Perform backup of Administration Server data.

    If you select the Restore or back up Administration Server certificate only option, only a backup copy of the Administration Server certificate and private key will be saved.Backing up of the Administration Server certificate and private key can be useful when you switch managed devices under management of another Administration Server.

    Click Next.

  3. In the next window of the Wizard, specify the following options:
    • Destination folder for the backup
    • Migrate to MySQL/MariaDB format

      Enable this option if you currently use SQL Server as a DBMS for Administration Server and you want to migrate the data from SQL Server to MySQL or MariaDB DBMS. Kaspersky Security Center will create a backup compatible with MySQL and MariaDB. After that, you can restore the data from the backup into MySQL or MariaDB.

    • Migrate to Azure format

      Enable this option if you currently use SQL Server as a DBMS for Administration Server and you want to migrate the data from SQL Server to Azure SQL DBMS. Kaspersky Security Center will create a backup compatible with Azure SQL. After that, you can restore the data from the backup into Azure SQL.

    • Include current date and time in the name of the backup destination folder
    • Password for the backup
  4. Click the Next button to start backup.
  5. If you are working with a database in a cloud environment such as Amazon Web Services (AWS) or Microsoft Azure, in the Sign In to Online Storage window, fill in the following fields:
    • For AWS:
      • S3 bucket name

        The name of the S3 bucket that you created for the Backup.

      • Access key ID

        You received the key ID (sequence of alphanumeric characters) when you created the IAM user account for working with S3 bucket storage instance.

        The field is available if you selected RDS database on an S3 bucket.

      • Secret key

        The secret key that you received with the access key ID when you created the IAM user account.

        The characters of the secret key are displayed as asterisks. After you begin entering the secret key, the Show button is displayed. Click and hold this button for the necessary amount of time to view the characters you entered.

        The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

    • For Microsoft Azure:

To recover Administration Server data in interactive mode:

  1. Run the klbackup utility located in the Kaspersky Security Center installation folder. Start the utility under the same account that you used to install Administration Server.

    The Backup and Restore Wizard starts.

  2. In the first window of the Wizard, select Restore Administration Server data, and then click Next.

    If you select the Restore or back up Administration Server certificate only option, the Administration Server certificate and private key will only be recovered.

    When you run the klbackup utility on the inactive failover cluster node, you will be prompted to select one of the options: specify Administration Server certificate or automatically retrieve data from Administration Server.

  3. In the Restore settings window of the Wizard:
    • Specify the folder that contains a backup copy of Administration Server data.

      If you are working in a cloud environment such as AWS or Azure, specify the address of the storage. Also, make sure that the file is named backup.zip.

    • Specify the password that was entered during data backup.

      When restoring data, you must specify the same password that was entered during backup. If the path to a shared folder changed after backup, check the operation of tasks that use restored data (restore tasks and remote installation tasks). If necessary, edit the settings of these tasks. While data is being restored from a backup file, no one must access the shared folder of Administration Server. The account under which the klbackup utility is started must have full access to the shared folder.

  4. Click the Next button to restore data.

See also:

Data backup and recovery in silent mode
Page top
[Topic 13288]

Data backup and recovery in silent mode

To create a backup copy or recover Administration Server data in silent mode,

Run klbackup with the required set of keys from the command line of the device that has Administration Server installed.

Network agent flags are not restored when you use the klbackup utility. You need to configure network agent flags manually.

Utility command line syntax:

klbackup -path BACKUP_PATH [-linux_path LINUX_PATH][-node_cert CERT_PATH] [-logfile LOGFILE] [-use_ts]|[-restore] [-password PASSWORD] [-online]

If no password is specified in the command line of the klbackup utility, the utility prompts you to enter the password interactively.

Descriptions of the keys:

  • -path BACKUP_PATH—Save information in the BACKUP_PATH folder, or use data from the BACKUP_PATH folder for recovery (mandatory parameter).

    The database server account and the klbackup utility should be granted permissions for changing data in the folder BACKUP_PATH.

  • -linux_path LINUX_PATH—Local path to folder with backup data for SQL Server on Linux.

    The database server account and the klbackup utility should be granted permissions for changing data in the folder LINUX_PATH.

  • -node_cert CERT_PATH—Server certificate file to configure inactive failover cluster node after recovery. If not set, it will be automatically retrieved from the Server.

    When you run the klbackup utility on the inactive failover cluster node, use this key to specify the path to the server certificate.

  • -logfile LOGFILE—Save a report about Administration Server data backup and recovery.
  • -use_ts—When saving data, copy information to the BACKUP_PATH folder, to the subfolder with a name in the klbackup YYYY-MM-DD # HH-MM-SS format, which includes the current date and operation time in UTC. If no key is specified, information is saved in the root of the folder BACKUP_PATH.

    During attempts to save information in a folder that already stores a backup copy, an error message appears. No information will be updated.

    Availability of the -use_ts key allows an Administration Server data archive to be maintained. For example, if the -path key indicates the folder C:\KLBackups, the folder klbackup 2022/6/19 # 11-30-18 then stores information about the status of the Administration Server as of June 19, 2022, at 11:30:18 AM.

  • -restore—Recover Administration Server data. Data recovery is performed based on information contained in the BACKUP_PATH folder. If no key is available, data is backed up in the BACKUP_PATH folder.
  • -password PASSWORD—Password to protect the sensitive data.

    A forgotten password cannot be recovered. There are no password requirements. The password length is unlimited and zero length (no password) is also possible.

    When restoring data, you must specify the same password that was entered during backup. If the path to a shared folder changed after backup, check the operation of tasks that use restored data (restore tasks and remote installation tasks). If necessary, edit the settings of these tasks. While data is being restored from a backup file, no one must access the shared folder of Administration Server. The account under which the klbackup utility is started must have full access to the shared folder. We recommend that you run the utility on a newly installed Administration Server.

  • -online—Back up Administration Server data by creating a volume snapshot to minimize the offline time of the Administration Server. When you use the utility to recover data, this option is ignored.
Page top
[Topic 3674]

Using the klbackup utility to switch managed devices under management of another Administration Server

The klbackup utility allows you to switch managed devices under management of another Administration Server. You can migrate managed devices between Kaspersky Security Center Windows Administration Servers.

To switch managed devices under management of another Administration Server by using the klbackup utility:

  1. On the previous device, create a backup copy of the Administration Server certificate and private key by using the klbackup utility interface.

    Run the klbackup utility located in the Kaspersky Security Center installation folder, and then create a backup by using the Restore or back up Administration Server certificate only option.

  2. On the previous device, disconnect Administration Server from the network.
  3. Assign the same address to the device with another Administration Server.

    The new Administration Server can be assigned the NetBIOS name, FQDN, and static IP address. It depends on which Administration Server address was set in the Network Agent installation package when Network Agents were deployed. Alternatively, you can use the connection address that determines the Administration Server to which Network Agent connects (you can obtain this address on managed devices by using the klnagchk utility).

  4. On a device with another Administration Server, restore the Administration Server certificate and private key from the backup copy.

    You can restore a backup copy in one of the following ways:

    • By using the klbackup utility interface

      Run the klbackup utility, and then restore a backup by using the Restore or back up Administration Server certificate only option.

    • By using the command prompt (for Kaspersky Security Center Windows Administration Server version 15.1 or later)

      Run the klbackup utility with the -cert_only key from the command line, to restore a backup copy of the Administration Server certificate and private key:

      klbackup -path <path to the backup copy of Administration Server certificate> -restore -cert_only

Managed devices are put under the management of another Administration Server. You can go to this Administration Server and ensure that managed devices are visible in the network, and that Network Agent is installed and running on them (the Yes value in the Visible, Network Agent is installed, and Network Agent is running columns).

Page top
[Topic 294180]

Backup and restoring Administration Server data when using MySQL or MariaDB

You can use a data backup to migrate Administration Server data from Kaspersky Security Center Windows under management of Kaspersky Security Center Linux. Migration by using Administration Server data backup is supported only for migration to Kaspersky Security Center Linux 15.2 or later from any supported version of Kaspersky Security Center Windows.

If you use MySQL or MariaDB as a DBMS for Kaspersky Security Center Windows and for Kaspersky Security Center Linux, the lower_case_table_names parameter must match for the current and new DBMSs. Otherwise, Administration Server data will be migrated incorrectly.

Before you backup Administration Server data on Kaspersky Security Center Windows, check the lower_case_table_names parameter value. If you do not specify this parameter during the DBMS installation earlier, the default parameter value is used. The default value of the lower_case_table_names parameter for Windows is 1.

When installing MySQL or MariaDB for Kaspersky Security Center Linux, set the lower_case_table_names parameter to the same value as specified for this parameter for Windows by using the instruction from the MySQL website. If you do not specify this parameter, the default parameter value is used. For Linux-based operating systems, the default value of the lower_case_table_names parameter is different from the default value for Windows.

If you want to install MySQL 8.0, specifying the lower_case_table_names parameter according to this instruction may not work. In this case, you must first install MySQL 5.7, specify the lower_case_table_names parameter by using the instruction, and then upgrade MySQL 5.7 to MySQL 8.0. If the lower_case_table_names parameter does not match for the current and new DBMSs, Administration Server data will be restored incorrectly.

Page top
[Topic 294564]