Backups and how they work
Backups are needed to recover from the loss of the system configurations, for example, due to hardware failure. Backups also allow you to relocate the Secure SD-WAN Manager servers onto different hardware.
The Management Server is the only component that contains usable, complete configuration information for any individual engine component. The engines contain a working copy of the configuration details that allows them to carry out traffic inspection independently. It is not possible to extract this information from the engines if the Management Server is lost. For this reason, regular Management Server backups are essential and must be stored in a safe storage location outside of the computer where the Secure SD-WAN Manager servers are installed.
Always take the backups using the proprietary backup tools in the Management Client, on the Management Server command line, or on the SMC Appliance command line. Third-party backup applications that back up the host system might not produce usable backups of your Secure SD-WAN Manager servers, especially if the Secure SD-WAN Manager servers are running when you take the backup.
Restoring backups allows you to restore the configurations to the state they were when the backup was taken, even if you restore the backup in a different Secure SD-WAN Manager.
Different types of backups contain different information:
- The Management Server backup contains the policies, elements, and other configuration details for all Engines that they manage. The Management Server backup also contains the configuration information of the Web Portal Server and of the Management Server itself.
- The Log Server backup contains the Log Server’s local configuration and optionally the logs.
- On the Appliance, the Management Server and Log Server backups also contain the SMC Appliance configuration files.
The backup files are compressed to .zip files (unencrypted backups) or .enc files (encrypted backups) and they can also be decompressed manually if needed. If necessary, the backups are split into several files to fit the maximum file size. Each backup has its own subdirectory.
The following limitations apply:
- In FIPS-compatible operating mode, you can only restore backups that were created for an Secure SD-WAN Manager in FIPS-compatible operating mode.
- You cannot restore backups that were created in an Secure SD-WAN Manager in FIPS-compatible operating mode on an Secure SD-WAN Manager that is not in FIPS-compatible operating mode.
- The private keys of engine certificates are stored locally on the engines and are not backed up.
- If you restore an Appliance backup onto third-party hardware, Appliance configuration information is ignored. Only the Management Server and Log Server backups are applied.