Backup and restoration
To recover from any data loss that might occur, regularly back up the data in your IBM Cloud Pak® for Security and integrated databases. You can use the backup to support a disaster recovery that requires a redeployment of your environment.
About this task
The backup and restoration process for IBM Cloud Pak for Security covers the main data stores within the system.
- Apache CouchDB is the main data store for IBM Cloud Pak for Security.
- ArangoDB is a graph database that is used by the Connected Assets and Risk service.
- PostgreSQL, also known as Postgres, is provided by CrunchyData and is the database that is required by the IBM® Security Case Management application.
The following data is backed up and restored when you complete the process:
- User Entitlement
- User entitlements are maintained through the backup and restoration process.
Note: The LDAP configuration is managed through IBM® Cloud Platform Common Services and is not part of the IBM Cloud Pak for Security backup and restoration procedure. If the LDAP configuration is lost, you must re-create it before you start the IBM Cloud Pak for Security restoration procedure. For more information, see Configuring LDAP authentication.
- IBM® Security Data Explorer
- Data sources connections, configuration, and queries are maintained through the backup and restoration process.
- IBM Security Case Management
- All Case Management data is maintained through the backup and restoration process.
Before you begin
Cluster administrator level privileges are required to complete the backup and restoration process.
To install Cloud Pak for Security, you configure a suitable storage class in the cluster. You support the configuration by one or more persistent volumes of suitable size. For more information about storage, see Persistent storage requirements.
You provide secure storage for the backups that is mounted as a Persistent Volume Claim (PVC) in a pod. The backup and restoration process uses a common Toolbox pod, which contains all of the necessary utilities that are required for the backup and restoration process. The Toolbox is deployed automatically as part of the installation or upgrade of IBM Cloud Pak® for Security.
When the backups are run, the data is stored on the PVC. For the Toolbox, you can opt to provision your own storage instead of using the defaults specified for installation. For more information, see Creating a persistent volume claim for the Toolbox
The backup process is outlined in the following overview.
- Create a Persistent Volume Claim (optional).
- Run the backup scripts.
c. IBM® Security Case Management
Backup data is stored in the PVC that is mounted in the Toolbox pod.
Note: The secrets that are associated with those databases are backed up as part of the script.
The restoration process is outlined in the following overview.
- Run the restoration script for each database.
c. IBM® Security Case Management
Backup data is restored from the PVC that is mounted in the Toolbox pod.
- When all of the components are restored, run the postrestoration script.
After the restoration script is completed, the data is restored and the IBM Cloud Pak for Security system returns to the state at the time of the backup.