Restore a centrally managed aggregator.
About this task
The configuration data of a centrally managed aggregator is stored on the central manager.
It is not necessary to restore the data on the aggregator during disaster recovery.
Procedure
- Use the appropriate ISO image to build an appliance.
- The newly built appliance must be of an equal or higher version than the source appliance
from which the backup was taken. If the version is lower, apply the required GPU, bundle, and
sniffer patches to bring the appliance to the same patch level as it was when the last backup was
taken.
As an example, if the source appliance is a version 11.4 Guardium system that was patched with
bundle 11.0p450 and sniffer patch 11.0p4020 and the new appliance was built from ISO 11.3, choose
one of the following options:
- Install 11.4 GPU. Then, apply appliance bundle version 11.0p450 or up and sniffer patch version
11.0p4020 or up.
- Install GPU version 11.5 or up.
- Enable all required network settings.
- If the source appliance was a managed unit, you must register your newly built appliance
with the central manager (licenses are pooled from central manager).
- Shared secret must be set to enable communication with central manager. Shared secret is
used to encrypt communication of the appliance with central manager. Use CLI command store system
shared secret to complete this step.
- Restore the data backup. It is not necessary to restore the configuration backup because
the definitions are pooled from central manager.
- Restore archive files for missing days, as needed.
What to do next
When you restore data from an aggregator to a new system with a different hostname, the new
system shows collectors from the source aggregator, and the collectors on the new system. After
completing the restore:
- On each of the old collectors, define a data export to the new aggregator and Save.
- Clear the Export checkbox in the data export (that you just defined) and Save.