2.2.7. Overview of the backup and restoration

The Backup/Restore component of the GCenter enables you to:

  • Backup the entire configuration (format .gwc)

  • Restore the configuration

Attention

There is no specificity in terms of choosing what to backup or restore. The entire backup will be restored.

The saved elements are:

  • For the Sigflow engine:

  • The sources

  • The rulesets

  • Ruleset changes (suppress, threshold, etc.)

  • For the GCaps:

  • All GCaps and what allows their pairing: after the restore, if the GCaps are UP and correctly configured, the tunnels must be established

  • The entire configuration of each GCap:

  • Detection rulesets

  • Variable base

  • Net variables

  • Flow timeouts

  • File rule management

  • Packet filters

  • Operator group parameters of NDR:

  • Asset detection network range

  • Static IP-Asset mapping

  • Ignored IP for users association

  • Ignored MAC for assets association

  • Administrator group parameters of NDR (feature activation and retention time):

  • The backup server configuration

  • The data export configurations

  • DGA configuration (activation/white list/black list)

  • The Malcore configuration (global settings / white list/black list)

  • Configuration of third party modules

  • User list, LDAP settings, API keys and password policy

  • All parameters of the "configuration" menu, except for the license (see specific point for licenses below)

  • CTI parameters and LIS license

  • The parameters og GUM configuration

Note

The size of the backup file is larger than in earlier GCenter versions due to the presence of the NDR data.

You can select how many backups should be kept on the GCenter.
The default value is 3 and the maximum is 10.
The backup can be scheduled on a regular basis:

  • On a daily basis with a choice of time

  • Once a week with a choice of time and day of the week

  • Once a month with a choice of time and day of the month

The various types of backup available are as follows:

  • `Local`: for a direct backup on the GCenter.

  • `SCP`: enables eternalizing the backup to a remote SSH server.

  • `FTP` enables eternalizing the backup to a remote FTP server.

When backing up in SCP or FTP mode, the configuration is exported to the remote server. However, a copy is also kept in the list of local backups.
It is important to note that when restoring a backup, the GCenter will automatically restart at the end of the operation.
In the event the restoration must be done on a new machine, certain requirements must be met:

  • The GCenter network configuration must be the same (same FQDN, same number of enabled network interfaces)

  • The version of the GCenter that restores must be the same as the version that saved it.

Important

If the previous GCenter was installed in v102 and 2 hotfixes were applied manually, this order must be respected when reinstalling the new GCenter.
If the latest version of the GCenter including the 2 hotfixes is installed, the path will not be identical and restoring will be impossible.

Note

In the case of a reinstallation or reset of the GCenter, it will be necessary to enter a license in order to access the Restore menu

The graphical interface that manages the backup restore configuration is described in `Admin-Backup/Restore - Configuration` screen of the legacy web UI.
The graphical interface for using backup restore is described in `Admin-Backup/Restore - Operations` screen of the legacy web UI.
To configure the backup, see Backup configuration.
To perform a backup, see Backup.
To carry out a restore, see Restoration.