Home » Database backup and restore
 

Data Back Up and Restore

Introduction

Endpoint Central stores information like configuration details, status of deployed configurations, and details about reports, like User Logon reports and Active Directory reports, in a database. Creating a backup of this database and certain important files like configuration files is necessary to prevent loss of data.

You can back up data automatically, by scheduling a back up to happen at a specified time or by taking a back up manually. You can also restore this data when required. For example, assume that your hard disk crashes and you have to re-install Endpoint Central. You can use the last back up you took to restore all the required information. Note that this is possible only if the backup file is stored in a computer other than yours.

Prerequisites

These are the few best practices recommended for Back Up and Restore option.

  • Storage Space:Ensure a minimum of 5GB free space for backup.
  • Valid Destination: Specify a valid destination folder for backups.
  • Database Availability: Ensure any remote databases are running during backup.

Data Backup

  • Build below 11.3.2440.01
  • Build 11.3.2440.01 and above

Scheduling Data Backup

  1. Navigate to Admin > Database Settings > Database Backup
  2. Backup Details
    • Enter the time you want the backup to occur in the format: hour:minute:second (hh:mm:ss).Make sure to use the 24-hour format. For example, if you want the backup to happen at 6:00 PM, enter 18:00
    • Choose the Number of Backup Files to Keep. Select how many backup files you want to retain. The system will automatically delete older files to maintain this number. For instance, if you choose 7, the system will keep only the 7 most recent backup files and remove any older ones.
    • Specify Backup File Storage Location. Ensure Proper Permissions for Network Share. If you are saving backups to a network location, ensure that the server has write permissions to this location.
  3. Follow the appropriate steps to configure write permissions for the network share.

    Note: It is recommended to configure the shared path in the same domain and to not provide write permission for Everyone to the shared path.

  4. Backup Protection
    • Set a new backup password
  5. Backup Failure Notifications
    • Locate the checkbox labeled "Notify when the database backup fails" and ensure it is checked.
    • Provide the email address (or addresses) where you want to receive notifications if a backup fails or succeeded. Make sure you separate multiple email addresses with commas.
    • Click the "Save Changes" button to apply your settings.
    • Ensure that your mail server settings are properly configured. This setup is necessary to send and receive email alerts. If you haven't set this up yet, please refer to your mail server documentation or contact your IT support for assistance.

You have scheduled an automatic data backup to take place automatically at a specified time.

Manual Data Backup

You can manually back up and restore the database. You can do this using the Backup-Restore Utility GUI.

Opening the Backup-Restore Utility Graphical User Interface (GUI)

To open the Backup-Restore Utility GUI, follow the steps given below:

  1. Right click Start >Explore > <Server Installed Directory>/UEMS_CentralServer>bin. 

    (For example, right click Start >Explore > Local Disk (C:) > Program Files > UEMS_CentralServer > bin
  2. Double-click backuprestore.bat

You've opened the Backup-Restore Utility GUI.

  1. On the Backup-Restore Utility GUI, click the Backup tab

  2. Select the location where you want to save the backup file

  3. Click Backup

  4. You can choose to encrypt the backup file by providing a password.

A backup file is created and saved in the specified location. The file will be named using the buildnumber-date-time.zip format.

sspreports

VM Backup

In case you are using Endpoint Central in bundled PGSQL DB, you can restore Endpoint Central with the server machine via VM snapshot and start the server. Even then, Endpoint Central's scheduled backup is the primary backup and cannot be stopped.

If you are using MSSQL or remote PGSQL you should not use this VM restore as the database will be in another machine. If you do so, the server will not start due to data inconsistency.

MSSQL BAK Backup

Follow the steps below to grant the necessary permissions for MSSQL BAK backup: 

Database permissions

  1. "Create any Database"
    • This access is required in order to restore databases. For further information, please refer this Microsoft document.
    • Microsoft suggests executing the following query to grant this access.  Run these queries as a super admin:
      "Use master;
      GRANT CREATE ANY DATABASE TO user_name;
      GO" 
      Example
      Use master;
      GRANT CREATE ANY DATABASE TO dcuser;
      GO
    • This CREATE ANY DATABASE privilege allows the user to create a database and the user has authorization over only the databases created by it and if they are db_owner of the database.
    • An alternative would be to provide user with db_creator role but that user will a have access to alter any database.
  2. "db_owner"
    • This permission is required to backup and restore an already existing database.  Kindly refer to this Microsoft document to know more.
    • Microsoft suggests executing the following query to grant this access.  Run these queries as a super admin: 
      "Use master;
      ALTER AUTHORIZATION ON DATABASE::database_name TO user_name;
      GO" 
    • Example : 
          Use master
          ALTER AUTHORIZATION ON DATABASE::desktopcentral TO dcuser;
          GO
    • This permission gives db_owner access to the user.

Folder Permissions

Follow the procedures below to grant write permission to the ScheduledDBBackup folder in the sql server's application server installation location.

Note: We can provide permissions to a particular user or computer only when both the machines are in the same domain. If you are a system user, provide permissions to the computer. If you are a domain user, provide permission to the user.

systemuser
  1. Open the SQL Configuration Manager on SQL installed machine and check Logon user
  2. Open the application server installation directory.
  3. For example, right click Start >Explore >Local Disk (C:) >Program Files >UEMS_CentralServer.
  4. Right click on ScheduledDBBackup.
  5. Navigate to the Security tab, click Edit to change permissions and click add
  6. Click on Object types and check computers on and click OK
  7. Click on 'Locations', choose 'Entire Directory' and click OK
  8. Enter the object names, as checked in Step1.
  9. Select the required objects and click OK.
  10. Click OK to navigate to the Permissions for ScheduledDBBackup window.
  11. Choose the respective users or computers added before and grant access for full control and modify. 
  12. Click Apply and then OK.
  13. In the scheduleDBBackup properties window, Navigate to the sharing tab and click share under Network File and Folder Sharing.
  14. Choose the respective users or computers and provide write access and click Share.
  15. Ensure that the share path is host-name/ScheduledDBBackup and click Done and Close.
domainuser

Scheduling Data Backup

  1. Navigate to Admin > Database Settings > Database Backup
  2. Backup Details
    • Enter the time you want the backup to occur in the format: hour:minute:second (hh:mm:ss).Make sure to use the 24-hour format. For example, if you want the backup to happen at 6:00 PM, enter 18:00
    • Choose the Number of Backup Files to Keep. Select how many backup files you want to retain. The system will automatically delete older files to maintain this number. For instance, if you choose 7, the system will keep only the 7 most recent backup files and remove any older ones.
    • Specify Backup File Storage Location. Ensure Proper Permissions for Network Share. If you are saving backups to a network location, ensure that the server has write permissions to this location.
  3. Follow the appropriate steps to configure write permissions for the network share.

    Note: It is recommended to configure the shared path in the same domain and to not provide write permission for Everyone to the shared path.

  4. Backup Protection
    • Set a new backup password
  5. Backup Failure Notifications
    • Locate the checkbox labeled "Notify when the database backup fails" and ensure it is checked.
    • Provide the email address (or addresses) where you want to receive notifications if a backup fails or succeeded. Make sure you separate multiple email addresses with commas.
    • Click the "Save Changes" button to apply your settings.
    • Ensure that your mail server settings are properly configured. This setup is necessary to send and receive email alerts. If you haven't set this up yet, please refer to your mail server documentation or contact your IT support for assistance.

You have scheduled an automatic data backup to take place automatically at a specified time.

Manual Data Backup

You can manually back up and restore the database. You can do this using the Backup-Restore Utility GUI.

Opening the Backup-Restore Utility Graphical User Interface (GUI)

To open the Backup-Restore Utility GUI, follow the steps given below:

  1. Right click Start >Explore > directory where DC server folder is present >bin. 

    (For example, right click Start >Explore > Local Disk (C:) > Program Files > UEMS_CentralServer > bin
  2. Double-click backuprestore.bat

You've opened the Backup-Restore Utility GUI.

  1. On the Backup-Restore Utility GUI, click the Backup tab

  2. Select the location where you want to save the backup file

  3. Click Backup

  4. You can choose to encrypt the backup file by providing a password.

A backup file is created and saved in the specified location. The file will be named using the buildnumber-date-time.zip format.

sspreports

VM Backup

In case you are using Endpoint Central in bundled PGSQL DB, you can restore Endpoint Central with the server machine via VM snapshot and start the server. Even then, Endpoint Central's scheduled backup is the primary backup and cannot be stopped.

If you are using MSSQL or remote PGSQL you should not use this VM restore as the database will be in another machine. If you do so, the server will not start due to data inconsistency.

MSSQL BAK Backup

Follow the steps below to grant the necessary permissions for MSSQL BAK backup: 

Database permissions

  1. "Create any Database"
    • This access is required in order to restore databases. For further information, please refer this Microsoft document.
    • Microsoft suggests executing the following query to grant this access.  Run these queries as a super admin:
      "Use master;
      GRANT CREATE ANY DATABASE TO user_name;
      GO" 
      Example : 
      Use master;
      GRANT CREATE ANY DATABASE TO dcuser;
      GO
    • This CREATE ANY DATABASE privilege allows the user to create a database and the user has authorization over only the databases created by it and if they are db_owner of the database.
    • An alternative would be to provide user with db_creator role but that user will a have access to alter any database.
  2. "db_owner"
    • This permission is required to backup and restore an already existing database.  Kindly refer to this Microsoft document to know more.
    • Microsoft suggests executing the following query to grant this access.  Run these queries as a super admin: 
      "Use master;
      ALTER AUTHORIZATION ON DATABASE::database_name TO user_name;
      GO" 
    • Example : 
          Use master
          ALTER AUTHORIZATION ON DATABASE::desktopcentral TO dcuser;
          GO
    • This permission gives db_owner access to the user.

Folder Permissions

The backup process will be automatically handled by the server and it includes the following steps:

  1. Temporary Directory Creation
    • A temporary directory will be created to store the initial .BAK backup files. This temporary directory is necessary to generate the full backup.
  2. Full Backup Generation
    • After placing the .BAK backup files in the temporary directory, the complete backup will be created and saved in the directory you have configured for scheduled database backups (scheduledDBBackup).
  3. Permissions Management
    • Permissions and network share for the temporary directory will be automatically adjusted based on the mssql logOnUser settings. This ensures that only the necessary permissions are granted for the backup process.
    • If the mssql logOnUser is not accessible (e.g., the user cannot be found in the domain), the system will temporarily grant access to the "Everyone" group. Once the backup is completed, these temporary permissions will be automatically removed.

Note:To ensure a smooth backup process, verify that the network path from the MSSQL machine to the server is accessible. It is a good practice to create a temporary network share to confirm that the server machine's network path is reachable from the MSSQL machine.

Restoring a backup file

Note: This document only provides steps for backup restoration on an already working server. If you only have a backup file and want to re-install and setup the Endpoint Central server, then please follow the instructions given in this document.

You can manually back up and restore the database. You can do this using the Backup-Restore Utility GUI.

Opening the Backup-Restore Utility Graphical User Interface (GUI)

To open the Backup-Restore Utility GUI, follow the steps given below:

      1. Right click Start >Explore > Directory where UEMS_CentralServer folder is present >bin

        (For example, right click Start >Explore >Local Disk (C:) >Program Files >UEMS_CentralServer >bin
      2. Double-click backuprestore.bat

You've opened the Backup-Restore Utility GUI.

Ensure that you have stopped the Endpoint Central server service before restoring a backup file.

  1. On the Backup-Restore Utility GUI, click the Restore tab

  2. Browse and select the required backup file.

  3. Click Restore

  4. In case you have opted for encrypting the backup file, you will have to provide the password for restoring the backup.

    The build number of the Endpoint Central server should match the build number of the backup file you are restoring. Ensure that you choose the correct architecture of the installation, such as 32-bit or 64-bit. You can verify the details by viewing the Support tab, on the web console.

Note:The restoration time depends on the data stored on the database. The progress bar will provide the restoration status. In case of any errors in the restoration, an error message will be notified to the user.

This will restore the specified data to Endpoint Central server.

If remote database is configured with the Endpoint Central server, ensure that it is running on a remote machine. After restoration, the changes made after the backup date will not be available.