# Backup and restore FAQ {% hint style="warning" %} **Please Note:** * When migrating to a new Brain appliance, what is **critical** to configure during the restore process? * As per the Restoring Backups section of this article, there are some common options for running the restore command that are listed here as well. Its critical that the `--replace option` be used when migrating to a new Brain if the new Brain will fully replace the old Brain. {% endhint %} **Common Options for the Restore Run Command** The restore run command (from-local, from-external-target, and from-url) also accept the following options: * `--preserve-saml` * Keeps the SAML configuration that was present on the target Brain prior to the restore. * For example, this can be helpful when SAML configuration is tied to an IP address that will be different on the target Brain. * `--preserve-ui-certs` * Keeps the UI certificates that were present on the target Brain prior to the restore. * This can be useful when the restore target will have a different IP/hostname that would invalidate the UI certificate configuration. * `--replace` * This option is meant to be used when a Brain is being fully replaced by another Brain and ensures that internal processes at Vectra properly link this new Brain with our back end as a replacement. * For customers running the Respond UX with network data sources, this option will ensure your replacement Brain can automatically connect to your GUI that is being served from the Vectra AI platform. * For customers running the Quadrant UX with non-network data sources (AWS CloudTrail, Azure AD & M365, etc), this option will ensure that these data sources will now report detections to the new Brain instead of the old Brain. * **!! Please note:** The Brain must be connected to the Vectra cloud (at a minimum: update2.vectranetworks.com) at the time the restore is run for the back end to be properly linked. This should already be the case for customers using the Respond UX or Quadrant UX customers with non-network data sources because Vectra Cloud connectivity is required for either. **How long do backups take to run?** * Backup time will vary depending on the size of your deployment (how busy the network is, how many entities are being analyzed, what other data sources are configured, etc. * Backup downtime will vary depending on the size of the deployment. * The vast majority of backups will have no more than 10 minutes of downtime.. * In a small number of heavily loaded deployments, Vectra support has seen up to 45 minutes of backup downtime. This is an outlier circumstance and not normal for the vast majority of customers. * The compression algorithm was changed for version 8.10 which has allowed for significant reductions in backup downtime. **What is unavailable during a backup?** Expand for more details - Brain functionality is limited during a backup. * **Quadrant UX Deployments** * The main UI will be unavailable during the backup. * **Respond UX Deployments** * The main UI will still be available during the backup. * **All Deployments** * HostID will not run during a backup, so new evidence for hosts and artifacts will not be observed during backup. * Existing hosts and artifacts will be unaffected. * Paired Sensors will buffer metadata generated from observed traffic until the Brain is available again to send to (after the backup completes). * Sensors can generally buffer 30-45 minutes of traffic before running out of buffer space. * This varies by Sensor and how busy the network is. * Busier networks will be able to buffer less. * Mixed mode Brains will not be able to buffer metadata as the Sensor functions are impacted during backup runs. It is recommended to run a dedicated Brain appliance to minimize data loss during backups. * Upgrading of the Brain or any paired Sensor will not be possible during backup/restore operations. **What is backup up / not backed up?** Expand for more details - Most configuration and detection data is backed up. Included in backups: * Most Configuration data * See below for what is not included. * Detection data * Including the last 10GB of any Detection PCAPs * Algorithm learnings * Created Packet Captures (Selective PCAP) * Vectra Packet Capture stores up to 5GB of PCAPs (500 MB maximum for each PCAP). * Backup/Restore will back up and restore all PCAPs stored on the Brain. * For more details see: [Using Vectra Packet Capture](https://docs.vectra.ai/deployment/traffic-engineering-and-validation/using-vectra-packet-capture-pcap) Not included in backups? * DNS server configuration * NTP configuration * Timezone configuration * Sensor / Stream images * OS / IPMI passwords * IP configuration * Recall Custom Models (however, these are pulled down from the cloud hourly, so they will be preserved). Sensors are not backed up. Only Brains are part of backup/restore. **What versions can I backup and restore to?** * Backups can be taken on any supported version. * Restores can only be done to the same version they were taken on. * i.e. A backup taken on version 8.5 cannot be restored to a Brain running version 8.6. **Can I restore to a different type or model of Brain?** * Backups can be made from physical, virtual, or cloud Brains. * Backups can be restored to any type of Brain, it does not matter what type of Brain the source Brain was. **Are backups encrypted?** * All backups are encrypted using GPG with a Vectra-proprietary key. Backups can only be decrypted by Vectra support at this time. **What is the retention policy for backups?** Expand for more details - Local storage is limited to one backup. Brain to Brain backups are limited based on Brain type in the target folder. External targets can be limited with a `--max-backups` option. * When backing up locally to the Brain itself, one backup file can be stored locally. * When a new backup is taken, the older backup is deleted. * For Brain to Brain backups * Backup retention is managed automatically based on available disk space on the target Brain. Overall retention can therefore vary depending on individual backup sizes. Each time a backup is copied, previous backup files exceeding the maximum directory size (100GB on physical Brains, 20GB on virtual or cloud Brains) are deleted oldest-first until enough space is available for the new backup. For newly deployed brains you may see a larger amount of backups than a Brain which has been in production for a while. As Brains age, the backup file typically gets bigger and consequently the amount of backups will be reduce to avoid problems with disk space usage in the target Brain. * When using an external target (S3, SFTP, SCP), there is no size limitation enforced by the Brain. * You can limit the maximum number of backups that are stored in the target by using the `--max-backups` option when configuring the target. * For more details, please see [Configuring External Targets](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/configuring-external-targets) section. **What is the size of a backup file? Are incremental backups taken?** * All backups are **full backups**, as opposed to incremental or other strategies. * The backup size will vary with the number of entities, detections, and associated data on the system. It is typically expected that backups will reach a size of 5-50 GB, depending on the size of the deployment. **How often are backups performed?** * An automated schedule can be set to backup once a week on the day/hour of your choice. * For more details, please see the [Scheduling Backups](https://docs.vectra.ai/operations/backup-restore-dr/backup-and-restore-v85/scheduling-and-manual-backups) section. * Manual backups can be run at any time. * Please keep in mind that functionality will be limited during a backup. Please see **What is unavailable during a backup** above for more details