Backup / Restore (prior to v8.5)

Please Note - for v8.5+ of Vectra Software:

• In version 8.5 and higher of Vectra Brain software, backup and restore functionality has been updated to be more consistent in how the commands work for the various different options available in backup/restore. As a result, the majority of commands are different in some way.

  • Please see Backup and Restore for Vectra Brain Appliances (v8.5+) for details.

• The KB you are currently reading will quickly become obsolete as customers update to v8.5+ of Vectra software.

  • Once all customers are on v8.5+, the older KB articles will be archived to help avoid confusion.

Summary:

Starting from the 4.0 release Cognito supports restoring backups from the 'vectra' CLI login. Backups can be restored between different hardware and virtual brain architectures, an example of this is an AWS Brain restoring to a X80 hardware brain, or a X29 brain backup restoring to a B101 brain. Restoring a backup from a larger appliance to a smaller one can be successful if the files are within the capacity of the smaller brain.

Prerequisite:

• Restore can only be performed when the backup file was taken from the same release version of software.

• Backup files taken from versions prior to the current release cannot be restored to the current version.

• In case of remote backups, the Brain appliance should be able to communicate with the backup server using SCP or SFTP on TCP port 22. This connection is required unidirectionally with the Brain appliance initiating the connection.

Please Note:

Version 7.9 has added three new options to the "restore run" command. They are:

• --preserve-saml

  • Keeps the SAML configuration that was present on the target brain prior to the restore

  • For example, this can be helpful when SAML configuration is tied to an IP address that will be different on the target Brain.

• --preserve-ui-certs

  • Keeps the UI certificates that were present on the target brain prior to the restore

  • This can be useful when the restore target will have a different IP/hostname that would invalidate the UI certificate configuration.

• --replace

  • This option is meant to be used when a brain is being fully replaced by another brain and ensures that internal processes at Vectra properly link this new brain with our back end as a replacement. For customers running the Respond UX with network data sources, this option will ensure your replacement brain can automatically connect to your GUI that is being served from the Vectra AI platform.

Backups should not be compressed, encrypted or changed in any form as it might cause error during the restore process.

Using the Restore command:

Help: This command displays the options available

List: This command will list available backups from the configured backup location (local and remote). If there are no backups, "No backups to show" will be printed.

Run: This command will restore system state from a backup. You may restore from either local or remote backups.

For remote backup files user input (e.g. passwords) may be requested.

The default option, --configured, will fetch a backup from the configured target. If using this option please ensure that the configured user account has access to list files (SSH shell access for SCP and SFTP 'list' access for SFTP).

Restore Example:

Local:

Remote:

Troubleshooting:

If prerequisites are passing then restore should work fine however in case of any issue please contact Vectra support. If possible, please add the following information to the ticket:

• Output of VCLI commands:

• Generate system report using below command, it'll take few minutes to run all the checks and collect logs:

• Use the following command to list all reports.

Copy the URL associated with latest report (i.e. highest ID number). Put the URL in your favorite browser to download the report.