Creating a backup copy and restoring the application from backup

You can create a backup copy of the application and then restore it from backup.

Note that you cannot restore data between Kaspersky Anti Targeted Attack Platform based on different operating systems. For example, you cannot restore data of Ubuntu-based Kaspersky Anti Targeted Attack Platform based in Astra Linux-based Kaspersky Anti Targeted Attack Platform, and vice versa.

For a standalone Central Node server, you can create a backup copy of the data from this Central Node server.

If you are using the

distributed solution

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

multitenancy mode

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

• Create a backup copy of PCN data.
• Create a backup copy of SCN data.

  Restoring data from a backup copy of the SCN will change the role of the server from SCN to standalone Central Node server.

Follow the procedure for creating the backup copy of the application on the server for which you want to create a backup copy of the data.

Kaspersky Anti Targeted Attack Platform may contain user data and other confidential information. The Kaspersky Anti Targeted Attack Platform administrator must take steps to ensure the security of this data when creating a backup copy of the application, when replacing equipment on which the application is installed, or in other cases when it may be necessary to permanently delete data. The Kaspersky Anti Targeted Attack Platform administrator bears responsibility for access to data stored on application servers.

You can create a backup copy of the following data:

• The application database.
• Objects in Storage.
• Files from alerts generated during a rescan.
• Sandbox artifacts.
• Configuration files.
• Central Node or PCN settings:
  • If you are using a standalone Central Node server, a backup copy of Central Node settings is created.
  • If you are using the distributed solution and multitenancy mode and are managing the PCN server, a backup copy of PCN settings is created.
  • If you are using the distributed solution and multitenancy mode and are managing the SCN server, you can create a backup copy of the SCN, but restoring data from a backup copy will change the role of the server from SCN to standalone Central Node server.

You can clear the directory before creating a backup copy of the application.

Before the application is restored from a backup copy, the following is cleared on the Central Node or PCN server on which the application is being restored:

• The application database.
• Objects in Storage.
• Files from alerts generated during a rescan.
• Sandbox artifacts.
• Configuration files.
• Central Node or PCN settings.

  Contents and volume of data exported for the creation of a backup copy of the application

  Data type	Exported data	Application operation mode	Deployment method
  Central Node settings. The application database on Central Node: Alerts and VIP statuses of alerts Tasks and task execution results Policies User-defined TAA (IOA) rules and exclusions User-defined IDS rules and exclusions IOC files Scan exclusion rules Information about files in Storage Information about quarantined objects List of computers with Endpoint Agent Reports and report templates User account data Notifications	Central Node settings, if selected. Application databases, by default.	Standalone Central Node server.	All deployment methods.
  PCN settings.	Custom	Distributed solution and multitenancy mode.	All deployment methods.
  SCN settings.	Custom As for a standalone Central Node server.	Distributed solution and multitenancy mode.	All deployment methods.
  Application databases on the PCN: Alerts and VIP statuses of alerts Task execution results Policies User-defined TAA (IOA) rules and exclusions User-defined IDS rules and exclusions IOC files List of data excluded from the scan Information about files in Storage Information about quarantined objects List of Kaspersky Endpoint Agent hosts Reports and report templates User account data Notifications	Default	Distributed solution and multitenancy mode.	All deployment methods.
  Configuration files.	Yes	All modes.	All deployment methods.
  Backup	Custom	All modes.	Non-high-availability version.
  Sandbox artifacts.	Custom	All modes.	Non-high-availability version.
  Files from alerts generated during a rescan.	Custom	All modes.	Non-high-availability version.
  Events database.	None.	All modes.	All deployment methods.

Files that are in the scan queue when the backup copy of the application is created are not exported.

The versions of the application being restored must match the version of the application installed on the server. If the versions do not match, an error message is displayed when the application restoration is initiated, and the restoration process is terminated.

Creating a backup copy of Central Node server settings from the application administrator menu

To create a backup copy of the Central Node (PCN or SCN in distributed solution and multitenancy mode), do the following in the administrator menu of the server:

1. In the list of sections of the application administrator menu, select the System administration section.
2. Press ENTER.

   This opens the action selection window.

3. In the list of actions, select Backup/Restore settings.
4. Press ENTER.

   This opens the Backup/Restore settings window.

5. In the list of actions, select New.
6. Press ENTER.

   This opens the Backup settings window.

7. Click Back up.

A backup copy of server settings is created.

The backup copy of Kaspersky Anti Targeted Attack Platform contains databases (alerts database, VIP status details, the list of data excluded from the scan, notifications) and Central Node or PCN settings only.

Downloading a file containing a backup copy of server settings from the Central Node or PCN server to the hard drive of the computer

It is recommended to save files containing a backup copy of the Central Node server settings to the hard drive of your computer.

To download a file containing a backup copy of the Central Node server settings to the hard drive of your computer, run the following command in the command line interface of the Linux operating system on your computer:

scp <name of the account used for working in the administrator menu and in the server management console>@<IP address of the server>:<name of the file containing the backup copy of the application in the form of settings-<date and time of backup copy creation>.tar.gz>

Page top

Restoring server settings from a backup copy using the application administrator menu

To restore Central Node server settings from a backup copy, you must first create a backup copy of current server settings. In case of an error when restoring server settings you will be able to use a backup copy of server settings.

To restore server settings from a previously created backup copy, perform the following actions in the administrator menu of the server:

1. In the list of sections of the application administrator menu, select the System administration section.
2. Press ENTER.

   This opens the action selection window.

3. In the list of actions, select Backup/Restore settings.
4. Press ENTER.

   This opens the Backup/Restore settings window.

5. In the list of files containing backup copies of the application, select the file from which you want to restore the server settings.

   If the necessary file is not listed, upload the file containing the backup copy of the settings to the server.

6. Press ENTER.

   This opens the action selection window.

7. In the list of actions, select Restore <name of the file with the backup copy of server settings>.
8. Press ENTER.

   This opens the action confirmation window.

9. Click Restore.

   The process of restoring the server settings from the backup copy starts.

10. When prompted, enter the administrator password of the server on which the backup copy of server settings was created.
11. Press ENTER.
12. Enter the administrator password of the server on which you are restoring server settings from backup.
13. Press ENTER.

Server settings are restored from the selected file.

The backup copy of the server settings does not include settings for receiving mirrored traffic from SPAN ports. If you have previously configured the receipt of mirrored traffic from SPAN ports and want to keep receiving it, you need to configure the receipt of mirrored traffic before restoring server settings from backup. Then you need to enable the receipt of mirrored traffic from SPAN ports when updating the application, at the Configuring receipt of mirrored traffic from SPAN ports step.

The backup copy of Kaspersky Anti Targeted Attack Platform settings does not contain ICAP exclusion settings. If you need to save and restore ICAP exclusion settings, contact Technical Support before you restore server settings.

If the hardware configuration of the Central Node server on which the backup copy was created differs from the hardware configuration of the server on which you are planning to restore the server settings, you need to reconfigure the application scaling settings after restoring.

Creating a backup copy of the application in Technical Support Mode

Note that you cannot restore data between Kaspersky Anti Targeted Attack Platform based on different operating systems. For example, you cannot restore data of Ubuntu-based Kaspersky Anti Targeted Attack Platform based in Astra Linux-based Kaspersky Anti Targeted Attack Platform, and vice versa.

To create a backup copy of Kaspersky Anti Targeted Attack Platform, run the following command in Technical Support Mode of the server:

kata-run.sh kata-backup-restore backup

You can also specify one or multiple parameters for this command (see the table below).

You can use the -h command to receive tips on using parameters.

Parameters of the command for creating a backup copy of Kaspersky Anti Targeted Attack Platform

If additional settings are not defined, the backup copy of Kaspersky Anti Targeted Attack Platform contains only databases (alerts database, VIP status details, the list of data excluded from the scan, notifications). If you are creating a backup copy of the application installed as a high availability cluster, you cannot use the -q, -a, -s, and -e options.

If you are using the application installed as a high availability cluster, you can back up the settings and restore only servers with the 'manager' role in Docker swarm from the backup copy.

All files containing a backup copy of the application are saved to one TAR archive. Archive file name: data_kata_ddmmyyyyhhMM, where ddmmyyyy is the date and hhMM is the hour and minute when the backup copy of the application was created. The name of the database is KATA6.0.sql for the backup copy of the application version 6.0.

Page top

Restoring the application from a backup copy in Technical Support Mode

To restore Kaspersky Anti Targeted Attack Platform from a backup copy, you must first create a backup copy of the current state of the application and download it to the hard drive of your computer. If an error occurs when restoring the application or if it becomes necessary to reinstall Kaspersky Anti Targeted Attack Platform, you will be able to use the saved copy of the application.

Note that you cannot restore data between Kaspersky Anti Targeted Attack Platform based on different operating systems. For example, you cannot restore data of Ubuntu-based Kaspersky Anti Targeted Attack Platform based in Astra Linux-based Kaspersky Anti Targeted Attack Platform, and vice versa.

The versions of the application being restored must match the version of the application installed on the server. If the versions do not match, an error message is displayed when the application restoration is initiated, and the restoration process is terminated.

To restore Kaspersky Anti Targeted Attack Platform from a backup copy, run the following command in Technical Support Mode of the server:

kata-run.sh kata-backup-restore restore

You can also specify one or multiple parameters for this command (see the table below).

You can use the -h command to receive tips on using parameters.

Parameters of the command for restoring Kaspersky Anti Targeted Attack Platform from a backup copy

Page top