Backup copying and restoration of Administration Server data

Data backup allows you to move Administration Server from one device to another without data loss. Through backup, you can restore data when moving the Administration Server database to another device, or when upgrading to a newer version of Kaspersky Security Center.

Note that the installed management plug-ins are not backed up. After you restore Administration Server data from a backup copy, you need to download and reinstall plug-ins for managed applications.

You can create a backup copy of Administration Server data in one of the following ways:

• By creating and running a data backup task through Administration Console.
• By running the klbackup utility on the device that has Administration Server installed. This utility is included in the Kaspersky Security Center distribution kit. After the installation of Administration Server, the utility is located in the root of the destination folder specified at the application installation.

The following data is saved in the backup copy of Administration Server:

• Database of Administration Server (policies, tasks, application settings, events saved on the Administration Server).
• Configuration details of the structure of administration groups and client devices.
• Repository of distribution packages of applications for remote installation.
• Administration Server certificate.

Recovery of Administration Server data is only possible using the klbackup utility.

Creating a data backup task

Backup tasks are Administration Server tasks; they are created through the Quick Start Wizard. If a backup task created by the Quick Start Wizard has been deleted, you can create one manually.

To create an Administration Server data backup task:

1. In the console tree, select the Tasks folder.
2. Start creation of the task in one of the following ways:
   • By selecting New → Task in the context menu of the Tasks folder in the console tree.
   • By clicking the Create a task button in the workspace.

The Add Task Wizard starts. Follow the instructions of the Wizard. In the Select the task type window of the Wizard select the task type named Backup of Administration Server data.

The Backup of Administration Server data task can only be created in a single copy. If the Administration Server data backup task has already been created for the Administration Server, it is not displayed in the task type selection window of the Backup Task Creation Wizard.

Data backup and recovery utility (klbackup)

You can copy Administration Server data for backup and future recovery using the klbackup utility, which is part of the Kaspersky Security Center distribution kit.

The klbackup utility can run in either of the two following modes:

• Interactive
• Non-interactive

Page top

Data backup and recovery in interactive mode

Expand all | Collapse all

To create a backup copy of Administration Server data in interactive mode:

1. Run the klbackup utility located in the Kaspersky Security Center installation folder.

   The Backup and Restore Wizard starts.

2. In the first window of the Wizard, select Perform backup of Administration Server data.

   If you select the Restore or back up Administration Server certificate only option, only a backup copy of the Administration Server certificate will be saved.

   Click Next.

3. In the next window of the Wizard, specify a password and a destination folder for backup, and then click the Next button to start backup.
4. If you are working with a database in a cloud environment such as Amazon Web Services (AWS) or Microsoft Azure, in the Sign In to Online Storage window, fill in the following fields:
   • For AWS:
     • S3 bucket name

       The name of the S3 bucket that you created for the Backup.

     • Access key ID

       You received the key ID (sequence of alphanumeric characters) when you created the IAM user account for working with S3 bucket storage instance.

       The field is available if you selected RDS database on an S3 bucket.

     • Secret key

       The secret key that you received with the access key ID when you created the IAM user account.

       The characters of the secret key are displayed as asterisks. After you begin entering the secret key, the Show button is displayed. Click and hold this button for the necessary amount of time to view the characters you entered.

       The field is available if you selected an AWS IAM access key for authorization instead of an IAM role.

   • For Microsoft Azure:
     • Azure storage account name

       You created the name of the Azure storage account for working with Kaspersky Security Center.

     • Azure Subscription ID

       You created the subscription on the Azure portal.

     • Azure password

       You received the password of the Application ID when you created the Application ID.

       The characters of the password are displayed as asterisks. After you begin entering the password, the Show button becomes available. Click and hold this button to view the characters you entered.

     • Azure Application ID

       You created this application ID on the Azure portal.

       You can provide only one Azure Application ID for polling and other purposes. If you want to poll another Azure segment, you must first delete the existing Azure connection.

     • Azure SQL server name

       The name and the resource group are available in your Azure SQL Server properties.

     • Azure SQL server resource group

       The name and the resource group are available in your Azure SQL Server properties.

     • Azure storage access key

       Available in the properties of your storage account, in the Access Keys section. You can use any of the keys (key1 or key2).

To recover Administration Server data in interactive mode:

1. Run the klbackup utility located in the Kaspersky Security Center installation folder. Start the utility under the same account that you used to install Administration Server.

   The Backup and Restore Wizard starts.

2. In the first window of the Wizard, select Restore Administration Server data.

   If you select the Restore or back up Administration Server certificate only option, the Administration Server certificate will only be recovered.

   Click Next.

3. In the Restore settings window of the Wizard:
   • Specify the folder that contains a backup copy of Administration Server data.

     If you are working in a cloud environment such as AWS or Azure, specify the address of the storage. Also, make sure that the file is named backup.zip.

   • Specify the password that was entered during data backup.

     When restoring data, you must specify the same password that was entered during backup. If the path to a shared folder changed after backup, check the operation of tasks that use restored data (restore tasks and remote installation tasks). If necessary, edit the settings of these tasks. While data is being restored from a backup file, no one must access the shared folder of Administration Server. The account under which the klbackup utility is started must have full access to the shared folder.

4. Click the Next button to restore data.

Data backup and recovery in non-interactive mode

To create a backup copy or recover Administration Server data in non-interactive mode,

Run klbackup with the required set of keys from the command line of the device that has Administration Server installed.

Utility command line syntax:

klbackup -path BACKUP_PATH [-logfile LOGFILE] [-use_ts]|[-restore] [-password PASSWORD] [-online]

If no password is specified in the command line of the klbackup utility, the utility prompts you to enter the password interactively.

Descriptions of the keys:

• -path BACKUP_PATH—Save information in the BACKUP_PATH folder, or use data from the BACKUP_PATH folder for recovery (mandatory parameter).
• -logfile LOGFILE—Save a report about Administration Server data backup and recovery.

  The database server account and the klbackup utility should be granted permissions for changing data in the folder BACKUP_PATH.

• -use_ts—When saving data, copy information to the BACKUP_PATH folder, to the subfolder with a name containing the current system date and operation time in klbackup YYYY-MM-DD # HH-MM-SS format. If no key is specified, information is saved in the root of the folder BACKUP_PATH.

  During attempts to save information in a folder that already stores a backup copy, an error message appears. No information will be updated.

  Availability of the -use_ts key allows an Administration Server data archive to be maintained. For example, if the -path key indicates the folder C:\KLBackups, the folder klbackup 2022/6/19 # 11-30-18 then stores information about the status of the Administration Server as of June 19, 2022, at 11:30:18 AM.

• -restore—Recover Administration Server data. Data recovery is performed based on information contained in the BACKUP_PATH folder. If no key is available, data is backed up in the BACKUP_PATH folder.
• -password PASSWORD—Save or recover the Administration Server certificate; to encrypt and decrypt the certificate, use the password specified by the PASSWORD parameter.

  A forgotten password cannot be recovered. There are no password requirements. The password length is unlimited and zero length (no password) is also possible.

  When restoring data, you must specify the same password that was entered during backup. If the path to a shared folder changed after backup, check the operation of tasks that use restored data (restore tasks and remote installation tasks). If necessary, edit the settings of these tasks. While data is being restored from a backup file, no one must access the shared folder of Administration Server. The account under which the klbackup utility is started must have full access to the shared folder. We recommend that you run the utility on a newly installed Administration Server.

• -online—Back up Administration Server data by creating a volume snapshot to minimize the offline time of the Administration Server. When you use the utility to recover data, this option is ignored.