Restore Backup files to the PGP Encryption Server (Symantec Encryption Management Server)
search cancel

Restore Backup files to the PGP Encryption Server (Symantec Encryption Management Server)

book

Article ID: 153588

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

This article details how to restore a backup to the PGP Encryption Server (Symantec Encryption Management Server).

Resolution

The PGP Encryption Server, allows administrators to restore a full backup of the server in the event of a minor problem or catastrophic failure.   

You can restore the server from any saved backup. Restoring from a backup restores everything configured, including network settings, such as IP Addresses, FQDNs, Keys, policies, etc.  All the information you would need are included in the backups.  Make note that some servers, depending on their features will not contain all data, however, the backups will contain all information needed to restore the server back to its own working state.


Restoring a PGP Server Backup with a backup file

 

  1. If you are restoring a backup from an older version of the PGP server to a new version, or moving from one server to another, you will need to first upload the Organization Key to the PGP Server before attempting to restore. 

    Once the Org Key has been successfully uploaded, you can then restore your backup.  For information on how to backup the Organization Key for the PGP Server, see the following article:

    180196 - HOW TO: Backup the Organization Key on the PGP Encryption Server (Symantec Encryption Management Server)

  2. To restore the Org Key, Click "Keys", then "Organization Key" and click the "Upload" arrow icon:


    Next, browse to your key from this dialog and then enter your passphrase

    Tip: The name of this org key was renamed to "OrgKey.asc".  It is useful to give this a new name so you can distinguish the key from others.
    Keep this keypair safe!


    When you do go to upload your Org Key, you will get the following message:



    If you get an error about the passphrase being wrong and nothing is working, you may need to go back to your original server and redownload it:


    Once imported successfully, there will be no message, but the logs will indicate it was successful:



  3. Once the Org Key has been uploaded, click System > Backups. The available backups are displayed.

    You can restore these backups from the current version of the PGP Server, or you can upload a backup from a different version. 
    In this scenario, we will upload a backup from a previous version (PGP Server 3.3.2 MP13):


    It's not possible to restore backups from a newer version of the PGP Server to an older version.  

    For example, a backup from 10.5.1 cannot be restored on 10.5.0.   For Migration data from different versions, see the following article:

    211876 -  Technical considerations when upgrading Encryption Management Server to release 10.5.1


    If you have a backup that was created from 5 days ago, all the data that may have been created after this time will not be included in the restore.

    For this reason, always use the most recent backup possible.  If you have any questions on this, reach out to Symantec Encryption Support
    to ensure the backups are restored properly.
     
  4. Click the arrow icon next to the desired backup file.

    Warning: Restoring a backup will replace all existing server data with the backup copy and possibly render some email unreadable.
     
  5. Click OK and the following message appears:

  6. One you click OK, the progress window will appear:


 

After the restore is complete, you are redirected to the administration console login screen.

 

If you get the following error message, this means you need to find the correct Org Key associated to the backup:

 

As has been demonstrated above, backups for the PGP Server can be used for "Upgrade" scenarios going from one version of the server to another. 

In this scenario, we were going from 3.3.2 MP13 to PGP Server version 10.5.1.


For additional information on upgrade scenarios, see the following article:

211876 -  Technical considerations when upgrading PGP Server to release 10.5.1 (Symantec Encryption Management Server)


The above method shown in the KB above a great way to upgrade if you are also trying to restore a backup while upgrading. 

 

Important Notes:
*If you are doing a new installation of the PGP Server for the purpose of restoring the backup, we recommend using the "New Installation" option during the setup.
This is the most seamless experience and allows multiple options for restore. 

*This will require setting the destination server up with a new IP and hostname to complete the new setup, however, once the backup is restored, all the previous network details will be restored (You would shut down the old server before restoring the backup).

*Because all previous network information is restored, before you attempt to restore a backup, make sure the old server is first shut down.

*Symantec recommends you always install using a New Installation rather than repurposing an old VM.  This makes it possible to easily revert to the old server if needed in the unlikely event the upgrade fails, and also allows for a cleaner installation. 

*Restoring a backup could take twice as long as it took to create the backup.  For example, if it takes 15 minutes to perform a backup, restoring the backup could take up to 30 minutes to restore.  There are other factors at play that can extend these times, such as where the backup is located that is to be restored.


For information on how to install Symantec Encryption Management Server, see the following article: 

157080 - Pictured Installation Guide for PGP Encryption Server (Symantec Encryption Management Server)

 

 

Restoring a PGP Server Backup from a Production PGP Server to a UAT (User Acceptance Testing)/Test Environment

 

It is possible to get a backup from the PGP server and take that into a Test environment. 

Special care should be taken as each PGP backup from the server contains server information, such as the following (not limited to):

*Network Details in addition IP/Hostname
*User Information
*Clustered Server Information
*Key Data
*Mail Configuration Details

As the above information is restored in the restoration process, if the Production PGP server is online while the Test Server in UAT is online, collisions in network details can occur.

This makes it trick to restore these types of backups.  Reach out to Symantec Encryption Support for further guidance to this.

A Feature Request has been logged to be able to enter any IP/Network Details restoring backups so these collisions can be avoided. 

To be added to this feature request, provide the below ID and reach out to Symantec Encryption Support.

EPG-23728

Additional Information

180196 - HOW TO: Backup the Organization Key on the PGP Encryption Server (Symantec Encryption Management Server)

180249 - HOW TO: Configure the Backup Location and schedule for the PGP Encryption Server (Symantec Encryption Management Server)

153588 - Restore Backup files to the PGP Encryption Server (Symantec Encryption Management Server)

153318 - Restoring PGP Encryption Server Backups larger than 2GB (Symantec Encryption Management Server)

IMSFR-21
EPG-21820
EPG-23728
EPG-29819
EPG-32253