Restoring PGP Encryption Server Backups larger than 2GB (15GBs in version 11.0.1

Products

Encryption Management Server Gateway Email Encryption Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption PGP SDK PGP Key Mgmt Client Access and CLI API PGP Key Management Server PGP Command Line PGP Encryption Suite

Issue/Introduction

With the release of PGP 11.0.1, the backup upload limit has increased substantially. If you are running into this limitation on an older version it is recommended to upgrade to the latest version.

Prior to PGP 11, due to a limitation of Apache, it was not possible to restore backups over 2 GB using the PGP Encryption Server's admin web portal (Symantec Encryption Management Server).

Starting with 11.0.1, the backups can now be up to 15GBs in size and uploaded to the admin web portal for restoration.

This article will show you how to restore backups larger than 15 GBs. Reach out to Symantec Encryption Support when in doubt or need any further guidance.
EPG-36415

Accessing the PGP Encryption Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc.) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.

Any changes made to the server via the command line must be:

Authorized in writing by the Symantec Encryption Product team.
Once approved by the Product team, Implemented by a Symantec Partner, reseller or Symantec Technical Support.
Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Encryption Server itself.

Changes made through the command line may not persist through reboots and may be incompatible with future releases.

Resolution

To restore a backup larger than 10 GBs, use the steps outlined below:

Copy the most current backup file of the PGP Encryption Server to a network drive or other location.
Export the Organization Key of the server from the admin console by navigating to Keys / Organization Keys, clicking on Organization Key and then clicking on the Export button. From the Export Key page, choose Export Keypair and provide a passphrase. Note that it is vital that you export the Keypair and not the default of the "Public Key".
Install the PGP Encryption Server from the .iso image. A new Organization Key will be created automatically as part of the installation process.
Import the original Organization Key by navigating to Keys / Organization Keys and clicking on the Import button.

You will be warned that the existing Organization Key will be deleted.

Click on Choose File and browse to the original Organization Key that you saved.

Enter the passphrase of the saved Organization key and click the Import button. This will replace the Organization Key that was created automatically as part of the installation process with the original Organization Key.
Import your SSH key to the server.
Connect to the server with WinSCP and upload the backup file to the /var/lib/ovid/backups/ directory on the server. Note that by default, backups are encrypted to the Organization Key. Such backup files will have a .pgp filename extension.
Access the server via SSH. For more information on accessing the server via SSH, see the following article:

153592 - Access the PGP Encryption Server by using SSH (Symantec Encryption Management Server)
Run this command where backupfile is the filename of the backup file:
```
pgpbackup --restore backupfile --done
```
When the restore operation has completed, the Login page should be displayed.

Login and check, for example, that under Consumers / Groups the Everyone group contains the expected number of members.

Navigate to Consumers / Users and check that the number of Internal Users and External Users is correct.

Navigate to System / Network and check that the Assigned Certificate is correct for each Interface.
Reboot the server.