Restoring PGP Encryption Server Backups larger than 2GB (Symantec Encryption Management Server)
search cancel

Restoring PGP Encryption Server Backups larger than 2GB (Symantec Encryption Management Server)

book

Article ID: 153318

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption PGP SDK PGP Key Mgmt Client Access and CLI API PGP Key Management Server PGP Command Line PGP Encryption Suite

Issue/Introduction

With the release of PGP 11.0.1, the backup upload limit has increased substantially. If you are running into this limitation on an older version it is recommended to upgrade to the latest version.

Prior to PGP 11, due to a limitation of Apache, it was not possible to restore backups over 2 GB using the PGP Encryption Server's admin web portal (Symantec Encryption Management Server).

Starting with 11.0.1, the backups can now be up to 10GBs in size and uploaded to the admin web portal for restoration.

This article will show you how to restore backups larger than 10 GBs.  Reach out to Symantec Encryption Support when in doubt or need any further guidance.
EPG-36415

 


Accessing the PGP Encryption Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc.) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.

Any changes made to the server via the command line must be:

  • Authorized in writing by the Symantec Encryption Product team.
  • Once approved by the Product team, Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/customization on the PGP Encryption Server itself.

Changes made through the command line may not persist through reboots and may be incompatible with future releases.

 

Resolution

To restore a backup larger than 10 GBs, use the steps outlined below:

  1. Copy the most current backup file of the PGP Encryption Server to a network drive or other location.

  2. Export the Organization Key of the server from the admin console by navigating to Keys / Organization Keys, clicking on Organization Key and then clicking on the Export button. From the Export Key page, choose Export Keypair and provide a passphrase. Note that it is vital that you export the Keypair and not the default of the "Public Key".

  3. Install the PGP Encryption Server from the .iso image.  A new Organization Key will be created automatically as part of the installation process.

  4. Import the original Organization Key by navigating to Keys / Organization Keys and clicking on the Import button.

    You will be warned that the existing Organization Key will be deleted.

    Click on Choose File and browse to the original Organization Key that you saved.

    Enter the passphrase of the saved Organization key and click the Import button. This will replace the Organization Key that was created automatically as part of the installation process with the original Organization Key.

  5. Import your SSH key to the server.

  6. Connect to the server with WinSCP and upload the backup file to the /var/lib/ovid/backups/ directory on the server. Note that by default, backups are encrypted to the Organization Key. Such backup files will have a .pgp filename extension.

  7. Access the server via SSH. For more information on accessing the server via SSH, see the following article:

    153592 - Access the PGP Encryption Server by using SSH (Symantec Encryption Management Server)

  8. Run this command where backupfile is the filename of the backup file:
    pgpbackup --restore backupfile --done
  9. When the restore operation has completed, the Login page should be displayed.

    Login and check, for example, that under Consumers / Groups the Everyone group contains the expected number of members.

    Navigate to Consumers / Users and check that the number of Internal Users and External Users is correct.

    Navigate to System / Network and check that the Assigned Certificate is correct for each Interface.

  10. Reboot the server.

Additional Information

EPG-36415, EPG-35317

211876 - Technical considerations when upgrading Encryption Management Server to release 10.5

150915 - PGP Encryption Server Benefits and Considerations for upgrading to version 10.5

180196 - HOW TO: Backup the Organization Key on the PGP Encryption Server (Symantec Encryption Management Server)

193931 - How to download Symantec Encryption products from the Broadcom download Portal (And where to find the license number for PGP)

157080 - Pictured Installation Guide for Symantec Encryption Management Server (PGP Server)

180249 - HOW TO: Configure the Backup Location and schedule for the PGP Encryption Server (Symantec Encryption Management Server)

153588 - Restore Backup files to the PGP Encryption Server (Symantec Encryption Management Server)

180749 - Upgrading PGP Encryption Server using a *.pup file (Symantec Encryption Management Server)

153318 - Restoring Encryption Management Server Backups larger than 2GBs

197045 - Custom scripts are moved when upgrading to Encryption Management Server 10.5