Best Practices for Disaster Backup and Recovery with Symantec Endpoint Encryption Management Server (SEE)
Article ID: 161187
Updated On:
Products
Issue/Introduction
This Knowledge Base article provides information on the best practices for planning and executing a successful Disaster Recovery program for the Symantec Endpoint Encryption product.
For Best Practices and Disaster recovery for the PGP Server (Symantec Encryption Management Server) product line, see the following article:
269071 - Best Practices for Disaster Backup and Recovery with PGP Encryption Server (PGP)
Resolution
Use the information in this article to help prepare the Symantec Endpoint Encryption environment and data in an event of a disaster or an unplanned interruption, such as a natural disaster or power outage.
Preparing for disaster recovery:
You prepare for disaster recovery by backing up the following information:
Item 1: Management Password
Item 2: Database files
Item 3: Server certificate (Keypair of SEE MS TLS cert, with Root and Intermediate certificates)
Item 4: Server installation files
Item 5: Database settings
Item 6: Web Server Confirmation pages with passwords
Item 7: Active Directory settings, port numbers, and the domain name, IP address, and host name of the management server.
TIP: For Items 5 through 7, if you take a screenshot of each of the pages for the SEEMS Configuration Files page, this will help to easily re-create these pages during a new installation of the SEE Management Server if needed:
Once you have screenshots of all your SEEMS Configuration Manager pages, this will help you to quickly set this backup up if needed.
Item 8: You should also back up all client installation files As a best practice, you should store the backed-up data off-site at a secure location.
IMPORTANT TIP! Starting with SEE Management Server 12.0.0, there is a "Prerequisite Verifier Utility" included with each download. Before attempting to install, run this utility to ensure all proper roles, components and features are configured.
If you are on SEE 11.4, ask us about our "Check Roles Tool" that will make the installation of Symantec Endpoint Encryption Management Server simple and seamless! This is an excellent tool that will both check if the features are enabled and tell you what is missing, and then **install them for you** (When run as administrator). Please contact our Symantec Encryption Support team and we will be happy to provide the tool for you. This tool makes it extremely easy to get all these features installed and enabled. The name of this tool is called "CheckRolesFor_11_3_1_Plus.exe".
Item 9: Know how to do a new installation of the SEE Management Server if necessary. For more information on this process, see the following article:
179347 - HOW TO: Install Symantec Endpoint Encryption Management Server (SEE Management Server)
Item 10: Always know the version and build number of your current setup.
High-level tasks to prepare for disaster recovery
The following sections describe recommended practices to help you prepare and manage disaster recovery in your enterprise. Although, an administrator can perform the following recommendations, you can contact Symantec Technical Support for any assistance with the process.
| Task | Description |
| Step 1: Back up the database often | Back up your database immediately following the successful installation and configuration of the Symantec Endpoint Encryption Management Server. At scheduled, frequent intervals, you should manually backup your database or perform automatic backups. For more information on backing up your Microsoft SQL Server database, see the Microsoft MSDN Library or your database owner. |
| Step 2: Back up important files or save information that you will require when you start the disaster recovery process | The files or information that you must back up or save and use during the disaster recovery process are:
|
| Step 3: Copy the files you backed up off-site |
Store the backed-up data off-site at a secure location. Caution: When you backup files to a secure, off-site location, be sure that the files are copied properly. If the copied files are corrupted, you cannot restore your data. |
| Step 4: Test your backup strategy | Simulate a mock-disaster situation and try to restore all backed up files, database, and re-establish communication between server and clients. Caution: To minimize the associated risks of simulating a mock-disaster situation, carefully review your organization’s policies and procedures. |
Recovering after an interruption - disaster recovery sequence
Symantec recommends that you adhere to a recommended disaster recovery preparation and strategies. If you do encounter an interruption and need to recover, follow this recovery sequence:
- Set up an environment to install and configure Symantec Endpoint Encryption. For information on requirements to create the environment, see the Symantec Endpoint Encryption 11.3.x Installation Guide.
- Restore the Symantec Endpoint Encryption Management Server.
- Use the same IP address and host name of the server that you backed up and restore the Management Server.
- Use the same IP address and host name of the server that you backed up and restore the Management Server.
- Restore the database and install Symantec Endpoint Encryption Management Server
- Restore the backed up database. For more information on restoring the Microsoft SQL Server database, see the Microsoft MSDN Library or your DBO.
- Install the Symantec Endpoint Encryption Management Server using the existing database option. Use the Management Server information that you backed up while installing the Management Server.
For information on the Management Server installation, see the Symantec Endpoint Encryption Installation Guide and other documentation.
- Restore client communication.
- Restart a Symantec Endpoint Encryption client computer and verify communication between the Management Server and the client.
Additional Information
Feedback
