HOW TO: Configure the Backup Location for Encryption Management Server


Article ID: 180249


Updated On:


Encryption Management Server Gateway Email Encryption




This article provides instructions on how to configure the backup location for Encryption Management Server (previously PGP Universal Server).

Configuring the Backup Location

By default, backups are saved to the local disk on Encryption Management Server. However, you can also specify another location to save backup files to using FTP or SCP. When the backup job is preformed, backup files are then automatically sent to that location via FTP or SCP. If you change your backup location, you cannot restore from backups stored on the old location, even though the backup files still appear listed on the System Backups page.

Note: If your remote host is temporarily unavailable, the backup file is stored on the Symantec Encryption Management Server until the host becomes available. Make sure that you get the backup file from the host in binary format, not ASCII.

To configure the backup location

  1. Log into the Encryption Management Server administrative interface.
  2. On the System > System Backups screen, click Backup Location. The Backup Location dialog box appears.
  3. Choose Save backups on this Symantec Encryption Management Server or to have backups saved to a remote location, select Save backups to a remote location.
  4. Select FTP, SCP Password Authentication, or SCP Keypair Authentication.

    Caution: You cannot use FTP to back up large amounts of data as the backup will fail. If you have 3 GB or more data to back up, do not use FTP.
  5. Type the backup location hostname in the Hostname field.
  6. Type the port number in the Port field. The default FTP port is 21. The default SCP port is 22.
  7. Specify a Directory to which to save the backup. The default backup directory is the FTP or SCP home directory for the username you choose.  Example: /backups/pgp/  (You can verify this with WinSCP)
  8. Type a valid login name for the location you are saving the backup to in the Username field.
  9. Type a valid passphrase for the login name you specified in the Passphrase field.
  10. If you chose SCP Keypair Authentication, import an SSHv2 Key by clicking the Add icon. The Update SSH Key dialog box appears.

    1. If you do not have an SSH keypair, choose Generate and Import New Key. Select the appropriate key size and type.
    2. If you already have an SSH keypair, choose Import Key File, import your keypair, and type a passphrase.
    3. Click Import. The Update SSH Key dialog box disappears and the keypair appears in the Backup Location dialog box.
  11. Type a name for your backup files in  the Backup Name field.
  12. Specify if you want to Encrypt backups to the Organization Key.

    Note: Backing up data is much faster if you do not encrypt and compress the backup file, but your backup files will be less secure and require more disk space.
  13. Specify if you want to Enable file compression. Backup files are saved in binary format normally, which is compressed, but you can choose this option to compress the file further.
  14. Specify how many backups you want to save at a time. Once you have saved that number of backups, the newest backup overwrites the oldest backup file.
  15. Click Save. The Backup Location dialog box disappears.

You can download your SSH keypair and place the public part of the key onto another server to use to validate logins on that server.

Note : Linux is recommended for SCP backup as 3rd party SCP solutions for windows does not work as expected . Known issues with 3rd party SCP solutions for Windows (i) If backup size exceeds 2GB , it fails to transfer due to 2GB per process limit in Windows (ii) On SEMS even when backup is set to "Keep at most 5 scheduled backups” , the backup does not get deleted after 5 backups from remote location with SCP Solarwinds server configured on windows.