Disaster Recovery Overview

The ePO Disaster Recovery feature uses a Snapshot process to save specific ePO server database records to the ePO Microsoft SQL database.

Manually from the Server Snapshot page (Dashboard > Trellix ePO Server Snapshot)
Automatically using the Disaster Recovery Server task (Menu > Automation > Server Tasks)

The snapshot takes a copy of these folders and files:

C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\<subfolder>
C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\<subfolder>

The records contain the entire ePO configuration at the specific time the Snapshot is taken and are specific to the time the Snapshot is taken.

You can only run one Disaster Recovery Snapshot at a time.
When you run a new Snapshot, it overwrites the previous Snapshot.

Disaster Recovery Snapshot is enabled by default on all Microsoft SQL Servers, except the Express Edition.

Recommendation: Trellix does not recommend enabling Disaster Recovery Snapshot scheduling with the Microsoft SQL Server Express Editions because of the data file size limitations.

Maximum data file size:

For Microsoft SQL Server 2005 Express Edition is only 4 GB
For Microsoft SQL Server 2008, 2012, 2014 and 2016 Express Editions is 10 GB

Registered executable files are not backed up. You must replace those executable files when you restore the ePO server. After the restore, any registered executables with broken paths are shown in red font on the Registered Executables page (Menu > Configuration > Registered Executables).

Review KB87976(opens in a new tab) for details on the ePO 5.x Disaster Recovery Snapshot feature.

Disaster Recovery Process

Snapshot is taken by a server task, manually or automatically.
Snapshot records are zipped and saved to the SQL database OrionSnapshot table.
- You can use the Microsoft SQL Server Management Studio or BACKUP (Transact‑SQL) database feature to save the entire ePO database. (Must be DBCreator and DBOwner).
Database is backed up and the backup file is copied to another location (not on the ePO server).

Restore the backup file using either the SQL Server Management Studio for your SQL Server edition or the RESTORE (Transact-SQL) command line process.
Run the ePO Install program (Restore ePO from an existing Disaster Recovery database Snapshot option).
- Select Microsoft SQL Server to link the ePO software to the restore SQL database that had the primary ePO configuration restored in step 1.
Snapshot records are used, instead of creating new ones.

Basic Requirements

The table below highlights basic requirements for the Disaster Recovery feature. Your deployment may include a separate restore server configured to closely match your ePO server.

Component

Requirement

Primary ePO server

Should be up and running correctly, with a recent Snapshot saved in the SQL database

Restore ePO server

If you have a restore ePO server, it should closely mirror your primary ePO server hardware.

Disaster Recovery Keystore encryption passphrase

You must know the passphrase added during the initial installation of the ePO software. The passphrase is required to decrypt sensitive information stored in the Disaster Recovery Snapshot. IMPORTANT:

If forgotten, this passphrase cannot be recovered, and you would be unable to restore ePO from the database containing the snapshot.
However, if the original ePO server is still accessible and functional, then the passphrase can be reset under Server Settings > Disaster Recovery. Once reset, you can run another Snapshot task and backup the database again.

Administrator privileges

Access to the primary and restore servers and SQL database is required. Example: DBCreator and DBOwner.

Disaster Recovery Snapshot

Disaster Recovery Snapshot: Server Task

Use the Disaster Recovery Snapshot Server Task to modify the scheduled automatic Snapshots of your ePO server configuration saved to the SQL database.

From the Server Tasks list, locate the Disaster Recovery Snapshot Server task in the Name column. Note: The task is enabled by default. It has a default configuration you can change to meet your needs. You can View, Edit, or Run the task from this page. The only editable aspect of the server task is to Enable or Disable the task itself and set the schedule to run the task. The action itself cannot be altered.

Click View to see the default configuration, as shown in the figure. Note: The task is scheduled to run daily at 1:59 A.M. the following day, after the ePO software is installed. Click Cancel to exit this page.

Disaster Recovery Snapshot: Dashboard

Use the Server Snapshot page to take a Snapshot manually. The Server Snapshot page is accessed from a drop-down list on the main Dashboards page (Navigation bar > Dashboard or Menu > Reporting > Dashboards.

From the drop-down list at the top of the page, select Trellix ePO Server Snapshot.
From the Trellix ePO Server Snapshot dashboard monitor, click the Take Snapshot button. Other options here are:
- Last Run At: Displays the last date and time a Disaster Recovery Snapshot was taken.
- View information about Disaster Recovery: Click link for help/instructions.
While the Snapshot is being saved to the database, click the See details of current run link to go to a corresponding Server Task Log Details page.

4. After the Snapshot is saved to the database, click the See details of last run link.

Again, you are directed to a corresponding Server Task Log Details page.

The Server Task Log Details page displays information and log messages about the most recent Snapshot. Note: The Snapshot is specific to the time period it is taken, and is overridden when a new one is taken.

Disaster Recovery Snapshot: Status

Restore

Restore Overview

In event of failure, you can restore the ePO database using a backup file.

Tools used include:

SQL Server Management Studio
Command line (Transact-SQL)

Restore Guidelines

You may need to stop the ePO services and close any open connections to the ePO database before a restore.
You can overwrite the existing ePO database or retain your existing ePO database by restoring the backup with a new name. Example: For comparison purposes
Typically, the most recent backup file is restored; however, you can choose a different backup set.

Database Restore: SQL

As previously reviewed, the Restore Task within SQL Management Studio gives you the ability to select which backup to restore from after a disaster. Follow these steps to restore a backup using SQL Server.

Launch SQL Server Management Studio and connect to the ePO database, if necessary.

In the left pane of the menu tree, expand the ePO server, if not already expanded.

Right-click on the ePO database object (EPO_<ePO_servername>), then select Tasks > Restore > Database.

Make sure you are on the General tab. Note: The Options tab is used for advanced configurations. For more information, refer to the Microsoft SQL documentation.
In the Destination Database field, select the ePO database.
By default, the Restore to is set to The last backup taken. Optionally, click the ellipses (...) and specify a specific date and time.
In the Source for restore section, select From device.
Click the ellipses (...) to specify the backup media and its location.

Recovery Installation Workflow

Before Recovery Installation
In the SQL Server Configuration Manger:
Under SQL Server Services:
Make sure SQL Browser Service is running.
Under the SQL Network Configuration > Protocols for the EPO SERVER:
Make sure that the TCP/IP Protocol is enabled.
Update the ePO server hosts with the latest Microsoft security updates, then turn off Windows updates during the installation process.
Stop remote Agent Handler services on all systems.
If restoring to same server, make sure ePO is uninstalled and there is no ePO folder in the install path.
Note: This procedure is intended for use by network and ePO administrators only. Trellix does not assume responsibility for any damage incurred because this procedure is intended as a guideline for disaster recovery. All liability for use of the following information remains with the user.

After Recovery Installation
Restart the ePO server, then verify the ePO console is accessible.
Verify the appropriate services have started.
Verify the environment contains all expected items, as captured in the Snapshot used for the recovery.
If you restored ePO to a server with a different IP address or DNS name from your previously existing server:
Configure a way to allow your managed systems to connect to your new ePO server.
Recommended: Create a CNAME record in DNS that points requests from the old IP address, DNS name, or NetBIOS name of the previously existing ePO server to the new information for the restored ePO server.

Restore Using Snapshot

Restore ePO from an existing database snapshot option

When restoring from an existing database snapshot, you will see many of the steps are the same as a first-time install. This section highlights the key differences.

Note: Many of the steps are similar to those of a new install.

One of the first noticeable differences is that you will select the Restore ePO from an existing database snapshot option in the Installation Wizard.

In the Administrator Information step, enter the Username and Password you used for your previously existing server administrator account.

Also, enter the Keystore encryption passphrase you saved during the initial installation of the previously existing ePO server, or changed in the Server Settings.

The Keystore encryption passphrase decrypts the sensitive files stored in the Disaster Recovery Snapshot.

Click Install to continue installation.

Once the installation completes and you log back into ePO with the same account info as previous, the ePO Server Snapshot page initially displays showing “Snapshot is Out of Date”. You will notice the restored look and feel of the console, settings, and all captured from the previous ePO Server Snapshot.

PreviousModule Intro NextRunning a Disaster Recovery Snapshot Simulation

Last updated 1 year ago