Skip to main content

Welcome to our updated site!

Skyhigh Security

Restoring a backup after a Hardware replacement

Introduction

The basis of this article is to assist in restoring your configuration from a backup in the event of an appliance replacement or new VM installation.

The major hurdle for restoring a backup onto a new/replacement appliance is the use of a UUID (universally unique identifier) as an identifier for the system. The Web Gateway backup contains all configurations and policies for your entire central management cluster. The UUID identifies the configuration part (IP, DNS, routing and so on) for each individual machine. If an appliance gets replaced (due to hardware issues or model upgrades), the UUID changes and the backup cannot be restored with default methods. This article will describe how you can manually restore the backup and enforce the configuration of the old UUID to the new/replacement appliance (new UUID).

Prerequisites

In order to restore the configuration, we will need a backup from the old appliance along with its UUID. It is very important to have a record of the old UUID in case the appliance gets damaged or you are otherwise unable to obtain the UUID in the future.

Backup

GUI

After logging into the GUI, go to Troubleshooting > Backup/Restore > select Backup.
clipboard_ea2cdb971ee62cac7deb32cf8d5ab1dd2.png

NOTE: Backups can also be encrypted, once you choose the destination, you will be prompted to enter a password if you wish to encrypt your backup. Leave it blank if you do not want encryption.

CLI

To take a backup from the CLI, the following swg-coordinator commands can be used:

  • Generate backup with specific filename/path:

/opt/swg/bin/swg-coordinator -B

"file:in=ACTIVE,out=/opt/swg/storage/backup_cache/default/

temp.backup"

  • Generate backup and let script generate filename automatically:

/opt/swg/bin/swg-coordinator -B "file:in=ACTIVE"

clipboard_e624a75c827abdf0befad9be30de912d1.png

UUID

GUI

To get the UUID from the UI navigate to Configuration > Appliances, then it is available under Appliances Information:

clipboard_ec5e3ed9baedc0251c208747c92cd1f72.png

CLI

To get the UUID from the CLI, use swg-info:

swg-info uuid

clipboard_e9bdaa03948ac800df70bf6911e0ff100.png

From a Backup File

If your appliance has died, and you're not sure what the UUID is, but you have a backup file, you can use the to get the UUID from the backup file.
clipboard_e540b56bbb19e8a42862a20f111d822ce.png

Restore Configuration Scenarios

We are covering scenarios for both standalone and clustered appliances in this section. For both scenarios you need to have command line access as "root" to the appliances.

Standalone Environment

If you only have one appliance or your appliance is not part of a central management cluster, proceed with these steps:

  1. The backup will need to be copied to the new/replacement Web Gateway using a tool like WinSCP. In the example below, the backup file is named 'backup.old' and was copied to /var. It does not need to be placed there if there are any disk space concerns.
  2. The command to restore the backup is shown below:
    /opt/swg/bin/swg-coordinator -u swgc:swg -R "file:in=/var/backup.old;options:forcedetachgui=yes,uuid=XXXX XXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

Notes about the command:

  1. /opt/swg/bin/swg-coordinator -u swgc:swg -This portion should always remain unchanged.
  2. file:in= This is the path on the file system to the backup file.
  3. options: There are two options set in the standalone version of the command; 'forcedetachgui' which forces the GUI to be closed and 'uuid' which is the UUID gathered above from the old appliance, not the UUID of the new/replacement machine.

3. It is recommended that you reboot the appliance after the restore has finished to ensure all settings are applied correctly.

NOTE: If the IP address of the appliance changes during the restore procedure, you will lose your SSH connection and it might appear as if the restore is not successful. Rest assured, it actually finished and your SSH client lost it's connection due to the changed Web Gateway IP address.

Cluster Environment

In case you have multiple appliances in a central management cluster, it is very important to do the restore steps in the correct order to ensure that there will be no conflicts in your cluster (the cluster also relies on UUIDs):

  1. The backup will need to be copied to the new/replacement Web Gateway using a tool like WinSCP. In the example below, the backup file is named 'backup.old' and was copied to /var. It does not need to be placed there if there are any disk space concerns.
  2. Before restoring a backup, ensure to remove the old Web Gateway appliance from the current cluster as seen below.  This will ensure no issues are encountered when adding the new/replacement Web Gateway appliance back into the cluster after the configuration has been restored.
    clipboard_ed93fd33035f477433fc0e53d44a9d3f8.png
  3. On the command line of the new/replacement appliance you can now restore the backup and at the same time force it to be a standalone machine:
    /opt/swg/bin/swg-coordinator -u swgc:swg -R "file:in=/var/backup.old;options:forcedetachgui=yes,cluster=s tandalone,uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

Notes about the command:

  1. /opt/swg/bin/swg-coordinator -u swgc:swg -R  This portion should always remain unchanged.
  2. file:in= This is the path on the file system to the backup file.
  3. options: There are three options set in this section; 'forcedetachgui' which forces the GUI to be closed, 'cluster' which configures the cluster settings which in this case is forced to standalone, and 'uuid' which is the UUID gathered above from the old appliance, not the UUID of the new/replacement machine.

4. It is recommended that you reboot the appliance after the restore has finished to ensure all settings are applied correctly.

NOTE: If the IP address of the appliance changes during the restore procedure, you will lose your SSH connection and it might appear as if the restore is not successful.  Rest assured, it actually finished and your SSH client lost it's connection due to the changed Web Gateway IP address.

  1. After the reboot, log into the GUI and verify that the settings under the Configuration page are what is expected, then log out. Then, log into a current cluster member and add the newly restored appliance back into the cluster as seen below, adjust the network group as needed:
    clipboard_e7f25980dd3118e189557d2f905f57327.png
  • Was this article helpful?