CyberArk Vault Backup Utility - PAReplicate

CyberArk Privileged Access Solution provides a utility PAReplicate that can be used to copy and backup the Safe files from the CyberArk Vault to a specified computer on the network. The backed files are in the same structure as that in the Safes folder
See below a typical High Level Design for CyberArk Privileged Access Management and CyberArk Backup process and file structure.
High Level Design for CyberArk Privilege Access Management

CyberArk Backup Process


The PAReplicate utility copies the Safe files from the Vault to a specified computer on the network in a similar structure to that in the Safes folder.
Any User who has the ‘Backup All Safes’ user authorization and the ‘Backup Safe’ authorization in specific Safes can issue this command for those Safes. Use the Backup User to replicate the entire Vault.
You can use PAReplicate to backup a specific Safe or a group of Safes. When using the specific backup, the requested Safe data files are copied to the specified location in the same format as they are stored in the server, and the Vault’s Metadata Backup is copied to the specified location in the Metadata sub‑folder.

Vault Backup Steps
Step 1: The Vault Backup utility (PAReplicate.exe) generates a metadata backup in the Vault’s Metadata Backup folder, then exports the contents of the Data folder and the contents of the Metadata Backup folder to the computer on which the Backup utility is installed. 
Step 2: After the replication process is complete, the external backup application copies all the files from the replicated Data folder and the Metadata folder. Keep the replicated files on the Backup utility machine after the external backup application copies all the files. The next time you run the Backup utility to the same location, it will update only the modified files and reduce the time of the replication.
CMD Backup 
Script:
@echo off
cd “c:\Program Files (x86)\PrivateArk\Replicate”
echo %date% %time% Start of task > ReplicateBatch.log
echo User=%UserName%, Path=%path% >> ReplicateBatch.log
PAReplicate.exe Vault.ini /logonfromfile user.ini /fullbackup 1>> ReplicateBatch.log 2>> ReplicateBatch.err
echo %date% %time% End of task >> ReplicateBatch.log
Scheduled Job:
  • Runas Local System (run with highest privileges set)
  • Program/script: “c:\Program Files (x86)\PrivateArk\Replicate\PAReplicate.exe”
  • Add arguments: vault.ini /logonfromfile user.ini /fullbackup
  • Start in: c:\Program Files (x86)\PrivateArk\Replicate
The key file is the vault.ini file which needs to be edited for 3 things or 3 lines
(a) Vault = cyahostname      (this is the hostname of the Vault)
(b) Address = 10.10.10.5      (this is the IP Address of the Vault)
(c) Port = 1858                     (this is the default port, you may use)
And configure a Scheduled Task, for example in Windows 2016 you may configure as a Basic Task. This will backup all your Safes, Safe data and metadata.

References: 


Comments

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Session Timeout in Oracle Access Manager

SOAPUI - import certificate