Configuring Data Backup and Restore

This topic provides information on the data backup and restore feature for an Archiver. You can use this feature to back up Archiver data and retrieve the backed up data.

You can back up the data in the following ways:

  • Use scripts to copy files from cold storage backup folders onto an offline storage.
  • Use backup software to copy files from cold storage backup folders onto an offline storage.
  • Run EMC Networker or other backup software on Archiver and have it do daily incremental backup of the database files.

Note: For details on the procedure to back up data using Networker, see the Administration Guide for Networker.

Once you have the data backup, you have to perform the following tasks to restore the backed up data that is installed on the Archiver.

Action Description

1. Restore your data to a location accessible by the Archiver.

Refer to Create Collection

2. Create a collection in Archiver that uses that location.

Refer to "Manage Collections" topic in the Workbench Configuration Guide.

3. Add the Archiver service as a data source on Reporting Engine to generate reports for the data restored on the Archiver service.

Refer to Add Archiver as a Data Source to Reporting Engine

Add Archiver Service

The NetWitness Archiver service enables you to create collections with restored data from Archiver offline (cold) storage. This procedure is only required if you do not have the Archiver service installed.

Prerequisites

Make sure you have added an Archiver host and applied a license to it.

Procedure

Note: This procedure is only required if you do not have Archiver service installed.

Perform the following steps to add the Archiver service:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.
  2. In the Services panel, select netwitness_icon_add.png>Archiver.

    The Add Service dialog is displayed, as shown below.

    netwitness_arcaddsvc.png

  3. Provide the following details.

    Field Description
    Host Select an Archiver host from the drop-down menu.
    Name Type a name for the service.
    Port Default port is 50007.
    SSL Select SSL if you want NetWitness to communicate with the service using SSL. The security of data transmission is managed by encrypting information and providing authentication with SSL certificates.

    Note: If you select SSL, ensure SSL is enabled in the System Configuration panel.

    Username (Optional) Type the username for the service.
    Password (Optional) Type the password for the service.
  4. Click Test Connection to determine if NetWitness connects to the service.
  5. When the result is successful, click Save.​

    The added service is now displayed in the Services panel.

Note: If the test is unsuccessful, edit the service information and retry.

Create Collection

You can create a collection on an Archiver service using data restored from the backed-up data or an existing subset of data. When you recover the backed-up data, you have to place it in the collection folder created on the Archiver service to enable you to generate the required reports for the retrieved data. For example, if you have backed up the data using EMC Networker at <location>, you can use the restore options in Networker to restore the backed-up data to the collection folder created on the Archiver service. For restore procedure using EMC Networker, see the Administration Guide for Networker.

Prerequisites

Ensure that you have the following:

  • Archiver service installed on an Archiver host.
  • The Archiverservice has enough space to hold the collection.
  • The backed-up data placed in a known location on your local host, if you are creating a collection using the data restored from the backed-up data.

Procedure

The Data Retentions tab enables Administrators to restore and save data that is restored from a backup or from an existing set of data.

Note: The Administrator can point the source path to the location of the database files and the restore command copies them to the Archiver. The Administrator needs to mount those directories to the Archiver before a restoration collection can be created.

To create a collection using data restored from the backed-up data or existing subset of data:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services, click netwitness_filericon.png, and select Archiver.
  2. In the Actions column, click netwitness_ic-actns.png > View > Config.

    The Services Config view of Archiver is displayed with General tab open.

  3. Click the Data Retentions tab and click netwitness_add_icon.png in the Collections panel to add a collection.

    The Collection dialog is displayed.

    netwitness_arccoll.png

  4. Provide the following information:

    • Collection Name: Name of the Archiver collection that you want to restore.
    • Hot Storage:Enter the number of Archiver database files and unit size (either Gigabytes or Terabytes) that have been moved from cold storage.
    • Retention: Select the number of days or hours that you want to store the collection.
    • Compression: Select the compression type for the collection.
  5. Click Save to restore the collection.

    Note the following:

    • Target is the location where the collection is created.
    • If the source path provided to create the restoration collection does not exist, the following error message is displayed:

      "The source path does not exist '/xxx/xxx/'."

      If there is insufficient storage to restore your collection, the following error is displayed:

      "Error during disk space checking. Insufficient disk space in location '/xxx/xxx'."

  6. The Schedule Job dialog is displayed with the following message:

    "Restoring data into a new collection. Check the jobs page for progress."

  7. ​​Click Jobs netwitness_jobsicon.png icon in the top right area of the main menu to expand the list of restoration collection jobs with their current status.

Note: When restoring a collection, the larger the dataset that you have to restore, the longer the restoration will take. If you are restoring a collection containing hundreds of gigabytes or more, restoration may take several hours.

Add Archiver Service as a Data Source to Reporting Engine

This topic provides instructions on how to add the Archiver service as a data source to Reporting Engine to generate reports for the data restored onto the Archiver.

Prerequisites

Ensure that you have:

  • Installed the Archiver service on the Archiver host.
  • Added a collection on the Archiver service.

Procedure

Perform the following steps to add the Archiver service as a data source to Reporting Engine:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services, click netwitness_filericon.png, and select Reporting Engine service.
  2. In the Actions column, click netwitness_ic-actns.png > View > Config.

    The Services Config view of Archiver is displayed with General tab open.

  3. Click the Sources tab.
  4. Click netwitness_add_icon.png and select Available Services.

    The Available Services dialog is displayed.

    netwitness_availsrv.png

  5. Select the Archiver service and click OK.

    If the Archiver service is using a Trust Model, the Service Information dialog for the selected service is displayed with the username and password fields required. If the service is not using a Trust Model, these fields will be optional.

    netwitness_arcsvcinfo.png

  6. Type the username and password for admin credentials for the service.
  7. Click OK.

    The Add Service dialog is displayed.

    netwitness_arcaddsvc.png

  8. Select a host from the drop-down list and click Save.

    The Archiver service is now added as a data source to the Reporting Engine and is listed in the NWDB Data Sources list.

Note: This procedure has to be performed for each collection.

An Administrator can create and delete Workbench collections. and view Workbench statistics and logs. This topic provides all of these procedures and an example procedure for restoring a collection for Reporting and Investigation.

  • Mount Archiver Directories
  • Create a Collection
  • Delete a Collection
  • Investigate a Collection
  • View Workbench Collection Statistics
  • View Workbench Logs

Mount Archiver Directories

If data is in offline storage or cold-tier storage, you need to mount the Archiver directories in order to restore the data for reporting and investigation purposes:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.
  2. Select an Archiver from the Services panel and select netwitness_actions_icon.png > View > Explore.

    The Explorer view for the Archiver is displayed

  3. Right-click on the Database node in left-hand tree and select Database properties to open them in the right-hand panel.
  4. Run the manifest command for a time range, for example, 2015-April-01 to 2015-April-10.

    The search returns all files that need to be restored for the selected query.

Create a Collection

Administrators can create collections of restored data from a backup or from an existing set of data.

Note: You can point the source path to the location of the database files and the restore command copies them to the Archiver. You need to mount those directories to the Archiver (where the Workbench is installed) before a restoration collection can be created.

To create a collection using data restored from the backed up data or existing subset of data:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.
  2. In the Services view, select a Workbench, then select netwitness_actions_icon.png > View > Config.

    The Services Config view is displayed with the General tab open.

  3. Click the Collections tab.

    The Collections panel is displayed.

  4. Click netwitness_add_icon.png in the toolbar.

    The Restoration Collection dialog is displayed.

    netwitness_wbrestorecoll_758x454.png

  5. Provide the following information:

    • Name: Name of the Workbench collection that you want to restore.
    • Source: Location where the Archiver database files have been moved from cold storage.

    Note: Target is the location where the collection is created.

  6. Click Save to restore the collection.

    Note: If the source path provided to create the restoration collection does not exist, the following error message is displayed:
    The source path does not exist '/xxx/xxx/'.

    If there is insufficient storage to restore your collection, the following error is displayed:
    Error during disk space checking. Insufficient disk space in location '/xxx/xxx'.

    The Schedule Job dialog is displayed with the following message:
    Restoring data into a new collection. Check the jobs page for progress.

  7. ​​Click the Jobs icon netwitness_jobsicon_30x30.png in the NetWitness toolbar to expand the list of restoration collection jobs with their current status.

Note: Restoring a collection that is larger than 550 GB may take several hours to process.

Delete a Collection

Administrators can delete collections from the Workbench service.

Perform the following steps to delete a collection:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.
  2. In the Services view, select a Workbench, and click netwitness_actions_icon.png > View > Config.

    The Services Config view opens with the General tab displayed.

  3. Select the Collections tab.

    The Collections panel is displayed.

    netwitness_121_wbcollectiongrid_1122.png

  4. In the Collections panel, select the collection that you want to delete.
  5. Click netwitness_delete_icon.png from the toolbar.

    A warning dialog requests confirmation.

  6. If you want to delete the collection, click Yes.

    The collection is removed from the Workbench service.

Example Procedure: How to Restore a Collection for Reporting and Investigation

The following steps illustrate how to restore data for reporting and investigation purposes that is in offline storage or cold-tier storage. In the following example, data is restored for the time range beginning on 2015-April-01 through 2015-April-10.

To restore data for reporting and investigation purposes:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services, select the Archiver, and click netwitness_actions_icon.png > View > Explore.

    The Explorer view for Archiver is displayed.

  2. Right-click on Database node in left-hand tree and select Database properties to open them in the right-hand panel.
  3. Run the manifest command for the selected time range 2015-April-01 to 2015-April-10.

    The search returns all files that need to be restored for your selected query.

    Example Search:

    time1="2015-04-01 00:00:00" time2="2015-04-10 00:00:00" timeFormat=simple

    netwitness_newcoldstore.png

  4. Go to netwitness_adminicon_25x22.png (Admin) > Services, select an Archiver, then select netwitness_actions_icon.png > View > Config.

    The Services Config view is displayed with the General tab open

  5. Select the Collections tab.
  6. Create a restoration collection with the source path pointing to files listed in the manifest command output.
  7. Save the collection.
    After successfully creating a collection, you can use this collection for reporting and investigation purposes.

Investigate a Collection

To perform an investigation on an Archiver collection:

  1. Go to Investigate.

    The Investigate dialog is displayed.

  2. Click the Collections tab in the Investigate dialog.
  3. Select an Archiver service in the left panel.
  4. Select the collection you want to investigate in the right panel.
  5. Click Navigate.

The Navigate view is displayed showing data pertaining to the Archiver collection that you selected.

Note: For detailed information about using Investigate, see the Investigate User Guide..

View Archiver Collection Statistics

The same statistics available for other services are provided for the Archiver service. The Services Stats view displays key statistics and system information that pertain to your selected Archiver service. The information is displayed in several different sections within the Stats view: Archiver, Gauges, Timeline Charts and Chart Stats Tray. The Chart Stats Tray lists all available statistics for the Archiver. Any statistic in the Chart Stats Tray can be displayed in a timeline chart.

Perform the following steps to view Archiver statistics:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.

  2. In the Services view, select an Archiver, then select netwitness_actions_icon.png View > Stats

    The Services Stats view is displayed.

    netwitness_121_archievervwstats_1122.png

Note: For more information about Archiver statistics, see the Host and Services Getting Started Guide.

View Archiver Logs

Perform the following steps to view logs on an Archiver service:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services.

  2. In the Services view, select a Archiver, then select netwitness_actions_icon.png > View > Logs

    The Services Logs panel is displayed.

Note: For information about viewing and configuring audit logs, see "Configure Global Audit Logging" topic in the System Configuration Guide.

Add Archiver Service as a Data Source to Broker

Adding the Archiver service as a data source to Broker is useful when you have more than one collection and you want a report on the archived data. To do this, you can add more than one collection as a downstream service to a Broker and then generate a report on it.

Prerequisites

Ensure that you have:

  • Installed the Archiver service on the Archiver host.
  • Added a collection on the Archiver service.

Procedure

To add an Archiver service as a data source on the Broker:

  1. Go to netwitness_adminicon_25x22.png (Admin) > Services and select a Broker service.
  2. In the Actions column, select netwitness_ic-actns.png> View > Config.

    The Config view is displayed with the General tab open.

  3. In the Aggregate Services section, click netwitness_add_icon.png.

    The Available Services dialog is displayed.

    netwitness_availsvcbroker1.png

  1. Select the Broker service and click OK.
  2. If the Archiver service is using a Trust Model, a Service Information dialog for the selected service is displayed.

    netwitness_addsvcbroker.png

  3. Type the username and password for admin credentials for the service.
  4. Click OK.

    The Add Collection dialog is displayed.

    netwitness_addcoll.png

  5. Select a collection from the drop-down list and click OK.

    The Archiver service is now added as a data source to the Broker.

Note: This procedure has to be performed for each collection.