Disaster Recovery in Azure Deployment

This section tells you how to back up and restore NetWitness Platform deployed on Azure virtual hosts (also referred to as VMs in this section). The two major tasks to back up and restore data in an Azure deployment are:

• Task 1 - Backup and Export Data
• Task 2 - Restore and Import Data

Task 1 - Backup and Export DataTask 1 - Backup and Export Data

1. Export the data by running the nw-recovery-tool --export commands as described in the Disaster Recovery (Backup and Restore Instructions) section of this document.

Task 2 - Restore and Import DataTask 2 - Restore and Import Data

You need to refer to the 10.6.6.x to 11.3 Azure Upgrade Guide to complete this task. Go to the NetWitness All Versions Documents page and find NetWitness Platform guides to troubleshoot issues.

1. Delete the VM.

   Caution: Do not delete the resources (for example, do not delete Disks, Network Interface, and so on).

2. Complete the following steps for the NW Server host, Broker host, ESA host, Endpoint Log Hybrid host, and Log Collector host (where host = --category).
   1. Delete all the resources except the network interface card of the older 12.2 VM.
   2. Deploy the fresh 12.2 VM with the same disk and resources and power it off.
      For detailed instructions on how to deploy a virtual host in Azure, see the Azure Installation Guide.
   3. Run the azure-mac-retention.ps1 from the local machine.
      See the 10.6.6 to 11.3 Azure Upgrade Guide for instructions on how to run this script.
   4. Follow the procedure for the NRT restoration for the respective host as described in Disaster Recovery (Backup and Restore Instructions).
   5. After you restore NRT the component host, restore the following files.
      • /etc/fstab
      • /etc/hosts (if hostname is not changed)
      • /etc/waagent.conf
      • /etc/logrotate.d/waagent.logrotate
      • /etc/krb5.conf from the <dump-dir>/unmanaged folder
3. Complete the following steps for the Log Decoder host, Concentrator host, and Archiver host (where host = --category.
   1. Delete all the resources except the disks that are named external and the network interface card of the older 12.2 VM.
   2. Deploy the fresh 12.2 VM with the same disk and resources listed in the Azure Installation Guide and power it off.

      Note: Do not create the external disk. Only create the nwhome disks.

   3. Run the azure-mac-retention.ps1 from the local machine.
      See the 10.6.6 to 11.3 Azure Upgrade Guide for instructions on how to run this script.
   4. Follow the procedure for the NRT restoration for the respective hosts as described in Restore Data on a Component Host.
   5. After you restore NRT the component host, restore the following files.
      • etc/fstab
      • /etc/hosts (if hostname is not changed)
      • /etc/waagent.conf
      • etc/logrotate.d/waagent.logrotate
      • /etc/krb5.conf