Disaster Recovery in AWS Deployment

This section tells you how to back up and restore NetWitness Platform deployed on AWS virtual hosts (also referred to as VMs in this section). The two major tasks to back up and restore data in an AWS deployment are:

Task 1 - Backup and Export Data

  1. Export the data by running the nw-recovery-tool --export commands as described in the Disaster Recovery (Backup and Restore Instructions) section of this document.
  2. Record the IP addresses. You need to refer to them later in the Disaster Recovery process.
    Refer to the 10.6.6 to 11.3 AWS Upgrade Guide for instructions on how retain the IP addresses. Go to the NetWitness All Versions Documents page and find NetWitness Platform guides to troubleshoot issues.

Task 2 - Restore and Import Data

You need to refer to the 10.6.6 to 11.3 AWS Upgrade Guide to complete this task.

  1. Delete the VM.

    Caution: Do not delete the resources (for example, do not delete Disks).

  2. Complete the following steps for the NW Server host, Broker host, ESA (Primary/Seconday) host, Endpoint Log Hybrid host, and Log Collector host (where host = --category).
    1. Delete all the resources of the older 12.2 VM.
    2. Deploy the fresh 12.2 VM with the same IP address, disk and resources and power it off.
      For detailed instructions on how to deploy a virtual host in AWS, see the AWS Installation Guide.
    3. Follow the procedure for the NRT restoration for the respective host as described in Restore Data on a Component Host.
    4. After you restore NRT the component host, restore the following files.
      • /etc/fstab
      • /etc/hosts (if hostname is not changed)
  3. Complete the following steps for the Log Decoder host, Decoder (Network Decoder) host, Concentrator host, and Archiver host (where host = --category.
    1. Delete all the resources except the external disks of the older 12.2 VM.
    2. Deploy the fresh 12.2 VM with the same IP address, disk, and resources listed in the AWS Installation Guide and power it off.

      Note: Do not create the external disk. Only create the nwhome disks.

    3. Follow the procedure for the NRT restoration for the respective hosts as described in Restore Data on a Component Host.
    4. After you restore NRT the component host, restore the following files.
      • etc/fstab
      • /etc/hosts (if hostname is not changed)
      • /etc/krb5.conf