If your SQL Server administrator has a standard backup plan and mechanism, VMware Carbon Black recommends that you use that mechanism to backup your Carbon Black App Control database. If you do not use a separate database backup mechanism, Carbon Black App Control Server provides a mechanism to fully back up and restore the system as currently configured, including computer configuration, system settings, file database, and event log.

The built-in backup mechanism backs up all database changes within six (6) hours of a critical change, such as a change in policy. Full backups occur one time per day. Continuous automated backups make sure that the server and connected computers remain synchronized after you restore your backup configuration.

The free space available to the backup folder should be at least twice the size of the Carbon Black App Control Server database. For both your backup folder and your main SQL database, monitor disk space regularly to prevent overruns.

The Carbon Black App Control Server Backup function requires that xp_cmdshell support be enabled on the SQL Server instance where the database is hosted. See your SQL Server documentation for instructions on enabling xp_cmdshell.

Caution:

Because enabling xp_cmdshell has security implications, the SQL Server administrator at your site should follow all best practices to limit any exposure that xp_cmdshell creates. Best practices include, but are not limited to, the following:

  • Never grant access to non-sysadmin principals.
  • Ensure that the sysadmin SQL Server right is granted only to trusted administrators of the SQL Server system.

If you stop using the built-in backup mechanism, disable xp_cmdshell.

After you configure the backup directory, do not add, delete, or edit any of its files. Because updating is continuous, such changes adversely affect file synchronization and the integrity of your backup.  

Table 1. Database Backup Options

Field

Description

Backup Type

Network or Local. Local backups should only be used on a different physical drive than the Carbon Black App Control Server drive.

Backup Path

The full path to the computer or storage media to store the database/configuration backup. Secure the backup directory and ensure that only Carbon Black App Control Server administrators have access to it. For best performance, avoid creating unnecessary subdirectories and keep the backup directory as close as possible to the server root directory. For example: \server_name\cbprotection_backup

Note:
  • Local paths are recommended for local backups. You may use a UNC path for a Local drive, but the local option does not include username, password, or Windows domain information. No privileges are used to access this path.
  • If the Carbon Black App Control Server is connected to a remote database, the backup path you provide is relative to the database server, and the Username, Password, and Windows domain fields will not display.

Username (Network backups)

User name with write permission to the network backup directory.

Password (Network backups)

Domain password for the user account that writes to the network backup directory. This password is encrypted in the database.

Windows domain (Network backups)

Windows domain to which the user account for the network backup location belongs.

Enabled

Select the check box to begin backups at two-minute intervals to the specified storage location.

Deselect the check box to discontinue automatic backups.

Status (read only)

Time of the next scheduled backup, or status of the most recent backup (including any errors).

Backup the Carbon Black App Control Server

To use the Carbon Black App Control Server database backup mechanism, perform the following procedure.

Prerequisites

Enable xp_cmdshell on your SQL Server.

Procedure

  1. On the console menu, click the Settings (gear) icon and click System Configuration.
  2. Click the Advanced Options tab. The Advanced Options page displays the Database Backup panel at the top.
  3. Click the Edit button at the bottom of the page. Specify backup location and configuration options.
  4. Click the Update button and then click Yes in the confirmation dialog box.
    Each time you save the backup configuration with backup enabled, the Carbon Black App Control Server tests backup settings and displays an error message if the configuration fails. The server also writes messages to the Events page to inform you about backup success, problems, or failure.