If your SQL Server administrator has a standard backup plan and mechanism, VMware Carbon Black recommends that you use that mechanism to backup your Carbon Black App Control database. If you do not use a separate database backup mechanism, Carbon Black App Control Server provides a mechanism to fully back up and restore the system as currently configured, including computer configuration, system settings, file database, and event log.
The built-in backup mechanism backs up all database changes within six (6) hours of a critical change, such as a change in policy. Full backups occur one time per day. Continuous automated backups make sure that the server and connected computers remain synchronized after you restore your backup configuration.
The free space available to the backup folder should be at least twice the size of the Carbon Black App Control Server database. For both your backup folder and your main SQL database, monitor disk space regularly to prevent overruns.
The Carbon Black App Control Server Backup function requires that xp_cmdshell
support be enabled on the SQL Server instance where the database is hosted. See your SQL Server documentation for instructions on enabling xp_cmdshell
.
Because enabling xp_cmdshell
has security implications, the SQL Server administrator at your site should follow all best practices to limit any exposure that xp_cmdshell
creates. Best practices include, but are not limited to, the following:
- Never grant access to non-sysadmin principals.
- Ensure that the sysadmin SQL Server right is granted only to trusted administrators of the SQL Server system.
If you stop using the built-in backup mechanism, disable xp_cmdshell
.
After you configure the backup directory, do not add, delete, or edit any of its files. Because updating is continuous, such changes adversely affect file synchronization and the integrity of your backup.
Field |
Description |
---|---|
|
Network or Local. Local backups should only be used on a different physical drive than the Carbon Black App Control Server drive. |
|
The full path to the computer or storage media to store the database/configuration backup. Secure the backup directory and ensure that only Carbon Black App Control Server administrators have access to it. For best performance, avoid creating unnecessary subdirectories and keep the backup directory as close as possible to the server root directory. For example: \server_name\cbprotection_backup
Note:
|
|
User name with write permission to the network backup directory. |
|
Domain password for the user account that writes to the network backup directory. This password is encrypted in the database. |
|
Windows domain to which the user account for the network backup location belongs. |
|
Select the check box to begin backups at two-minute intervals to the specified storage location. Deselect the check box to discontinue automatic backups. |
|
Time of the next scheduled backup, or status of the most recent backup (including any errors). |
Backup the Carbon Black App Control Server
To use the Carbon Black App Control Server database backup mechanism, perform the following procedure.
Prerequisites
Enable xp_cmdshell
on your SQL Server.