TPAM – Configuring an Archive Server

16/02/14 12:21 AM

TPAM – Configuring an Archive Server

 

TPAM uses Archive Servers for multiple purposes.  Backups, system logs, session recordings, and data extracts can all be offloaded to Archive Servers.  The purpose of this document is to provide instructions on how to configure an Archive Server within TPAM and how to redirect Backups, System Logs, Session Logs, and Data Extracts to an Archive Server.

First, we need a system with some storage that we can store the Backups, System Logs, Session Logs, and Data Extracts and the system has to be able to accept an SCP connection.  The typical system is a Linux system with a NFS share mounted to it.  An account is created that has permissions to write to the storage location where you wish to place the TPAM files.  Also, if the same host will be used to archive multiple items to it, different folder locations are recommended to keep items organized and separate on the host.  The size of the storage required is all dependent on how long your retention period is.

Within TPAM for this exercise, we will use the same host to save archives to, but three different file locations.  With this in mind, we will need to create three ‘Archive Servers’ within TPAM, they will all use to the same host, the same account, they will just be pointing to different locations to store data.

 

 

Creating the Archive Servers for Backups and System Logs

1)      Log into the /admin interface to begin, https://tpamhost/admin

2)      Move the mouse over System Status/Settings, and click on Archive Servers

 

 

 

 

 

 

 

 

3)      Click Add Server to add an Archive Server

 

4)      Enter the Server Name (TPAM System Label), the network address (FQDN or IP), select the archive method (we will be using SCP using DSS Key for this example), the port to connect over (default is 22), the Account Name to connect to the host with, the Archive Server Path (Location to store items sent to this Archive Server, ensure this exists on the target host), and a Description. Click Save Changes.

 

 

5)      Now we need the Public Key to enable authentication.  Click Get Open SSH to retrieve the public key for this archive server instance.  Paste this key into the ~/.ssh/authorized_keys file on the Archve host to enable authentication.  Every time a new archive server instance that is utilizing the same host/account combination, the public key must be retrieved and pasted into the same authorized_keys file, this is because TPAM generates a new keypair for each archive server instance.

6)      Once the key has been copied, click the Test button at the bottom to test this Archive Server instance.  Review the output of this for a success or fail.  If a failure occurs, the reason will be in the output.  Troubleshoot the issue and retry.

Creating the Archive Server for Data Extracts

1)      Follow the same procedures as above for the Backup and System Logs Archive server, but for this example, we are going to name the Archive Server ‘Archive-Extract’ and change the Path to Storage to /Archive/Data_Extract (again ensure this path exists on the target host).  This is so that the Data Extract information is organized and segregated from all other archive data.

Configuring the Backups to utilize Archive Server

1)      In the /admin interface, mouse over Backup, and click on Modify Backup Settings.

 

2)      Click the dropdown next to ‘Transfer the backup to this Archive Server’.  Notice in the dropdown, you will see the two Archive Servers that were configured in the previous sections.  Select the one created for your Backup and Log Files (labeled Archive-Backups-Logs in our example).

 

3)      Click Save Changes

4)      To test the configuration, click Backup Now to initiate the backup process.  Once complete, you should see a backup package saved in the Archive Server location.

 

 

 

 

Configuring the System Logs to utilize Archive Server

1)      In the /admin interface, mouse over System Status/Settings and click on Archive Log Settings.

 

2)      Check the Enabled box and click the dropdown to select the Archive Server that was configured for Backups and System Logs (again, this example was named Archive-Backups-Logs).

 

3)      Click Save Settings

Creating the Archive Server for Session Logs

1)      Log into the TPAM interface to begin, https://tpamhost/tpam

2)      Move the mouse over Management, move down to Session Management and click on Archive Servers

 

 

 

 

 

 

 

 

 

3)      You will see that no Archive Servers have been defined, click on Add Server.

 

4)      Enter the Server Name (TPAM System Label), the network address (FQDN or IP), the port to connect over (default is 22), the Account Name to connect to the host with, the Archive Server Path (Location to store items sent to this Archive Server), a Description, and if you wish to make this server the default server.  In small deployments, select this to avoid confusion when configuring services to utilize an Archive Server.  Click Save Changes.

 

 

5)      Once the changes have been saved, the authentication method for the /tpam archive servers is only key based, so click on get ‘Get Open SSH’ to retrieve the public key.  This key will need to be pasted into the ~./ssh/authorized_keys file on your archive server host to allow authentication from TPAM

 

6)      Once the key has been copied, click the Test button at the bottom to test this Archive Server instance.  Review the output of this for a success or fail.  If a failure occurs, the reason will be in the output.  Troubleshoot the issue and retry.

Configure Session Logs to Save in the Archive Server

1)      In the /tpam interface, mouse over Management and click on DPAs

 

 

2)      On the DPA Management screen, if you have a DPA, select it and click Details to configure the Archive server for the DPA.  Otherwise, select your Local Server and click Details to configure the Archive Server for the TPAM Appliance.

 

3)      Check the Auto Archive Session Logs box and click Save Changes.  This will enable Session Log archival to the default Archive Server.  If the Archive Server created in the previous step was not enabled as the Default Archive Server, you will need to select the Archive Server from the dropdown list and click Save Changes again.

 

 

 

 

 

 

 

 

 

Configure Data Extracts to Save in the Archive Server

1)      In the /tpam interface, mouse over Reports, Scheduled Reports, and click on Data Extract Schedules.

 

2)      Select the Schedule you wish to enable for archiving and click Details

 

3)      Click the dropdown next to Transfer the data extract to Archive Server and select the desired Archive Server (Archive-Extract for this example).  Notice that eventhough we are working in the /tpam interface, the usable Archive Servers are from the /admin interface.  The Archive Server definition in the/tpam interface is only used for Session Logs.

 

Author: Russ Burden, Technical Architect, LeadThem Consulting

 

________________________________________________________________________________________________________________

 

 

Posted by LeadThem Consulting | in TPAM | Comments Off on TPAM – Configuring an Archive Server

Comments are closed.

logos

LeadThem Consulting
20418 SE Hwy 212
Damascus, OR 97089