Back Up Privileged Identity Data Store, Components, and Servers

Back Up the Data Store

Make a complete backup of the database(s) that contain your PI Data Store, following your database vendor’s documentation and your organization’s backup procedure. Also, test your backup. Store the backup in a location outside of your PI environment. For example, store it on external media or on a server not used to host any PI components.

Back Up the Encryption Key

The PI encryption key should not be needed for a successful upgrade; however, it should be backed up before making major changes, because it is the only way to recover PI data if PI itself is not available.

Export Encryption Key

  1. In the PI management console, select Settings > Encryption Settings.
  2. Click Export Key to save a Windows registry edit file that contains the key.
  3. Store the backup key in a location outside of your PI environment. For example, store it on external media or a server not used to host any PI components.

If using a hardware security module (HSM), be sure you know the key store and PIN to access your HSM.

 

Back Up the License Key

The PI license key should not be needed for a successful upgrade; however, it should be backed up before making major changes, because it is required to perform a fresh install of PI, if necessary.

  1. In the PI management console, select Help > About.

Help > About > System Name and Serial Number (license key)

  1. Copy the System Name, which is the NetBIOS host name, and the Serial Number, which is the license key.
  2. Store the backup key in a location outside of your PI environment. For example, store it on external media or a server not used to host any PI components.

 

Back Up the Recovery Access Password

It allows you to view stored managed passwords in the management console. Your recovery access password is not stored in PI. To use this password in break glass situations, you need to locate it from where you have it stored externally. Ensure you have the recovery access password stored before upgrading your PI software.

Back Up Privileged Identity Servers and Checkpoint Virtual Machines

Create and test backups of the servers that host one or more Privileged Identity components in your PI environment. This includes, but is not limited to:

  • Primary and secondary management console servers
  • Web service servers
  • Web instance application servers
  • All servers that host a zone processor
  • All servers that host an additional deferred processor
  • Load balancers, proxies, and other servers that do not host PI components but are required to access PI in your production environment