Backup and restore
Table of Contents
Self.Hosted 22.06 (EoL)
Expand all | Collapse all
-
- Getting started
- System Requirements
- Prisma Cloud container images
- Onebox
- Kubernetes
- OpenShift v4
- Console on Fargate
- Amazon ECS
- Alibaba Cloud Container Service for Kubernetes (ACK)
- Azure Kubernetes Service (AKS)
- Amazon Elastic Kubernetes Service (EKS)
- Google Kubernetes Engine (GKE)
- Google Kubernetes Engine (GKE) Autopilot
- IBM Kubernetes Service (IKS)
- Windows
- Defender types
- Cluster Context
-
- Install a single Container Defender
- Automatically Install Container Defender in a Cluster
- App-Embedded Defender
- App-Embedded Defender for Fargate
- Default setting for App-Embedded Defender file system protection
- VMware Tanzu Application Service (TAS) Defender
- Serverless Defender
- Serverless Defender as a Lambda layer
- Auto-defend serverless functions
- Install a single Host Defender
- Auto-defend hosts
- Deploy Prisma Cloud Defender from the GCP Marketplace
- Decommission Defenders
- Redeploy Defenders
- Uninstall Defenders
-
- Rule ordering and pattern matching
- Backup and restore
- Custom feeds
- Configuring Prisma Cloud proxy settings
- Prisma Cloud Compute certificates
- Configure Agentless Scanning
- Agentless Scanning Modes
- Configure scanning
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Defender and Console (with DaemonSets)
- Authenticate to Console with certificates
- Configure custom certs from a predefined directory
- Customize terminal output
- Collections
- Tags
- Logon settings
- Reconfigure Prisma Cloud
- Subject Alternative Names
- WildFire Settings
- Log Scrubbing
- Clustered-DB
- Permissions by feature
-
- Logging into Prisma Cloud
- Integrating with an IdP
- Integrate with Active Directory
- Integrate with OpenLDAP
- Integrate Prisma Cloud with Open ID Connect
- Integrate with Okta via SAML 2.0 federation
- Integrate Google G Suite via SAML 2.0 federation
- Integrate with Azure Active Directory via SAML 2.0 federation
- Integrate with PingFederate via SAML 2.0 federation
- Integrate with Windows Server 2016 & 2012r2 Active Directory Federation Services (ADFS) via SAML 2.0 federation
- Integrate Prisma Cloud with GitHub
- Integrate Prisma Cloud with OpenShift
- Non-default UPN suffixes
- Compute user roles
- Assign roles
- Credentials store
- Cloud accounts
-
- Prisma Cloud vulnerability feed
- Vulnerability Explorer
- Vulnerability management rules
- Search CVEs
- Scan reports
- Scanning procedure
- Customize image scanning
- Configure Registry Scans
-
- Scan Images in Sonatype Nexus Registry
- Scan images in Alibaba Cloud Container Registry
- Scan images in Amazon EC2 Container Registry (ECR)
- Scan images in Azure Container Registry (ACR)
- Scan images in Docker Registry v2 (including Docker Hub)
- Scan images in Google Artifact Registry
- Scan images in Google Container Registry (GCR)
- Scan images in Harbor Registry
- Scan images in IBM Cloud Container Registry
- Scan images in Artifactory Docker Registry
- Scan images in OpenShift integrated Docker registry
- Trigger registry scans with Webhooks
- Base images
- Configure VM image scanning
- Configure code repository scanning
- Agentless scanning
- Malware scanning
- Vulnerability risk tree
- Vulnerabilities Detection
- CVSS scoring
- Windows container image scanning
- Serverless function scanning
- VMware Tanzu blobstore scanning
- Scan App-Embedded workloads
- Troubleshoot vulnerability detection
-
- Compliance Explorer
- Enforce compliance checks
- CIS Benchmarks
- Prisma Cloud Labs compliance checks
- Serverless functions compliance checks
- Windows compliance checks
- DISA STIG compliance checks
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- App-Embedded scanning
- Detect secrets
- Cloud discovery
- OSS license management
- API
End-of-Life (EoL)
Backup and restore
Prisma Cloud automatically backs up all data and configuration files periodically.
You can view all backups, make new backups, and restore specific backups from the Console UI.
You can also restore specific backups using the twistcli command line utility.
Prisma Cloud is implemented with containers that cleanly separate the application from its state and configuration data.
To back up a Prisma Cloud installation, only the files in the data directory need to be archived.
Because Prisma Cloud containers read their state from the files in the data directory, Prisma Cloud containers do not need to be backed up, and they can be installed and restarted from scratch.
When data recovery is enabled (default), Prisma Cloud archives its data files periodically and copies the backup file to a location you specify.
The default path to the data directory is /var/lib/twistlock.
You can specify a different path to the data directory in twistlock.cfg when you install Console.
Configuring automated backups
By default, automated backups are enabled.
With automated backups enabled, Prisma Cloud takes a daily, weekly, and monthly snapshots.
These are known as system backups.
To specify a different backup directory or to disable automated backups, modify twistlock.cfg and install (or reinstall) Prisma Cloud Console.
The following configuration options are available:
Configuration option | Description |
---|---|
Specifies the directory where backups are saved. For example, archives could be saved on durable persistent storage, such as a volume from Amazon Elastic Block Storage (EBS). The default value is /var/lib/twistlock-backup. |
- Open twistlock.cfg for editing.
- Scroll down to the Data recovery section.
- Enable (or disable) automated back up by setting DATA_RECOVERY_ENABLED to true (or false).DATA_RECOVERY_ENABLED=trueSpecify the location where backups should be stored.DATA_RECOVERY_VOLUME=</PATH/TO/BACKUP/VOLUME>Load your new configuration settings.If you have not installed Prisma Cloud Console yet, follow the regular installation procedure. For more information, see Install Prisma Cloud.If Prisma Cloud has already been installed on your host, load your new twistlock.cfg file by re-running twistlock.sh. The following command assumes that twistlock.sh and your updated twistlock.cfg reside in the same directory.$ sudo ./twistlock.sh consoleMaking manual backupsPrisma Cloud automatically creates and maintains daily, weekly, and monthly backups. These are known as system backups. You can also make your own backups at any point in time. These are known as manual backups.
- Open Console.
- Go toManage > System > Backup & Restore.
- UnderManual backups, clickCreate backup.
- Give your backup a name, then clickCreate.Your backup file is stored in /var/lib/twistlock-backup in the storage volume allocated to Prisma Cloud Console. For a onebox installation, this would simply be the local file system of the host where Console runs. For a cluster, such as Kubernetes, this would be the persistent volume allocated to the Console service.
Restoring backups from the Console UIYou can restore Console from a backup file directly from within the Console UI. The Console UI lists all available backups.You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 19.11.512, you cannot restore a backup whose version is 19.11.506. To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it.- Open Console.
- Go toManage > System > Backup & Restore.
- ClickRestoreon one of the system or manual backups.
- After the database is reloaded from the backup file, restart Console.For a onebox installation, ssh to the host where Console runs, then run the following command:$ docker restart twistlock_consoleFor a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:// Get the name of Prisma Cloud Console pod: $ kubectl get po -n twistlock | grep console // Delete the Prisma Cloud Console pod: $ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlockIf any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly.If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible.
- Your host can access the volume where the Prisma Cloud backups are stored. By default, backups are stored in /var/lib/twistlock-backup, although this path might have been customized at install time.
- Your host can access the Prisma Cloud’s data volume. By default, the data volume is located in /var/lib/twistlock, although this path might have been customized at install time.
- Your version of twistcli matches the version of the backup you want to restore.
- Go to the directory where you unpacked the Prisma Cloud release.
- Run the twistcli restore command. Run twistcli restore --help to see all arguments.
- List all available backups. To list all files in the default backup folder (/var/lib/twistlock-backup), run twistcli restore without any arguments:$ ./twistcli restoreTo list all backup files in a specific location, run:$ ./twistcli restore <PATH/TO/FOLDER>Choose a file to restore by entering the number that corresponds with the backup file.For example:aqsa@aqsa-faith: ./twistcli restore --data-recovery-folder /var/lib/twistlock-backup/ Please select from the following: 0: backup1 2.5.91 2018-08-07 15:10:10 +0000 UTC 1: daily 2.5.91 2018-08-06 16:10:48 +0000 UTC 2: monthly 2.5.91 2018-08-06 16:10:48 +0000 UTC 3: weekly 2.5.91 2018-08-06 16:10:48 +0000 UTC Please enter your selection: 0After the database is reloaded from the backup file, re-install/restart Console.For a onebox installation, ssh to the host where Console runs, then rerun the installer:$ sudo ./twistlock.sh -ys oneboxFor a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:// Get the name of Prisma Cloud Console pod: $ kubectl get po -n twistlock | grep console // Delete the Prisma Cloud Console pod: $ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlockIf any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly.If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible.Restoring Fargate ConsoleWhen restoring a Console running on Fargate perform the following steps:
- Create a new Console Fargate task.
- Create Console’s first administrative account and enter your license.
- Restart the Console by stopping the task and allowing the scheduler to create a new Console task.
Downloading backup filesPrisma Cloud Compute lets you download backup files so that they can be copied to another location. Backup files can be downloaded from the Console. Go toManage > System > Backup & Restore, and clickActions > Exportto download a backup.
Restoring backups from twistcliYou can restore Console from a backup using twistcli. Use this restore flow when Console is unresponsive and you cannot access the UI to force a restore to a known good state.You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 2.5.88, you cannot restore a backup whose version is 2.5.50. To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it.Prerequisites:Recommended For You