Backing Up the Database

You can manually create or automatically schedule a backup of the database catalog. Follow the steps below to successfully back up the database.

Backup Overview
Understanding Backup Terminology
Prerequisites to Configuring Database Backup
Preparing the Backup Configuration File
Backing Up the Database
Scheduling Automatic Backups

Backup Overview

You can perform a full backup, which is a complete copy of the database catalog, its schemas, tables, and other objects. It provides a snapshot of the database at the time of backup. You can use it for disaster recovery or to restore a damaged or an incomplete database. You can also restore individual objects from a full backup.

If a full backup already exists, then the database backup utility tool backs up new or changed data from the time the full backup was created. You can specify the number of backup snapshots to retain.

Understanding Backup Terminology

Backups are stored in the following folders in the backup location:
- Object Folder: Consists of database objects files, which contain the actual data stored in the database. Repeated backups copy the new objects that are not in the backup location.
- Snapshot folder: It contains a snapshot of the full catalog of the database at the time of the backup. Catalog contains metadata which is smaller in size than the actual data in the database. Catalog keeps track of all the database objects that were present in the database at the time of the backup snapshot. Many Catalog snapshots will refer to the same object files as the backups are performed more often than the lifespan of the object file. This avoids storing duplicates of object files for each backup. The backup_snapshot portion is defined by the .ini file and the date time strings are automatically appended by the database backup process.
Restore point: Each backup operation records the state of the database at the time of the backup and stores it in the backup archive as a restore point. You can restore to a specific restore point using the -archive argument.
Restore point limit: Specifies the number of previous backups that you want to retain in addition to the most recent backup.
In the backup utility configuration file, you can specify the number of backup snapshots to be retained using Specify the number of historical backups to retain in addition to the most recent backup, so that the expired snapshots can be groomed out. When a backup snapshot is groomed out, all associated object files that was being referenced by the snapshot will also be groomed out.

Prerequisites to Configuring Database Backup

Before you configure the database backup, ensure your cloud administrator creates the communal storage backup location.

For an AWS Environment

For an AWS-based deployment, the backup communal storage location must be in the same region as the live database communal storage. The database supports connecting to S3 buckets in AWS using IAM roles. IAM roles are the default access control method for AWS resources. The database uses this method if you do not configure the legacy access control session parameters.

To use an IAM role, the bucket must be in the same region as the mode's database cluster and the role needs to be set with the proper permissions for reading and writing to the S3 bucket. For more information about creating Amazon S3 buckets, see the AWS documentation, Creating a bucket. For more information about IAM roles, see the AWS documentation, IAM Roles for Amazon EC2 and Creating a role to delegate permissions to an AWS service.

For an Azure Environment

The backup communal storage location must be in the same Azure Storage Account as the live database communal storage.

Preparing the Backup Configuration File

A database backup utility is provided to be used to perform backup and restore procedures. To use this utility, it must first be configured. Once configured, it can be used to perform the complete lifecycle of scheduling backups, backup on-demand, managing the backup archive, and restoring from backup.

You must create an S3 bucket or a Blob storage backup folder before configuring the database backup utility.

Run this tool as a root user.

Specify the following command from the database scripts path (/opt/arcsight-db-tools/scripts):
```
./db_backup.sh config
```
Select the communal storage.

Specify the values for the fields based on your requirement. Following are the possible scenarios:

For S3 storage:

Scenario	Fields
Using IAM role authentication and S3 settings are saved	Enter y to use the IAM role authentication, when prompted. Specify the S3 backup bucket name. Specify the path to S3 backup folder. Specify the path to the locking system. Specify the number of historical backups to be retained in addition to the most recent backup.
Not using IAM role authentication and S3 settings are saved	Enter n to not use the IAM role authentication, when prompted. Specify the S3 server access key. Specify the S3 server password. Specify the S3 backup server. Specify the S3 server backup port. Specify if TLS needs to be enabled or disabled. Specify the S3 backup server access key. Specify the S3 backup server password. Specify the S3 backup bucket name. Specify the path to S3 backup folder. Specify the path to the locking system. Specify the number of historical backups to be retained in addition to the most recent backup.
Using IAM role authentication and S3 settings are not saved	Enter y to use the IAM role authentication, when prompted. Specify the S3 server. Specify the S3 server port. Specify if TLS needs to be enabled or disabled. Specify the S3 backup bucket name. Specify the path to S3 backup folder. Specify the path to the locking system. Specify the number of historical backups to be retained in addition to the most recent backup.
Not using IAM role authentication and S3 settings are not saved	Enter n to not use the IAM role authentication, when prompted. Specify the S3 server. Specify the S3 server port. Specify if TLS needs to be enabled or disabled. Specify the S3 server access key. Specify the S3 server password. Specify the S3 backup server. Specify the S3 server backup port. Specify if TLS needs to be enabled or disabled for the backup server. Specify the S3 backup server access key. Specify the S3 backup server password. Specify the S3 backup bucket name. Specify the path to S3 backup folder. Specify the path to the locking system. Specify the number of historical backups to be retained in addition to the most recent backup.

For Blob storage:

The Blob account used for backup must be the same account as used for the live database, otherwise you will observe an error.

Using managed identity to authenticate	Specify the account name. Enter y to use the managed identity to authenticate with Azure storage container. Specify the path to the Blob storage backup folder. Specify the path to the locking system. Specify the number of historical backups to be retained in addition to the most recent backup.
Not using managed identity to authenticate	Specify the account name. Enter n to not use the managed identity to authenticate with Azure storage container. Specify the account key. Specify the path to the Blob storage backup folder. Specify the path to the locking system. Specify the number of historical backups to be retained in addition to the most recent backup.

Backing Up the Database

To create a new backup, run the following command from the database scripts path (/opt/arcsight-db-tools/scripts):

./db_backup.sh backup

Scheduling Automatic Backups

Micro Focus recommends that you schedule backups to run every hour. To schedule a backup, use the following command from the database scripts path (/opt/arcsight-db-tools/scripts):

./db_backup.sh schedule '<crontab_expression>'

For example:

./db_backup.sh schedule '0 * * * *'

Required parameter:

crontab_expression

Specify a crontab expression for the time you want to schedule a backup.