Backup your new AuthAnvil Password Server configuration and settings
AuthAnvil Password Server includes a backup tool. This tool connects to the database and grabs all of the data, including certificate and encryption values from the server software itself. After running this tool you will have a backup file that is capable of restoring a completely fresh server into a fully-functional AuthAnvil Password Server.
Note: In AuthAnvil Password Server v2.0 the backup and restore tools will collect the greater between 90 days of logging or 10,000 logs. This is to trim unnecessary logging data from previous versions
- Open a command window and change directory to the folder where you would like to save the backup (i.e. D:\Backups)
- To run the backup type the full path to the command C:\Program Files\Scorpion Software\AuthAnvil Password Server\Tools\BackupTool\AAPSBackup.exe and hit enter. This will automatically detect the current database being used by the software. If the database has changed location you can manually define the following 2 parameters:
-f is used to point to the AAPS web.config. If not defined it will assume the default path (C:\Program Files\Scorpion Software\AuthAnvil Password Server
-s defines the SQL pointer. This should be in the format SQLSERVERSQL\Instance (i.e. SBS2008\AuthAnvil).
Note: This does not include the database, only the instance name. If no instance name, just use the SQL server name on its own
AAPSBackup.exe (-f <pathToWeb.config>) (-s <SQLServerInstanceName>) i.e. AAPSBackup.exe -f “C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\web.config” -s SBS2008\AUTHANVIL
If you run AAPSBackup.exe without any parameters it will search the default location of the web.config (C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS) and will read the SQL instance from this configuration file.
Note: Your *.psb file is created and saved in the same directory where you are running the script. If the backup is successful, the tool will display a success message. If you receive an error, confirm the path to the web.config file, and that the AuthAnvil Password Server database is accessible and run the backup again. Make sure to move this file to a safe location as it has sensitive data and is crucial to providing a restore point for your server software.
Automating the backup of AuthAnvil Password Server configuration data and audit logs
Using a scheduled task, you can configure Windows to routinely backup the AuthAnvil database and make the backup available to your normal server backup sets. Plus, using password sync-chains, you can automate the credentials used to run the task. We’ll cover the procedure for the AuthAnvil Password Server backup tool, but the same procedure applies to every AuthAnvil product.
Creating the task
To get started, create a task in the task scheduler to execute AAPSBackup.exe. You can find the parameters and such in the backup section of the Password Server Install Guide. We recommend having this task run nightly, shortly before your usual server backup.
Note: A PSB file stores all AuthAnvil Password Server users, configuration and audit data, and should be properly secured. You may wish to copy the backup tool directory or the directory that the “Start in” field is pointed to (Windows Server 2008 and later) to a secure location and further tighten NTFS ACLs so permissions will only allow the backup account privileges to read and access the .psb files created, along with the administrative account which needs to execute the aapsbackup tool. All other access should be explicitly denied.
Synchronizing the password
Normally, if you used a local administrator account to execute your scheduled task, changing the password for that account would force you to manually update the task with a new password. With AuthAnvil, that’s not an issue anymore.
Assuming that you've already stored and synchronized this password in AuthAnvil, just add the task as an additional step on the synchronization page. This creates a sync chain that will make the sync agent update the local administrator password as well as the task anytime that credential changes.
Now, as per most backup procedures, you will want to periodically verify your backups. The best way to do so is perform a full restore in a test environment. We also recommend creating a quarterly hard copy of the passwords stored in AuthAnvil. This hard copy can be generated by a mass export function from inside AuthAnvil, which in turn should be immediately printed on a secure printer. The resultant document should be sealed and placed in the company safe or the deposit box at the bank for use in case of extreme emergency.
Restoring your AuthAnvil Password Server configuration data and audit logs
In addition to backing up the server configuration data, settings, users and logs, the aapsbackup.exe tool is also able to restore a live AuthAnvil Password Server from a specific backup file that has been created. The command is very similar to the backup function: AAPSRestore.exe <PathToBackup.psb> (-f <Path to web.config> ) i.e. AAPSRestore.exe <FilePathToBackup.psb> -f “C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\web.config”
Although you can restore a blank server from your latest password vault backup, this command line restore function can quickly recover your configuration in an existing AuthAnvil Password Server environment. This provides a safety net if your organization administrators happen to be locked out.