Skip to main content

Backup and Restore Best Practices

Overview

The IQ Server is a critical piece of your digital infrastructure. Backing it up regularly, and knowing how to restore it from a backup, is a key part in securing your software supply chain. Though your backup strategy will depend on the specifics of your deployment, there are some universally applicable tips that you should always keep in mind.

Backing Up

Document your backup procedures

  • Write down your backup procedure, step-by-step, and make sure that at least the following is covered:

    • How often a backup should be performed

    • Exactly what files and directories should be backed up

    • Where backups are saved, and how to access them

    • If automated, where does the backup task/command live (e.g. as a batch file on a server)

Make backing up a priority

  • Regular, validated backups are a key part of any good deployment, regardless of the specifics.

  • Assign responsibility for managing backup tasks early in your rollout of Lifecycle and/or Firewall.

  • Backing up is important for every customer, regardless of your deployment type. If you're targeting a high-availability or resilient deployment, then understanding the ins and outs of backing up the IQ Server is especially important.

Use the external PostgreSQL database option for deployments of IQ Server

  • The PostgreSQL database can be deployed/managed in a way such that backing up does not require a full shutdown of the IQ Server, preventing downtime and giving you flexibility when scheduling your backup task. That's one of the major benefits of migrating to a PostgreSQL database. Work with your database administrators to be sure your PostgreSQL database supports this method of backing up.

  • Resilient and high-availability deployments are only possible with the PostgreSQL database option.

Backup regularly, and automate it

  • Aim to back up your IQ Server daily. IQ Server benefits from more frequent backups.

  • Build a backup task into your CI pipeline. Automating ensures consistency and allows you to pinpoint parameters like frequency, time, and storage location.

Don't clean up until after backup

  • Regular cleanup/purging of your IQ Server directories frees up disk space.

  • Wait to clean up IQ Server directories until directly after a backup. That way, if something important is deleted accidentally, you can restore the deleted file from your backup.

  • Adhere to your organization's data retention policies, and be mindful that some files associated with IQ Server may contain sensitive data.

Restoring

Know how to restore

  • A backup can't help you if you don't know how to use it.

  • Involve the right people in your backup and restore strategy. That could include your Operations team, site reliability engineers, IQ Server administrators and managers, project owners, Application security team members, and if applicable, anyone responsible for managing your cloud instances.

Validate your backups

  • Your backup is only useful to you if it's valid. Validate your first backup, then validate again at least quarterly after that.

  • Validate your backup in a test environment. If you're deployed to the cloud, label your persistent volumes clearly, and be sure to wind them down when you're finished testing.

Understand the limitations of restoring

  • The biggest limitation is that there's no way to restore just a single report or scan into a production instance of IQ Server. If a scan is missing from your production environment, scan again. Remember that reports are saved as .json files at sonatype-work/clm server/report.

Store your backups correctly

  • Label your backups with the date and time.

  • Associate each backed-up file, directory, and database with other items from the same backup task. For example, don't store all your backed-up config.yml files in one location and your IQ Server .jars in another.

  • Store your backups in a location that can be accessed by the team responsible for restoring service.

  • Consider how and where other important backups are being stored. Your organization may have online, offline, and offsite backup options, with the most critical backups being stored offline or offsite. If that option is available to you, and your IQ Server is a critical piece of your infrastructure, consider keeping a copy of your backups there.