Skip to main content

Backup and Restore Best Practices

Lifecycle is a critical piece of your infrastructure. Mature deployments have a maintenance plan that schedules a regular backup and upgrade plan. The plan should include an annual test of the backup with simulated outages and failovers.

Document your backup and recovery plan

Include step-by-step instructions with methods for password storage and recovery when needed.

Backing Up

Document your backup procedures

  • Write down your backup procedure, step-by-step, and make sure that at least the following is covered:

    • If automated, where does the backup task/command live (e.g. as a batch file on a server)

Use the external PostgreSQL database option for deployments of IQ Server

  • The PostgreSQL database can be deployed/managed in a way such that backing up does not require a full shutdown of the IQ Server, preventing downtime and giving you flexibility when scheduling your backup task. That's one of the major benefits of migrating to a PostgreSQL database. Work with your database administrators to be sure your PostgreSQL database supports this method of backing up.

  • Resilient and high-availability deployments are only possible with the PostgreSQL database option.

Backup regularly, and automate it

  • Aim to back up your IQ Server daily. IQ Server benefits from more frequent backups.

  • Build a backup task into your CI pipeline. Automating ensures consistency and allows you to pinpoint parameters like frequency, time, and storage location.

Don't clean up until after backup

  • Regular cleanup/purging of your IQ Server directories frees up disk space.

  • Wait to clean up IQ Server directories until directly after a backup. That way, if something important is deleted accidentally, you can restore the deleted file from your backup.

  • Adhere to your organization's data retention policies, and be mindful that some files associated with IQ Server may contain sensitive data.


Validate your backups

  • Your backup is only useful to you if it's valid. Validate your first backup, then validate again at least quarterly after that.

  • Validate your backup in a test environment. If you're deployed to the cloud, label your persistent volumes clearly, and be sure to wind them down when you're finished testing.

Understand the limitations of restoring

  • The biggest limitation is that there's no way to restore just a single report or scan into a production instance of IQ Server. If a scan is missing from your production environment, scan again. Remember that reports are saved as .json files at sonatype-work/clm server/report.