File IQ Database Backup, Database Restore, and Appliance Recovery

The purpose of this guide is to provide information and procedures for these tasks:

• Backing up the Nasuni File IQ database. See Introduction to Database Backup and Restore.

• Recovery (including a disaster recovery or DR) of a File IQ Appliance (with or without restoring a previous Nasuni File IQ database backup). See Appliance Recovery.

This guide is intended for the IT administrator or person responsible for maintaining the File IQ Appliance.

Introduction to Database Backup and Restore

Beginning with version 10.1, Nasuni File IQ allows users to back up the Nasuni File IQ database, and to restore a previously created database backup during the recovery process.

Supported Cloud Platforms

The Nasuni File IQ backups can be uploaded to the following clouds:

• Amazon AWS S3

• Microsoft Storage Account

Unsupported Features

Important Security Notice: Backup File Encryption

Backups generated by the File IQ appliance and uploaded to the cloud are not encrypted at the file level. While the cloud provider ensures that all data stored on disk is encrypted at rest using their standard encryption protocols, the backup files themselves remain unencrypted.

Additionally, the File IQ appliance does not support the use of customer-provided hardware encryption keys for backup storage encryption.

Recommendations:

• Because backups are generated and uploaded to the cloud automatically by the File IQ appliance, it is not possible to apply external encryption to the backup files before upload. If file-level encryption is a requirement for your organization, be aware that this functionality is not currently supported.

• Always ensure that access to your cloud storage is tightly controlled and monitored.

Key Terms

• RPO: The Recovery Point Objective (RPO) is the maximum allowable time period during a disruption when data can be lost from an IT service.

• RTO: The Recovery Time Objective (RTO) is the desired timeframe and level of service for restoring a business process after a disruption, ensuring uninterrupted business operations.

• Write-ahead logs (WAL): Database write-ahead logs contain all database updates during the period covered by each log file and can be used to replay all transactions that occurred during this time.

Recovery Point Objective and Recovery Time Objective

When Nasuni File IQ database backups are configured, Nasuni File IQ backs up its database and write-ahead logs to the customer’s cloud per the customer’s specified schedule. Database write-ahead logs contain all updates to the database during the time period covered by each log file, making it possible to recreate an almost up-to-date database after a disaster. This is achieved by recovering the latest available Nasuni File IQ database backup and all write-ahead logs since the Nasuni File IQ database backup was last run. This also ensures that the Recovery Point Objective (RPO) is usually close to one minute.

You can choose to restore all write-ahead logs in the restore wizard. If choosing this option, the RPO is generally around a minute. However, the restore could take considerable time if the Nasuni File IQ database backup is not recent or if the database activity is large. If you decide not to restore all write-ahead logs, only the minimum write-ahead logs (those created during the duration of the Nasuni File IQ database backup) are restored, and, therefore, the RPO is the time the Nasuni File IQ database backup is finished.

Overall Recovery Time

This section describes the recovery point and recovery time objectives.

Recovery Point Objective

The recovery point objective (RPO) depends on many factors. In a cloud-based virtual machine with a Nasuni File IQ database backup destination configured in the same cloud and region, the RPO is typically about one minute. However, increased database load or network latency can significantly impact RPO. For example, very large and busy on-prem Nasuni File IQ deployments might not have sufficient bandwidth to upload write-ahead logs to keep up with database activity. In this case, it might not be possible to back up the Nasuni File IQ database.

Recovery Time Objective

The RTO depends on many factors. Restoring a Nasuni File IQ database backup is typically about five times faster than creating the corresponding backup. Replaying all WALs, especially on a busy system, can require a significant amount of time (potentially up to a day or more on a busy system).

The following factors greatly impact the Nasuni File IQ appliance load:

• The number of events processed per second (activity load).

• The size of the monitored volumes (metadata load).

An example of a busy system is one that processes more than 500 events per second sustained (over 40 million events per day) or analyzes volumes with a total number of files over 100 million.

Size, network topology, and cost considerations

Enabling this feature might require increasing the number of cores or memory. To ensure your Nasuni File IQ appliance is accurately sized, use the Nasuni File IQ Sizing tool.

The Nasuni File IQ database backup is highly compressed. Its size is usually about 10% of the total database size displayed in the Database Schema Size panel of the Database Support dashboard. However, the compression ratio can be influenced by many factors, such as folder name lengths and characters used (for example, 7-bit ASCII vs. Unicode characters).

The number of write-ahead log files created can vary greatly. On busy systems, it is common to have one generated every second.

On busy systems, it is therefore important to have good connectivity between the Nasuni File IQ appliance and the cloud storage where the Nasuni File IQ database backups and write-ahead logs are to be uploaded. If your Nasuni File IQ appliance is already in the cloud, ensure that the configured storage account is located in the same cloud and region as the appliance. Otherwise, network throughput and latency could become a problem, and egress costs from the Nasuni File IQ regions would increase.

If you have several Nasuni File IQ appliances, it is safe to use the same storage account and bucket for all the appliances, assuming they are all located in the same region: each appliance has a dedicated location inside the cloud storage container.

Network traffic is hard to estimate because it depends on many factors, such as volume size and activity level. A daily bandwidth of 20% of the database size displayed in the Database Schema Size panel of the Database Support dashboard is usually a good estimate.

Nasuni File IQ Database Restore process overview

The overall restore process can be summarized as follows:

1. Nasuni File IQ admin creates a recovery backup key on the File IQ appliance.

2. Nasuni File IQ admin creates a cloud storage bucket to upload Nasuni File IQ database backups.

3. Nasuni File IQ admin configures Nasuni File IQ database backup target location and schedule (typically, nightly).

4. Nasuni File IQ appliance database and configuration are backed up automatically according to the configured schedule.

5. Nasuni File IQ appliance database write-ahead logs are permanently uploaded to the cloud.

   Note: The Nasuni File IQ database backup and write-ahead log archiving process can be monitored on the Nasuni File IQ backup status page in the File IQ Edge UI.

   Note: It is highly recommended that you check the Nasuni File IQ status page in the File IQ Edge UI after configuring the Nasuni File IQ database backup to ensure that the backup process is running correctly. If issues arise, an NMC alert is also raised.

6. Nasuni File IQ admin creates a new appliance and initializes it with the same SERIAL_NUMBER as the previous Nasuni File IQ appliance.

7. The Recovery wizard prompts you to recover the encryption keys and downloads the previously backed-up configuration to restore it.

8. If available, the restore wizard prompts you to select a Nasuni File IQ database backup to recover.

9. The Nasuni File IQ appliance reboots and reconfigures itself with the restored configuration.

10. After the Nasuni File IQ is re-enabled and restarted, the database restore process begins.

    Note: The File IQ Edge UI allows you to monitor the restore process in the Nasuni File IQ Restore Status page.

    Note: If, as per the Restore Status progress display, the restore is expected to take a significant amount of time, you can disable the File IQ Service on the Nasuni Edge Appliances connected to this Nasuni File IQ appliance during the restore process. This speeds up the overall restore duration because events sent during the restore process do not persist. For more information, see Recovery Point Objective and Recovery Time Objective with Nasuni File IQ.

Reasons a Nasuni File IQ Database Restore might fail

Important: The presence of a Nasuni File IQ backup does not guarantee that the database restore process can successfully restore the backup.

A restore might not be possible in the following restore scenarios:

• The Nasuni File IQ database backup cloud configuration changed, and a Nasuni File IQ database backup does not exist for the new configuration.

• An appliance backup has not been performed since the Nasuni File IQ database backup cloud configuration has been changed.

  Tip: If your appliance is accessible, ensure that all Nasuni File IQ database backup-related checks pass in the Nasuni File IQ Status page of the File IQ Edge UI before attempting a database restore. It is also recommended to periodically check the Nasuni File IQ Status page in the File IQ Edge UI and the Nasuni File IQ appliance status on the Filers page in the NMC UI.

Configuring Database Backups

When configuring the cloud provider and connection details, note the following:

• The Cloud Provider field only displays your licensed providers.

• For the best performance and savings, if using a virtual machine in the cloud, store the Nasuni File IQ database backup in the same cloud provider and region.

• If you have several Nasuni File IQ appliances in the same region, you can select the same bucket for all appliances.

• Some cloud providers offer several ways to generate credentials. Ensure you use a long-lived key or token, or Nasuni File IQ database backups might suddenly stop working or you might be unable to restore a previous Nasuni File IQ database backup.

Creating a Storage Account and Bucket

Information and directions on creating a storage account and bucket can be accessed from the following table.

Note: A Nasuni File IQ appliance installed on-prem requires a storage account and bucket in the cloud. We recommend using the same cloud provider you already use as the back end for Nasuni volumes, and in a region local to your Nasuni File IQ appliance.

Securing your Storage Account and Bucket

Securing your storage account and bucket is beyond to scope of this document. Ensure that access to the storage bucket is restricted.

Configuring the Nasuni File IQ Database Backup target

To configure the Nasuni File IQ database Backup target, follow these steps:

1. Navigate to the File IQ Edge UI.

2. Click the Configuration tab and select Backup Cloud Configuration.

3. Click the Cloud Provider drop-down and choose a platform.

4. Enter the field details for your cloud platform.

Microsoft Azure

az account show --query tenantId -o tsv

az account subscription list \
be--query "[].{subscriptionId:subscriptionId,displayName:displayName}" \ 
-o table

Note: Some of the required information can be collected from the az command line tool, which is available at https://learn.microsoft.com/en-us/cli/azure/install-azure-cli.

Amazon S3

5. Click Test and Save to finish.

Configuring the Nasuni File IQ Database backup schedule

Important: Disabling the schedule prevents Nasuni File IQ database backups from occurring; however, this does not stop the Write-ahead logs (WALs) from being uploaded, because this would prevent point-in-time recovery. The only way to stop WALs from being uploaded is to reset the Nasuni File IQ database backup cloud configuration.

To configure the Nasuni File IQ database backup schedule, follow these steps:

1. Navigate to the File IQ Edge UI.

2. Click the Configuration tab and select Backup Schedule.

3. Use the following fields to configure your backup schedule:
   

   1. Enable Backup: Check to enable the Nasuni File IQ database backup schedule. Unchecking this temporarily disables only the Nasuni File IQ database backups. The WALs require a Nasuni File IQ database backup configuration reset to disable.

   2. Backups to Preserve: Number of Nasuni File IQ database backups to preserve in the cloud (maximum 10).

   3. Backup Frequency: Set to Daily or Weekly.

   4. Backup Interval: This is a multiple of the backup frequency. For example, set the backup frequency to run every 2 days or every 4 weeks.

   5. Backup Day: If set to Weekly, the day of the week that the database backup runs.

   6. Backup Time: Time of day that the backup runs.

4. Click Save to finish.

Monitoring Nasuni File IQ Database backup progress and history

To view ongoing and past Nasuni File IQ database backups and write-ahead log archives, navigate to the File IQ Edge UI and click the Status tab, followed by Backup Status.

When enabled, the Nasuni File IQ Database Backup Status page displays the following information:

• The current progress of an ongoing backup.

• The timestamp of the latest archived WAL.

Note: If you disable or change the Nasuni File IQ backup cloud location, this section is not visible until a new write-ahead log is archived in the new location.

Note: All timestamps display in the Nasuni File IQ appliance time zone.

• The Nasuni File IQ database backup history.

Note: If you change or turn off the Nasuni File IQ backup cloud location, previously uploaded backups are marked as NO_ACCESS.

To check the status of a previous or in-progress backup, locate the Status column and refer to the following table for a status description.

Considerations when restoring a previous Nasuni File IQ database backup

Important: If your appliance is accessible, ensure that all Nasuni File IQ database backup-related checks pass in the Nasuni File IQ Status page of the File IQ Edge UI before attempting a database restore.

Note: For more information on these steps, see the sections titled "Connect the Nasuni Volumes to the File IQ Appliance" and "Enabling the File IQ and Configuring the File IQ Service" in your platform's Nasuni File IQ Installation Guide.

Microsoft Azure

AWS EC2

Introduction to File IQ Appliance Recovery

This section explains the steps for performing the Recovery process for recovering a File IQ Appliance. In a recovery scenario, the total time to recover a File IQ Appliance can be reduced to approximately 15 minutes.

During this recovery, you can also optionally restore the database from a backup.

To recover your File IQ Appliance, you follow the simple steps of downloading the virtual machine again from the Nasuni account Web site, installing the product, and then completing the recovery process.

There are a number of reasons for performing a recovery of a File IQ Appliance, including:

• Changing virtual machine platforms (Nutanix AHV, Google Cloud, Microsoft Hyper-V, VMware, Microsoft Azure, Amazon EC2).

• Virtual machine hardware refresh.

• Human error.

• Hardware and software failures.

• True disaster.

The Recovery feature is available for all licensed File IQ appliances. However, recovery might not be possible for the following reasons:

• You have not downloaded the encryption key, or don’t remember the key password.

• You have not escrowed the encryption key, or do not remember the escrow passphrase.

• You are attempting to recover to a version of the File IQ appliance that is different from the version of the previous File IQ appliance. Usually, recovery is possible from version n to version n or from version n to version n+1, but version chokepoints or large system changes might require you to first recover to the exact same version of the File IQ appliance, then to update to the other version.

We recommend that you consult your Nasuni technical account manager before attempting the recovery of a File IQ appliance.

Note: Because recovery of File IQ appliance is only provided for NEA 10.0 and later, it is not possible to recover a File IQ based on the 9.14 or 9.15 NEA releases. The supported recovery configuration is NEA 10.0 to NEA 10.0.

Before recovering the File IQ Appliance

Here are some considerations before performing the recovery procedure.

Warning: Do not attempt to restore from a virtual machine snapshot or backup.

Tip: Check the File IQ Status page in the File IQ Edge UI in order to check for configuration backup availability.

Important: To perform a recovery procedure, a backup key must have been generated or uploaded.

Important: Internet connectivity (HTTPS port 443) to the new destination File IQ Appliance is a prerequisite for setting up the File IQ Appliance, or to update software during the installation.

Important: When planning to restore a previous version of the Nasuni File IQ database, ensure that all Nasuni File IQ database checks are successful.

For details about ports and firewalls, see Firewall and Port Requirements.

Note: Downloading and executing the installation program for the virtual appliance is contingent upon the virtual platform you are using.

Tip: The following state settings, if configured, ARE NOT retained after the Recovery procedure. You should record your settings so that you can reconfigure these settings after the Recovery procedure.

• Network Configuration.

• Directory Services must be reconfigured.

  • Any volume secured by Directory Services.

• A new Disaster Recovery key and passphrase must be configured.

• Automatic Software Updates.

• Time Zone and NTP Time Server settings.

• All volumes must be re-shared Read-Only with the new File IQ appliance.

• After the recovery reboot is complete, the File IQ database disk must be re-added, and the File IQ service must be re-enabled in the File IQ configuration page in the NOC.

• The contents of the File IQ database are not restored unless a previous backup has been done, and is selected during the recovery process. Therefore, all dashboards in Grafana might initially be empty, such as after a clean installation of a new File IQ appliance.

• The Nasuni File IQ database backup schedule is not part of the restore process. It must be recreated manually to ensure no spurious Nasuni File IQ database backup is uploaded to the cloud before system validation.

Tip: The following state settings, if configured, ARE retained after the Recovery procedure.

• File IQ appliance name, as visible in the NOC.

• Volumes; however, see above about Directory Services and Read-Only access.

  • Connected volumes.

  • Snap and sync schedules (which should be disabled for all volumes on the File IQ appliance).

• All File IQ configuration data, including:

  • Grafana SSO or viewer password, and user theme.

  • Database Backup cloud configuration, excluding its schedule

  • All Premium configuration

    • Alerting configuration

    • Reporting configuration

    • Database retention

• Any NEA sending their events to the old File IQ appliance should automatically send events to the new appliance when it is discovered. However, there could be a loss of events until all NEAs are notified of the new File IQ appliance and download its encryption key. This is typically performed every two hours.

Tip: In addition to the state recovered as part of Nasuni File IQ recovery (DR) feature, the following state is recovered if a Nasuni File IQ database backup is selected in the recovery (DR) wizard:

• The content of the Nasuni IQ database is restored:

  • Up to the time of the latest uploaded write-ahead log if all write-ahead logs were selected in the recovery (DR) wizard.

  • Up to when the Nasuni File IQ database backup completed otherwise.

Preparing the original source File IQ Appliance (if available)

If the original source File IQ Appliance is running and accessible, prepare the original source File IQ Appliance by following these steps:

1. Verify that the original source File IQ Appliance is installed and properly configured on your network.

2. Verify that a backup key has been generated or uploaded.

3. Verify that there is an available appliance backup by going to the File IQ Status page.

4. If you wish to restore the File IQ database content, verify that there is an available database backup on the same page.

5. For the volumes that have "custom" Remote Access permissions configured, perform the recovery procedure first. Then, after the recovery procedure completes, set the custom Remote Access permissions to Read-Only for the volumes associated with the newly recovered appliance.
   If the File IQ Appliance is under the control of the Nasuni Management Console (NMC), you can change the Remote Access permissions by clicking Remote Access on the Volumes page.
   If the File IQ Appliance is not under the control of the Nasuni Management Console (NMC), you can change the Remote Access permissions by selecting the volume and clicking the Remote Access setting.

6. Remove the original source File IQ Appliance from control of the Nasuni Management Console (NMC) by following these steps:

   1. Click Services, then select Nasuni Management Console from the list. The Nasuni Management Console page appears.

   2. From the “NMC Management is” drop-down list, click disabled.

   3. Click Save.

7. Obtain the Serial Number and Authorization Code for the original source File IQ Appliance. You use these in a later step.

   Important: Authorization codes (also called “Auth codes”) are intended for a single use, and are not permanent. Authorization codes change if the associated serial number is used successfully, if the authorization code is refreshed via the NMC (Account Status --> Serial Numbers, then click Refresh), and if the authorization code is regenerated via the NOC
   (visit https://account.nasuni.com/account/serial_numbers/, then click show, then click regen).

8. Perform a shutdown of the original source File IQ Appliance, by following this procedure:

   1. Click Power on the navigation bar at the top of the page. The Shutdown dialog box appears.

   2. Enter a Username (case-sensitive) and Password (case-sensitive) that has permission to perform this operation.

   3. Select “Shutdown immediately”. This shuts down the File IQ Appliance at once, with no preliminary operations.

   4. Click Shutdown.

   5. The message “The system is shutting down. Click here to cancel the shutdown.” appears at the top of the Home page.

   6. To stop the shutdown, click the hyperlink marked “here”. You have 60 seconds to cancel the shutdown.
      The message “Shutdown cancelled at user request.” appears at the top of the Home page.
      The shutdown stops.

   7. If you do not stop the shutdown, after 60 seconds, the File IQ Appliance shuts down and the File IQ Appliance user interface is no longer accessible.

This completes the preparation of the File IQ Appliance for recovery.

Recovering the File IQ Appliance

The first step in recovering is to download and install the File IQ Appliance software on the new destination File IQ Appliance platform.

To download the File IQ Appliance software from the Nasuni Web site:

1. If you have not already done so, obtain the Serial Number and Authorization Code for the original source File IQ Appliance on the File IQ Serial Numbers page. You use these in a later step.
   There are several ways to obtain the Serial Number and Authorization Code:

   - If you have the credentials to log in to your Nasuni.com account, you can obtain the Serial Number and Authorization Code for the original source File IQ Appliance on the File IQ Serial Numbers page.

   - Otherwise, if you do not have these credentials, obtain the Serial Number and Authorization Code for the original source File IQ Appliance from the person who has the credentials.

   Important: Authorization codes (also called “Auth codes”) are intended for a single use, and are not permanent. Authorization codes change if the associated serial number is used successfully, if the authorization code is refreshed via the NMC (Account Status --> Serial Numbers, then click Refresh), and if the authorization code is regenerated via the NOC
   (visit https://account.nasuni.com/account/serial_numbers/?app=fda, then click show, then click regen).

2. Log in to your Nasuni account Web site (https://account.nasuni.com/) and click Downloads. The Downloads page appears.
   

3. Select the appropriate format for your virtual environment from the following choices. Then, from the drop-down list, select an available release for the File IQ Appliance. The list of available releases can change.
   AMAZON EC2: Scroll down to the “Appliance AMIs on EC2” area, and follow the instructions to continue installation using appliance AMIs.

   AZURE FORMAT: Select an available version and download the .zip file appropriate for Microsoft Azure environments.

   GOOGLE CLOUD FORMAT: Select an available version and download the .tar.gz file appropriate for Google Cloud environments.

   HYPER-V FORMAT: Select an available version and download the .zip file appropriate for Microsoft Hyper-V environments.

   NUTANIX FORMAT: Select an available version and download the .qcow2 file appropriate for Nutanix AHV environments.

   OVF FORMAT: Select an available version and download the .zip file appropriate for VMware ESXi 7.0 and above environments.

   Important: When performing a recovery procedure, unsupported update paths are blocked. If so, the error message displayed during the procedure might incorrectly state that you are attempting to update to an older version. To avoid this issue, before beginning the recovery process, deploy a File IQ version that corresponds to the major version of the source appliance.

   Note: You can perform the Recovery process to the same version of the software that you were running, or to a newer version than you were running, but not to an older version.

   Note: If you already have the software installation file, you do not have to download it again.  However, the software installation file must not be older than the version you are recovering.

4. Save the File IQ Appliance software file to a location on your local drive.
   The amount of time to download the File IQ Appliance software file depends on your Internet connection. The file is approximately 900 MB in size.

5. Extract the contents of the File IQ Appliance software file.

6. Launch the File IQ Appliance installation program for your platform.

7. Follow the setup wizard. After you have configured your network using the setup wizard, open the specific URL to continue. The “Enter your serial number and authorization code” wizard page appears.
   

8. Enter the File IQ Serial Number and Authorization code for this File IQ Appliance, found on the File IQ Serial Numbers page.
   To recover a prior installation, such as during recovery, choose the File IQ Appliance Serial Number of the prior installation. Click Continue to proceed.

   Important: Authorization codes (also called “Auth codes”) are intended for a single use, and are not permanent. Authorization codes change if the associated serial number is used successfully, if the authorization code is refreshed via the NMC (Account Status --> Serial Numbers, then click Refresh), and if the authorization code is regenerated via the NOC
   (visit https://account.nasuni.com/account/serial_numbers/?app=fda, then click show, then click regen).

9. The “Perform Disaster Recovery on existing Filer” page appears.
   

   Enter “Perform Disaster Recovery” (without the quotation marks) in the Confirmation text box, then click Continue to proceed.

   Note: After performing this step, the original source File IQ Appliance is decommissioned.

10. If there is a more recent version than the version that you are attempting to install, the Software Update page appears.
    

    To apply the suggested update, select “Apply the update” and click Continue. The update is installed.
    Otherwise, make sure that “Apply the update” is not selected, and click Continue.

11. If you selected “Apply the update”, the Applying Updates page appears.
    

    The update is installed.

    Tip: The Web-based display might update several times during the installation of the update. Because some Web browsers cache the display, we recommend clearing the browser cache.

    After the update and reboot are complete, you are directed to the next step of the wizard.
    Alternatively, you can click the link “here” to proceed to the next step and wait for the reboot to finish.

12. The second “Perform Disaster Recovery on existing Filer” page appears.
    

    
    Escrow passphrase. If you escrowed any of your encryption keys (including the backup key) with Nasuni, and you intend to use your escrow passphrase to de-escrow your escrowed encryption keys, perform the following steps:

    1. Select “Yes - Escrow Passphrase” from the drop-down list.
       

       Tip: You can select Yes even if you also have non-escrowed encryption keys, which you would then provide separately.

    2. The Escrow Passphrase pane becomes available.
       

    3. If you do not have an encryption key escrow passphrase available, skip to the De-escrow section.
       Alternatively, if you set an encryption key escrow passphrase and you have the escrow passphrase, enter the escrow passphrase.

    4. Click Continue.

       Important: If you have previously escrowed your encryption keys with Nasuni, and you use these escrowed encryption keys as part of the recovery process, you MUST re-escrow those encryption keys with Nasuni if you want those encryption keys to continue to be escrowed with Nasuni. After the recovery is complete, the File IQ Appliance treats all encryption keys as if they were not created by this File IQ Appliance.

    5. Continue with step 15.

    
    De-escrow. If you escrowed any of your encryption keys (including the backup key) with Nasuni, and you intend to have Nasuni de-escrow your escrowed encryption keys, perform the following steps:

    a. Select “Yes - Recovery Key” from the drop-down list.
    
    Tip: You can select Yes even if you also have non-escrowed encryption keys, which you would then provide separately.

    b. The Recovery Key pane becomes available.
    

    c. Contact Nasuni Support to verify your identity and obtain your one-time-use recovery key. Then enter the Recovery Key.

    d. Click Continue.

    Important: If you have previously escrowed your encryption keys with Nasuni, and you use these escrowed encryption keys as part of the recovery process, you MUST re-escrow those encryption keys with Nasuni if you want those encryption keys to continue to be escrowed with Nasuni. After the recovery is complete, the File IQ Appliance treats all encryption keys as if they were not created by this File IQ Appliance.

    f. Continue with step 15.

    
    Neither Escrow Passphrase nor De-escrow. Otherwise, select No from the drop-down list, then click Continue.
    

    This means that either:

    You do not have any encryption keys escrowed with Nasuni at all.

    Or you do have encryption keys escrowed with Nasuni, but you intend to provide your escrowed encryption keys yourself.

13. If you selected No, the Upload Encryption Keys page appears.
    

    1. Click Choose File to navigate to your encryption key file. This should be an encryption key file for an encryption key that you have used before. Do not use this step to upload new encryption keys. This encryption key file is a .pgp file.

       Caution: The maximum length of a file name is 255 bytes. In addition, the length of a path, including the file name, must be less than 4,000 bytes. Since the UTF-8 representation of characters from some character sets can occupy several bytes, the maximum number of characters that a file path or a file name might contain can vary. If a particular client has other limits, the smaller of the two limits applies.

    2. Enter the Key Passphrase, if necessary, then click Upload Key(s).
       The selected encryption keys are uploaded. (For security reasons, encryption keys that you upload cannot be downloaded from the system.)

       All uploaded encryption keys must be at least 2048 bits long.

       Note: If an uploaded encryption key has an associated passphrase, that passphrase is removed from the encryption key when it is uploaded. The File IQ Appliance does not need the passphrase in order to use the encryption key. However, if you do not escrow this encryption key, and if you ever perform a recovery procedure on the File IQ Appliance, you must provide that passphrase when you upload that encryption key during the recovery procedure.

14. If several encryption key files are necessary, the Upload Encryption Keys page could appear several times. These encryption key files should be for encryption keys that you have used before. Do not use this step to upload new encryption keys.

15. After encryption keys have been provided by one of the three methods, the “Ready to perform disaster recovery!” page appears.
    

    Click Continue.

16. If a database backup is available, click the Recover Nasuni File IQ Database Backup drop-down and choose one of the following options.
     

    1. Recover existing backup. Choose from one of your previous backups.

       Note: The cache is not included in the Nasuni File IQ database backup, nor is it recovered as part of the recovery procedure. It is displayed for informational purposes.

       1. (Optional) Check the box to recover your write-ahead logs, which recovers all recent data (WALs). If you do not choose to recover all write-ahead logs, the minimum number of logs is recovered and the database recovers up to the state it was at the end of the Nasuni File IQ database backup.

       2. Select a previous backup from the table by clicking the corresponding radio button, followed by Continue.

       3. For additional information about restoring a database backup, see Restore considerations.

       4. To monitor the progress of the database restore process, see Monitoring Restore Progress.

Important: As part of the restore process, the Nasuni File IQ database backup schedule is disabled and must be reconfigured.

2. Create new database. This option allows you to begin with an empty Nasuni File IQ database.

Important: When you create a new database, any existing backups remain preserved and accessible for future use. However, automatic retention management does not apply to these backups. You are responsible for manually deleting any backups from your cloud storage bucket if you do not wish to keep them. If you choose to restore these previous backups later, they become eligible for retention management.

17. After selecting Create new database, click Continue.

1. After the backup restore is complete, the following page displays. Click Continue to proceed.
    

2. Read the Terms of Service.

3. You can print or download a copy of the Terms of Service and License Agreement by clicking the appropriate icon.

   Select I accept the Terms of Service, then click Continue.

4. The “Enter a username and password for Administration of this Filer” page appears.
   

   1. Set up an administrator for the File IQ Appliance by creating a Username (case-sensitive) and a Password (case-sensitive). An indicator of password strength appears. Although password strength is not enforced, you should use strong passwords. The newly defined user is automatically a member of the Filer Administrators permission group for this File IQ Appliance.

      Note: If the appliance is managed by the NMC, the entered username and password might be overwritten by credentials from the NMC.

   2. Click Continue.

5. The recovery and restore process is complete. The Configuration Complete page appears.
   

   You can reboot the File IQ Appliance, or click the link “here” to proceed directly to the Login page.

   Note: When a reboot is requested, a notification is logged that the reboot was requested and by whom the reboot was requested.

6. The File IQ Appliance becomes available in a few moments. The Login page appears.
   

   Log in to the File IQ Appliance with your Username (case-sensitive) and Password (case-sensitive). Click Log in.

   Important: If the previous File IQ Appliance was in Active Directory mode, you must re-join Active Directory to maintain ACL support. Similarly, if the previous File IQ Appliance was in LDAP, you must re-join LDAP.

   With the new instance of the File IQ Appliance running, you have regained access to your information.

   Tip: If this File IQ Appliance previously accessed a volume with custom permissions for Remote Access, you must explicitly set those permissions for this File IQ Appliance.

   Important: If you have previously escrowed your encryption keys with Nasuni, and you used these escrowed encryption keys as part of the recovery process, you MUST re- escrow those encryption keys with Nasuni if you want those encryption keys to continue to be escrowed with Nasuni. After the recovery is complete, the File IQ Appliance treats all encryption keys as if they were not created by this File IQ Appliance.

   Tip: A best practice for File IQ Appliances is to join an Active Directory or LDAP domain as soon as recovery is complete. If the previous File IQ Appliance was in Active Directory or LDAP mode, re-join Active Directory or LDAP by clicking ‘Save Settings’.

This concludes the File IQ recovery wizard. Additional steps are in the next section.

Final steps required for File IQ appliances

The following steps are required in order to finalize the File IQ recovery process. These steps are described in more detail in each File IQ Installation guide.

To finalize the recovery, perform the following steps:

1. Connect the Nasuni Volumes to the recovered File IQ Appliance.
   Volumes should automatically reconnect as part of the recovery process. However, you should double check the following points:

   1. If you have not already done so, re-join the recovered File IQ appliance to your directory service, if needed.

   2. Ensure that all volumes are shared with the recovered File IQ appliance with custom Read-Only access, because this is not preserved by the recovery process.

   3. Ensure that all volumes have Snap and Sync schedules disabled for the recovered File IQ appliance. If volumes were previously configured correctly, this is restored as part of the recovery process.

2. Disable Quality of Service (QoS) for the recovered File IQ appliance.

3. Enable File IQ in the File IQ Config page in the NOC (https://account.nasuni.com/account/manage_File IQ_config/).

4. Force the Configuration to be applied on the recovered File IQ Appliance, by refreshing the File IQ license on the NMC.

5. If not already done as part of the previous section:

   1. Configure a new Disaster Recovery key and passphrase and download it.

   2. Configure Automatic Software Updates.

   3. Configure Time Zone and NTP Time Server settings.

6. Monitor the progress of the restore of the database backup and wait for it to complete, see  Monitoring restore.

7. Navigate to the File IQ Status page in the UI in the File IQ Appliance and verify that all checks are successful.

   1. Note that some checks take some time to pass.

      1. Checks related to the File IQ event queue might take a few minutes to pass.

      2. Nasuni audit events received only clear when NEAs discover the new File IQ appliance and start sending events to it with the correct encryption key. This can take up to two hours or so, and only happens when there is usage on the NEA from an end user of the NEA.

      3. The restore process resets the database backup schedule, so the backup schedule validation will fail until a new schedule is defined

8. Verify connectivity to Grafana by using the viewer account with your previous password.

   1. The viewer password is backed up and is restored as part of the recovery process.

   2. Note that, because the File IQ database is not restored, all reports are initially empty.

   3. Events start flowing from all NEAs previously connected to the old File IQ appliance within two hours. You can use the Event Inspector to monitor events in real time.

   4. Audit Event aggregation happens every two hours. Therefore, you might have to wait for up to two hours before seeing events in other Activity and Audit Events dashboards. You can use the Service Support dashboard to track Audit Events Aggregation History.

   5. Shared volumes are scanned consecutively in the background. Depending on the number and size of your volumes, the initial scan might take several hours or days. Volumes start appearing in the various Metadata reports as their corresponding scan completes. You can use the Service Support dashboard to track volume scan progress. Volumes that are connected after the first Metadata scan starts only begin to be processed in the next 24-hour cycle.

9. After everything is set up correctly, you can define a new database backup schedule.

Monitoring Restore Progress

After a database recovery is initiated, progress is observed on the File IQ Edge UI. To monitor progress, navigate to the File IQ Edge UI, click the Status tab, and select Restore Status.

The restoration process is divided into two stages:

• Base Database Recovery: In this stage, the backup of the Nasuni File IQ database is recovered.

• Write-Ahead Log Recovery: During this stage, the write-ahead logs are recovered. Even if you did not choose to recover all write-ahead logs in the recovery wizard, it is still necessary to recover the logs created while the Nasuni File IQ database backup was in progress.

While a restore is occurring, the following processes are unavailable:

• Grafana is unavailable.

• Connected volumes are not processed.

• Activity from the Edge is not processed.

• Alerts do not occur.

• Reporting is unavailable and does not process if scheduled.

When the restore completes, Nasuni File IQ configures itself, starts all ingress tasks, and restarts Grafana.

Note: Grafana is unavailable until the restore process is complete.