1. Overview

Prisma Cloud disaster recovery automatically backs up all data and configuration files periodically. You can view all backups, make new backups, and restore specific backups from the Console UI. You can also restore specific backups using the twistcli command line utility.

Prisma Cloud is implemented with containers that cleanly separate the application from its state and configuration data. To back up a Prisma Cloud installation, only the files in the data directory need to be archived. Because Prisma Cloud containers read their state from the files in the data directory, Prisma Cloud containers do not need to be backed up, and they can be installed and restarted from scratch.

When data recovery is enabled (default), Prisma Cloud archives its data files periodically and copies the backup file to a location you specify. The default path to the data directory is /var/lib/twistlock. You can specify a different path to the data directory in twistlock.cfg when you install Console.

2. Configuring automated backups

By default, automated backups are enabled. With automated backups enabled, Prisma Cloud takes a daily, weekly, and monthly snapshots. These are known as system backups.

To specify a different backup directory or to disable automated backups, modify twistlock.cfg and install (or reinstall) Prisma Cloud Console. The following configuration options are available:

Configuration option Description

DATA_RECOVERY_ENABLED

Enables or disables automated backups.

  • true — Enables automated backups (default).

  • false — Disables automated backups.

DATA_RECOVERY_VOLUME

Specifies the directory where backups are saved.

For example, archives could be saved on durable persistent storage, such as a volume from Amazon Elastic Block Storage (EBS).

The default value is /var/lib/twistlock-backup.

  1. Open twistlock.cfg for editing.

  2. Scroll down to the Data recovery section.

  3. Enable (or disable) automated back up by setting DATA_RECOVERY_ENABLED to true (or false).

    DATA_RECOVERY_ENABLED=true
  4. Specify the location where backups should be stored.

    DATA_RECOVERY_VOLUME=</PATH/TO/BACKUP/VOLUME>
  5. Load your new configuration settings.

    If you have not installed Prisma Cloud Console yet, follow the regular installation procedure. For more information, see Install Prisma Cloud.

    If Prisma Cloud has already been installed on your host, load your new twistlock.cfg file by re-running twistlock.sh. The following command assumes that twistlock.sh and your updated twistlock.cfg reside in the same directory.

    $ sudo ./twistlock.sh console

3. Making manual backups

Prisma Cloud automatically creates and maintains daily, weekly, and monthly backups. These are known as system backups. You can also make your own backups at any point in time. These are known as manual backups.

  1. Open Console.

  2. Go to Manage > System > Backup & Restore.

  3. Under Manual backups, click Create backup.

  4. Give your backup a name, then click Create.

    Your backup file is stored in /var/lib/twistlock-backup in the storage volume allocated to Prisma Cloud Console. For a onebox installation, this would simply be the local file system of the host where Console runs. For a cluster, such as Kubernetes, this would be the persistent volume allocated to the Console service.

4. Restoring backups from the Console UI

You can restore Console from a backup file directly from within the Console UI. The Console UI lists all available backups.

You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 19.11.512, you cannot restore a backup whose version is 19.11.506. To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it.
  1. Open Console.

  2. Go to Manage > System > Backup & Restore.

  3. Click Restore on one of the system or manual backups.

  4. After the database is reloaded from the backup file, restart Console.

    For a onebox installation, ssh to the host where Console runs, then run the following command:

    $ docker restart twistlock_console

    For a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:

    // Get the name of Prisma Cloud Console pod:
    $ kubectl get po -n twistlock | grep console
    
    // Delete the Prisma Cloud Console pod:
    $ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlock
    If any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly.
    If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible.

5. Restoring backups from twistcli

You can restore Console from a backup using twistcli. Use this restore flow when Console is unresponsive and you cannot access the UI to force a restore to a known good state.

You can only restore Console from a backup file whose version exactly matches the current running version of Console. Therefore, if the current running version of Console is 2.5.88, you cannot restore a backup whose version is 2.5.50. To restore a different version of Console, install the Prisma Cloud version that matches your backup version, then follow the procedure here to restore that backup. As long as the specified backup directory (by default, /var/lib/twistlock-backup) contains your backup file, you’ll be able to restore it.

Prerequisites:

  • Your host can access the volume where the Prisma Cloud backups are stored. By default, backups are stored in /var/lib/twistlock-backup, although this path might have been customized at install time.

  • Your host can access the Prisma Cloud’s data volume. By default, the data volume is located in /var/lib/twistlock, although this path might have been customized at install time.

  • Your version of twistcli matches the version of the backup you want to restore.

  1. Go to the directory where you unpacked the Prisma Cloud release.

  2. Run the twistcli restore command. Run twistcli restore --help to see all arguments.

    1. List all available backups. To list all files in the default backup folder (/var/lib/twistlock-backup), run twistcli restore without any arguments:

      $ ./twistcli restore

      To list all backup files in a specific location, run:

      $ ./twistcli restore <PATH/TO/FOLDER>
    2. Choose a file to restore by entering the number that corresponds with the backup file.

      For example:

      aqsa@aqsa-faith: ./twistcli restore --data-recovery-folder /var/lib/twistlock-backup/
      Please select from the following:
      0: backup1      2.5.91  2018-08-07 15:10:10 +0000 UTC
      1: daily        2.5.91  2018-08-06 16:10:48 +0000 UTC
      2: monthly      2.5.91  2018-08-06 16:10:48 +0000 UTC
      3: weekly       2.5.91  2018-08-06 16:10:48 +0000 UTC
      Please enter your selection:
      0
  3. After the database is reloaded from the backup file, re-install/restart Console.

    For a onebox installation, ssh to the host where Console runs, then rerun the installer:

    $ sudo ./twistlock.sh -ys onebox

    For a Kubernetes installation, delete the Console pod, and the replication controller will automatically restart it:

    // Get the name of Prisma Cloud Console pod:
    $ kubectl get po -n twistlock | grep console
    
    // Delete the Prisma Cloud Console pod:
    $ kubectl delete po <TWISTLOCK_CONSOLE> -n twistlock
    If any new Defenders were installed since the backup was created, restart those Defenders. Otherwise, they might not function properly.
    If a Defender created any new runtime models since the backup was created, restart those Defenders. Otherwise, those models might not be visible.

6. Downloading backup files

Prisma Cloud Compute lets you download backup files so that they can be copied to another location. Backup files can be downloaded from:

  • Console — Go to Manage > System > Backup & Restore, and click Actions > Export to download a backup.

  • API — Use the GET /api/v1/backups/{id} endpoint to download a specific backup, where {id} is the full name of the backup file. An example of a full file name is daily-20.03.140-1583278547.tar.gz. Full file names can be retrieved from Console’s data folder here: /var/lib/twistlock-backup.