How to configure the Schedule Backup for PAM with CIFS/NFS

Document ID : KB000046959
Last Modified Date : 15/06/2018
Show Technical Document Details

This document will help you to configure the Schedule Backup feature in PAM for NFS and CIFS destinations.

CA Privileged Access Manager has a built-in mechanism to create database backups on a regular basis. The backup files are stored externally.

Depending of the release you can store the logs to an SSH server using a public key authentication or via network file systems like NFS or CIFS which do not require such key authentication.

Note, backup to CIFS or NFS are available since PAM release 2.7

CA PAM 2.7.x
CA PAM 2.8.x
CA PAM 3.x

Necessary information to configure scheduled backup is:

  1. Directory path where backup files are stored to.
  2. Username and password for login user to the server with write permission (Only in CIFS).
  3. User Domain (Only in CIFS)

For the scheduled backup other information like frequency and what to do with old backup files can be specified.

  • Login to PAM and navigate to:
    • 2.x: Config->Database.
    • 3.x: Configuration->Database
  • On the page shown, select "Schedule Backup" or "Backup Scheduler".
  • The time entered is in UTC/GMT.
  • Set the frequency of the backup, date, time.


A) If you chose “NFS" protocol:

1. Enter the path of the shared folder where the backup files are stored.
    Ensure to have the folder shared and with write permissions.

2. Enter the Destination hostname or IP.

e.g. for testing purposes you may put this setting to the /etc/exports file of the NFS server
/backupfolder        *(rw,all_squash,anonuid=0,anongid=0)

In PAM you set for:
Share Path:  /backupfolder


B) If you chose "CIFS" protocol: 

1. Enter the path of the shared folder where the backup files are stored.
    Eg: \\\backupfolder

    (or alternatively // )

2. Enter username and password and user's domain

3. Select “Save Schedule”.

4. Finally select "Mount".


Note: To edit the schedule date in CIFS and NFS, you need to unmount, edit, save and mount the shared drive.

Additional Information:

If you have configured a cluster and want to store backup files for all nodes in the same target folder then is recommended to schedule different times to execute the backup on each node. Else the name of the backup file are the same for the various nodes and may overwrite each other. 

The file name nomenclature of the backups are:

Database Backup File Name: "gkscheddb<date><Y%m%d%H%M%S> _ <DBVersion>"
Configuration Backup File Name: "gkschedcfg<date><Y%m%d%H%M%S>_<PAMRelease>"

Therefore it is recommended to store backups of each node in a separate target folder.

Note, if the cluster on all nodes is in sync and good health the PAM database on all nodes are identical, hence a backup might only be performed on one of these nodes.

However the PAM configuration might differ on each node, e.g due to the specific network configuration or different super/config user's password.

Hence the recommendation to perform a backup of the configuration once there were changes.

File Attachments: