Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

HOWTO: Disaster Recovery for Trustwave SPE

Expand / Collapse


This article applies to:

  • Trustwave SPE/ MailMarshal SPE

Question:

  • What is required to allow disaster recovery of a SPE installation?
  • What are best practices to move a SPE installation?

Procedure:

Disaster recovery of a SPE installation involves two parts: preparedness (backups), and re-installation.

This article assumes you are familiar with Trustwave SPE and SEG (MailMarshal SMTP) concepts.

Note: Similar steps can be used to move an existing installation to a new environment (new machine names and IP addresses).

Preparedness

To be prepared for recovery, ensure that you have backed up all applicable items. Items to back up include:

  • The SPE configuration database.
  • The SEG databases from each array.
  • The SEG configuration from each array (using MMExportCfg).
    • For versions below SPE 4.2 (below SEG 8.2), you must separately back up DKIM keys if any from SEG
  • The Quarantine folder contents from each Node of each array.
  • (If custom filetypes are used) The Filetype.cfg file from the SEG Array Manager server (this is also covered in the SPE database).
  • (MailMarshal SPE 2.X only) The website\branding folder.  (In version 3.X, branding items are stored in the database.)
  • Ensure you have a record of which components are installed on which servers.

You could also use VM snapshots, particularly to move an installation.

Re-installation

To restore email flow most quickly, restore SEG arrays first.

For each SEG array:

  • Note: Do not install the SPE Agents at this stage (the Marshal Agent, and the Replication Agent for earlier versions).
    • If you are using VM snapshots, stop the Agents and set to manual start before restoring the SPE Web Console server or Marshal Interface Agent server.
    • To ensure array configuration and replication work as expected, the SPE Array settings must be updated before the Agents connect.
  1. Install SEG software on the Array Manager. Use a temporary database to avoid unwanted changes from configuration import.
  2. Import the configuration from backup.
  3. Add a Registry entry as follows (assumes SEG 8.x):
    • In Regedit, navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\
    • Add a new DWORD named: inSPE
    • Set the value to 1
    • Commit configuration and restart services.
  4. Request a new license key. Provide your customer ID in the request for automatic response. Using a license key associated with your account ensures that licensed features such as BTM are correctly configured.
  5. Restore the production SEG database.  
  6. Use the Server Tool to connect to the restored production database.
  7. Install SEG software on the Nodes and re-connect to Array Manager.
  8. On each Node, restore Quarantine folders.
  9. Restore Filetype.cfg (if required). Note that SPE will also restore this file when configuration is reloaded.
  10. For SEG 8.0 with DKIM keys, if nodes were re-created, you must import DKIM keys on the nodes. Contact Trustwave for assistance. 

At this stage email flow should be restored.

To restore SPE:

  1. Restore the SPE Configuration database.
  2. Install the core SPE server components using the restored database.
    • For version 3.6 and above, this includes the Marshal Interface Agent and the Admin Console web server. If these are on separate servers, install MIA first.
    • For version 3.5 and below, this is the Web Console server, which includes the Admin Console and core components on one server.
  3. When the installer and database wizard completes successfully (including client configuration for version 3.6 and above), log into the SPE Admin Console and make sure the configuration appears correct. Arrays will not be connected at this stage.
    • If IP addresses or server names have changed be sure to update all Array and Server settings in the SPE Web Console before proceeding to the next step.
  4. Install SPE components on the SEG servers.
    • For version 3.8, the Marshal Agent on Array Managers and nodes. 
    • For earlier versions, the Replication Agent on Array Managers and Marshal Agent or Status Agent on nodes.
    • If the SEG servers were restored from VM snapshots, run the SPE Client Settings application on each SEG server, and then start the Agents and set to automatic start.
  5. Force a configuration reload from the Admin Web Console (Arrays->Reload). Monitor the Array Manager logs for any errors.
  6. Install any other SPE website servers (3.X only) and the Reporting Agent (Reporting Agent is for versions prior to 3.6).
  7. (For version 2.X only) Restore any custom branding to the website\branding folder.

Notes:

  • Also consider backup/recovery of DNS and other infrastructure settings.
  • Advanced installations may need to preserve customizations to IIS. You could use Microsoft WebDeploy to back up IIS items.

To contact Trustwave about this article or to request support:


Rate this Article:
     

Related Articles



Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.