This article applies to:
- Trustwave SPE/ MailMarshal SPE
Question:
- What is required to allow disaster recovery of a SPE installation?
- What are best practices to move a SPE installation?
Procedure:
Disaster recovery of a SPE installation involves two parts: preparedness (backups), and re-installation.
This article assumes you are familiar with Trustwave SPE and SEG (MailMarshal SMTP) concepts.
Note: Similar steps can be used to move an existing installation to a new environment (new machine names and IP addresses).
Preparedness
To be prepared for recovery, ensure that you have backed up all applicable items. Items to back up include:
- The SPE configuration database.
- The SEG databases from each array.
- The SEG configuration from each array (using MMExportCfg).
- For versions below SPE 4.2 (below SEG 8.2), you must separately back up DKIM keys if any from SEG
- The Quarantine folder contents from each Node of each array.
- (If custom filetypes are used) The Filetype.cfg file from the SEG Array Manager server (this is also covered in the SPE database).
- (MailMarshal SPE 2.X only) The website\branding folder. (In version 3.X, branding items are stored in the database.)
- Ensure you have a record of which components are installed on which servers.
You could also use VM snapshots, particularly to move an installation.
Re-installation
To restore email flow most quickly, restore SEG arrays first.
For each SEG array:
- Note: Do not install the SPE Agents at this stage (the Marshal Agent, and the Replication Agent for earlier versions).
- If you are using VM snapshots, stop the Agents and set to manual start before restoring the SPE Web Console server or Marshal Interface Agent server.
- To ensure array configuration and replication work as expected, the SPE Array settings must be updated before the Agents connect.
- Install SEG software on the Array Manager. Use a temporary database to avoid unwanted changes from configuration import.
- Import the configuration from backup.
- Add a Registry entry as follows (assumes SEG 8.x):
- In Regedit, navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\
- Add a new DWORD named: inSPE
- Set the value to 1
- Commit configuration and restart services.
- Request a new license key. Provide your customer ID in the request for automatic response. Using a license key associated with your account ensures that licensed features such as BTM are correctly configured.
- Restore the production SEG database.
- Use the Server Tool to connect to the restored production database.
- Install SEG software on the Nodes and re-connect to Array Manager.
- On each Node, restore Quarantine folders.
- Restore Filetype.cfg (if required). Note that SPE will also restore this file when configuration is reloaded.
- For SEG 8.0 with DKIM keys, if nodes were re-created, you must import DKIM keys on the nodes. Contact Trustwave for assistance.
At this stage email flow should be restored.
To restore SPE:
- Restore the SPE Configuration database.
- Install the core SPE server components using the restored database.
- For version 3.6 and above, this includes the Marshal Interface Agent and the Admin Console web server. If these are on separate servers, install MIA first.
- For version 3.5 and below, this is the Web Console server, which includes the Admin Console and core components on one server.
- When the installer and database wizard completes successfully (including client configuration for version 3.6 and above), log into the SPE Admin Console and make sure the configuration appears correct. Arrays will not be connected at this stage.
- If IP addresses or server names have changed be sure to update all Array and Server settings in the SPE Web Console before proceeding to the next step.
- Install SPE components on the SEG servers.
- For version 3.8, the Marshal Agent on Array Managers and nodes.
- For earlier versions, the Replication Agent on Array Managers and Marshal Agent or Status Agent on nodes.
- If the SEG servers were restored from VM snapshots, run the SPE Client Settings application on each SEG server, and then start the Agents and set to automatic start.
- Force a configuration reload from the Admin Web Console (Arrays->Reload). Monitor the Array Manager logs for any errors.
- Install any other SPE website servers (3.X only) and the Reporting Agent (Reporting Agent is for versions prior to 3.6).
- (For version 2.X only) Restore any custom branding to the website\branding folder.
Notes:
- Also consider backup/recovery of DNS and other infrastructure settings.
- Advanced installations may need to preserve customizations to IIS. You could use Microsoft WebDeploy to back up IIS items.