Disaster Recovery for SEG (MailMarshal)


This article applies to:

  • Trustwave MailMarshal (SEG) 

Question:

  • How can I prepare for and execute disaster recovery of MailMarshal?

Introduction:

SEG/MailMarshal is designed for fault tolerance in case of server or network failures. When MailMarshal is installed as an array (with Array Manager and balanced processing nodes), email flow can be maintained even if some of the servers are unavailable. This article provides the information needed to plan for and carry out recovery from a server issue.

Procedure:

Planning and preparation:

The first essential step for recovery is to have complete backups of the software, configuration, files, and databases.
  • Keep the installer files for the installed version of MailMarshal and any Marshal anti-virus packages (or third party anti-virus packages) that you use.
  • Make regular backups of your MailMarshal configuration, database, and all contents of MM quarantine folders and keep them in a separate location. For information, see the following articles:
    • Q10928: When and how should I back up my MailMarshal Configuration?
    • Q10220: How do I back up and restore folder contents in MailMarshal?
    • Q10221: How do I back up my MailMarshal or WebMarshal database?
  • Keep a record of server names, custom service accounts, and any other special configuration you may have applied.

Recovering a standalone Array Manager:

If MailMarshal is installed as an array with separate Array Manager and processing nodes, you can use this procedure to re-install the Array Manager component.

  1. If you are re-installing on the same server, verify that MailMarshal software is completely removed from the server (including the installation directory and Registry).
  2. If you are re-building a server, use the same server name and IP address that was used for the previous server, if at all possible.
  3. Install SQL Server if necessary, and restore the MailMarshal databases (SEG database, Syslog database if configured, and Config Service database for MailMarshal (SEG) 10.X).
  4. Install the Array Manager (and user interfaces).
  5. On the SEG Database window of the Installation Wizard, enter a new, temporary database name, and credentials if necessary. The fields on this window differ depending on the MailMarshal version.
    • Note: DO NOT specify your restored production database. The database you specify here is a temporary database that will be deleted shortly.
    • A temporary database is needed because the Configuration Wizard can make unwanted changes in an existing database.
    • For the MailMarshal (SEG) 10.X config service database, it is safe to enter the production database details in the wizard.
  6. Complete the installation wizard, and start the configuration interface (MailMarshal (SEG) 10 web interface; MailMarshal Configurator for earlier versions).
  7. In the Configuration Wizard, enter the basic configuration information. The data you enter is not important, because it will be overwritten when you restore the configuration from backup.
  8. Open the Server and Array Properties window (General, Backup, or Restore tab, depending on version).
  9. Choose the latest configuration backup, and import it.
    • For MailMarshal (SEG) 10, you must place the file to be imported in the ConfigurationBackup subfolder on the Array Manager
  10. Also copy any other files required to completely restore configuration (such as file type definitions or XML category files), and if necessary configure any additional items such as custom service accounts.
  11. Once import is complete, commit MailMarshal configuration, and re-start services as prompted.
  12. Open the MailMarshal Server Tool (found in the MailMarshal > MailMarshal Tools program group on the Windows Start menu).
  13. On the database window of the Server Tool, change the database location and enter the details of your production MailMarshal database.
    • Note: For versions 6.7 and below, to change the database click Change. For versions 6.8 and above, simply enter the new information.
  14. When you click OK or Apply, you will be prompted that a valid MailMarshal database of that name already exists. Select USE and retain data.
    • DO NOT overwrite the database!

  15. Exit the Server Tool. You may be prompted to re-start the MailMarshal Array Manager service.

To verify database function, check information in the user interfaces. 

At this point, if the name and IP address of the Array Manager are unchanged and nodes are running, you should see node status in the Server and Array Configuration window/pane.

  • If nodes are known to be running, but they are missing from the server list or cannot be contacted, see the section on rejoining nodes to the array (below).

Recovering an email processing server (node):

If MailMarshal is installed as an array with separate Array Manager and processing nodes, you can use this procedure to re-install one or more email processing servers.

  • If you need to re-install both the Array Manager and processing servers, you should verify the Array Manager is functional before recovering processing servers.
  1. If you are re-installing on the same server, verify that MailMarshal software is completely removed from the server (including the installation directory and Registry).
  2. If you are re-building a server, use the same server name and IP address that was used for the previous server, if at all possible.
  3. Install the MailMarshal software (processing server option).
  4. Install any anti-virus products, and perform a signature update.
    • If you use a third-party scanner, ensure that the required folder scanning exclusions are configured.
  5. Restore the contents of Quarantine folders. See article Q10220.
  6. Use the Configurator or MailMarshal (SEG) 10 web interface to check node status. If the node server name and IP address are unchanged, the node may be available immediately. If it shows as offline, see the section on rejoining nodes to the array (below).
  7. Once the node shows as available, check and configure TLS if applicable.
  8. Commit configuration to begin applying rules.

Rejoining nodes to the array:

After you recover one or more processing servers, you may find that the nodes are not joined to the array. If the server names are not identical this is very likely to be the case.

To rejoin a node:

  1. On the node to be connected, run the MailMarshal Server Tool and choose the Array / Node Communications tab (6.7 and below) or Node > Array item (6.8 and above).
  2. In version 6.7 and below, click Change…
  3. Enter the details for the Array Manager server, select Join Array, and enter connection credentials.
    • For versions 8.X and below, you can use any credentials defined on the Manager Security tab of the MailMarshal Properties page in the Configurator.
    • For version 10.X you need an administrator credential for the Array Manager computer, and also a SEG ArrayJoin credential (see the Server Tool on the Array Manager).
  4. Restart the services on the node as prompted.
  5. Commit configuration changes.

Repeat these steps for any additional nodes.

At this point, full message content of restored messages may be unavailable in the Console. The reason is that the Node ID of a rejoined node may differ from the ID encoded in the message file names (stored in the Quarantine folders on the node).

  • For information about how to fix this issue, see Q10412.

Recovering a single server installation:

If your MailMarshal installation uses a single server for all functions (Array Manager and processing server):

  • Generally follow the instructions for recovering an Array Manager, above. Install all features.
  • Install and configure anti-virus products immediately after the MailMarshal software, and perform a signature update.
    • If you use a third-party scanner, ensure that the required folder scanning exclusions are configured.
  • Restore Quarantine folders immediately after restoring configuration.
  • You may need to rejoin the node to the array, even though all functions are on the same server. See the section on rejoining a node, above.


Last Modified 4/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle15306.aspx