Remote Transfer of AppViewX Backups

This section outlines the steps to set up SFTP backups, modify the SFTP server settings post-installation, and decrypt and restore backups.

Setting Up SFTP Backups

Enable the SFTP transfer by setting the SFTP_TRANSFER option to TRUE in the appviewx.conf file
Specify the SFTP server details as follows:
1. For the REMOTE_BACKUP_SERVER parameter, enter the IP address of the SFTP backup server.
2. For the REMOTE_BACKUP_SERVER_SSH_PORT parameter, specify the SSH port used by the remote server.
3. For the REMOTE_BACKUP_ABSOLUTE_PATH parameter, provide the path where backups should be stored on the remote server.
Choose the authentication method for the REMOTE_BACKUP_SERVER_AUTHENTICATION_METHOD parameter, elect the authentication method. Options include 'rsa', 'password', or 'passwordless'.

Based on the authentication method selected, you will prompted to enter details as follows:

RSA-Based Authentication:
- If REMOTE_BACKUP_SERVER_AUTHENTICATION_METHOD is set to 'rsa', you will be prompted to enter only the username during installation.
- REMOTE_BACKUP_SERVER_AUTHENTICATION: Specify the file path of the private key used to connect to the remote server.
Password-Based Authentication: If REMOTE_BACKUP_SERVER_AUTHENTICATION_METHOD is set to 'password', you will be prompted to enter the username and password for the remote server during the installation process.
Passwordless Authentication:
- If REMOTE_BACKUP_SERVER_AUTHENTICATION_METHOD is set to 'passwordless', only the username will be prompted during installation.
- Ensure the private key is stored as id_rsa under ~/.ssh/ on each server listed in MONGODB_HOST in the appviewx.conf file and chmod 400 id_rsa.

Navigate to the location where the Mongo backups are stored on the server.
Run the following command to extract the backup and key files:
```
tar -xzf <mongo_backup>.tar.gz
```
Copy the private key generated during the installation or setup_sftp utility from the .appviewx_configuration directory to a file named backup_key.pem.

Use the following command to decrypt the AES key:

openssl pkeyutl -decrypt -inkey backup_key.pem -in <aes_encrypted_key>.bin -out decrypted_aes_key.bin

Decrypt the Mongo backup file using the decrypted AES key:
```
openssl enc -d -aes-256-cbc -pbkdf2 -in <mongo_backup>.bin -out <mongo_backup>.tar.gz -pass file:decrypted_aes_key.bin
```
Note: The file name specified with -out should follow the pattern: the file name of the .bin file up to UTC_2024 (the year), followed by .tar.gz.

Navigate to the installer scripts directory.
```
cd INSTALLER_PATH/scripts
```
Execute the Mongo restore script with the path to the decrypted backup file:
```
./mongo_restore.sh <DECRYPTED_BACKUP_FILE_PATH>
```

Navigate to the location where the Vault backups are stored on the server.
Run the following command to extract the backup and key files:
```
tar -xzf <vault_backup>.tar.gz
```
Copy the private key generated during the installation or setup_sftp utility from the .appviewx_configuration directory to a file named backup_key.pem.

Use the following command to decrypt the AES key:

openssl pkeyutl -decrypt -inkey backup_key.pem -in <aes_encrypted>.bin -out decrypted_aes_key.bin

Decrypt the Vault backup file using the decrypted AES key:

openssl enc -d -aes-256-cbc -pbkdf2 -in <vault_backup>.bin -out vault_backup.txt -pass file:decrypted_aes_key.bin

Navigate to the installer scripts directory.
```
cd INSTALLER_PATH/scripts
```
Execute the Vault restore script with the path to the decrypted backup file:
```
./vault_restore.sh <DECRYPTED_BACKUP_FILE_PATH>
```