Help Center> Host Security Service (Old)> User Guide> WTP> Adding a Remote Backup Server
Updated on 2023-02-16 GMT+08:00

Adding a Remote Backup Server

By default, HSS backs up the files from the protected directories (excluding specified subdirectories and file types) to the local backup directory you specified when adding protected directories. To protect the local backup files from tampering, you must enable the remote backup function.

If a file directory or backup directory on the local server becomes invalid, you can use the remote backup service to restore the tampered web page.

Prerequisites

The following servers can be used as remote backup servers:

Huawei Cloud Linux servers whose Server Status is Running and Agent Status is Online

  • The remote backup function can be used when the Linux backup server is connected to your cloud server. To ensure a proper backup, you are advised to select a backup server on the same intranet as your cloud server.
  • You are advised to use intranet servers least exposed to attacks as the remote backup servers.

Configuring a Remote Backup Server

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. Choose Web Tamper Protection > Installation and Configuration. Click the Backup Server tab and click Add Backup Server.

    Figure 1 Configuring a backup server

  4. In the displayed dialog box, add a remote backup server and set required parameters. For details, see Table 1.

    Figure 2 Adding a remote backup server
    Table 1 Parameters for a remote backup server

    Parameter

    Description

    Address

    This address is the private network address of the Huawei Cloud server.

    Port

    Ensure that the port is not blocked by any security group or firewall or occupied.

    Backup Path

    Path of remote backup files.

    • If the protected directories of multiple servers are backed up to the same remote backup server, the data will be stored in separate folders named after agent IDs.

      Assume the protected directories of the two servers are/hss01 and hss02, and the agent IDs of the two servers are f1fdbabc-6cdc-43af-acab-e4e6f086625f and f2ddbabc-6cdc-43af-abcd-e4e6f086626f, and the remote backup path is /hss01.

      The corresponding backup paths are /hss01/f1fdbabc-6cdc-43af-acab-e4e6f086625f and /hss01/f2ddbabc-6cdc-43af-abcd-e4e6f086626f.

    • If WTP is enabled for the remote backup server, do not set the remote backup path to any directories protected by WTP. Otherwise, remote backup will fail.

  5. Click OK.

Enabling Remote Backup

  1. Choose Web Tamper Protection > Server Protection. Click Configure Protection. The Protected Directory Settings tab is displayed.
  2. Set Type to Directory and click Enable Remote Backup.

    Figure 3 Enabling remote backup

  3. In the Enable Remote Backup drop-down list, select a server.

    Figure 4 Setting remote backup

  4. Click OK.

Follow-Up Procedure

Disabling remote backup

Exercise caution when performing this operation. If remote backup is disabled, HSS will no longer back up files in your protected directories.