Export and Import

PAM provides an export option so that your database (configuration, settings, logs and records) can be safely stored for security, import and “break glass” procedures.

The export option can be performed automatically (encrypted) or on-demand (encrypted or decrypted).

If the export is performed with encryption (our recommendation), then your PAM Master Password will be required in order to decrypt the secured data.

Automatically export of PAM Database

To export your System Database Automatically:

  1. Login to PAM using a System Administrator account.
  2. Navigate to Administration > Settings > Parameters.
  3. Enter or accept the default location in the Export Location field to define the export storage location. Use ${PAM_HOME} to define the PAM installation location. Click the Save button to its right to save your change.
  4. Enter a value (measured in minutes) into the Export Schedule field. This value will be the number of minutes between automated exports (enter a zero value to disable the automated export). Click the Save button to its right to save your change.
  5. An event (Category: Application; Level: Info; Event: Export) will be created in the Audit Log when the export is complete.
  6. The export is now saved to your Export Location in a archived zip format, possibly multi-part if the export is large. The naming convention is: xtamexp-YYYYMMDDHHMMSS-{EventID}-{multipart}.zip

The first export will be immediately added to the PAM queue. Subsequent exports will take place in intervals based on the value entered into the Export Schedule parameter.

All automated exports will be executed with encryption.

On-Demand export of PAM Database

To export your PAM Database On-Demand:

  1. Login to PAM using a System Administrator account.
  2. Navigate to Administration > Settings > Parameters.
  3. Enter or accept the default location in the Export Location field to define the export storage location. Use ${PAM_HOME} to define the PAM installation location. Click the Save button to its right to save your change.
  4. Navigate to Administration > Settings > Database.
  5. Click the Export Encrypted or Export Decrypted button to queue the Export procedure.
  6. An event (Category: Application; Level: Info; Event: Export) will be created in the Audit Log when the export is complete.
  7. The export is now saved to your Export Location in a archived zip format, possibly multi-part if the export is large. The naming convention is: xtamexp-YYYYMMDDHHMMSS-{EventID}-{multipart}.zip

The export will be immediately added to the PAM queue and will be performed a single time.

If the export includes encryption (recommended), the PAM Master Password will be required to access its secured data; however if it is exported decrypted (not recommended), then the secured data can be accessed without requiring any passwords.

master_password_to_export_database.png

System Export Retention

All system exports are stored indefinitely, however if you would like to implement a retention schedule for your exports (includes both Scheduled and On-Demand exports) then please configure the option described below.

  1. Login to PAM as a System Administrator.
  2. Navigate to Administration > Settings > Parameters > System Export Retention.
  3. Enter a value (defined in Days). PAM will delete all system export files after this specified number of days. A value of 0 (zero) will disable the retention schedule.
  4. Click the Save button next to this option.

Please note that this retention schedule is applied Globally for all system exports and exports that have been purged due to this schedule cannot be recovered.