The UpGuard appliance is the on-premises version of an UpGuard Core instance. This guide outlines some of the ongoing pro tips and tricks for maintaining your appliance after initial setup.

Your UpGuard Core appliance is the center of your UpGuard experience. This guide outlines some of the ongoing tasks you can look out for or set up to keep your appliance running and robust. For more information around setting up an appliance, please view our guide on Appliance Provisioning.

Installing Regular Updates

UpGuard provides monthly software updates which include new features and bug fixes. The corresponding release notes for each release can be found in the left panel of this support site under Core > Core Release Notes. Your Account Manager should keep you regularly posted on new release packages becoming available for installation.

Monitoring Disk Usage

You can monitor the disk usage percentages of the disks that comprise your on-prem appliance by polling the System Metrics Endpoint via the API. Depending on your configuration, UpGuard can also monitor the disk usages for you. Please ask your Account Manager if you are unsure if your monitoring is enabled or would like assistance interfacing the System Metrics Endpoint into your favorite monitoring tool.

Monitoring Your Appliance’s SSL Certificate Expiry

When installing your on-premises UpGuard Core instance you would have installed SSL certificates to ensure that communications between your appliance, connection managers and your users is secure and trustworthy. It’s important to make sure your certificates are up to date. Here, we recommend adding your own UpGuard appliance as a Website node to that you can track and be alerted on the upcoming SSL certificate expiry date.

For more details on how to set up this alert, please view our guide on Setting up SSL Certificate Expiry Alerting. When following this guide, the URL field will be the full URL to your UpGuard appliance and the Public setting can be set to No as your appliance is probably not accessible to the public internet.

Alerting on Scan, Integration or Connection Manager Failures

Once all of your nodes are added and scanning on a regular basis you may want to be alerted when one of them stops scanning. If you have integrations set up to log events into your other products and system you may also want to be alerted when an attempted action into an integration fails. Same for when a Connection Manager goes offline for any reason.

To be alerted on any of these events, navigate to Control > Events. For scan failures and integration failures, we have two inbuilt Global Saved Views which can filter for these particular types of events. You should attach an action to each of these views to be notified of these events occurring.

For Connection Managers being offline, you can create a custom Organization Saved View with the following query:

# for any connection manager being offline
type=Connection Manager Offline
# for a particular connection manager being offline
type=Connection Manager Offline AND variables.connection_manager=My Windows CM

For more information on on creating the right alerting action, please view our guide on Event Actions.

Backups and Disaster Recovery

The UpGuard appliance keeps daily backups of the internal database onboard and keeps an appropriate number of backups based on the size of the database relative to the available disk space available. The backup disk corresponds to diskC in the System Requirements page.

However, it is also recommended that external backups are collected in case something happens to the appliance itself and the onboard database or backup drives cannot be accessed. UpGuard does not allow user access into the appliance itself under any circumstances. We offer two main backup options outlined below, which you should discuss with your Account Manager.

VM Snapshot

The simplest method is to take periodic whole VM snapshots of the appliance. Depending on your available snapshot storage and automation capabilities, a standard recommended approach here would be to take daily snapshots at off peak times and keep say 1 to 2 weeks of snapshots.

The advantages to this approach is that a particular good snapshot can be restored from a point in time as it was without any further appliance setup or migration of data. The disadvantages relate to storage and snapshot capabilities.

Typical Recovery/Resolution Time
Minutes, depending now how quickly your VM team can restore a snapshot.

Database Backup

In this approach, only the most recent backup of the database is stored offboard on a regular basis. The backup can be periodically downloaded from the appliance via a locked down SCP-based account and each backup file is encrypted with an onboard key pair so the only actor able to decrypt the backup is the appliance itself.

The advantages of this approach is less storage consumption than storing the entire VM, and that the VM itself doesn’t undergo a period of reduced performance during the snapshot period. The disadvantages are that only the database data is persisted and the recovery process requires a complete rebuild of the appliance from scratch, with a final step being restoring the most recent database backup into the rebuilt appliance.

Unlike the snapshot approach, this approach requires a small setup process on your appliance. Ask your Account Manager to walk you through the details of the scpdown scenario.

Typical Recovery/Resolution Time
From hours to a day, depending on how quickly a fresh VM can be downloaded and installed in your infrastructure, and how large your DB backup is (which relates to how long it could take to sync a DB backup into the new appliance).

Which Option is Best?

You should discuss the pros and cons with your Account Manager as there are other internal policies, procedures and capabilities which may make one approach favorable over the other. Ignoring all external factors, the snapshot approach is most recommended as all the relevant moving parts are stored together and can be restored together much easier.

Tags: appliance