Knowledge Center

Overview of the ePolicy Orchestrator 5.x Disaster Recovery Snapshot feature
Technical Articles ID:   KB87976
Last Modified:  5/24/2019


McAfee ePolicy Orchestrator (ePO) 5.x


In previous versions of ePO, backing up the ePO environment for disaster recovery purposes was essentially a manual process (described in detail in KB66616). ePO 5.x introduced the Disaster Recovery Snapshot feature, which simplifies the process of backing up and recovering an ePO environment.

Two things are required to make a functional ePO installation: the ePO database, and parts of the McAfee ePO server file system. To have a backup that you can successfully restore from, you must have backups of both of these items, and they must both match. For example, imagine you have a database backup from one week ago, but two days ago you checked in a new extension, and your file system backup is from last night. The file system will not match and they cannot be used to restore ePO without modification and possible loss of data and functionality.

In the ePO 5.x Disaster Recovery feature, the files required for recovery are stored inside the ePO database itself in what is referred to as a Snapshot. This snapshot, combined with the ePO installer, which can extract these files from an existing database, means that all you need to restore an ePO installation is a database containing a valid snapshot.

IMPORTANT: In the same way that a database and file system must match as described in KB66616, an ePO 5.x database and its snapshot must also match. For example, imagine you took a disaster recovery snapshot one week ago, you checked in a new extension two days ago, and last night you backed up the ePO database without taking a new snapshot. The database and snapshot would not be in sync, and so it would be unlikely that you could successfully restore from that database.

ePO 5.x tries to avoid this situation. A dashboard monitor called Server Snapshot, which can be added to your dashboards, is also shown in the default ePO Server Snapshot dashboard. The color and title of the Server Snapshot monitor tells you the status of your latest snapshot:
Color Action Details
Blue Saving Snapshot to Database Snapshot process is in progress.
Green Snapshot Saved to Database Snapshot process completed successfully and it is up to date.
Red Snapshot Failed An error occurred during the snapshot process.
Gray No Snapshot Available No Disaster Recovery snapshot has been saved.
Orange Snapshot Out of Date Changes to the configuration have occurred and a recent snapshot has not been saved. Changes that trigger a Snapshot Out of Date status include:
  • Any extension changed. For example, updated, removed, deleted, upgraded, or downgraded.
  • The "Keystore" folder changed. For example, new agent/server keys added.
  • The "conf" folder changed.
  • The Disaster Recovery passphrase was changed in Server Settings.

Taking a snapshot is a simple process and can be done in several ways:
  • A default server task called Disaster Recovery Snapshot Server has been created, and by default is scheduled to run once a day. The task can be scheduled to run as required.
  • An on-demand task can be executed by clicking the Run action.
  • You can also take a snapshot on demand by clicking the Take Snapshot button on the Server Snapshot dashboard monitor.
After the snapshot is taken, and when the database is backed up as part of your normal SQL maintenance plan, you have a single backup file that can be used to restore your ePO environment.

The main items saved to the snapshot are:
  • Configuration folders (..\Server\conf)
  • Keystore folders (..\DB\Keystore and ..\Server\Keystore)
  • Extensions (the ..\Server\extensions\installed folder structures)
  • Master Repository contents (..\DB\Software folder structures)
NOTE: This list is not definitive, because each extension can also define data to be saved to the snapshot.

When the snapshot is saved to the database, it is encrypted using a passphrase. You must choose and enter a passphrase when installing ePO 5.x. This passphrase can also be changed from the Server Settings, Disaster Recovery page in the ePO console.

IMPORTANT: This passphrase cannot be recovered if forgotten, and you are unable to restore ePO from the database containing the snapshot. 

Recommended Best Practices
  • Taking a snapshot saves an appreciable amount of data to the ePO database. McAfee recommends that you do not schedule snapshot tasks at the same time as database backups. Instead, schedule your database backup to run shortly after the snapshot task completes.
  • Because it is important to keep the database and snapshot in sync, the recommended best practice is to manually take a snapshot followed by a full database backup before you perform any major operations on your ePO environment. (Major operations would be upgrading an extension or checking in a new one, or especially upgrading ePO to a new version.)
  • Sometimes, if you have applied hotfixes to your ePO installation, a manual intervention is required after an ePO restore.
    Example: After a Disaster Recovery restore, the JRE server is the same as the original ePO installation version, without any hotfixes applied. As a result, if server.xml has compression="on" and it worked with JRE with hotfixes, it might not work with original JRE, so changing to compression=”off” might be required.
  • Retain a list of all applied ePO hotfixes, so you can reapply them after the restore.
    IMPORTANT: After you restore ePO 5.10, the latest available ePO Cumulative Update must be applied using the Repair option. This option forcefully reapplies all updates included in the ePO 5.10 Cumulative Update.

Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States
Spanish Spain

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.