This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
phlrnnr
Advisor
‎2018-08-17 05:58 AM

In R80.10 is cpstop before 'migrate export -n' still recommended?

Jump to solution

I'm running an R80.10 version of Security Managment Server.  With the new database format, etc. is it still recommended to do a cpstop before running 'migrate export -n <path>' ?

In automating the migrate export / move file off of the server, I'd prefer not to have to completely stop and restart the check point services if it isn't necessary.

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2018-08-17 06:39 AM

Jump to solution

Hi Philip,

the recommendation comes from the fact you want to make sure nobody is doing any changes during the backup or migrate procedure. The most efficient way to do that is to turn off management. 

This is not a requirement and just a recommendation, as you mentioned. WIth R80.X you can script your procedure so you query open admin session with MGMT API before going into the next step. 

View solution in original post

7 Replies
Jerry
Leader
Leader
‎2018-08-17 06:37 AM

Jump to solution

afaik migrate_export does the cpstop anyway Smiley Happy but don't worry, moving files on cpd running wouldn't affect your "extract". that's what I've experienced few weeks ago in production env. on R80.10 take 112

Jerry
0 Kudos
_Val_
Admin
Admin
‎2018-08-17 06:40 AM
In response to Jerry

Jump to solution

correct, cpstop is not performed when doing migrate export. 

_Val_
Admin
Admin
‎2018-08-17 06:39 AM

Jump to solution

Hi Philip,

the recommendation comes from the fact you want to make sure nobody is doing any changes during the backup or migrate procedure. The most efficient way to do that is to turn off management. 

This is not a requirement and just a recommendation, as you mentioned. WIth R80.X you can script your procedure so you query open admin session with MGMT API before going into the next step. 

phlrnnr
Advisor
‎2018-08-17 08:04 AM
In response to _Val_

Jump to solution

Thanks a lot for the suggestions.  A couple follow ups:

1. If there are open sessions / users making changes, could that cause the exported database to be corrupt?  Or would the export just not contain their changes?

2. If I were to use the MGMT API to do this query, I'm guessing I'd have to call 'show-sessions' to get all object UIDs for existing sessions.  Then I'd have to loop through each of those UIDs using show-session.  What parameter(s) in the response of show-session should I check specifically to see if the session is open?

3. If I detect one of these open sessions, is it better for me to abort the migrate export?  Or to do cpstop and kick them out of their sessions?

Thanks for your help!

0 Kudos
_Val_
Admin
Admin
‎2018-08-17 08:11 AM
In response to phlrnnr

Jump to solution

Q: If there are open sessions / users making changes, could that cause the exported database to be corrupt?  Or would the export just not contain their changes?

A: Yes, there is a risk of inconsistency when someone is performing a write operation while you are exporting DB

Q:  If I were to use the MGMT API to do this query, I'm guessing I'd have to call 'show-sessions' to get all object UIDs for existing sessions.  Then I'd have to loop through each of those UIDs using show-session.  What parameter(s) in the response of show-session should I check specifically to see if the session is open?

A: You only need to see if there are no session in any of the write and/or locking mode

Q: If I detect one of these open sessions, is it better for me to abort the migrate export?  Or to do cpstop and kick them out of their sessions?

A: You can abort, of course. Alternatively, you could pause migrate operation, query users by name and aske them to disengage. Kicking out is also an option, less graceful and a bit more risky, especially for sessions in write mode.

0 Kudos
phlrnnr
Advisor
‎2018-08-17 10:23 AM
In response to _Val_

Jump to solution

Should I only care about  the 'connection-mode' parameter?  Or should I also care if any sessions have 'locks' or 'changes'?

0 Kudos
_Val_
Admin
Admin
‎2018-08-17 10:32 AM
In response to phlrnnr

Jump to solution

Let me rephrase my answer on the second question. If you can make sure that there are no write and/or lock sessions, you are good to go.

0 Kudos