Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Migrating self-hosted instances to AWS RDS

    Table of Contents

    Overview Configure New Database Pause Netskope One DSPM Instance Export Initial Database Populate New Database Restart Netskope One DSPM Instance

    Overview

    All self-hosted Netskope One DSPM instances are shipped with an internal PostgreSQL database. Depending on the deployment’s scale, you may benefit from leveraging the AWS RDS service instead. This article outlines the steps for migrating your initial database to RDS.

    These instructions only apply to self-hosted Netskope One DSPM instances running within AWS as EC2 instances, and they should only be executed at the direction of your assigned Customer Service Manager (CSM). These instructions do not apply to either:

    • Self-hosted instances running as Docker containers, as they are already using RDS
    • Netskope One DSPM-hosted tenants, as Netskope One DSPM manages it on your behalf.

    Because your Netskope One DSPM instance will be unavailable during part of this process, we recommended you perform these instructions outside of normal business hours (such as during a pre-advertised maintenance window).

     

    Configure New Database

    Excerpt: AWS: Configure New Database

    1. Click this link to log into your AWS RDS Console, which will navigate you to the RDS service.
    2. Under Amazon RDS in the left-hand menu, navigate to Databases.
    3. The Databases screen is displayed.
    4. Click the Create database button.
    5. On the next screen, in the Engine options section, complete the following fields:
    Section Field Value
    Engine options
         		 Engine type
         		 PostgreSQL 
     
    Version
         		 PostgreSQL 11.15-R1 
     
    Instance configuration
         		 DB instance class
         		 t3.2xlarge  
     
    Storage
         		 Storage type
         		 General Purpose SSD (gp2) (unless advised differently by your CSM) 
     
    Allocated storage
         		 50 (unless advised differently by your CSM) 
     
    Connectivity
         		 Public access
         		 No, if this database resides in the same VPC as your Netskope One DSPM instance. 

    Otherwise, Yes. 
     
    VPC security group
         		 Select (or create) a security group which permits traffic from the Netskope One DSPM instance. 
     
    Additional configuration > Database options
         		 Initial database name
         		 discovery 
     

    With the exception of the above values which Netskope One DSPM requires to operate, the AWS RDS default values can be used, or your can override them as your business needs.  This includes applying your own master user name, backup schedule, DB parameter groups, and availability & durability configurations.

    1. Make note of the Master username and master password values for later use.
    2. Click the Create database button.
    3. The Databases screen is displayed once again.
    4. For the new database, click its link in the DB Identifier column.  
    5. In the Connectivity & security section, make note of the Endpoint value for later use.

    Pause Netskope One DSPM Instance

    1. Log into your Netskope One DSPM instance’s UI.
    2. Navigate to Data Stores > Data Store Inventory screen.
    3. On the Connected tab, for each Data Store with an in-progress scan, click its Cancel Scan icon in the Actions column.
    4. Navigate to Support.
    5. Make note of your Netskope One DSPM instance version for later use.
    6. Using your CLI, SSH into your Netskope One DSPM instance.
    7. Stop your Netskope One DSPM instance by executing the command ./discovery/bin/discovery stop.

    Export Initial Database

    1. Using your CLI, SSH into your Netskope One DSPM instance.
    2. Depending on your Netskope One DSPM instance’s version, set the following environment variables in your .bashrc file. Substitute {Endpoint}, {Master username} and {Master password} with the corresponding values from the Configure New Database section above.export Netskope One DSPM_DATABASE_HOST_OVERRIDE={Endpoint} export Netskope One DSPM_DATABASE_USER={Master username} export Netskope One DSPM_DATABASE_PASSWD={Master password}
    3. Execute the following commands in order:
    Command Outcome Notes 
    source .bashrc
    		Applies the environment variable updates 
         		 None 
    pg_dump -U postgres discovery > dump.sql
    		 Export the initial database’s data The export’s duration will vary depending on the amount of data present and may take up to an hour.  Validate this activity is complete before continuing to the next step.

    Populate New Database

    1. Using your CLI, SSH into your Netskope One DSPM instance.
    2. Execute the following command. Substitute {Endpoint} and {Master username} with the corresponding value from the Configure New Database section above.
    Command Outcome Notes 
    psql -h {Endpoint) -p 5432 -U {Master username} -d discovery < dump.sql
    		 Imports the initial database’s data into the new database. The import’s duration will vary depending on the amount of data present and may take up to an hour.  Validate this activity is complete before continuing to the next step.

    Restart Netskope One DSPM Instance

    1. Using your CLI, SSH into your Netskope One DSPM instance.
    2. Restart your Netskope One DSPM instance by executing the command ./discovery/bin/discovery start.
    3. Log into your Netskope One DSPM instance’s UI.
    4. Navigate to Data Stores > Data Store Inventory screen.
    5. On the Connected tab, for each Data Store you wish to resume scanning, click its Run Scan icon in the Actions column.

    At this point, you can free up space on your Netskope One DSPM instance by removing the initial database and export file. Use these commands to delete both:

    dropdb -U postgres discovery
rm dump.sql

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support