Have you actually tested that you can restore your Kemp LoadMaster backup?

Have you actually tested that you can restore your Kemp LoadMaster backup?

Published on 4 mins Last updated

I made a couple of rookie errors the first time I tried to restore a Kemp LoadMaster*. Ok, So I probably should have read the manual first... but what kind of engineer does that? Anyway, I thought I'd write a quick blog that might save you some pain if you need to restore a Kemp in an emergency situation such as a fire, flood, or (far more likely) user error.

And if you want to know why I'm talking about Kemp in the first place, check out this blog: How to manage all your load balancers from one platform!

Getting started with a Kemp LoadMaster backup

First of all, the good news is that Kemp's backup and restore functionality is pretty robust and comprehensive. Almost everything from the configuration is in a single backup file.

💡 PRO TIP

These are the backups you'll need.

The two things you definitely need a separate backup of are:

1) your license key, and

2) your SSL certificates (I always recommend multiple backups of certificates).

Step one: How to backup your Kemp LoadMaster configuration

To backup your configuration, simply navigate to:

  • System Configuration > System Administration > Backup/Restore
  • And click on the blue button > Create Backup File
  • The file is instantly downloaded with a default filename similar to this: LMBackups_lb100_2024_01_09.16_26

Step two: How to restore your Kemp LoadMaster configuration

To restore your configuration, simply navigate to:

  • System Configuration > System Administration > Backup/Restore
  • Choose the relevant file
  • Check the selection box next to VS Configuration
  • And click on the blue button > Restore Configuration

The restore process for both virtual servers and certificates is also fairly responsive and flexible.

So if you restore some virtual servers that are associated with SSL Certificates, and those certificates still exist, then the service will activate within seconds of restoring from the backup.

💡 PRO TIP

If the certificates don't exist then self-signed versions are used instead, which at least gets you up and running even if you have some security errors.

My test configuration came straight back online within a few seconds:

N.B. In general, a reboot of the appliance is only required if the base configuration is restored and you are prompted (as shown here):

Step three: How to backup your Kemp LoadMaster certificates

To backup your certificates, simply navigate to:

  • Certificates & Security > Backup/Restore Certs
  • Enter a passphrase (twice)
  • Click on the blue button > Create Backup File
  • The file is instantly downloaded, with a default filename similar to this: CertBackup_2024_01_08.17.53

Note: The passphrase will be required when restoring the backup. If it is forgotten, there is no way to restore the certificate!

💡 PRO TIP

Be careful here!

I would also strongly recommend you use a consistent naming convention for your certificates, as the label is critical to restore correctly when associating with virtual servers. And you can't rename certificates once they have been created:

Step four: How to restore your Kemp LoadMaster certificates

To restore your certificates, simply navigate to:

  • Certificates & Security > Backup/Restore Certs
  • Choose the relevant file
  • Select All VS and Intermediate Certs
  • Enter the passphrase
  • And click on the blue button > Restore Certificates

💡 PRO TIP

An important note on restoring clustered pairs

There are also some other important things to note, when restoring clustered pairs...

  • It is not possible to restore a single machine configuration onto a High Availability (HA) machine or restore an HA configuration onto a single machine.
  • And (more importantly!) when performing a restore on the standby machine of a HA cluster, only the base configuration can be restored.
  • The Virtual Service configuration is always taken from the active machine.

I guess you would normally recover one and then synchronize the configuration across to the second node. However, there does not appear to be any way of recovering an HA pair without downtime. I would make sure you have a full backup and documentation for both nodes. And test your disaster recovery procedure multiple times.

Paolo Valsecchi has written a detailed blog on the Kemp HA upgrade process.

Obviously, it's not possible to restore a configuration with ESP-enabled Virtual Services onto a machine that is not enabled for ESP. And the same goes for GEO configurations, I assume.

Step five: How to restore your Kemp LoadMaster license key

Don't forget that you might need to restore your licence key!

To restore your licence key, simply navigate to:

  • System Configuration > System Administration > Licence Management
  • After Installing a license key, it's recommended to then do a full system reboot.
  • And strangely the new licence reset the password back to the default of '1forall', until I rebooted and my original password came back?

💡 PRO TIP

Don't forget your disaster recovery tests...

Anyway, my fundamental point is, you should definitely do your own disaster recovery tests. And do it right now before you get distracted by something far less important!

Please let me know if you find any other gotchas — or have tips and tricks that other users may find valuable. Just add in the comments section, below!

*Kemp Technologies and LoadMaster are trademarks of Progress Software, Inc. Loadbalancer.org Ltd has no affiliation with Progress Software, Inc. so use of these names, trademarks and brands does not imply endorsement by either party.

The new ADC Portal centralized management platform

Find out what a vendor-agnostic solution looks like