Skip to main content

Illumio Core 25.2.10 Install, Configure, Upgrade

Back Up Supercluster

You need to perform regular backups on all PCEs in the Supercluster.

Different data is backed up depending on whether you run the backup from the Supercluster leader or a member:

  • Leader backup: policy database, which has information for all the regions; traffic redis instance; login information; reporting database; supercluster configuration data.

  • Member backup: login information, traffic redis instance, reporting database, supercluster configuration data.

  • All PCE nodes' runtime environment file: The runtime_env.yml is not included in the backup and must be backed up separately for each node. The default location of the PCE Runtime Environment File is /etc/illumio-pce/runtime_env.yml. When the location is different on your system, you can find it by checking the value of the ILLUMIO_RUNTIME_ENV environment variable.

  • Traffic database: The traffic database dump can be very large, depending on the traffic datastore size. Therefore, the Supercluster database dump on leader and member PCEs does not include the traffic data. A separate procedure is provided. See the "Back Up the Traffic Database" section of the "PCE Database Backup" topic in the PCE Administration Guide.

When to Back Up

Follow your own organization's policies and procedures for backup, including frequency (such as, hourly, daily, or weekly) and retention of backups offsite or on a system other than any of the Supercluster nodes.

Illumio recommends taking backups in the following situations:

  • Before and after a PCE version upgrade

  • After pairing a large number of VENs

  • After updating a large number of workloads (such as, changing workload policy state or applying labels)

  • After provisioning major policy changes

  • After making major changes in your environment that affect workload information (such as, an IP address changes)

  • Before and after adding new PCEs to your Supercluster

  • After you assign a new leader

  • On-demand backups before the procedures documented in this guide, such as migration and upgrade

Back Up Each PCE's Data

For the leader and every member PCE in your Supercluster, perform these steps:

  1. Create a directory for the backup file that is not one of the PCE software's installation directories.

  2. Grant both the ilo-pce user and the user who will run the backup command Read and Write permissions to this directory.

  3. Run the following command:

    sudo -u ilo-pce install_root/illumio-pce-db-management 
supercluster-data-dump --file desired_location_of_backup_file

  4. Repeat these steps for every PCE in the Supercluster.

Copy Leader Backup to Members

Copy the backup file that you just made on the leader PCE to the data0 node of each member PCE. In this way, if it becomes necessary to restore the entire Supercluster, the leader's data is readily available to every member so the data can be restored more quickly. (The leader PCE backup is not needed if only a single PCE is to be restored; in that case, the PCE's own member backup is sufficient.) You can copy the leader backup file to any file system location of the member data0 node, except for the PCE software's installation directories. Be sure that all member PCEs have the same version of the leader PCE backup. Using different versions of the leader PCE backup can cause data replication to fail after the Supercluster restore is complete.

Back Up Leader and Member Runtime Environment Files

Store a copy of each node's runtime_env.yml file on a system that is not part of the Supercluster. By default, the PCE Runtime Environment File is stored in /etc/illumio-pce/runtime_env.yml. When the location is different on your system, locate the file by checking the ILLUMIO_RUNTIME_ENV environment variable.