Backup & Recovery
This guide covers backup strategies, configuration export, and disaster recovery procedures for Anava deployments.
Backup Overview
What to Back Up
| Data Type | Location | Backup Method |
|---|---|---|
| Configuration | Cloud | Export via API/UI |
| Skills & Profiles | Cloud | Group export |
| User Accounts | Cloud | Admin export |
| Camera Settings | Cameras | Axis backup utility |
| Sessions/Events | Cloud | Scheduled export |
Backup Strategy
Configuration Backup
Exporting Group Configuration
Export all settings for a group:
Via UI:
- Go to Groups → Select group
- Click Settings → Export
- Choose format (JSON recommended)
- Save file securely
Via API:
curl -X GET "https://api.anava.ai/v1/groups/{groupId}/export" \
-H "Authorization: Bearer {token}" \
-o group-backup-$(date +%Y%m%d).json
Export Contents
| Component | Included |
|---|---|
| Group settings | ✓ |
| Skills | ✓ |
| Profiles | ✓ |
| Camera assignments | ✓ |
| Device overrides | ✓ |
| Schedules | ✓ |
Export Formats
| Format | Use Case | Size |
|---|---|---|
| JSON | API integration, restore | Medium |
| YAML | Human readable, version control | Medium |
| CSV | Spreadsheet review | Small |
Automated Exports
Schedule regular exports:
Backup Schedule:
Frequency: Weekly (Sunday 2 AM)
Groups: All
Format: JSON
Destination: S3://backups/anava/
Retention: 90 days
Session/Event Backup
Session Export
Export session data for archival:
- Go to Sessions
- Set date range filter
- Click Export
- Choose:
- Metadata only (CSV)
- Full data (JSON)
- With images (ZIP)
Scheduled Export
Configure automatic session exports:
| Setting | Recommendation |
|---|---|
| Frequency | Daily |
| Time | After midnight |
| Range | Previous 24 hours |
| Format | JSON + images |
| Retention | Per compliance requirements |
Archival Storage
Store backups in secure location:
| Option | Pros | Cons |
|---|---|---|
| Cloud storage (S3, GCS) | Durable, accessible | Ongoing cost |
| Local NAS | Low cost | Single site risk |
| Tape/Cold storage | Cheapest | Slow recovery |
Camera Configuration Backup
Axis Camera Backup
Back up camera settings separately:
Via Camera Web UI:
- Access camera web interface
- Go to System → Maintenance
- Click Create backup
- Save
.tarfile
Via VAPIX API:
curl -u admin:password \
"http://192.168.1.100/axis-cgi/serverreport.cgi?type=backup" \
-o camera-backup.tar
What's Backed Up
| Camera Component | In Backup |
|---|---|
| Network settings | ✓ |
| User accounts | ✓ |
| Video settings | ✓ |
| Analytics config | ✓ |
| ACAP settings | ✓ |
| I/O configuration | ✓ |
Batch Camera Backup
For many cameras, use Axis Device Manager:
- Select cameras in ADM
- Configuration → Backup
- Save all backups to designated folder
- Document camera-to-file mapping
User Account Backup
Exporting Users
Export user list and roles:
- Go to Settings → Users
- Click Export Users
- Format: CSV or JSON
Export Contents
| Field | Included |
|---|---|
| ✓ | |
| Role | ✓ |
| Group access | ✓ |
| Last login | ✓ |
| MFA status | ✓ (status only) |
| Passwords | ✗ (never exported) |
User Recovery
Users can be re-imported, but:
- Passwords must be reset
- MFA must be reconfigured
- OAuth links must be re-established
Restore Procedures
Restoring Configuration
Via UI:
- Go to Groups → Import
- Upload backup JSON file
- Choose:
- Create new (new group IDs)
- Overwrite (replace existing)
- Review changes
- Confirm import
Via API:
curl -X POST "https://api.anava.ai/v1/groups/import" \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d @group-backup.json
Import Options
| Option | Behavior |
|---|---|
| Create new | New group with new IDs |
| Overwrite | Replace existing group |
| Merge | Add to existing (skills/profiles) |
Camera Reassignment
After restore, reassign cameras:
- Cameras may have different serial numbers
- Review camera assignments
- Update as needed
Restore Verification
After restore, verify:
- All groups present
- Skills configured correctly
- Profiles active
- Camera assignments correct
- Test detection working
- VMS receiving events
Disaster Recovery
DR Scenarios
| Scenario | Recovery Path |
|---|---|
| Configuration corruption | Restore from backup |
| Accidental deletion | Restore from backup |
| Cloud outage | Wait for service restore |
| Camera failure | Replace and reconfigure |
| Complete site loss | Full rebuild from backups |
Recovery Time Objectives
| Component | RTO | RPO |
|---|---|---|
| Cloud service | < 4 hours | 0 (real-time) |
| Configuration | < 1 hour | Last backup |
| Camera | < 1 hour | Last backup |
| Historical data | Variable | Daily backup |
DR Procedure
Step 1: Assess
1. Identify what was lost
2. Determine scope of impact
3. Gather latest backups
4. Notify stakeholders
Step 2: Prepare
1. Verify backup integrity
2. Prepare new infrastructure (if needed)
3. Document recovery plan
4. Assign responsibilities
Step 3: Restore
1. Restore cloud configuration
2. Verify cloud services operational
3. Restore camera configurations
4. Reassign cameras to groups
5. Test detection pipeline
Step 4: Verify
1. Test all profiles
2. Verify VMS integration
3. Confirm notifications
4. Document any changes
5. Update stakeholders
DR Checklist
Pre-disaster preparation:
- Regular backup schedule configured
- Backups tested (restore verified)
- Backup storage accessible independently
- DR procedure documented
- Team trained on recovery
- Contact list current
DR Testing Program
Disaster recovery capabilities must be validated through regular testing. This section defines the DR testing program that ensures Anava deployments can be recovered within defined objectives.
Recovery Objectives
| Objective | Target | Measurement |
|---|---|---|
| RTO (Recovery Time Objective) | 4 hours | Time from disaster declaration to full service restoration |
| RPO (Recovery Point Objective) | 24 hours | Maximum acceptable data loss measured in time |
Objective Breakdown by Component:
| Component | RTO | RPO | Notes |
|---|---|---|---|
| Cloud configuration | 1 hour | 24 hours | From weekly backup |
| User accounts | 1 hour | 24 hours | Passwords require reset |
| Camera configs | 2 hours | Quarterly | From ADM backup |
| Historical sessions | 4 hours | 24 hours | From daily export |
| Detection pipeline | 30 min | N/A | Stateless after config restore |
Test Schedule
DR tests are conducted quarterly to validate recovery capabilities and maintain team readiness.
| Quarter | Test Type | Scope | Duration |
|---|---|---|---|
| Q1 (Jan-Mar) | Full DR drill | All components | 4 hours |
| Q2 (Apr-Jun) | Tabletop exercise | Scenario walkthrough | 2 hours |
| Q3 (Jul-Sep) | Full DR drill | All components | 4 hours |
| Q4 (Oct-Dec) | Tabletop exercise | Scenario walkthrough | 2 hours |
Additional Testing:
- Monthly: Configuration restore verification (1 hour)
- After major changes: Targeted recovery test
- Annually: Third-party DR audit (if required)
Test Scenarios
Scenario 1: Configuration Corruption
Trigger: Production configuration becomes corrupted or accidentally deleted.
Procedure:
- Declare test scenario active
- Export current configuration (for comparison)
- Simulate corruption by noting current state
- Restore from most recent weekly backup
- Verify all groups, skills, and profiles
- Reassign test cameras
- Validate detection pipeline
- Document time and issues
Success Criteria:
- Configuration restored within 1 hour
- All groups present and accurate
- Detection pipeline operational
- No data loss beyond RPO
Scenario 2: Camera Infrastructure Loss
Trigger: Multiple cameras require replacement (hardware failure, site damage).
Procedure:
- Identify affected cameras from inventory
- Retrieve camera backups from ADM archive
- Configure replacement hardware
- Restore camera settings from backup
- Re-provision Anava ACAP
- Reassign to appropriate groups
- Verify integration and detection
Success Criteria:
- Cameras operational within 2 hours
- Settings match pre-disaster state
- VMS integration functional
- Detection accuracy validated
Scenario 3: Complete Cloud Recovery
Trigger: Full cloud environment requires rebuild (catastrophic failure, security incident).
Procedure:
- Activate secondary/DR environment (if available)
- Restore user accounts from backup
- Import all group configurations
- Restore camera assignments
- Reconfigure VMS integrations
- Validate all detection pipelines
- Notify users of password reset requirement
- Re-establish OAuth connections
Success Criteria:
- All services operational within 4 hours
- Data loss within 24-hour RPO
- All integrations functional
- User access restored
Scenario 4: Tabletop Exercise
Trigger: Quarterly scenario review without system changes.
Procedure:
- Present scenario to DR team
- Walk through response steps verbally
- Identify gaps in documentation
- Review contact list accuracy
- Validate backup accessibility
- Update procedures as needed
Success Criteria:
- All team members understand roles
- Procedures are current and complete
- Contact information verified
- Backup locations confirmed accessible
Test Execution Checklist
Pre-Test:
- Schedule test window with stakeholders
- Notify affected teams
- Verify backup availability and integrity
- Prepare test environment (if not production)
- Assign roles and responsibilities
- Prepare timing/documentation materials
During Test:
- Record start time
- Log each step completion time
- Document any blockers or issues
- Note workarounds required
- Capture screenshots of key milestones
- Track personnel involved
Post-Test:
- Record completion time
- Calculate actual RTO achieved
- Verify RPO compliance
- Conduct debrief with team
- Document lessons learned
- Update procedures as needed
- File test report
Success Criteria Matrix
| Criterion | Full DR Drill | Tabletop | Monthly Verify |
|---|---|---|---|
| RTO met (< 4 hours) | Required | N/A | N/A |
| RPO met (< 24 hours) | Required | N/A | Required |
| All configs restored | Required | Reviewed | Required |
| Detection validated | Required | Discussed | Optional |
| Integrations working | Required | Discussed | Optional |
| Documentation updated | Required | Required | As needed |
| Report filed | Required | Required | Required |
Test Documentation
Test Report Template
Each DR test must produce a formal report. Use this structure:
# DR Test Report
## Test Information
- **Test Date:** YYYY-MM-DD
- **Test Type:** [Full Drill / Tabletop / Monthly Verify]
- **Scenario:** [Description]
- **Test Lead:** [Name]
- **Participants:** [Names]
## Timing Summary
- **Test Start:** HH:MM
- **Test End:** HH:MM
- **Total Duration:** X hours Y minutes
- **RTO Target:** 4 hours
- **RTO Achieved:** X hours Y minutes
- **RTO Status:** [PASS / FAIL]
## Recovery Point Analysis
- **Last Backup Date:** YYYY-MM-DD HH:MM
- **Simulated Disaster Time:** YYYY-MM-DD HH:MM
- **Data Gap:** X hours
- **RPO Target:** 24 hours
- **RPO Status:** [PASS / FAIL]
## Execution Summary
### Steps Completed
1. [Step] - [Duration] - [Status]
2. [Step] - [Duration] - [Status]
...
### Issues Encountered
| Issue | Impact | Resolution | Action Item |
|-------|--------|------------|-------------|
| [Description] | [High/Med/Low] | [How resolved] | [Follow-up] |
## Verification Results
- [ ] Configuration restored accurately
- [ ] All groups present
- [ ] Skills and profiles functional
- [ ] Camera assignments correct
- [ ] Detection pipeline operational
- [ ] VMS integration verified
- [ ] User access restored
## Lessons Learned
1. [Finding and recommendation]
2. [Finding and recommendation]
## Action Items
| Item | Owner | Due Date | Status |
|------|-------|----------|--------|
| [Task] | [Name] | YYYY-MM-DD | [Open/Closed] |
## Sign-Off
- **Test Lead:** _________________ Date: _______
- **IT Manager:** _________________ Date: _______
- **Compliance:** _________________ Date: _______
Report Storage
| Report Type | Retention | Storage Location |
|---|---|---|
| Full DR drill | 3 years | Compliance archive |
| Tabletop exercise | 2 years | IT documentation |
| Monthly verification | 1 year | Operations logs |
Compliance Coverage
DR testing addresses the following compliance requirements:
SOC 2 Type II
Trust Services Criteria A1.3 - Recovery Testing
"The entity tests recovery plan procedures supporting system recovery to meet its objectives."
Evidence Required:
- Quarterly test schedule and execution records
- Test reports with RTO/RPO measurements
- Action items and remediation tracking
- Management sign-off on test results
How Anava Addresses:
- Quarterly DR drills with documented results
- Automated backup verification with integrity checks
- Defined RTO (4 hours) and RPO (24 hours) with measurement
- Formal test reports filed in compliance archive
ISO 27001:2022
Control A.17.1.3 - Verify, Review and Evaluate Business Continuity
"The organization shall verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations."
Evidence Required:
- Documented test procedures
- Test execution records
- Gap analysis and improvements
- Regular review cycle
How Anava Addresses:
- Documented test scenarios and procedures
- Quarterly test execution with reports
- Lessons learned driving procedure updates
- Annual review of DR program effectiveness
Additional Frameworks
| Framework | Relevant Control | Coverage |
|---|---|---|
| NIST CSF | PR.IP-9, PR.IP-10 | Recovery planning and testing |
| HIPAA | 164.308(a)(7)(ii)(D) | Testing and revision procedures |
| PCI DSS 4.0 | 12.10.2 | Annual testing of incident response |
Continuous Improvement
After each DR test, the following review process ensures ongoing improvement:
-
Immediate Debrief (within 24 hours)
- What worked well?
- What needs improvement?
- Any critical gaps identified?
-
Procedure Updates (within 1 week)
- Update documentation based on findings
- Refine runbooks and checklists
- Adjust backup schedules if needed
-
Training Updates (within 1 month)
- Address knowledge gaps
- Update team training materials
- Schedule additional training if required
-
Quarterly Review
- Trend analysis across tests
- RTO/RPO performance tracking
- Resource and tool assessment
Backup Best Practices
Schedule
| Backup Type | Frequency | Retention |
|---|---|---|
| Configuration | Weekly | 12 weeks |
| Sessions | Daily | 30 days |
| Full export | Monthly | 12 months |
| Camera configs | Quarterly | 4 quarters |
Storage
-
Use multiple locations
- Primary: Cloud storage
- Secondary: Different region/provider
-
Encrypt backups
- At rest: AES-256
- In transit: TLS
-
Verify integrity
- Checksums on all backups
- Regular restore tests
Testing
Monthly:
- Restore random configuration backup
- Verify all settings present
- Document any issues
Quarterly:
- Full DR drill
- Time the recovery
- Update procedures
Documentation
Maintain:
- Backup locations and access
- Recovery procedures
- Contact list
- Change log
Backup Automation
Script Example
#!/bin/bash
# anava-backup.sh - Weekly configuration backup
DATE=$(date +%Y%m%d)
BACKUP_DIR="/backups/anava"
API_TOKEN="your-api-token"
GROUPS="group1 group2 group3"
for GROUP in $GROUPS; do
curl -s -X GET "https://api.anava.ai/v1/groups/${GROUP}/export" \
-H "Authorization: Bearer ${API_TOKEN}" \
-o "${BACKUP_DIR}/${GROUP}-${DATE}.json"
# Verify backup
if jq empty "${BACKUP_DIR}/${GROUP}-${DATE}.json" 2>/dev/null; then
echo "✓ ${GROUP} backup successful"
else
echo "✗ ${GROUP} backup FAILED"
# Send alert
fi
done
# Cleanup old backups (90 days)
find ${BACKUP_DIR} -name "*.json" -mtime +90 -delete
Scheduling
Linux (cron):
0 2 * * 0 /path/to/anava-backup.sh
Windows (Task Scheduler):
- Create basic task
- Weekly trigger, Sunday 2 AM
- Action: Run script
Troubleshooting
Backup Fails
-
Check authentication
- API token valid?
- Permissions correct?
-
Check connectivity
- API reachable?
- Storage accessible?
-
Check space
- Sufficient storage?
- Clean old backups
Restore Fails
-
Check backup integrity
- File not corrupted?
- Valid JSON/format?
-
Check compatibility
- Version match?
- Schema compatible?
-
Check permissions
- User can import?
- Group access correct?
Related Topics
- Upgrade Guide - Pre-upgrade backups
- Security Configuration - Backup security
- Installation - Initial configuration