Disaster Recovery Best Practices

Delinea offers robust disaster recovery capabilities in Secret Server, which includes:

  • High Availability and resiliency through regional failovers, globally distributed data centers, web server clustering, database mirroring and secrets resiliency.

  • Enhanced disaster recovery features such as automated redundancy, seamless failover, and hybrid failover for both on-premises and cloud deployments.

General Best Practices for Disaster Recovery

 

  • Backup Data with Resilient Instances - Resilient instances refer to the capability of replicating secrets data to another cloud or on-premises instance of Secret Server with automated one-way synchronization from the source instance to the replica. Replicas should be kept in read-only mode to avoid loss of integrity. This ensures continuous access to secrets, even during emergencies, thereby reducing the risk of downtime or disruption in privileged access. See Working with Resilient Secrets to learn more.

  • Using Multifactor Authentication (MFA) - Secret Server offers robust Multi-Factor Authentication (MFA) capabilities to enhance the security of accessing privileged accounts and sensitive information. Key aspects and resources related to MFA in Secret Server include MFA enforcement of credentials, MFA on secrets for Secret Server Cloud customers, integration with Microsoft Authenticator and a lot more. Refer to Multi-Factor Authentication for more information.

  • Security Hardening - Security hardening for Secret Server involves implementing a series of best practices and configurations to enhance the security of your Secret Server instance. This includes securing the operating system, application settings, database, and network communications. Refer to the Security Hardening Guide for more information.

Please be sure to test the items in the Security Hardening Guide one at a time as multiple simultaneous changes can cause issues in case you need to test or revert the changes.

  • Setting Up Event Alerting - provides robust alerting and notification features to help administrators stay informed about critical events and actions. Refer to Event Subscription Overview for information.

  • Leverage Rabbit MQ's Disaster Recovery Capabilities - The Best high availability/disaster recovery multi-site deployment for RabbitMQ Helper in Secret Server is designed to provide high availability and disaster recovery across multiple locations, typically a primary and a secondary disaster recover site. This setup ensures that RabbitMQ Helper clusters are available in multiple locations, providing robust failover capabilities. Learn more about Rabbit MQ.

Version Compatibility

Although there is typically no stringent requirement to align the releases between the source and replica, it is considered best practice to maintain the replica at the same release version of Secret Server as the source to ensure compatibility.

Individual releases may necessitate upgrading, and customers should refer to the release notes for specific requirements. Additionally, customers are advised to always upgrade to ensure their release is within Delinea Support's stated policy.