To keep your Guardian instance running smoothly, there are some basic maintenance tasks you should complete on a regular basis. In this topic, you'll find some tips on how to ensure your instance is up-to-date as well as ways you can safeguard your data against loss or corruption.
Install Regular Updates
Cloudhouse provides monthly Guardian software updates that include new features and bug fixes. It's important to keep your Guardian instance up-to-date, and your Cloudhouse Representative should alert you to a new release becoming available. However, you can always find release notes for each version of Guardian under What's New in Guardian 2025.
Monitor Disk Usage
To ensure you always have sufficient storage available, you should regularly monitor the disk usage of your Guardian instance. Insufficient disk space may lead to inefficient performance, which can cause unnecessary vulnerabilities within your estate. You can monitor disk usage via the Guardian API's System Metrics Endpoint. To easily poll this endpoint using Ruby or Python, use the following scripts:
Note: Before running either of the below scripts, insert your own instance_url, api_key, and sec_key. Additionally, each script includes a template to perform an action if disk usage percentage is greater than 80%. It's important to configure this portion of the script to take your desired action. For assistance, contact your Guardian Representative.
Ruby
# gem install upguard
require 'upguard'
instance_url = "https://me.cloudhouse.com"
api_key = "1234"
sec_key = "5678"
o = UpGuard::Account.new(instance_url, api_key, sec_key)
o.system_metrics.each do |m|
if m.metric == "DB_DISK_USAGE_PERCENTAGE" && m.value > 80.0
# alert someone, somewhere
end
endPython
# pip install upguard
import upguard
instance_url = "http://me.cloudhouse.com"
api_key = "1234"
sec_key = "5678"
o = upguard.Account(instance_url, api_key, sec_key)
ms = o.system_metrics()
for m in ms:
if m.metric == "DB_DISK_USAGE_PERCENTAGE":
if m.value > 80:
# alert someone, somewhereMonitor SSL Certificate Expiry
If you're running an on-premises Guardian instance, you are utilizing SSL certificates to secure communications between the appliance, your Connection Managers, and your users. These certificates must be kept up-to-date to ensure their efficacy. An easy way to monitor your SSL certificates is to add your own Guardian appliance as a node with a Website type so you can be alerted to upcoming expiration dates for your certificates. For help setting up this alert, see Configure SSL Certificate Expiry Alerting. And if your certificate does expire, see Create an SSL Certificate for information on how to create and install a new one.
Enable Alerts for Scan, Integration, and Connection Manager Failures
Once you have Guardian up and running with all of your nodes, integrations, policies, and more configured, many of your tasks will be handled automatically by the appliance. As such, it's important that you configure alerts to let you know if any one aspect of your appliance stops working for any reason. For example, if an integration fails, this could have downstream impacts on your configured events or actions. So, you'll want to know as soon as possible if something has gone awry.
We recommend configuring alerts for the following as a starting point:
-
Failed scans.
-
Failed integrations.
-
Offline Connection Managers.
To configure and manage these alerts, navigate to the Events tab (Control > Events). Here, you can leverage the built-in saved views to filter for these particular events, attaching an action to each so you are notified when they occur. For example, you could configure Guardian to send a Slack message when there is an integration failure. Or, you could filter for offline Connection Managers manually using the following query, then create a custom saved view and corresponding action:
# for any connection manager being offline
type=Connection Manager Offline
# for a particular connection manager being offline
type=Connection Manager Offline AND variables.connection_manager=My Windows CMFor more information on configuring these alerts, see Events and Actions.
Maintain Regular Backups for Disaster Recovery
The Guardian appliance creates daily backups of its internal database, with the number of backups being stored dependent on available disk space. This disk space is determined by the diskC allotment defined on the Virtual Guardian Appliance page. However, given Guardian's complexity, it is also recommended that you maintain external backups just in case something were to happen to the appliance itself, in which case the internally stored backups may be compromised. This gives you an additional layer of protection to avoid having to rebuild your Guardian instance from scratch. Below, you'll find information for the two main external backup options, which you can discuss with your Guardian Representative to determine which is best for you.
Virtual Machine Snapshot
Typical Recovery/Resolution Time: Minutes, depending on how quickly your virtual machine (VM) can restore a snapshot.
VM Snapshots allow for simple restoration to a point in time, reinstating your appliance as it was without any further setup or data migration being required. However, VM snapshots can require a lot of storage and must be taken manually. When utilizing this option, our recommendation is as follows:
-
Take one snapshot of the entire VM daily at an off-peak time.
-
Maintain 1-2 weeks of snapshots.
Database Backup
Typical Recovery/Resolution Time: Hours to a day, depending on how quickly a fresh VM can be downloaded/installed to your infrastructure and the size of the backup.
This approach relies on the backups already created automatically by Guardian and allows you to store only the most recent backup externally. This backup can be downloaded from the appliance in an encrypted form that can only be decrypted by the appliance itself.
With this approach, you are using less storage than you potentially would be by utilizing VM snapshots. It also removes the need for taking a snapshot outside of Guardian's existing automatic backup process, which can affect the appliance's performance while the snapshot is being taken. However, the disadvantage with this option is that only database data is included in the backup, which means recovery requires a complete rebuild of the appliance before the backup can be restored.
Note: Unlike the VM snapshot option, this approach requires a small setup within Guardian. To pursue this option, work with your Guardian Representative.