Section 8: Backup and Recovery

Backup and recovery procedures are critical components of maintaining data availability and business continuity for Antigen Plus installations. The specific backup responsibilities and procedures differ significantly based on whether you are using Azure SQL Database (cloud) or on-premise SQL Server deployments, as outlined in the shared responsibility model.

This section describes backup procedures for both deployment models, disaster recovery planning, and the importance of backing up configuration files and company keys that are essential for system operation and data access.

Backup Responsibilities by Deployment Type

The backup responsibilities for Antigen Plus follow the shared responsibility model established in Section 1: Security Overview:

Azure SQL Database Deployments:

Microsoft Azure and Antigen Plus are responsible for automated database backups
Your organization is responsible for backing up configuration files and company keys

On-Premise SQL Server Deployments:

Your organization is fully responsible for all database backup procedures
Your organization is responsible for backup scheduling, retention policies, and recovery testing
Your organization is responsible for backing up configuration files and company keys

Regardless of deployment type, your organization must maintain secure backups of the company key file (.apcompanykey) and any customized configuration files, as these cannot be recovered if lost.

Azure SQL Database Backups

When using Azure SQL Database for Antigen Plus, Microsoft Azure automatically maintains continuous point-in-time backups of your database. These backups are managed by Azure infrastructure and do not require any action on your part.

Automatic Backup Features

Azure SQL Database provides the following automatic backup capabilities:

Continuous point-in-time backups: Azure maintains continuous backups that allow restoration to any point in time within the retention period
Automatic backup scheduling: Backups occur automatically without any configuration or intervention required
Local redundancy: Backups are stored in locally redundant storage for protection against hardware failures

Backup Retention Periods

By default, Azure SQL Database maintains point-in-time backups for a minimum of 7 days. This means you can restore your database to any point in time within the previous 7 days.

The backup retention period can be extended beyond 7 days for an additional fee. Contact customerservice@antigenplus.com to discuss extending the retention period if your organization requires longer backup retention for compliance or operational requirements.

For more information about Azure backup retention, see the Databases section of the deployment planning documentation.

Recovering from Data Loss

If you experience data loss on a cloud database, you should contact Antigen Plus immediately with the following information:

The nature of the data loss (accidental deletion, corruption, etc.)
The approximate time when the data loss occurred
The specific database affected
Any relevant details about what data was lost

Antigen Plus will work with you to plan and execute the recovery procedure. The ability to recover data depends on:

Whether the data loss occurred within the backup retention period
The specific point in time to which you need to restore
The scope of data that needs to be recovered

Contact Antigen Plus support immediately if you experience data loss. The sooner you report the issue, the better the chances of successful recovery. Do not attempt to modify the database or perform additional operations that might complicate the recovery process.

On-Premises Database Backups

When using an on-premise SQL Server database, your organization assumes full responsibility for all backup procedures. Antigen Plus does not provide automated backup services for on-premise databases.

Backup Requirements

Your organization must establish and maintain:

Regular backup schedule: Implement a backup schedule appropriate for your operational requirements (daily, hourly, or more frequent)
Backup retention policy: Define how long backups are retained based on compliance and operational needs
Off-site backup storage: Store backup copies in a location separate from the primary database server
Backup verification: Regularly test backup restoration to ensure backups are valid and can be restored successfully
Documentation: Maintain documentation of backup procedures, schedules, and recovery processes

Backup Methods

You can use standard SQL Server backup tools and procedures to back up your Antigen Plus database:

SQL Server Management Studio (SSMS): Use the graphical interface to create full, differential, or transaction log backups
SQL Server Agent: Schedule automated backups using SQL Server Agent jobs
Command-line tools: Use sqlcmd or PowerShell scripts for automated backup procedures
Third-party backup solutions: Use commercial backup software that supports SQL Server

For examples of automated backup procedures, see the Maintaining a local copy of a cloud database documentation, which describes backup automation techniques that can be adapted for on-premise databases.

Backup Best Practices

When implementing on-premise database backups:

Test restoration regularly: Periodically test your backup restoration procedures to ensure they work correctly
Store backups securely: Ensure backup files are stored in a secure location with appropriate access controls
Monitor backup success: Implement monitoring to alert you if backups fail
Document recovery procedures: Maintain clear documentation of how to restore from backups
Consider backup encryption: Encrypt backup files to protect sensitive data if backups are stored off-site

Antigen Plus includes a built-in backup feature accessible from the File menu. This feature allows you to create a manual backup of your Antigen Plus database directly from within the application.

Using the Backup Feature

To create a manual backup:

Open Antigen Plus
Select File → Backup from the menu
Choose a location to save the backup file
The backup process will create a backup of all Antigen Plus data

For detailed information about using the File menu backup feature, see the Menus section of the user guide.

Limitations and Recommendations

While the File menu backup feature is supported, we do not recommend relying on manual backups as your only backup system. Manual backups have several limitations:

Requires user action: Manual backups only occur when a user remembers to perform them
No automation: There is no built-in scheduling for automatic backups
Single point of failure: If users forget to back up, data may be lost
No retention management: Manual backups do not automatically manage retention or cleanup of old backups

Recommended Use Cases:

The File menu backup feature is most useful for:

Creating a local fail-safe backup of a cloud-hosted database for use during internet outages
Maintaining an additional backup copy beyond your primary backup system
Creating ad-hoc backups before major system changes or upgrades

For production environments, you should implement automated backup procedures using SQL Server Management Studio, SQL Server Agent, or other backup automation tools rather than relying solely on manual backups.

Configuration File Backups

During initial installation and configuration, you may modify configuration files that are essential for Antigen Plus operation. These files should be backed up and stored securely, as they contain important connection and application settings.

connections.config

The connections.config file contains database connection strings for local databases. This file is located in the Antigen Plus installation folder, typically C:\Program Files (x86)\Antigen Plus 8.5.

What to Back Up:

The connections.config file if you have added local database connections
If you have encrypted the connections.config file using the “Save configuration” feature in the File menu, back up both the encrypted and unencrypted versions

Why It’s Important:

Without this file, Antigen Plus cannot connect to your local databases
If the file is lost, you will need to recreate all database connection strings
The file contains sensitive connection information that should be stored securely

For detailed information about configuring connections.config, see the Configuring databases documentation.

CustomerSettings.json

The CustomerSettings.json file contains global application settings that customize Antigen Plus behavior. This file is located in the Antigen Plus installation folder, typically C:\Program Files (x86)\Antigen Plus 8.5.

What to Back Up:

The CustomerSettings.json file if you have created one with custom settings

Why It’s Important:

Without this file, Antigen Plus will use default settings
If you have customized settings (such as analyzer profiles, PHI settings, or logging configurations), you will need to recreate them if the file is lost

For detailed information about CustomerSettings.json, see the Additional global settings documentation.

Backup Recommendations

When backing up configuration files:

Back up after initial configuration: Create backups immediately after completing initial installation and configuration
Back up after changes: Update your backups whenever you modify configuration files
Store securely: Configuration files may contain sensitive information (connection strings, credentials) and should be stored in a secure location
Version control: Consider maintaining versioned copies of configuration files to track changes over time
Document locations: Document where configuration files are located and what settings they contain

Company Key Backup

The company key file (.apcompanykey) is one of the most critical files for your Antigen Plus installation. This file is created during the initial registration process and serves as the master key for PHI encryption and database access.

Importance of the Company Key

The company key is essential for:

PHI decryption: The private key component is required to decrypt patient health information stored in the database
Database access: The company key identifies your organization to Antigen Plus servers
System operation: Without the company key, you cannot access encrypted patient data

Recovery Limitations

Antigen Plus cannot recover your company key if it is lost by your organization. The company key is generated locally on your workstation during registration, and the private key component never leaves your network. If you lose the .apcompanykey file, you will not be able to:

Decrypt existing patient data in your database
Access encrypted PHI that was stored before the key was lost
Import the company key on new workstations

If you lose your company key, you will need to register a new company key, which will create a new encryption key. This means you will not be able to access data encrypted with the previous key.

Company Key Backup Requirements

You must maintain secure backups of the .apcompanykey file:

Back up immediately after registration: Create a backup of the company key file as soon as it is generated during registration
Store in secure location: The company key should be stored in a secure location with appropriate access controls, as it provides access to encrypted PHI
Multiple backup copies: Consider maintaining multiple backup copies in different secure locations
Store with installation files: Keep the company key file alongside the Antigen Plus installer and configuration files so all installation materials are together

For detailed information about the company key and registration process, see the Registration and Company Keys documentation.

Disaster Recovery Planning

Disaster recovery planning ensures that your organization can recover from system failures, data loss, or other catastrophic events. A comprehensive disaster recovery plan should address both technical recovery procedures and organizational processes.

Recovery Procedures

Your disaster recovery plan should include procedures for:

Database restoration: Documented steps for restoring databases from backups
Configuration restoration: Procedures for restoring configuration files and company keys
Workstation recovery: Steps for restoring Antigen Plus on new or rebuilt workstations
Verification procedures: Methods to verify that restored systems are functioning correctly

Testing Recommendations

Regular testing of backup and recovery procedures is essential. A backup that cannot be restored is not a backup. Your organization should:

Test restoration procedures regularly: Schedule periodic tests of your backup restoration procedures (quarterly or semi-annually)
Test different scenarios: Practice restoring from various types of failures (database corruption, hardware failure, configuration loss)
Document test results: Record the results of restoration tests and address any issues discovered
Update procedures: Revise recovery procedures based on lessons learned from testing

Recovery Time Objectives

Consider establishing recovery time objectives (RTO) and recovery point objectives (RPO) for your Antigen Plus installation:

Recovery Time Objective (RTO): The maximum acceptable time to restore system operation after a failure
Recovery Point Objective (RPO): The maximum acceptable amount of data loss measured in time (e.g., “no more than 1 hour of data loss”)

These objectives will help guide your backup frequency and disaster recovery planning.

Contacting Support

In the event of a disaster or data loss incident:

Azure deployments: Contact Antigen Plus support immediately at customerservice@antigenplus.com with details about the incident
On-premise deployments: Contact Antigen Plus support if you need assistance with recovery procedures or if you suspect the issue may be related to Antigen Plus software

Configuration Restoration

After a system failure or workstation replacement, you may need to restore Antigen Plus configuration files to resume normal operation.

Restoring connections.config

To restore the connections.config file:

Locate your backup copy of connections.config
Copy the file to the Antigen Plus installation folder: C:\Program Files (x86)\Antigen Plus 8.5
If you were using an encrypted version, ensure you restore the encrypted file
Verify that Antigen Plus can connect to your databases after restoration

If you do not have a backup of connections.config, you will need to recreate the connection strings. See the Configuring databases documentation for instructions.

Restoring CustomerSettings.json

To restore the CustomerSettings.json file:

Locate your backup copy of CustomerSettings.json
Copy the file to the Antigen Plus installation folder: C:\Program Files (x86)\Antigen Plus 8.5
Verify that Antigen Plus applies your custom settings after restoration

If you do not have a backup of CustomerSettings.json, Antigen Plus will use default settings. You can recreate custom settings as needed. See the Additional global settings documentation for available settings.

Restoring the Company Key

To restore the company key on a new or rebuilt workstation:

Locate your backup copy of the .apcompanykey file
Launch Antigen Plus on the workstation
When prompted, select Import and browse to the .apcompanykey file
Alternatively, use the command-line import tool: ImportCompanyKey.exe

For detailed instructions on importing company keys, see the Registration and Company Keys documentation.

The company key must be imported by a Windows administrator to install it in the system cryptographic store for all users. If imported by a non-administrator, the key will only be available to that specific user account.