Fortanix DSM Backup and Restore for AWS S3 Bucket - SGX

  • Updated on Jul 15, 2024
  • Published on Jun 20, 2024
  • 2 minute(s) read

1.0 Introduction

This article describes the Fortanix-Data-Security-Manager (DSM) Amazon Web Services (AWS) S3 Bucket backup and restore procedures for a SGX machine.

2.0 Backing Up the Cluster Data

Perform the following tasks to create the storage accounts and S3 buckets for backing up the cluster data to AWS S3 Bucket:

2.1 Creating the S3 Bucket

Perform the following steps to create the S3 Bucket:

  1. Sign into the AWS Management Console and open the Amazon S3 console.

  2. Click the Create bucket button.

    Create_Bucket_Option.png

    Figure 1: Create Bucket Option

    Create_Bucket_Landing_Page.png

    Figure 2: Create Bucket Landing Page

  3. Perform the following steps to get your access key ID and secret access key:

    1. Open the IAM console at URL: https://console.aws.amazon.com/iam/

    2. On the navigation menu, click Users.

    3. Choose your preferred IAM username.

    4. Go to the Security Credentials tab > Create Access Key. To view the new access key, click the Show button.
       Credentials.png

3.0 Configuring Backup Using AWS S3 Bucket

This section describes the steps to configure backups using AWS S3 before or after creating a Fortanix Data Security Manager cluster.

Perform the following steps:

  1. Edit the config.yaml file to add the following properties to enable backups in AWS S3 Bucket, which is your backup destination. To know more about the config.yaml file, refer to the Fortanix DSM Installation Guide, Section 5.4:

    Refer to the following sample configuration to add new parameters bucket, region, access_key_id, and secret_access_key:

    backup:
  cron_schedule: "0 0 * * *"
  backup_mode: "snapshot" 
  exclude_auditlog: true
  aws:
    bucket: "containername"
    region: 
    access_key_id: 
    secret_access_key:

    NOTE

    • The value for backup_mode parameter can be either snapshot or cqlsh. However, it is recommended to set the value as snapshot.

    • By default, all the CRON jobs schedules are in the UTC time zone.

    For example:

    backup:
  cron_schedule: "0 0 * * *"
  backup_mode: "snapshot"
  exclude_auditlog: true
  aws:
    bucket: "dsm-backup-test-bucket"
    region: us-east-2
    access_key_id: 
    secret_access_key:

  2. Run the following command to redeploy the cluster to apply changes to the config.yaml file:

    sdkms-cluster deploy --config config.yaml --stage DEPLOY

    After executing the deploy command, the DEPLOY pod starts or shows the status as RUNNING. Wait until the job is completed and the status changes to COMPLETED.

  3. Run the following command to navigate to bin folder:

    cd /opt/fortanix/sdkms/bin

  4. Run the following command to execute the run_sdkms_backup.sh script to perform the manual backup:

    ./run_sdkms_backup.sh

  5. Run the following command to verify the status of the backup:

    kubectl logs -l job-name=sdkms-backup-manual
    Output_of_the_Command.png

    Figure 3: Output of the Command

    NOTE

    Ensure that Cassandra and appropriate data and secrets are backed up to the AWS S3 Bucket as shown in the following image:

    DSM_Backup_Test_Buscket_Page.png

    Figure 4: DSM Backup Test Bucket Page

For steps to back up the audit log, refer to the Fortanix DSM Backup for Audit Log.

4.0 Recovering the Data

For a step-by-step procedure on data recovery, refer to the Fortanix DSM Restoration Guide - Automated.

Related articles
  • Introduction to Fortanix DSM Backup and Restore
    Fortanix Data Security Manager (DSM) > Getting Started with Fortanix DSM > Setting Up Fortanix DSM - System Administration (on-prem only) > Cluster Configuration and Management > Backup and Restore - Manual
  • Fortanix DSM Restoration Guide - Automated
    Fortanix Data Security Manager (DSM) > Getting Started with Fortanix DSM > Setting Up Fortanix DSM - System Administration (on-prem only) > Cluster Configuration and Management > Restoration Using Script - Automated