Fortanix DSM Password-Based Backup and Restore Using SCP

1.0 Introduction

This article describes the Fortanix-Data-Security-Manager (DSM) password based backup and restore procedures for an SGX machine using SCP backup type.

2.0 Configuring Backup Using SCP

This section describes the steps to configure backups using SCP before or after creating a Fortanix Data Security Manager cluster.

Perform the following steps:

Edit the config.yaml file to add the following properties to enable backups in SCP, which is your backup destination. To know more about the config.yaml file, refer to the Fortanix DSM Installation Guide, Section 5.4:
NOTE
By default, all the CRON jobs schedules are in the UTC time zone.
- For fortanix DSM version 3.23 and above, use the following sample configuration:
```
backup:
   cron_schedule: "1 1 * * *"
   backup_mode: "snapshot"
   exclude_auditlog: true
   scp:
     server_ip: "ip_address"
     username: "administrator"
     password: "********"
     path: "/home/administrator/backup"
```
- For Fortanix DSM version 4.6 and above, use the authmode parameter with the value password or privatekey:
```
backup:
   cron_schedule: "1 1 * * *"
   backup_mode: "snapshot"
   exclude_auditlog: true
   scp:
     server_ip: "ip_address"
     authmode: “password”
     username: "administrator"
     password: "********"
     path: "/home/administrator/backup"
```
  Where,
  - authmode can be set to either password or privatekey.
  - backup_mode can be set to snapshot.
  - exclude_autditlog can be set to either true or false. It is recommended that the value is set to true.
Run the following command to redeploy the cluster to apply changes to the config.yaml file:
```
sdkms-cluster deploy --config config.yaml --stage DEPLOY
```
Run the following command to navigate to bin folder:
```
cd /opt/fortanix/sdkms/bin
```
Run the following command to execute the run_sdkms_backup.sh script to perform the manual backup:
```
./run_sdkms_backup.sh
```
Run the following command to verify the status of the backup:
```
kubectl logs -l job-name=sdkms-backup-manual
```
After executing the run_sdkms_backup.sh script, the DEPLOY pod and sdkms-manual backup pod starts or shows the status as RUNNING. Wait until the job is completed and the status changes to COMPLETED.
NOTE
Ensure that Cassandra and appropriate data and secrets are backed up to the SCP (target node) as shown in the following image:
Figure 1: SCP Backup

For steps to back up the audit log, refer to the Fortanix DSM Backup for Audit Log.

3.0 Recovering the Data

For a step-by-step procedure on data recovery, refer to the Fortanix DSM Restoration Guide - Automated.

Fortanix DSM Password-Based Backup and Restore Using SCP - SGX

1.0 Introduction

2.0 Configuring Backup Using SCP

3.0 Recovering the Data

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6