Fortanix DSM Backup and Restore for Azure Blob Storage - SGX

1.0 Introduction

This article describes the Fortanix Data Security Manager (DSM) Azure Blob Storage backup and restore procedures for a SGX machine using Azure Blob Storage backup type.

2.0 Prerequisites

Perform the following steps to create the storage accounts and containers for backing up the cluster data to Azure Blob Storage:

  1. Create the storage account in Azure portal. Refer to the link to know the steps for creating the storage account.
    Create_Storage_Account.png
    Figure 1: Create Storage Account
  2. Create the container under the storage account. Refer to the link to know the steps for creating a container under the above created storage account.
    DSM_Backup_Demo_Page.png
    Figure 2: DSM Backup Demo Page
  3. Navigate to Access Keys and copy the value for Connection Strings. This value will be used in later steps.
    DSM_Access_Keys_Page.png
    Figure 3: DSM Access Keys Page

3.0 Configuring Backup Using Azure Blob Storage

This section describes the steps to configure backups using Azure before or after creating a Fortanix Data Security Manager cluster.

Perform the following steps:

  1. Edit the config.yaml file to add the following properties to enable backups in Azure, which is your backup destination. To know more about the config.yaml file, refer to the Fortanix DSM Installation Guide, Section 5.4:

    Refer to the following sample configuration to add container and connection_string parameters:

    backup:
     cron_schedule: "0 0 * * *"
     backup_mode: "snapshot" 
     exclude_auditlog: true
     azure:
      container: "containername"
    connection_string: "Connection_string"
    NOTE
    • The value for backup_mode parameter can be either snapshot or cqlsh. However, it is recommended to set the value as snapshot.
    • By default, all the CRON jobs schedules are in the UTC time zone.

    For example:

    backup:
     cron_schedule: "0 0 * * *"
     backup_mode: "snapshot" // "backup_mode" is optional and "snapshot" is default & recommended
     exclude_auditlog: true
     azure:
      container: "dsmdemo"
      connection_string: "DefaultEndpointsProtocol=https;AccountName=ramniwasbackup;AccountKey=KhtQixN8LRZ3CEhxtDPYG2v2uo+JpXXimgGOSJJFjUYDu8pvTseYIMJMTM1W+ae8PCvx+OuxFn18+AStrdF4tw==;EndpointSuffix=core.windows.net"
  2. Run the following command to redeploy the cluster to apply changes to the config.yaml file:
    sdkms-cluster deploy --config config.yaml --stage DEPLOY

    After executing the deploy command, the DEPLOY pod starts or shows the status as RUNNING. Wait until the job is completed and the status changes to COMPLETED.

  3. Run the following command to navigate to bin folder:
    cd /opt/fortanix/sdkms/bin
  4. Run the following command to execute the run_sdkms_backup.sh script to perform the manual backup:
    ./run_sdkms_backup.sh
  5. Run the following command to verify the status of the backup:
    kubectl logs -l job-name=sdkms-backup-manual

    Output_of_the_Command_-_Azure.png
    Figure 4: Output of the Command

    NOTE
    Ensure that Cassandra and appropriate data and secrets are backed up to the container as shown in the following image:

    Demo_Cont_Page.png
    Figure 5: Demo Cont Page

For steps to back up the audit log, refer to the Fortanix DSM Backup for Audit Log.

4.0 Recovering the Data

For a step-by-step procedure on data recovery, refer to the Fortanix DSM Restoration Guide - Automated.

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful