Fortanix DSM Backup and Restore for Azure Blob Storage - SGX

1.0 Introduction

This article describes the Fortanix Data Security Manager (DSM) Azure Blob Storage backup and restore procedures for a SGX machine using Azure Blob Storage backup type.

2.0 Prerequisites

Perform the following steps to create the storage accounts and containers for backing up the cluster data to Azure Blob Storage:

  1. Create the storage account in Azure portal. Refer to the link to know the steps for creating the storage account.
    Figure 1: Create Storage Account
  2. Create the container under the storage account. Refer to the link to know the steps for creating a container under the above created storage account.
    Figure 2: DSM Backup Demo Page
  3. Navigate to Access Keys and copy the value for Connection Strings. This value will be used in later steps.
    Figure 3: DSM Access Keys Page

3.0 Configuring Backup Using Azure Blob Storage

This section describes the steps to configure backups using Azure before or after creating a Fortanix Data Security Manager cluster.

Perform the following steps:

  1. Edit the config.yaml file to add the following properties to enable backups in Azure, which is your backup destination. To know more about the config.yaml file, refer to the Fortanix DSM Installation Guide, Section 5.4:

    Refer to the following sample configuration to add container and connection_string parameters:

     cron_schedule: "0 0 * * *"
     backup_mode: "snapshot" 
     exclude_auditlog: true
      container: "containername"
    connection_string: "Connection_string"
    • The value for backup_mode parameter can be either snapshot or cqlsh. However, it is recommended to set the value as snapshot.
    • By default, all the CRON jobs schedules are in the UTC time zone.

    For example:

     cron_schedule: "0 0 * * *"
     backup_mode: "snapshot" // "backup_mode" is optional and "snapshot" is default & recommended
     exclude_auditlog: true
      container: "dsmdemo"
      connection_string: "DefaultEndpointsProtocol=https;AccountName=ramniwasbackup;AccountKey=KhtQixN8LRZ3CEhxtDPYG2v2uo+JpXXimgGOSJJFjUYDu8pvTseYIMJMTM1W+ae8PCvx+OuxFn18+AStrdF4tw==;"
  2. Run the following command to redeploy the cluster to apply changes to the config.yaml file:
    sdkms-cluster deploy --config config.yaml --stage DEPLOY

    After executing the deploy command, the DEPLOY pod starts or shows the status as RUNNING. Wait until the job is completed and the status changes to COMPLETED.

  3. Run the following command to navigate to bin folder:
    cd /opt/fortanix/sdkms/bin
  4. Run the following command to execute the script to perform the manual backup:
  5. Run the following command to verify the status of the backup:
    kubectl logs -l job-name=sdkms-backup-manual

    Figure 4: Output of the Command

    Ensure that Cassandra and appropriate data and secrets are backed up to the container as shown in the following image:

    Figure 5: Demo Cont Page

For steps to back up the audit log, refer to the Fortanix DSM Backup for Audit Log.

4.0 Recovering the Data

For a step-by-step procedure on data recovery, refer to the Fortanix DSM Restoration Guide - Automated.


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful