Fortanix DSM Backup and Restore - Non-SGX

1.0 Introduction

The backup and restore process remains the same as other Fortanix DSM hardware-based deployments. But when deployed on VMWare, AWS, Azure and on VMs without SGX capability, a deployment key is created in software. This deployment-key is not backed-up to the backup location along with the backup data due to security reasons.

NOTE
  • Deployment-key is required to restore the backup in case the cluster is being reset or re-created. Hence the deployment key must be backed-up in a safe location. Backup cannot be restored (will be rendered unusable) without this deployment key during the restoration process.
  • Ensure the DR node is running the same software version as the cluster it is joining.

2.0 Configuring Backup on a Non-SGX

This section describes the steps to configure backup on non-SGX cluster before creating a Fortanix Data Security Manager cluster on the DR node.

Perform the following steps:

  1. Log in to the production or source cluster.
  2. Run the following command to locate the deployment key:
    $ kubectl get secrets sdkms-deployment-key-store
  3. Run the following command to get the backup of sdkms-deployment-key-store secret:
    sudo kubectl get secrets sdkms-deployment-key-store -o yaml > 
    sdkms-deployment-key-store.yaml
  4. Save the sdkms-deployment-key-store.yaml file in a secure location.
    NOTE
    Ensure to save it in different folder other than backup folder.
  5. Run the following command to copy the sdkms-deployment-key-store.yaml secret to the DR node or target node where the restore operation is to be performed:
    scp sdkms-deployment-key-store.yaml   username@ipaddress: home
  6. Restore the sdkms-deployment-key after the cluster reset. When a new cluster is created, a new random sdkms-deployment-key gets auto-created. But as we are restoring the cluster from the backup, we need to delete the sdkms-deployment-key and restore the saved sdkms-deployment-key.

For steps to back up the audit log, refer to the Fortanix DSM Backup for Audit Log.

3.0 Recovering the Data

For a step-by-step procedure on data recovery, refer to the Fortanix DSM Restoration Guide - Automated.

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful