Fortanix DSM Backup and Restore for Azure Blob Storage - SGX

  • Updated on Oct 24, 2025
  • Published on Jun 20, 2024
  • 2 minute(s) read
Prev Next

1.0 Introduction

This article describes the Fortanix Data Security Manager () Azure Blob Storage backup and restore procedures for a SGX machine using Azure Blob Storage backup type.

2.0 Prerequisites

Perform the following steps to create the storage accounts and containers for backing up the cluster data to Azure Blob Storage:

  1. Create the storage account in Azure portal. For more information on how to create the storage account, refer to the official Azure documentation.

    Create_Storage_Account.png

    Figure 1: Create storage account

  2. Create the container under the storage account. For more information on how to create a container under the above created storage account, refer to the official Azure documentation.

    DSM_Backup_Demo_Page.png

    Figure 2: DSM backup demo page

  3. Navigate to Access Keys and copy the value for Connection Strings. This value will be used in later steps.

    DSM_Access_Keys_Page.png

    Figure 3: DSM access keys page

3.0 Configuring Backup Using Azure Blob Storage

This section describes the steps to configure backups using Azure before or after creating a Fortanix Data Security Manager cluster.

Perform the following steps:

  1. Edit the config.yaml file to add the following properties to enable backups in Azure, which is your backup destination. For more information about the config.yaml file, refer to “Section 5.4: Configure Other Nodes for Joining the Cluster“ in the Fortanix Data Security Manager Installation Guide - On-Prem:

    Refer to the following sample configuration to add container and connection_string parameters:

    backup:
 cron_schedule: "0 0 * * *"
 backup_mode: "snapshot" 
 exclude_auditlog: true
 azure:
  container: "containername"
  connection_string: "connection_string"

    NOTE

    • The value for backup_mode parameter can be either snapshot or cqlsh. However, it is recommended to set the value as snapshot.

    • By default, all the CRON jobs schedules are in the UTC time zone.

    For example:

    backup:
 cron_schedule: "0 0 * * *"
 backup_mode: "snapshot" // "backup_mode" is optional and "snapshot" is default & recommended
 exclude_auditlog: true
 azure:
  container: "dsmdemo"
  connection_string: "connection_string"

  2. Run the following command to redeploy the cluster to apply changes to the config.yaml file:

    sdkms-cluster deploy --config config.yaml --stage DEPLOY

    After executing the deploy command, the DEPLOY pod starts or shows the status as RUNNING. Wait until the job is completed and the status changes to COMPLETED.

  3. Run the following command to navigate to bin folder:

    cd /opt/fortanix/sdkms/bin

  4. Run the following command to execute the run_sdkms_backup.sh script to perform the manual backup:

    ./run_sdkms_backup.sh

  5. Run the following command to verify the status of the backup:

    kubectl logs -l job-name=sdkms-backup-manual

    Output_of_the_Command_-_Azure.png

    Figure 4: Output of the command

    NOTE

    Ensure that Cassandra and appropriate data and secrets are backed up to the container as shown in the following image:

    Demo_Cont_Page.png

    Figure 5: Demo continue page

For more information on how to back up the audit log, refer to Fortanix DSM Backup for Audit Log.

4.0 Recovering the Data

For more information on data recovery procedure, refer to the Fortanix DSM Restoration Guide - Automated.