Fortanix DSM Backup and Restore for Azure Blob Storage

1.0 Introduction

This article describes the Fortanix Data Security Manager () Azure Blob Storage backup and restore procedures for a SGX machine using Azure Blob Storage backup type.

2.0 Prerequisites

Perform the following steps to create the storage accounts and containers for backing up the cluster data to Azure Blob Storage:

Create the storage account in Azure portal. Refer to the link to know the steps for creating the storage account.
Figure 1: Create Storage Account
Create the container under the storage account. Refer to the link to know the steps for creating a container under the above created storage account.
Figure 2: DSM Backup Demo Page
Navigate to Access Keys and copy the value for Connection Strings. This value will be used in later steps.
Figure 3: DSM Access Keys Page

3.0 Configuring Backup Using Azure Blob Storage

This section describes the steps to configure backups using Azure before or after creating a Fortanix Data Security Manager cluster.

Perform the following steps:

Edit the config.yaml file to add the following properties to enable backups in Azure, which is your backup destination. To know more about the config.yaml file, refer to the Fortanix DSM Installation Guide, Section 5.4:
Refer to the following sample configuration to add container and connection_string parameters:
```
backup:
 cron_schedule: "0 0 * * *"
 backup_mode: "snapshot" 
 exclude_auditlog: true
 azure:
  container: "containername"
  connection_string: "connection_string"
```
NOTE
- The value for backup_mode parameter can be either snapshot or cqlsh. However, it is recommended to set the value as snapshot.
- By default, all the CRON jobs schedules are in the UTC time zone.
For example:
```
backup:
 cron_schedule: "0 0 * * *"
 backup_mode: "snapshot" // "backup_mode" is optional and "snapshot" is default & recommended
 exclude_auditlog: true
 azure:
  container: "dsmdemo"
  connection_string: "connection_string"
```
Run the following command to redeploy the cluster to apply changes to the config.yaml file:
```
sdkms-cluster deploy --config config.yaml --stage DEPLOY
```
After executing the deploy command, the DEPLOY pod starts or shows the status as RUNNING. Wait until the job is completed and the status changes to COMPLETED.
Run the following command to navigate to bin folder:
```
cd /opt/fortanix/sdkms/bin
```
Run the following command to execute the run_sdkms_backup.sh script to perform the manual backup:
```
./run_sdkms_backup.sh
```
Run the following command to verify the status of the backup:
```
kubectl logs -l job-name=sdkms-backup-manual
```
Figure 4: Output of the Command
NOTE
Ensure that Cassandra and appropriate data and secrets are backed up to the container as shown in the following image:
Figure 5: Demo Cont Page

For steps to back up the audit log, refer to the Fortanix DSM Backup for Audit Log.

4.0 Recovering the Data

For a step-by-step procedure on data recovery, refer to the Fortanix DSM Restoration Guide - Automated.

Fortanix DSM Backup and Restore for Azure Blob Storage - SGX

1.0 Introduction

2.0 Prerequisites

3.0 Configuring Backup Using Azure Blob Storage

4.0 Recovering the Data

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6