Fortanix DSM Backup and Restore - Non-SGX

1.0 Introduction

The backup and restore process remains the same as other Fortanix DSM hardware-based deployments. But when deployed on VMWare, AWS, Azure and on VMs without SGX capability, a deployment key is created in software. This deployment-key is not backed-up to the backup location along with the backup data due to security reasons.

2.0 Configuring Backup on a Non-SGX

This section describes the steps to configure backup on non-SGX cluster before creating a Fortanix-Data-Security-Manager cluster on the DR node.

Perform the following steps:

1. Log in to the production or source cluster.

2. Run the following command to locate the deployment key:

   $ kubectl get secrets sdkms-deployment-key-store

3. Run the following command to get the backup of sdkms-deployment-key-store secret:

   sudo kubectl get secrets sdkms-deployment-key-store -o yaml > 
   sdkms-deployment-key-store.yaml

4. Save the sdkms-deployment-key-store.yaml file in a secure location.

   NOTE

   Ensure to save it in different folder other than backup folder.

5. Run the following command to copy the sdkms-deployment-key-store.yaml secret to the DR node or target node where the restore operation is to be performed:

   scp sdkms-deployment-key-store.yaml   username@ipaddress: home

6. Restore the sdkms-deployment-key after the cluster reset. When a new cluster is created, a new random sdkms-deployment-key gets auto-created. But as we are restoring the cluster from the backup, we need to delete the sdkms-deployment-key and restore the saved sdkms-deployment-key.

For steps to back up the audit log, refer to the Fortanix DSM Backup for Audit Log.

3.0 Recovering the Data

For a step-by-step procedure on data recovery, refer to the Fortanix DSM Restoration Guide - Automated.