Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

CTE Administration

Backup and Restore

search

Please Note:

Backup and Restore

CipherTrust Manager provides options to back up CTE policies and restore them to other CipherTrust Manager appliances. A CipherTrust Manager administrator with backup and restore permissions can fully or partially export CTE policies from one domain and import them into a different domain on the same CipherTrust Manager or a different CipherTrust Manager. The data under the backed up (exported) policies will remain encrypted.

This section covers the following topics:

Perform the steps in the given order.

Assumptions

  • Before restoring CTE policies into the same or a different CipherTrust Manager:

    • Restore all the keys associated with CTE policies.

    • Restore the backup keys.

  • The policy backup file contains policies with the associated resources, including:

    • Security rules

    • Key rules

    • LDT rules

    • IDT rules

    • Policy elements (user sets, process sets, resource sets, and signature sets)

  • The backed up policy data does not include:

    • Keys that are associated with key rules. However, if the backup of keys and CTE policies is taken together, then the linked keys are included in the backup.

    • Signatures associated with signature sets

If the system, where the policies are being restored, contains any conflicting policy or policy elements:
• Policies with the same name are skipped.
• All policies using the conflicting policy elements are skipped.

Backing up and Restoring Keys and CTE Policies

CTE policies and keys used can be backed up separately (in different backup files) or together (in a single backup file.) If they are backed up separately, the key backup must be restored before the CTE policies.

Keys and CTE Policies are Backed up Together

When you want to back up the keys and CTE policies together:

  1. Back up the keys and CTE policies.

    1. Create a domain scoped backup key. You can also use an existing backup key. This key is needed to encrypt the backup file.

    2. Download the domain scoped backup key. Ignore this step if you have already downloaded the key.

    3. Create a domain scoped backup of keys and CTE policies.

    4. Download the domain scoped backup of keys and CTE policies.

      A backup file of keys and CTE policies will be downloaded. You need to restore this backup file to the destination CipherTrust Manager where you want to restore the backed up keys and CTE policies.

    Now, transfer the downloaded backup key and the backup file to the destination CipherTrust Manager, as described below.

  2. Restore the backup file.

    1. Transfer the backup key and files using Secure Copy Protocol (SCP) to the destination CipherTrust Manager.

    2. Inspect the backup key file.

    3. Upload the backup key file.

    4. Inspect the backup file.

    5. Upload the backup file.

    6. Restore the backup file.

    7. Verify that the backup file is restored successfully.

Keys and CTE Policies are Backed up Separately

When you want to back up the keys and CTE policies separately:

  1. Back up the CTE keys.

    1. Create a domain scoped backup key. You can also use an existing backup key. This key is needed to encrypt the exported backup file.

    2. Download the domain scoped backup key. Ignore this step if you have already downloaded the key.

    3. Create a domain scoped key backup.

    4. Download the domain scoped key backup.

      A backup file of keys will be downloaded. You need to restore this backup file to the destination CipherTrust Manager where you want to restore the backed up keys.

    Now, transfer the downloaded backup key and the backup file to the destination CipherTrust Manager, as described below.

  2. Back up the CTE policies.

    1. Create a domain scoped backup key. You can also use an existing backup key. This key is needed to encrypt the exported backup file.

    2. Download the domain scoped backup key. Ignore this step if you have already downloaded the key.

    3. Create a domain scoped CTE policy backup.

    4. Download the domain scoped CTE policy backup.

      A backup file of CTE policies will be downloaded. You need to restore this backup file to the destination CipherTrust Manager where you want to restore the backed up policies.

    Now, transfer the downloaded backup key and the backup file to the destination CipherTrust Manager, as described below.

  3. Import the downloaded backup file.

    1. Transfer the backup key, key backup, CTE policy backup files using Secure Copy Protocol (SCP) to the destination CipherTrust Manager.

    2. Inspect the backup key file.

    3. Upload the backup key file.

    4. Inspect the key backup file.

    5. Upload the key backup file.

    6. Inspect the CTE policy backup file.

    7. Upload the CTE policy backup file.

    8. Restore the key backup file.

    9. Verify that the key backup file is restored successfully.

    10. Restore the CTE policy backup file.

    11. Verify that the CTE policy backup file is restored successfully.

Signing Files in Restored Signature Sets

The restored policy backup contains imported signature sets. As the signatures linked with the signature sets are not included in the backup, you need to sign the files in the signature sets. Refer to Signing Files in a Signature Set for details.