Backing Up and Restoring CT-VL
Create regular backups of the server to restore CT-VL in the event of failure. Even in a clustered scenario, system failure can occur. To minimize this risk, backup your CT-VL implementation regularly using the administration interface or the REST API.
Use the CT-VL GUI to create a backup before upgrading your CT-VL version and before any major server configuration changes. Maintain a regular backup schedule using the CT-VL REST API.
Restore the state of your CT-VL implementation using the administration interface. Backups restore the CT-VL to the saved version in the following scenarios:
Restoring the application after system failure.
Restoring the application after upgrade failure.
Restoring the application due to unrecoverable system configuration errors.
Note
A backup cannot restore a system using a CT-VL version older than 2.2.2. A backup cannot be applied to any version of the CT-VL software that is older than the version in use when the backup was created.
Backing up CT-VL in the GUI
Use the administration interface to create and save a backup.
Use the following steps to create a system archive:
Select Backup from the administration interface left hand navigation.
Click the Create Backup tab.
Accept the default values, and click Backup now.
The archive generates and is saved to your default download folder. The file name is created with the following syntax:
backup_year-month-day
For example:
backup_2018-10-20
Move the backup to your storage directory.
Managing Backup Tasks
Use the REST API to create a backup and automate system backup tasks.
You can use the Backup API to generate backups via any valid HTTP request. The syntax requires authentication using user credentials.
Restoring the CT-VL from a Backup
If a complete system restore is required, make sure the CT-VL installation is complete before beginning this task.
Note
Make sure the CT-VL version leveraged for the backup is the same as the backup or newer than the backup and is at least version 2.2.2.
Use the following steps to restore the CT-VL to its last recorded working state using a backup:
Select Backup from the administration interface left hand navigation.
Click the Restore tab.
Click Choose File and navigate to the required backup archive.
Confirm the following back up details:
CT-VL version
Backup date
Encryption key name
Click Restore.
Note
Depending on the size of the backup, the restore process may take some time.
If this node is a member of an existing cluster, it is removed from the cluster. Any existing data on this node is destroyed.
A new cluster is created with this node as the first node but with data restored from the backup.
When the restore completes, this node has all data from the backup including login credentials.
Note
If the user forgets the login credentials in the backup, run the createsuperuser
CLI command to create a new user.
This node becomes a new node of a new cluster. It is no longer a member of any previous cluster.
Note
If this node was a member of an existing cluster prior to the restore, it must be removed from that cluster. Failure to remove this node from its previous cluster prevents new nodes from joining that cluster.
The CT-VL is restored to the state of archive. When the task is complete, a banner appears, indicating that the restore is complete. The CT-VL reboots.
When the login screen appears, enter your credentials to access the restored application.
Key Rotation
Regular encryption key rotation can increase security and also satisfy some PCI DSS requirements. To rotate CT-VL keys, ask your CT-VL Administrator to run the CT-VL CLI command security gencert
on the CM that creates and stores the CT-VL keys.
Versioned keys are not permitted for tokenization.