Restore the System Data from a Backup
The restore operation can be performed on a running appliance. The restore operation enables you to either:
- Recover from disaster, or
- Revert to a previous data configuration
The restore operation overwrites the following content on the appliance with the backup content:
- Database content
- Application configuration files
- Key store and trust store
- Licenses
- OCS card configuration
- The system restore menu is only available in Single Mode. If the appliance is configured in Dual Mode, then you cannot perform the restore operation. You must first set the appliance to Single Mode, restore the backup, and finally set the appliance back to Dual Mode.
- The restore operation does not modify the software configuration (that is, hot fix or service pack).
- You can use a configured appliance or you can re-install a new appliance from scratch.
- You must have the Backup password available.
- The appliance compatibility digest must be the same as that of the backup:
- If compatibility digest on the appliance is different, you must install the appropriate service pack/hot fix to update the compatibility digest prior to the restore operation.
- The service pack and hot fix versions can be different from those in the backup metadata as long as the compatibility digest is the same.
- The list of installed ActivID applications must be the same as that of the backup.
-
The cryptography type/configuration is one of the following compatible options:
Current Cryptographic State Software
Software and External HSM configured
External HSM
Backup Cryptographic State Software
Allowed
Allowed
Allowed
External HSM
Not allowed
Allowed if same security world
Allowed if same security world
- For deployments with an external HSM:
- Make a backup after migration to the external HSM and only restore these backups so that your appliance remains as the ‘external HSM Cryptography’ type.
- The HSM security world ID must be the same as that of the backup.
-
Log on to the ActivID Console and, under System in the left menu, select Backup/Restore.
-
Select the Restore tab.
-
In the Backup location section, select the SFTP/FTP Site where the backup is stored (or click Add New to configure a new site).
-
Click Search.
-
From the Backup File drop-down list, select your backup file, and then click Load.
- Identity the source appliance that has been backed up
- Backup date and time
- Determine software version to install before restoring the data
- Check compatibility of the backup format
-
Check compatibility of the backup file with your requirements.
-
Enter the Backup Password protecting the backup and then click Restore.
The system checks versions compatibility and backup compatibility.
If the tests are successful, then the Restore operation starts.
If you click Cancel during any of the progress message, then the file restoration is canceled.
If the data is backed up from a different appliance, this restore operation might modify some of the appliance credentials.
ErrorsIn order to manage restore errors and to avoid useless file transfers, errors are reported as soon as possible, based on the metadata check. These errors include:
-
FTP failure
-
Compatibility digest does not match – not the expected version
-
Backup format does not match
-
Software configuration does not match – the list of applications is not the same
-
Wrong backup password
-
Missing HSM keys (external HSM only)
-
Cryptographic type does not match
-
-
When the success message, click Close.
-
If the ActivID Console displays a warning that one or more of the IdP keys corresponding to the security domains restored are missing after restoring a “Backup external HSM”, you must add them manually to the external HSM. For further information, refer to the technical documentation provided with your HSM.
The latest available backup is selected automatically. The metadata contents are displayed.
By viewing the metadata, you can verify that the configuration is correct and upgraded, if needed, based on the listed hot fixes.
The embedded information allows you to: