KeyControl Backup and Restore

Contents

Introduction

The object store on each KeyControl appliance is identical and therefore backup needs only to take place from a single KeyControl appliance. A restore operation must be performed on a single appliance. Only after restore can additional appliances be added to reconstruct the cluster.

Keys, policies and other information within each KeyControl appliance is encrypted. At the top of the KeyControl key hierarchy is the Admin Key, which must be carefully protected. To protect the Admin Key, we provide an "n of m" Admin Key backup model. The Admin Key is split into "m" pieces where "m" is the number of security administrators. Each administrator is given part of the key and to reinstate the Admin Key, "n" of the "m" administrators must be present to enter their part of the key. Note that the admins are not given part of the actual key itself but a mathematical representation of part of the key.

Consider the following figure:

Domain Backup N Of M

In this example there are three security administrators and each is given a key part. We choose the value of "n" such that 1 <= n <= m. In this example, the value of "n" is "2". When restoring the Admin Key, any two of the admins need to be present. This is covered by the following combinations:

  • Security Admin A and Security Admin B
  • Security Admin A and Security Admin C
  • Security Admin B and Security Admin C

Admin key parts are generated under the following conditions:

  • During installation of the first KeyControl server. In this case, the secroot admin gets the only part.
  • A security admin is added or deleted. After one of these operations, key parts are generated again.
  • You decide to explicitly generate new key parts.

If you wish to generate the Admin Key parts n, from the SECURITY tab, select Users from the file browser and click on EDIT DEFAULT SETTINGS.

Domain Backup N Of M Keyparts

Select the value of "n" and click GENERATE NEW ADMIN KEY. Each security administrator will receive a key part as an alert, and in email (if you enabled email). For example, below is a screen shot of one of the emails received:

Domain Backup Admin Key Part

If you disabled email access on first GUI login, admin key parts will be sent as alerts only. Each security administrator will be able to locate their key part by selecting Alerts, visible at the top right of the GUI screen. You should then see your key part as follows:

Domain Backup Admin Key Part Alert

Note that you will see an alert when first logging on to the GUI or when generating key parts either directly or by adding or removing security administrators.

It is vital that these key parts are stored securely. If "n" pieces are not available, restore of a KeyControl appliance will not be possible. Note however, that a new Admin Key can be generated at any time up to the point of KeyControl backup/restore.

Backing up the KeyControl Cluster

Now that key parts have been distributed, the Domain Administrator needs to set up access to the KeyControl backups, all of which are securely encrypted.

The default KeyControl backup settings can be viewed by selecting the DOMAINS tab and then selecting Domains and KeyControl Cluster within the file browser (or KeyControl Domain, if you do not have a cluster) as the figure below shows:

Backup KeyControl Settings

The only thing that needs to be modified is the setting for Backup Hosts. Click EDIT DOMAIN.

Backup KeyControl Host Backup

Enter a list of hostname / IP addresses for clients that you want to be able to access the backups and click Apply.

From one of the specified clients, you can now mount the exported filesystem as follows:

# mount -t nfs 192.168.140.151:/hcs/backup /backup
# ls -l /backup
total 506
-rw-r--r--  2 root  wheel  129536 Aug 18 17:28 hcs-kps-2011-08-19-00:28:23.bu
-rw-r--r--  2 root  wheel  129536 Aug 18 17:28 hcs-kps.bu

Note that you can mount the filesystem from any KeyControl appliance in the cluster.

How often should I back up the KeyControl cluster?

KeyControl backup images are typically very small. We snapshot the KeyControl object store (the place where keys, policies and configuration data is stored) each time a change is made. For example, every time a key is allocated, a new snapshot is taken. The size of the KeyControl backup image will depend on the number of DataControl agents, users, keys and other such information. To give you some idea of the size, here we view the available backups for a minimally used system:

# ls -l /mnt
total 517
-rw-r--r--  2 root  wheel  159232 Feb 12 10:06 hcs-kps-2014-02-12-18:06:21.bu
-rw-r--r--  2 root  wheel  159232 Feb 12 10:06 hcs-kps.bu

As shown above, this system is only approximately 160 KB in size. We recommend that you back up often and view the sizes as your KeyControl usage increases. However, if you do not make any changes, you do not necessarily need to make changes.

Restoring from a KeyControl backup image

Restoring from a KeyControl backup will only need to be performed if there is a catastrophic failure in the KeyControl cluster. If one KeyControl appliance becomes unusable, for example due to hardware failures, simply remove the appliance from the cluster and add a new appliance.

When restoring a KeyControl appliance there are two possible scenarios:

  • You are restoring to an appliance that was previously used in the cluster (that is, it has the same hardware ID and no hardware components have changed). In this case, you will not need to perform Admin Key recovery.
  • You are restoring to new hardware, which will involve Admin Key recovery.

In either case, you will follow the same procedure for install and restore. The only difference appears when you attempt to log into the webGUI post install. Note that if you have a multi-appliance cluster at the time a backup was taken, following restore you will only have a single-appliance KeyControl system. You will then need to install and add new appliances to the cluster.

First of all, select option 2 to install the system.

Backup KeyControl Install Menu

The installation process will then proceed as discussed in the KeyControl Installation, Upgrade and Configuration chapter.

Once the install is complete and the system reboots, you will then have the option to restore a KeyControl appliance from backup as the following screen shows:

Backup KeyControl Install Post Boot Menu

You enter the root password, set up networking, and then you are prompted to supply the KeyControl backup image from which you want to restore:

Backup KeyControl Install Select Image

Mount the exported filesystem and copy in the KeyControl backup image as follows:

# mount -t nfs 192.168.140.151:/hcs/restore /restore
# cp hcs-kps.bu /restore
# umount /restore

At this point, in the installation menu, enter the name of the file you copied in above and press Enter. The restore process now starts. The length of time will be dependent upon the the size of the image being restored. Once complete, you will see the "Congratulations!" message and be able to proceed to log on through the webGUI.

At this point there are two things that can happen:

  • You have restored to a system with identical hardware. In case we we detect that the hardware has not changed and you will be able to log on as you usually do.
  • The hardware has changed and you will be prompted by the Admin Key recovery screen, as shown below.
Backup KeyControl Recover Mk

You must now enter the appropriate number of key parts that were generated. Refer to the start of this chatper for further information on generating key parts.

Once you have entered all the appropriate key parts, the system will restart services. You will see the following message as the system restarts. Please wait for approximately 30 seconds and refresh your browser. You should then see the logon screen appear.

Backup KeyControl After Mk Recovery

Back to Contents