Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When should a user follow these instructions? How does this fall into the Gen 4 upgrade process? 

Overview

Use this document to create a backup file of your data security manager. 

Note

Before you begin:

  • You must have system administrator credentials to access the Vormetric DSM

  • You must be able to connect to your Cisco AnyConnect VPN client in order to reach the DSM's public IP address over an https:// connection.

Use this document to create a backup file of your data security manager (DSM).

Before you upgrade to Generation 4, Armor recommends that you create a backup file. This backup file will include:

  • Embedded databases

  • Agent/server certificates

  • Encryption keys and key groups

  • Hosts and host groups

  • Domains

  • High-availability configuration

  • Administrators

  • Policies

  • Log settings

At a high level, this process includes five major steps: to create, save, and upload a backup file, you must:

  • Create a new

    system administratorCreate an asymmetric

    wrapper key custodian

  • Export

    Create and export the wrapper key

  • Download the encrypted DSM configuration

    file Test the restore feature of the DSM with the wrapper key

    file

  • Restore the wrapper key and configuration file

    • In this step, you will access the DSM under the Generation 4 platform.

  • Upload the DSM configuration file

    • In this step, you will access the DSM under the Generation 4 platform.


Step 1: Create

...

a new wrapper key custodian

...

  1. Log into the DSM console as the system administrator (admin).

    Image Added


    1. Click the Administrators tab. (You can ignore the drop-down menu that appears.)

...


    1. Image Added
    2. Click Add to create a new administrator.

...


...

    1. Image Added
  1. In Login, enter a user name that you will use to log into the

...

  1. DSM.

...

  1. (Optional) In Description, enter an easily identifiable description.

...

  1. You can leave the RSA User ID field blank.

...

  1. In Password and Confirm Password, enter a password.

...

    • Armor recommends that you enter a temporary password because after you log into the DSM as the system administrator,

...

    • you will be asked to change your password.

...

  1. In User Type, select System Administrator.

...

  1. Make sure the Read-Only User box is unmarked.

  2. Click Ok.

...


...

  1. Image Added


Step 2: Create and export a wrapper key

  1. In the top menu bar, select System.

...

  1. Image Added
  2. In the drop down menu, select

...

  1. Wrapper Keys.

...

  1. In Operation drop-down menu, select Create.

...

  1. Click Apply.

...


...

Step 3: Export Wrapper Key

  1. Image Added
  2. Next to Operation, in the drop-down menu, select Export.

...


  1. Image Added
    1. Once you select Export, a new window will appear.

    2. In the window that appears,

...

    1. for Minimum Custodians Needed, enter 1.

...

...

    1. InTotal number of Custodians, enter 1.

...

    1. In the table, mark the newly created Wrapper Key Custodian.

    2. Click Apply. The Wrapper Key has now been exported to the Wrapper Key Custodian.

...

  1. Log out the DSM as the admin, and then log into the DSM as

...

  1. the Wrapper Key Custodian.

    • Once you log in, you will be asked to change your password.

  2. Next to Wrapper Key Share, click Show.

    • The Wrapper Key Share will appear.

  3. Copy the Wrapper Key Share, and then store the information in a secure place outside of the DSM. You will need this information in a later step in order to decrypt the DSM configuration file during a file restore.

    Image Added


Step 3: Download the encrypted DSM configuration file

  1. Log out of the DSM as the Wrapper Key Custodian

...

  1. , and then log into the DSM as the admin.

  2. In the top menu bar, click Systems.

  3. Click Backup and Restore, and then select Manual Backup and Restore.
    Image Added

  4. Click Ok. The backup configuration file will download to your local machine.
    Image Added

Step 4: Restore the wrapper key and configuration file in the Generation 4 DSM

Note

In this step, you will access the DSM under the Generation 4 platform.

  1. Access and log into the DSM for Generation 4 as

...

  1. the system administrator (admin).

    • You must connect via the Cisco AnyConnect VPN client for Generation 4.

      • To learn how to download the SSL VPN client for Generation 4, see SSL VPN.

  2. In the top bar, click Systems, and then select Wrapper Keys.

    Image Added
  3. Next to Operation, in the drop-down menu, select Import.

  4. Click Add.

  5. In the window that appears, in Key Share, enter the Wrapper Key Share you copied from Step 2.8.

  6. Click Ok.

    Image Added
  7. In the window that appears, the wrapper key share will populate the field. For this wrapper key share, mark the Selected column.

  8. Click Apply.


Step 5: Upload the DSM configuration file

Note

In this step, you will continue to use the DSM under the Generation 4 platform.

  1. In the top menu, click Systems.

  2. Select Backup and Restore, and then select Manual Backup and Restore.

  3. Click Restore.

  4. Click Browse to locate and select the DSM configuration file.

  5. Click OK.

    1. After you click OK, you will be logged out of the DSM.

      Image Added
  6. The DSM will restart, which will automatically log out.

  7. Log into the DSM as the security administrator (admin), and then verify the DSM configuration has been restored correctly.