Before you begin:
- You must have system administrator credentials to access the Vormetric DSM
- You must be able to connect to your Cisco AnyConnect VPN client in order to reach the DSM's public IP address over an https:// connection.
Use this document to create a backup file of your data security manager (DSM).
Before you upgrade to Generation 4, Armor recommends that you create a backup file. This backup file will include:
- Embedded databases
- Agent/server certificates
- Encryption keys and key groups
- Hosts and host groups
- Domains
- High-availability configuration
- Administrators
- Policies
- Log settings
At a high level, to create, save, and upload a backup file, you must:
- Create a new wrapper key custodian
- Create and export the wrapper key
- Download the encrypted DSM configuration file
- Restore the wrapper key and configuration file
- In this step, you will access the DSM under the Generation 4 platform.
- Upload the DSM configuration file
- In this step, you will access the DSM under the Generation 4 platform.
Step 1: Create a new wrapper key custodian
- Log into the DSM console as the system administrator (admin).
- Click the Administrators tab. (You can ignore the drop-down menu that appears.)
- Click Add to create a new administrator.
- Click the Administrators tab. (You can ignore the drop-down menu that appears.)
- In Login, enter a user name that you will use to log into the DSM.
- (Optional) In Description, enter an easily identifiable description.
- You can leave the RSA User ID field blank.
- In Password and Confirm Password, enter a password.
- Armor recommends that you enter a temporary password because after you log into the DSM as the system administrator, you will be asked to change your password.
- In User Type, select System Administrator.
- Make sure the Read-Only User box is unmarked.
- Click Ok.
Step 2: Create and export a wrapper key
- In the top menu bar, select System.
- In the drop down menu, select Wrapper Keys.
- In Operation drop-down menu, select Create.
- Click Apply.
- Next to Operation, in the drop-down menu, select Export.
- Once you select Export, a new window will appear.
- In the window that appears, for Minimum Custodians Needed, enter 1.
- InTotal number of Custodians, enter 1.
- In the table, mark the newly created Wrapper Key Custodian.
- Click Apply. The Wrapper Key has now been exported to the Wrapper Key Custodian.
- Log out the DSM as the admin, and then log into the DSM as the Wrapper Key Custodian.
- Once you log in, you will be asked to change your password.
- Next to Wrapper Key Share, click Show.
- The Wrapper Key Share will appear.
- Copy the Wrapper Key Share, and then store the information in a secure place outside of the DSM. You will need this information in a later step in order to decrypt the DSM configuration file during a file restore.
Step 3: Download the encrypted DSM configuration file
- Log out of the DSM as the Wrapper Key Custodian, and then log into the DSM as the admin.
- In the top menu bar, click Systems.
- Click Backup and Restore, and then select Manual Backup and Restore.
Click Ok. The backup configuration file will download to your local machine.
Step 4: Restore the wrapper key and configuration file in the Generation 4 DSM
In this step, you will access the DSM under the Generation 4 platform.
- Access and log into the DSM for Generation 4 as the system administrator (admin).
- You must connect via the Cisco AnyConnect VPN client for Generation 4.
- To learn how to download the SSL VPN client for Generation 4, see SSL VPN - decomission or review Step 3 of Post-Upgrade Process for Account Administrators.
- You must connect via the Cisco AnyConnect VPN client for Generation 4.
- In the top bar, click Systems, and then select Wrapper Keys.
- Next to Operation, in the drop-down menu, select Import.
- Click Add.
- In the window that appears, in Key Share, enter the Wrapper Key Share you copied from Step 2.8.
- Click Ok.
- In the window that appears, the wrapper key share will populate the field. For this wrapper key share, mark the Selected column.
- Click Apply.
Step 5: Upload the DSM configuration file
In this step, you will continue to use the DSM under the Generation 4 platform.
- In the top menu, click Systems.
- Select Backup and Restore, and then select Manual Backup and Restore.
- Click Restore.
- Click Browse to locate and select the DSM configuration file.
- Click OK.
- After you click OK, you will be logged out of the DSM.
- After you click OK, you will be logged out of the DSM.
- The DSM will restart, which will automatically log out.
- Log into the DSM as the security administrator (admin), and then verify the DSM configuration has been restored correctly.