Secure backup

You can use the secure backup facility to back up the appliance configuration.

The secure backup contains the configuration information of the appliance. This includes both appliance users and MQ users, together with their passwords, but does not include MQ queue manager configuration or data (which is backed up by using the mqbackup command). The information is secured by a user-supplied certificate stored on the appliance (see Managing certificates on the appliance). Both the certificate and the certificate's private key are required for a secure restore.

When you create the secure backup you specify the certificate and the location where the backup files are stored. The storage location can be a local directory in the temporary: or local: directories on the appliance, or it can be a directory on an FTP server.

The contents of a secure backup includes the following files:
  • Manifest file in xml format that includes the following details:
    • The firmware version and build used to create the backup.
    • The date and time when the backup was created.
    • The MTM (machine type and model) of the appliance that was backed up.
    • The serial number of the appliance that was backed up.
    • The list of the .tgz files that comprise the backup, their size and their checksum.
    • Ephemeral keys used as inputs to encrypt the backup.
    • A digital signature of the manifest used to confirm its integrity.
  • Some or all of the following tar files:
    root.tgz
    A backup of core configuration and data.
    config.tgz
    A backup of configuration in the config: folder.
    cert.tgz
    A backup of keys and certificates in the cert: folder.
    local.tgz
    A backup of files in the local: folder.
    password-map.tgz
    A backup of passwords used by the system configuration.
    sharedcert.tgz
    A backup of certificates in the sharedcert: folder.
    mq-users.tgz
    A backup of the messaging users and groups.

You can use the secure backup to migrate from one appliance to another, which can be the same or a different hardware model (where supported). Note that queue manager details and high availability and disaster recovery configurations have to be migrated separately.

You can complete a secure backup by using the command line interface, the web UI, or the REST interface.