Backup and restore of local SED keystore

It is recommended to take a backup of the local SED keystore every time you enable locking of SED drives in the Cloud Pak for Data System using an AEK, or when you change the current AEK.

About this task

After enabling locking of SED, in case the local keystore gets corrupted, it can leave Cloud Pak for Data System in a unstable condition so you cannot access the data from the SED drives. That is why you should back up the local keystore after enabling locking, or after modifying the current AEK on the SED drives. In case of a corruption in the local filesystem, you can restore the latest keystore backup, thus enabling access of the SED drive storage.

The backup functionality allows you to export the keystore files to a compressed tar file in your predefined location. Ideally, this backup should be kept outside the Cloud Pak for Data System system in a secure location. When restoring, you can either restore from this compressed tar file if all nodes are corrupted, or restore from another, not corrupted node.