Conditions for secure backup and secure restore

Several general conditions apply to the secure backup-restore process. Some additional conditions apply specifically to a secure backup, and some additional conditions apply specifically to a secure restore.

General conditions for a secure backup-restore

• The backup-restore processes must be run among like DataPower® platforms as shown in Table 1. In the table, landlord and tenant apply to physical appliances.
• The backup-restore processes must be run among DataPower products that are at the same firmware level and have the same features.
• A single backup package can be used to restore multiple DataPower products. When the restore completes, resolve IP address differences, such as interface configurations.
  • For physical appliances, use the serial port connection
  • For virtual edition, use the VM console or Linux® host
• Protect the backup files in the same way that you protect all other critical data. Although encrypted, these files contain certificates, keys, and user data that might be of interest to an attacker.
• If possible, use methods other than the backup-restore process to back up RAID data. Backing up this data can require a significant amount of time.
• Each backup applies only to a specific firmware release. Therefore, create a secure backup after each firmware upgrade.

Conditions for a secure backup

• Before you create a secure backup, quiesce the DataPower Gateway to ensure that all processing activities completed and to prevent the acceptance of new requests during the secure backup. For more information, see Quiescing the DataPower Gateway.
• Do not modify configuration files, stylesheets, and other data during the secure backup. These changes might be excluded from the created backup package.
• You can back up only locally persisted startup configurations.
• When you create the backup files on the DataPower Gateway, securely copy these files from the DataPower Gateway to a protected, remote location.

Conditions for a secure restore

• When the backup image contains RAID data, the target DataPower Gateway must have equal or greater RAID volume than the source DataPower Gateway. Otherwise, the RAID data is not restored.
• When the backup image contains data that is related to features, the target DataPower Gateway must have the same features. When features are not the same, the restore fails. The restore operation cannot restore feature-specific data.
• The secure restore process must be run on a clean DataPower Gateway. Therefore, you must reinitialize this DataPower Gateway before you start the secure restore process. When you restore from a secure backup, the DataPower Gateway, if not in secure backup mode is now in secure backup mode.
• On the DataPower Gateway to be restored, create the credentials for the secure restore process.
• Use the information in the following table to ensure platform compatibility. In the following table, landlord and tenant apply to physical appliances.

  Table 1. Supported platform compatibility

  	Landlord	Tenant	Linux	VMware
  Landlord	Yes	No	No	No
  Tenant	No	Yes	No	No
  Linux	No	No	Yes	No
  VMware	No	No	No	Yes

• The restore process restarts the DataPower Gateway. Quiesce before a secure restore. The quiesce operation stops all active work.
• After you begin a secure restore, you cannot recover any existing data.
• When the restore completes, generate new Access Manager configuration files.
• When the restore completes, resolve any queue configuration differences. A restore might result in multiple DataPower Gateway products that listen to or that send messages to the same queues.