Secure backup mode

Secure backup mode supports the creation of a backup to restore the complete configuration of another DataPower® Gateway.

The creation of a secure backup is available only when the following conditions are met.
  • Secure backup mode is enabled
  • The platform is not docker
Generally, the secure backup mode is enabled during the initial firmware setup. If secure backup mode is not enabled, you can enable it in the following ways.
  • Reinitialize the DataPower Gateway with the reinitialize command and enable secure backup mode.
  • Open a service ticket to receive the tool to enable secure backup mode.

To determine whether secure backup is available, view the System Settings configuration and check the value of the Backup mode property. If the value is Secure, secure backup is available.

You can use the secure backup-restore process only among DataPower Gateway products at the same firmware level and features.

Unlike a standard backup, a secure backup contains private data (certificates, keys, and user data), which the DataPower Gateway encrypts with a customer-provided certificate and a DataPower certificate. The secure backup also contains an unencrypted XML manifest. The manifest includes the date of the backup and the firmware level, model, and serial number of the DataPower Gateway. You cannot view the encrypted private data, but you can view the manifest.

You can refer to the manifest files of multiple backups to determine which backup you want to restore. For example, you can identify which backup has an applicable firmware level. You can also use this information during the restore process to validate that a specific backup can be restored on the DataPower Gateway.

A secure backup never includes the following data.
  • Keys on the HSM.
  • The password for IPMI users, which are in the Baseboard Management Controller (BMC).
Note: When the DataPower Gateway is a member in a peered environment and before you quiesce, make sure that this DataPower Gateway is not the primary member. These peer groups apply to the API gateway and the quota enforcement server. Quiescing the primary member can prevent the quorum from electing a new primary member.
For illustrative purposes, assume a clustered environment with 3 members where peer1 is the primary member and peer2 and peer3 are secondary members. To retain complete processing by the members, you want to manage the systems in the following sequence.
  1. On peer3, quiesce, backup, and unquiesce.
  2. On peer2, quiesce, backup, and unquiesce.
  3. On peer2, switch to primary for all quota enforcement and gateway-peering peer groups.
  4. On peer1, quiesce, backup, and unquiesce.

If you want, you can switch peer1 back to the primary member.

You can use the backup-restore process during the end-of-life migration to move the configuration from one DataPower Gateway to another.