Creating a secure backup package

How to create a secure backup package for the DataPower® Gateway to restore another DataPower Gateway.

Before you begin

Create the certificate to encrypt the secure backup package. This certificate cannot contain ECDSA keys to encrypt the secure backup package. When the certificate contains ECDSA keys, the system returns an error.

Attention: The secure restore operation requires a keystore. The keystore must include the certificate that the secure backup operation used to encrypt the package and its private key.

During the secure backup operation, do not modify configuration files, stylesheets, and other data. If modified, these changes might be excluded from the secure backup package.

About this task

The creation of a secure backup is available only when the following conditions are met.
  • Secure backup mode is enabled
  • The platform is not docker
Generally, the secure backup mode is enabled during the initial firmware setup. If secure backup mode is not enabled, you can enable it in the following ways.
  • Reinitialize the DataPower Gateway with the reinitialize command and enable secure backup mode.
  • Open a service ticket to receive the tool to enable secure backup mode.

To determine whether secure backup is available, view the System Settings configuration and check the value of the Backup mode property. If the value is Secure, secure backup is available.

Procedure

  1. In the search field, enter secure.
  2. From the search results, click Secure backup.
  3. From the Certificate list, select the certificate to encrypt the backup.
  4. In the Destination field, enter the URL of the directory for the backup files.
    The supported file system locations are the local: and temporary: directory. The supported remote locations are an FTP or SFTP server.
    • For the FTP protocol, use the ftp://user:password@host/ format.
    • For the SFTP protocol, use the sftp://user:password@host/ format.
  5. For the Include RAID property, specify whether to back up RAID data.
  6. Click Submit.
  7. Follow the prompts.

What to do next

When the destination for the backup files is the local: or temporary: directory, securely copy these files to a protected, remote location.