Taking backup of local keystore

After you enabled or changed the AEK in the IIAS system you can perform a backup of the local keystore.

Procedure

  1. Log in as apuser or equivalent.
  2. Run the following command:
    apsedbackup backup --dir <directory path> 
    where directory_path is a location in IIAS file system to create a compressed tar file in.
    Example output:
    [apuser@node0101 ]# apsedbackup backup --dir /tmp/mysedbackup
    Backed up key-store to /tmp/mysedbackup/sedsupport.tgz. Now you can move it to external system. After moving the backup outside, delete it from this node.
  3. Upload the backup to an external machine as a good security practice. Leaving the backup in IIAS can potentially give the other non-secured users access to the AEK and compromising the data at rest protection.
    Example:
    [apuser@node0101 ]# scp /tmp/mysedbackup/sedsupport.tgz   myremoteuser@myremotesystem.domain.com:/backuprepo/latest-sedbackup.tgz  
  4. After uploading the backup to the external machine, delete the file from the backup directory in IIAS.
    Example:
    [apuser@node0101 ]# scp rm -f /tmp/mysedbackup/sedsupport.tgz