Taking backup of local keystore
After you enabled or changed the AEK in the IIAS system you can perform a backup of the local keystore.
Procedure
-
Log in as
apuser
or equivalent. -
Run the following command:
where directory_path is a location in IIAS file system to create a compressedapsedbackup backup --dir <directory path>
tar
file in.Example output:[apuser@node0101 ]# apsedbackup backup --dir /tmp/mysedbackup Backed up key-store to /tmp/mysedbackup/sedsupport.tgz. Now you can move it to external system. After moving the backup outside, delete it from this node.
-
Upload the backup to an external machine as a good security practice. Leaving the backup in
IIAS can potentially give the other non-secured users access to the AEK and compromising the data at
rest protection.
Example:
[apuser@node0101 ]# scp /tmp/mysedbackup/sedsupport.tgz myremoteuser@myremotesystem.domain.com:/backuprepo/latest-sedbackup.tgz
-
After uploading the backup to the external machine, delete the file from the backup directory
in IIAS.
Example:
[apuser@node0101 ]# scp rm -f /tmp/mysedbackup/sedsupport.tgz