4 High Availability, Backup and Restore Operations

After you compete the installation process, Oracle strongly recommends that you configure high availability before you begin to create endpoints. You should also configure Oracle Key Vault for automatic backups.

Topics:

Configuring High Availability for Oracle Key Vault

A high availability configurations provides many benefits for Oracle Key Vault. It is important to configure high availability as soon as possible.

Topics:

About Configuring High Availability for Oracle Key Vault

Oracle recommends that you configure high availability to ensure continued access to your security objects if Oracle Key Vault fails.

If you plan to configure high availability, then do so before you begin to create endpoints. An endpoint only knows about the standby appliance if the standby was configured before the endpoint was enrolled.

For Oracle Key Vault high availability, you must set up two Oracle Key Vault appliances, which are called peers. At any given time, one appliance is primary and the other is standby (also called the secondary). The primary appliance is the one that services requests from endpoints. The standby appliance takes over as the primary if the primary fails for any reason. The configuration process involves connecting to the primary appliance and providing it with the IP address and certificate of the standby, and then going to the standby appliance and doing the same thing for the primary.

Additionally, you can switch primary and standby nodes and unconfigure high availability entirely.

Configuring High Availability for Oracle Key Vault

The configuration process requires accessing two appliances separately (as a user who has been granted the System Administrator role) and copying the certificate. You should use two separate browsers to allow for copying and pasting from one appliance to another.

  1. Acquire the IP address and certificate for both of the appliances involved as follows:

    Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

    To find the IP address of the server, select the System tab, click Settings, and find the IP address under Network.

    To get the certificate of the server, select the System tab, then click High Availability, and copy the Current system Certificate.

  2. Go to the Oracle Key Vault management console for the standby appliance.

  3. From this appliance, select the System tab.

  4. Click the High Availability menu.

  5. Enter the IP address of the primary server in the Peer system IP Address field.

  6. Paste the certificate of the primary server in a Peer system Certificate.

  7. Click Save.

    This stores the settings. Nothing else needs to be done on the standby appliance. You can log out or close the browser. The following steps only affect the primary appliance.

  8. Log in to the Oracle Key Vault management console for the primary appliance.

  9. Select the System tab.

  10. Click the High Availability menu.

  11. Select the Configure this system as the Primary server check box.

    Description of okv_23.png follows
    Description of the illustration ''okv_23.png''

  12. Change the Failover Timeout (mins) from the default of 10 minutes, if you want. Failover timeout is the time from when the primary fails to when the standby takes over. This delay prevents a failover in a brief network outage.

  13. In the Peer system IP Address field, enter the IP address of the standby server as a peer system.

  14. In the Peer system Certificate field, paste in the certificate of the standby server as a Peer system.

  15. Click Save.

  16. Click Activate.

    A message appears, indicating that the High Availability configuration setup has been initiated and the system will reboot in a few minutes.

    This process takes several minutes to complete.

    The High Availability Status page appears, indicating that high availability is now enabled and providing buttons to Unconfigure and Switchover operations.

    Description of okv_23a.png follows
    Description of the illustration ''okv_23a.png''

Switching Primary and Standby Nodes in a High Availability Cluster

If high availability has been configured, then you can perform a complete switchover to change the current primary node to the standby and make the current standby node the new primary node. This is useful during updates or patches to software or appliances.

  1. Log in to the Oracle Key Vault management console for the primary node as a user who has been granted the System Administrator role.

  2. Select the System tab and select High Availability for the primary node. Then click the Switchover button.

    On success, this message appears: Switchover initiated successfully. Please wait while the system reboots.

    Both the primary node and the standby node are restarted.

After the restart, the high availability status looks as it did after activation in Step 16 in "Configuring High Availability for Oracle Key Vault", but the primary is now the standby and conversely, the standby is now the primary.

Restoring High Availability After a Failover

If the primary node fails, then the cluster automatically fails over to the standby node after the configured failover timeout, and the standby node becomes a standalone appliance.

  1. Replace the failed node with a newly installed Oracle Key Vault appliance. Be sure to use the original IP address for the failed node.

    See "Installing Oracle Key Vault".

  2. Log on to the original standby node (now a standalone appliance) and follow the steps to configure high availability, making sure to designate the appliance as the primary server.

    See "Configuring High Availability for Oracle Key Vault".

  3. After successfully configuring high availability, perform a switchover to restore the cluster to its original configuration before the failover.

    See "Switching Primary and Standby Nodes in a High Availability Cluster".

Unconfiguring High Availability

You can unconfigure a high availability setup in the browser for the primary node. This removes the high availability setup and makes the primary node a standalone node again.

You must reinstall Oracle Key Vault on the standby node to use it again.

  1. Log in to the Oracle Key Vault management console for the primary node as a user who has been granted the System Administrator role.

  2. Select the System tab and select High Availability for the primary node. Then click Unconfigure.

    On success, this message appears: Unconfiguration of High Availability initiated successfully. Please wait while the system restarts.

    When you log in to Oracle Key Vault after it restarts, the high availability page looks the way it did before the high availability configuration.

Backing Up and Restoring Data for Oracle Key Vault

You can back up and restore data for Oracle Key Vault, including scheduling backup operations.

Topics:

About Backing Up and Restoring Data for Oracle Key Vault

Users who have the System Administrator role can back up Oracle Key Vault and then restore it on the same appliance or another installed appliance.

These backups can help restore data lost due to natural or man-made disaster, accidental deletion or data corruption, or simply to restore the system state to an earlier time. Backups are stored off the appliance on an external server, or locally on the Oracle Key Vault appliance.

Oracle Key Vault should be backed up at regular intervals to ensure that the backup holds the most recent data. Oracle Key Vault encrypts all data backed up in the backup file.

To perform the backup, ensure that the backup destination supports the secure copy protocol (SCP).

Oracle Key Vault Backup Destinations

You can create, edit, and delete backup destinations for Oracle Key Vault.

Topics:

About Oracle Key Vault Backup Destinations

Backup destinations are locations where Oracle Key Vault backup files are stored. Backup files are often stored in a remote backup destination to safeguard against any catastrophic failure of the Oracle Key Vault appliance.

You must create backup destinations before you can schedule Oracle Key Vault backups. You can have many backups for each backup destination.

A backup destination can be either external (remote) or local:

  • Remote Backup Destinations

    Remote backup destinations are locations on external servers for remote backups. These destinations can be different geographical locations for disaster recovery purposes.

    The Backup Destination name signifies the external server and the directory location on the server. After the directory location is specified, it cannot be modified for a given backup destination. To create a remote backup destination, you must provide a user account, a unique existing directory location on an external server, and an authentication method. Oracle Key Vault needs the information about the user account and authentication method to make a secure connection with the remote server for copying the backup file.

    Each backup destination and corresponding directory on the external server is associated with a backup catalog file. Oracle Key Vault maintains the backup catalog file, okvbackup.mgr, at the backup location. The backup catalog file maintains a catalog of the backups performed and is used during restore operations.

    Caution:

    • Do not delete or modify the catalog file or you will not be able to find the backups to restore from them later.

    • Do not configure the same destination directory on the external server for different backup destinations. Backups scheduled to these backup destinations will overwrite each other's catalog file, preventing Oracle Key Vault from recognizing the backups correctly.

    Backups on remote destinations can be used to recover a system from data loss.

  • LOCAL Backup Destinations

    Oracle Key Vault provides a special backup destination, LOCAL, which is present out of the box and cannot be deleted.

    Backups to LOCAL are stored on the Oracle Key Vault appliance itself and therefore are not available after a failover or switchover. However, they can be used to restore the system state to what it was at the time of the backup.

    LOCAL destinations can store only the most recent one-time backup and for periodic backups, only the most recent full backup and subsequent cumulative incremental backups. The previous one-time backup is overwritten by the most recent one-time full backup, and the previous periodic backups are overwritten by the most recent periodic full backup.

See "Types of Oracle Key Vault Backups" for more information about periodic and one-time backups.

Note:

The Oracle Key Vault appliance itself cannot be used as the remote backup destination.

Creating Oracle Key Vault Remote Backup Destinations

You can create a remote backup destination for Oracle Key Vault data.

  1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

  2. Select the System tab, and then click the System Backup menu.

    The System Backup page contains a table listing any currently scheduled backups and another table listing the last 10 completed backups, if any.

    Description of okv_17.png follows
    Description of the illustration ''okv_17.png''

  3. Click Manage Backup Destinations.

    The Manage Backup Destinations page contains a table that shows the local backup destination (LOCAL) provided with the Oracle Key Vault appliance, and any previously created remote destinations.

    Description of okv_19.jpg follows
    Description of the illustration ''okv_19.jpg''

  4. Select Create to create a new remote backup destination, which will appear in the table.

  5. When the Create Backup Destination page appears, provide the following information for the backup location.

    Description of okv_20.jpg follows
    Description of the illustration ''okv_20.jpg''

    Caution:

    The Username, Hostname and Destination Path for remote backup destinations should not have a space, single or double quotes in them.

    • Destination Name: Oracle Key Vault name for the remote backup destination where the backup is stored.

    • Transfer Method: Automatically populated with SCP, which is the protocol for copying backup files over SSH.

    • Hostname: External server that stores the backup. Can be the host name (if DNS is configured) or IP address. Do not use another Oracle Key Vault appliance to store any backups for Oracle Key Vault.

    • Port: Port number running SCP on the external server. The default is 22.

    • Destination Path: The existing path to the directory on the external server that stores the backup. This path should not be the destination for backups from another Oracle Key Vault appliance.

    • Username: The username of a user account that has write permission on the directory that is mentioned in the Destination Path field.

    • Authentication Method: Choose one of the following:

      • Password Authentication

        The password of the user account entered in the Username field.

        Note:

        The password of the user account used for backup destination should be strong, unique, and unrelated to other accounts of the user.

      • Key-based Authentication

        Copy the public key that appears and paste it in the appropriate configuration file, such as authorized_keys, on the destination server.

  6. Click Save.

    A dialog box appears indicating that the backup destination was created successfully.

    Oracle Key Vault validates the input supplied to create the backup destination successfully. If this fails, then check for correct input parameters such as hostname, username, password, and directory or destination paths.

Editing Oracle Key Vault Remote Backup Destinations

You can edit Oracle Key Vault remote backup destinations.

  1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

  2. Select the System tab, and then click System Backup as shown in "Creating Oracle Key Vault Remote Backup Destinations", Step 2.

  3. Select Manage Backup Destinations.

    The Manage Backup Destinations page contains a table showing any LOCAL and remote destinations as in Step 3 of "Deleting Oracle Key Vault Remote Backup Destinations".

  4. Click the backup destination name to edit it.

  5. When the Edit Backup Destination page appears, you can edit the following information for the backup location:

    Description of okv_051.png follows
    Description of the illustration ''okv_051.png''

    • Port: Port number running SCP on the external server: (Default 22).

    • Username: The username of a user account on the external server. It is used to copy the backup data to the remote system using SCP.

    • Authentication Method: Choose one of the following:

      • Password Authentication

        The password of the user account entered in the Username field.

      • Key-based Authentication

        Copy the public key that appears and paste it in the appropriate configuration file, such as authorized_keys, on the destination server.

  6. Click Save.

    A dialog box appears, indicating that the backup destination was edited successfully.

    Oracle Key Vault validates the input supplied to the edited backup destination successfully. If this validation fails, then check for and pass correct input parameters such as username and password.

Deleting Oracle Key Vault Remote Backup Destinations

Deleting the backup destination in the Oracle Key Vault management console does not delete the backup files that are stored in the specified location.

  1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

  2. Select the System tab, and then click System Backup as shown in Step 2 "Creating Oracle Key Vault Remote Backup Destinations".

  3. Select Manage Backup Destinations.

    The Manage Backup Destinations page contains a table showing any LOCAL and remote destinations.

    Description of okv_050.jpg follows
    Description of the illustration ''okv_050.jpg''

  4. Select the check box for one or more backup destinations.

  5. Click Delete to delete the scheduled backups.

    Note:

    You cannot delete the LOCAL backup destination.

Scheduling Backup Operations for Oracle Key Vault

You can schedule a backup for Oracle Key Vault to a specified destination and at a specified time. At the specified time, the backup processing starts and generates a system backup, which is a file that is stored on the destination. There is one backup file for each completed backup.

Topics:

About Scheduling Oracle Key Vault Backups

Oracle Key Vault provides different states for and types of scheduled backups.

Topics:

Oracle Key Vault Backup Process

The scheduled backup is in the active state after it has been created.

See "Oracle Key Vault Schedule State", for further information about backup schedule states. You can edit the start time of the scheduled backup or the period of the periodic backup, if the backup is in the active or paused state. You can schedule a backup to start immediately or at a specific start time in the future.

The processing for the scheduled backup begins at the start time if it is in active and not paused state, whereupon it is put into the ongoing state. During processing, a backup file for the Oracle Key Vault system is created and transported to the backup destination. After the processing completes, the scheduled backup is either completed (DONE) or put back into the active state, depending on its type. See "Types of Oracle Key Vault Backups" for further information.

All scheduled backups are serialized. If a backup is already in progress or is ongoing, then no backups can start unless the current ongoing backup completes. Oracle Key Vault operations can continue unhindered while the backup is in progress.

Note:

Ongoing backups are terminated on System Restart.
Oracle Key Vault Schedule State

The different stages of the scheduled backups are indicated by their status.

See "Creating Oracle Key Vault Remote Backup Destinations", Step 2, for a listing of these stages. The states are as follows:

  • ACTIVE

    The backup is scheduled and will be processed at the specified start time or at the next interval.

  • PAUSED

    The scheduled backup is paused and will not be processed even if the start time has passed. It will be processed when it is activated.

  • ONGOING

    The scheduled backup is in progress. Oracle Key Vault is generating a backup file for the Oracle Key Vault system and transporting it to the backup destination.

  • DONE

    Scheduled backup has completed.

You can control schedules by changing their state from active to paused and back. Put a scheduled backup in the paused state for these situations:

  • When Oracle Key Vault communication with the remote destination is broken

  • If the remote destination is down

  • If you want to delay or defer backup processing

You can delete the scheduled backups that have not completed.

Types of Oracle Key Vault Backups

Oracle Key Vault enables you to schedule two types of backups (a one-time backup and a periodic backup).

The types of backups are as follows:

  • One-time backup (full backup)

    A one-time backup makes a full backup of the Oracle Key Vault system. More than one such one-time backup can be scheduled together.

    One-time local backups should be taken before making a significant configuration change to the Oracle Key Vault.

    LOCAL destinations can only store the last one-time backup. When a one-time backup to LOCAL completes, the previous backup is deleted.

  • Periodic backups (full backup plus cumulative incremental backups)

    The periodic backup process makes a backup at regular intervals at the specified frequency (period). The process first makes a full backup (one-time backup) of the Oracle Key Vault system and when this completes, puts it back in the active state. At the end of the subsequent periodic interval, a cumulative incremental backup starts. This cumulative incremental backup holds changes from the last full backup. Another full back is made after 7 days have passed since the last full backup.

    For example, if the backup period is once a day, then every seventh one is a full backup. If the backup period is every 8 days, then all backups are full backups. If the backup period is 12 hours, then there are 13 cumulative backups before a full backup.

    Periodic backups should be scheduled with a period of one day to minimize data loss.

    A LOCAL destination can store only the last full backup and the cumulative incremental backups after that full backup. After a new full backup of the periodic backup to LOCAL completes, previous periodic full or cumulative incremental backups are deleted.

Cumulative incremental backups are faster than full backups. Only one periodic backup can be scheduled at any time.

Scheduling Oracle Key Vault Backups

You can schedule Oracle Key Vault backups from the Oracle Key Vault management console.

  1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

  2. Select the System tab, and then select System Backup.

  3. Click the Backup button.

  4. In the Name field, enter a name for the backup.

  5. Enter the Start Time, click the Calendar icon to select it, or click Now to start the backup immediately.

  6. Select the Destination for the backup.

  7. Select the Type: One-Time or Periodic.

    Description of okv_21.jpg follows
    Description of the illustration ''okv_21.jpg''

    The Backup page is the same for either one-time or periodic backups, except that the fields for days, hours, and minutes only appear for the periodic type.

  8. Select Schedule.

Editing Oracle Key Vault Scheduled Backups

You can edit a scheduled backup for Oracle Key Vault.

  1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

  2. Select the System tab, and then select System Backup.

  3. Select the check box for the scheduled backup in the Scheduled Backup list.

    Description of okv_052.jpg follows
    Description of the illustration ''okv_052.jpg''

  4. Edit the Start Time or click the Calendar icon and select it in the Backup page.

  5. Click Now to start the backup immediately.

  6. Edit the period if this is a periodic backup.

  7. Select Save to save the changes.

Deleting Oracle Key Vault Scheduled Backups

You can delete an Oracle Key Vault scheduled backup.

  1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

  2. Select the System tab, and then select System Backup.

  3. Select the check box for one or more scheduled backups in the Scheduled Backup(s) table as shown in Step 3 "Editing Oracle Key Vault Scheduled Backups".

  4. Click Delete to delete the scheduled backups.

How Other Processes Affect the Oracle Key Vault Backup Process

You should be aware of how other features, such as high availability, are affected by the Oracle Key Vault backup process.

  • High availability

    When Oracle Key Vault is configured for high availability, the backup operation is performed on the primary system.

  • Failover or switchover

    Any backups in progress will terminate if there is a failover or a high availability switchover. Backups to LOCAL are private to the Oracle Key Vault appliance and therefore the local backup on the primary appliance is not available after a failover or switchover.

    Backups scheduled with password authentication start as usual after the failover or switchover.

    Remote backups using key-based authentication will need to update the public key on the destination to match the one shown on the new primary system.

    See Also:

    "Configuring High Availability for Oracle Key Vault"

Protecting the Backup Using the Recovery Passphrase

Oracle Key Vault uses the recovery passphrase to encrypt all user and system data at the time of backup. The recovery password is also used to decrypt the backup at the time of the restore operation.

To restore a backup, use the Oracle Key Vault recovery passphrase from the time when the backup was initiated. This is necessary even if the recovery passphrase was changed after the backup completed. Oracle recommends that you make a new backup every time the recovery passphrase is changed to ensure that there is always a copy of the backup that is protected by the most recent recovery passphrase.

See "Emergency System Recovery Process" for further information about the recovery passphrase and how it is used.

Restoring Oracle Key Vault Data

You can restore Oracle Key Vault data from a backup when there is a data loss.

Topics:

About Restoring Oracle Key Vault Data

If the Oracle Key Vault appliance unexpectedly fails, then the data it previously stored can be restored into a new appliance from the remote backup destination of the original appliance.

Note that the restore process replaces all data on the new appliance except for the root and support user passwords.

For backups scheduled before the Oracle Key Vault appliance was corrupted or lost, the Oracle Key Vault restore operation will reinstate one of the completed backups from the available backup destinations, restoring everything except the root and support passwords.

Remote backups can be used to recover a system from data loss. In disaster recovery, Oracle Key Vault restores the backup onto an installed appliance from a remote destination. You cannot restore if a scheduled backup is in process on this appliance.

Note:

Oracle Key Vault backups should be restored on the system whose timestamp is later than the time of the backup being restored.

In disaster recovery, Oracle Key Vault restores the backup onto an installed appliance from a remote destination.

Oracle Key Vault Restore Process

The Oracle Key Vault restore process involves a setup phase, followed by the restore process.

  • Setup of the Oracle Key Vault appliance in disaster recovery or if the current appliance is not usable:

  • Restore the Oracle Key Vault appliance.

    Determine a backup from remote or local destinations to use for the restore operation.

    If the backup chosen is a cumulative incremental backup, then Oracle Key Vault determines the full backup from the catalog file and restores the full backup before restoring the incremental backup. The backup is protected by a key derived from the recovery passphrase, which you must supply during the restore process. The recovery passphrase was created in "Task 2: Perform Postinstallation Tasks".

Caution:

Restoring removes the current content of Oracle Key Vault and replaces it with the content of the backup. Any changes made since the last backup will be lost.

The maximum life of a backup is 1 year. Any backup older than a year cannot be restored.

Restoring Oracle Key Vault Data

You can restore the data from a backup of Oracle Key Vault.

During the restore process, Oracle Key Vault prompts for the recovery passphrase created at the time when the system was installed.

  1. Log in to the Oracle Key Vault management console as a user who has the System Administrator role.

    See "Logging In to the Oracle Key Vault Management Console."

  2. Select the System tab, and then select System Backup.

  3. Click Restore.

  4. In the Source field, from the drop-down list, select the source of the backup files to recover from.

  5. View the list of available backups for the source, using the Search bar if needed.

  6. Select the Restore option next to the backup you want to restore from.

    Description of okv_22.jpg follows
    Description of the illustration ''okv_22.jpg''

  7. Click Restore to initiate the restore or recovery process.

    You are prompted for the recovery passphrase.

  8. Provide the recovery passphrase and then click Restore to begin the restore operation.

    The system will restore from the backup and then reboot.

High Availability and the Restore Operation

Two considerations apply when you must restore data to an Oracle Key Vault system that is configured for high availability.

These considerations are as follows:

  • If the standby server has taken over after failure of the primary, then there is no need to restore data from a backup. Just configure a new standby server and it automatically synchronizes with the (new) primary.

  • If you restore a backup on the primary node, then you must discard (or reinstall) the standby server and configure a new standby.

Changes Resulting from a System State Restore

Restoring an Oracle Key Vault appliance brings the system state back to the time when the backup was created.

Therefore, any users, objects, endpoints, groups, wallets, and so on, created or changed after the backup was made do not exist on the restored system: they have been replaced by those on the restored backup. For example, if a user's password was changed after the backup operation, then the user's password is restored to what it was at the time of the backup.

Note:

Restoring also changes the recovery passphrase to the one used for the backup.

You should change the user passwords, enroll the endpoints created after backup, and make other similar changes, if required. You should confirm that everything is configured correctly after restoring.

If you are not certain that you restored the correct completed backup, then you can restore a different one. To restore another completed backup, first configure the remote destination of this backup on the restored Oracle Key Vault itself and then start the restore process. You do not need to reinstall the Oracle Key Vault appliance.

When the appliance has been restored to an acceptable state, then you can continue to work with this appliance and to schedule subsequent backups to any of the previously configured remote destinations or new remote destinations.

See Also:

"Changing Oracle Key Vault User Passwords"