14 Backup and Restore Operations
You may configure automatic backups for continuous, reliable, and protected access to security objects with minimum downtime.
- About Backing Up and Restoring Data in Oracle Key Vault
You can use Oracle Key Vault to back up and restore Oracle Key Vault data. - Oracle Key Vault Backup Destinations
A backup destination is the location where Oracle Key Vault data will be copied to and stored. - Backup Schedules and States
Oracle Key Vault provides backup schedule types depending on the backup destination, and different states that indicate the progress of the backup activity. - Scheduling and Managing Oracle Key Vault Backups
You can schedule Oracle Key Vault backups to specific backup destinations and times. - Restoring Oracle Key Vault Data
Oracle Key Vault data from a remote backup destination can be restored onto a another Oracle Key Vault server. - Backup and Restore Best Practices
Oracle provides best practices to keep backups current so that you can recover from catastrophic failures with minimum down time and data loss.
14.1 About Backing Up and Restoring Data in Oracle Key Vault
You can use Oracle Key Vault to back up and restore Oracle Key Vault data.
You should back up data periodically to reduce down time and recover from unexpected data losses and system failures. You can restore a new or existing Oracle Key Vault server from a backup.
Backup and restore operations may be performed from the Oracle Key Vault management console. You must be a user who has the System Administrator role to back up and restore Oracle Key Vault data. You can schedule backups at periodic intervals to run automatically at designated times. You also can run these operations on-demand to save a current snapshot of the system.
Oracle strongly recommends that you back up Oracle Key Vault data regularly on a schedule. This practice ensures that backups are current and hold the most recent data. You can use this backup to restore a new or existing Oracle Key Vault server and be fully operational with minimum downtime and data loss.
Oracle Key Vault encrypts all backed up data, which is copied to the backup destination using the secure copy protocol (SCP). You must therefore ensure that SCP is supported at the backup destination.
In an Oracle Key Vault multi-master cluster environment, the replication intrinsically creates copies of the data in the cluster. You can perform backups on individual Oracle Key Vault servers, on the primary in a primary-standby environment, or on any read-write node in a multi-master cluster. However, you cannot restore a backup to a node in the cluster. Therefore, backups in a cluster are taken for disaster recovery in case of a complete cluster failure, and should be normally kept remote from the cluster nodes.
Parent topic: Backup and Restore Operations
14.2 Oracle Key Vault Backup Destinations
A backup destination is the location where Oracle Key Vault data will be copied to and stored.
- About the Oracle Key Vault Backup Destination
The backup destination enables the backup data to be available in a location other than the Oracle Key Vault server itself. - Creating a Remote Backup Destination
You can use the Oracle Key Vault management console to create a remote backup destination. - Changing Settings on a Remote Backup Destination
After you have created the backup destination, you can only change the SCP port number and details of the user account. - Deleting a Remote Backup Destination
You can delete a remote backup destination to stop future backups to that destination server.
Parent topic: Backup and Restore Operations
14.2.1 About the Oracle Key Vault Backup Destination
The backup destination enables the backup data to be available in a location other than the Oracle Key Vault server itself.
This ensures that you have all the relevant data to recover in case of a catastrophic failure with the Oracle Key Vault server or hardware.
The backup destination is usually another server or computer system that you have access to. You can add, delete, and modify a backup destination.
The backup operation copies Oracle Key Vault data to a backup destination of your choice. The backup destination stores the data until it is needed.
Oracle Key Vault provides two types of backup destinations: local and remote. The local backup destination resides on the Oracle Key Vault server itself, the remote one resides externally in a different server or computer system. You can create more than one backup destination for greater availability.
Local and remote backup destinations have the following characteristics:
-
Local backup destinations: The local backup destination,
LOCAL
, is present by default and cannot be removed.Backups to
LOCAL
are useful to save a current state of Oracle Key Vault. Since these backups are stored in Key Vault, they will be lost in case of a failover or switchover in a primary-standby deployment. Therefore, you should back up the data to a remote destination before you perform operations like failover and switchover.A
LOCAL
destination can store only the last full backup and the cumulative incremental backups after that full backup. After a new full backup of the periodic backup toLOCAL
completes, the previous periodic full or cumulative incremental backups are deleted. -
Remote backup destinations: Remote backup destinations reside on external servers and can be dispersed geographically for disaster recovery purposes.
Each backup destination on the external server is associated with a backup catalog file called
okvbackup.mgr
that Oracle Key Vault maintains at the backup destination. Theokvbackup.mgr
file catalogs the backups performed and is used to restore data.Note:
You cannot use another Oracle Key Vault server as a remote backup destination.
Caution:
-
Oracle Key Vault may not be able to find the backups if you delete or modify the backup catalog file. Therefore, do not delete or modify this file.
-
Do not configure the same remote backup destination directory for different Oracle Key Vault servers as backup destinations, because backups that happen concurrently from different Oracle Key Vault servers will overwrite each other's catalog file, with the result that Oracle Key Vault may not be able to locate the backups correctly.
-
After you restore a backup that contains a remote backup destination, do not continue to use that remote backup destination. Delete any backup jobs that are configured to send backups to that destination. Continuing to use this backup destination could corrupt the backup catalog file. Oracle Key Vault may not be able to locate backups correctly.
-
Configure each node in a multi-master cluster to send their backups to a different backup destination.
Related Topics
Parent topic: Oracle Key Vault Backup Destinations
14.2.2 Creating a Remote Backup Destination
You can use the Oracle Key Vault management console to create a remote backup destination.
Parent topic: Oracle Key Vault Backup Destinations
14.2.3 Changing Settings on a Remote Backup Destination
After you have created the backup destination, you can only change the SCP port number and details of the user account.
Parent topic: Oracle Key Vault Backup Destinations
14.2.4 Deleting a Remote Backup Destination
You can delete a remote backup destination to stop future backups to that destination server.
Parent topic: Oracle Key Vault Backup Destinations
14.3 Backup Schedules and States
Oracle Key Vault provides backup schedule types depending on the backup destination, and different states that indicate the progress of the backup activity.
- About Backup Schedule Types and States
You can schedule backups in Oracle Key Vault for specific times and backup destinations. - Types of Oracle Key Vault Backups
Oracle Key Vault provides two types of backup jobs that can be scheduled: one-time backups, and periodic backups. - Scheduled Backup States in Oracle Key Vault
Scheduled backups have four states, which indicate whether the backup is scheduled, in progress, completed, or paused.
Parent topic: Backup and Restore Operations
14.3.1 About Backup Schedule Types and States
You can schedule backups in Oracle Key Vault for specific times and backup destinations.
The backup process starts at the scheduled time and generates a system backup, which is a file that is stored on the backup destination. There is one backup file for each completed backup.
No backup can start if another backup is in progress. You can change the schedule of backups as needs change. You can continue working with Oracle Key Vault while the backup is in progress.
A system restart will terminate any ongoing backup. If you must restart the system, then you can cancel a backup that is scheduled to happen at the same time, and backup the system after the restart.
Parent topic: Backup Schedules and States
14.3.2 Types of Oracle Key Vault Backups
Oracle Key Vault provides two types of backup jobs that can be scheduled: one-time backups, and periodic backups.
-
One-time backup: A one-time backup makes a full backup of the Oracle Key Vault system. You can schedule multiple one-time backup jobs, each with its own start time.
You should make one-time local backups before making significant configuration changes to Oracle Key Vault, in case you need to recover from configuration failures.
LOCAL
destinations can only store the last one-time backup. When a one-time backup toLOCAL
completes, the previous backup is deleted. -
Periodic backup: The periodic backup process first makes a full backup of the Oracle Key Vault system and puts the backup schedule in active state. At the end of the subsequent periodic interval, a cumulative incremental backup starts. This cumulative incremental backup holds changes from the last full backup. Another full backup is made after 7 days have passed since the last full backup.
For example, if the backup period is once a day, then every seventh one is a full backup. If the backup period is every 8 days, then all backups are full backups. If the backup period is 12 hours, then there are 13 cumulative backups before a full backup.
You should schedule periodic backups with a period of at least one day to minimize data loss.
A
LOCAL
destination can store only the last full backup and the cumulative incremental backups after that full backup. After a new full backup of the periodic backup toLOCAL
completes, previous periodic full or cumulative incremental backups are deleted.Cumulative incremental backups are faster than full backups. Only one periodic backup can be scheduled at any time.
Related Topics
Parent topic: Backup Schedules and States
14.3.3 Scheduled Backup States in Oracle Key Vault
Scheduled backups have four states, which indicate whether the backup is scheduled, in progress, completed, or paused.
- ACTIVE: The backup is scheduled and will be processed at the specified start time or period.
- PAUSED: All future backups are on hold and will not start even if the start time has passed. They will start when they are explicitly resumed. You can change the state from active to paused and back. Put a scheduled backup in the paused state for these situations:
- When communication between Oracle Key Vault and the remote destination is broken
- If the remote destination is unavailable or inactive
- If you want to defer the backup
You can delete the scheduled backups that have not completed.
- ONGOING: The backup is in progress.
- DONE: The backup is complete.
Parent topic: Backup Schedules and States
14.4 Scheduling and Managing Oracle Key Vault Backups
You can schedule Oracle Key Vault backups to specific backup destinations and times.
You must create the backup destinations that you will use beforehand, and you can modify or delete backup schedules.
- Scheduling a Backup for Oracle Key Vault
You can schedule a one-time or a periodic backup to a local or remote backup destination. - Changing a Backup Schedule for Oracle Key Vault
You cannot change the schedule of a backup in progress. - Deleting a Backup Schedule from Oracle Key Vault
You can delete a backup schedule from the Oracle Key Vault management console. - How Primary-Standby Affects Oracle Key Vault Backups
In a primary-standby deployment, you must perform backups on the primary server. - Protecting the Backup Using the Recovery Passphrase
Oracle Key Vault uses the recovery passphrase to control who can restore user and system data.
Parent topic: Backup and Restore Operations
14.4.1 Scheduling a Backup for Oracle Key Vault
You can schedule a one-time or a periodic backup to a local or remote backup destination.
Parent topic: Scheduling and Managing Oracle Key Vault Backups
14.4.2 Changing a Backup Schedule for Oracle Key Vault
You cannot change the schedule of a backup in progress.
Parent topic: Scheduling and Managing Oracle Key Vault Backups
14.4.3 Deleting a Backup Schedule from Oracle Key Vault
You can delete a backup schedule from the Oracle Key Vault management console.
- Log in to the Oracle Key Vault management console as a user who has the System Administrator role.
- Select the System tab, and then System Backup from the left sidebar.
- Check the boxes of scheduled backups listed in Scheduled Backup(s).
- Click Delete to delete the selected backup schedules.
Parent topic: Scheduling and Managing Oracle Key Vault Backups
14.4.4 How Primary-Standby Affects Oracle Key Vault Backups
In a primary-standby deployment, you must perform backups on the primary server.
Because the standby synchronizes its state with the primary, you do not need to back up the standby.
Be aware of the following behavior for failover or switchover operations in a primary-standby deployment:
-
Any backups in progress will terminate if there is a failover or a primary-standby switchover. Backups to
LOCAL
are private to the Oracle Key Vault server and therefore the local backup on the primary server is not available after a failover or switchover. -
Backups scheduled with password authentication start as usual after the failover or switchover.
-
Remote backups using key-based authentication will need to update the public key on the destination to match the one shown on the new primary system.
Parent topic: Scheduling and Managing Oracle Key Vault Backups
14.4.5 Protecting the Backup Using the Recovery Passphrase
Oracle Key Vault uses the recovery passphrase to control who can restore user and system data.
To restore a backup, use the Oracle Key Vault recovery passphrase from the time when the backup was initiated. This is necessary even if the recovery passphrase was changed after the backup completed. Oracle recommends that you make a new backup every time the recovery passphrase is changed to ensure that there is always a copy of the backup that is protected by the most recent recovery passphrase.
Related Topics
Parent topic: Scheduling and Managing Oracle Key Vault Backups
14.5 Restoring Oracle Key Vault Data
Oracle Key Vault data from a remote backup destination can be restored onto a another Oracle Key Vault server.
This restore operation minimizes downtime and data loss.
- About the Oracle Key Vault Restore Process
The restore process replaces all data on the new server except theroot
andsupport
user passwords. - Procedure for Restoring Oracle Key Vault Data
You can store Oracle Key Vault data using the Oracle Key Vault management console. - Multi-Master Cluster and the Restore Operation
In a multi-master cluster deployment, you must consider several factors before you restore data to Oracle Key Vault. - Primary-Standby and the Restore Operation
In a primary-standby deployment, you must consider several factors before you restore data to Oracle Key Vault. - Third-Party Certificates and the Restore Operation
A third-party certificate installed at the time of a backup will not be copied when you restore another server from this backup. - Changes Resulting from a System State Restore
Restoring an Oracle Key Vault server brings the system state back to the time when the backup last performed.
Parent topic: Backup and Restore Operations
14.5.1 About the Oracle Key Vault Restore Process
The restore process replaces all data on the new server except the root
and support
user passwords.
You will not be able to restore data to a server if there is a scheduled backup in process on the server.
Note:
You must restore Oracle Key Vault data to a server only after ensuring that all scheduled backups on the server are completed.
Restoring data to an Oracle Key Vault server replaces the data in the server with that of the backup. Any changes made since the last backup will be lost. Backups can only be restored to the same version of Oracle Key Vault at which the backup was taken.
The maximum life of a backup is 1 year.
Note:
Any backup older than a year cannot be restored.You must have the recovery passphrase that was in effect at the time of the backup in order to restore data from a backup. If you have not changed the recovery passphrase since installing Oracle Key Vault, then you must use the recovery passphrase that you created during the post-installation process.
Restoring data in Oracle Key Vault entails the following general steps:
-
Setting up the backup environment, which includes, after install Oracle Key Vault, configuring backup destinations.
-
Performing the restore operation by determining the backup to use from a local or remote backup destination, and then providing the recovery passphrase to begin the restore process. You create the recovery passphrase as part of the post-installation tasks for Oracle Key Vault.
Related Topics
Parent topic: Restoring Oracle Key Vault Data
14.5.2 Procedure for Restoring Oracle Key Vault Data
You can store Oracle Key Vault data using the Oracle Key Vault management console.
Related Topics
Parent topic: Restoring Oracle Key Vault Data
14.5.3 Multi-Master Cluster and the Restore Operation
In a multi-master cluster deployment, you must consider several factors before you restore data to Oracle Key Vault.
- You must restore only if all nodes in the cluster are lost.
- You must restore the backup on a standalone Oracle Key Vault server only, regardless of which node the backup was taken.
- The data restored is only as current as the backup.
- After the restore operation, you must now use the restored server as the first node of a new cluster.
Parent topic: Restoring Oracle Key Vault Data
14.5.4 Primary-Standby and the Restore Operation
In a primary-standby deployment, you must consider several factors before you restore data to Oracle Key Vault.
- You must perform the restore operation only if both the primary and standby data are lost.
- You must restore the backup on a standalone Oracle Key Vault server only, even if the backup was taken from the primary.
- The restore operation replaces the Oracle Key Vault server with the backup. This means that some data can be lost. You might need to restore the endpoint database.
- If you restore a backup taken from the primary node, then you must discard (or reinstall) the standby server and configure a new standby.
- If the standby server has taken over as primary, then there is no need to restore data from a backup to the new standby server. Just configure a new standby server and it automatically synchronizes with the functioning primary.
- If your site uses the Commercial National Security Algorithm (CNSA) suite, then you must re-install these algorithms on the Oracle Key Vault server after the restore operation is complete.
Related Topics
Parent topic: Restoring Oracle Key Vault Data
14.5.5 Third-Party Certificates and the Restore Operation
A third-party certificate installed at the time of a backup will not be copied when you restore another server from this backup.
You must re-install the third-party certificate on the new server in order to use it.
Related Topics
Parent topic: Restoring Oracle Key Vault Data
14.5.6 Changes Resulting from a System State Restore
Restoring an Oracle Key Vault server brings the system state back to the time when the backup last performed.
Therefore, any changes that were made after the backup was made do not exist on the restored system. For example, if a user's password was changed after the backup operation, the new password will not be available in the restored system. The restored system will have the password that was in effect when the backup was made.
Note:
Restoring also changes the recovery passphrase to the one that was in effect during the backup.
You should change the user passwords, enroll the endpoints created after backup, and make other similar changes, if required. You should confirm that everything is configured correctly after restoring.
If you are not certain that you restored the correct backup, then you can restore a different one. To restore another backup, first configure the remote destination of this backup on the restored Oracle Key Vault itself, and then start the restore process. You do not need to reinstall the Oracle Key Vault appliance.
When the Oracle Key Vault server has been restored and is functional, you can continue to back up Oracle Key Vault data to new or previous remote destinations.
Depending on the age of your backup, the restored server may be missing endpoints, security objects, and other changes made after the restored backup was taken. You may need to enroll missing endpoints and upload missing security objects, or choose a more recent backup to restore. It is also recommended that you change user passwords after a restore operation and backup the Oracle Key Vault.
Parent topic: Restoring Oracle Key Vault Data
14.6 Backup and Restore Best Practices
Oracle provides best practices to keep backups current so that you can recover from catastrophic failures with minimum down time and data loss.
-
Ensure that the recovery passphrase at the time of backup is accessible because you will need it to restore data from a backup.
-
Back up data any time you change the recovery passphrase.
-
Ensure that you create at least one remote backup destination in a primary-standby deployment. Because the local backup resides on the Oracle Key Vault server itself, it will be lost in a failover or switchover situation.
-
Do not delete the backup catalog file that is associated with a remote backup destination, even if you stop using the backup destination. If you ever need to restore from a backup on this server, you will need the backup catalog file.
-
If you use the same remote server for multiple backup destinations, then ensure that the directories are unique so that you have distinct backup catalog files associated with each backup destination. If you fail to do this, then the backup catalog file will be overwritten during subsequent backups and become unusable.
-
Before you restore data, ensure that all scheduled backups are complete.
-
To create remote backup destinations successfully:
- Ensure that the servers used as remote backup destinations are enabled and active.
- Ensure that there is connectivity between Oracle Key Vault and remote server that you plan to use as a backup destination.
- Ensure that the remote server designated as a backup destination supports the secure copy protocol (SCP).
- Validate the user account credentials on the remote server before you create the backup destination on Oracle Key Vault.
- Ensure that the destination directory has write permissions.
- Create more than one remote backup destination on multiple servers for redundancy.
- Ensure that the destination directories are unique if you are using the same remote server for multiple backup destinations. You must do this to prevent later backups from overwriting previous ones.
-
Perform a one-time backup once every seven days.
-
Schedule a periodic backup with a period of one day. This ensures that you have a full backup once in seven days.
-
Perform a local one-time backup before system changes. You can use this backup as a restore point.
-
Backup before and after upgrading Oracle Key Vault server software.
-
Change the backup destination after each upgrade. If at all possible do not reuse the backup destination.
Parent topic: Backup and Restore Operations