See below to restore the state of a Cryptographic Security Platform installation comprising one or several nodes.

As explained in Installing CSP, only prod-mode installations support state backup and restore.

Restoring the state of a single-node Cryptographic Security Platform installation

See below to restore the Cryptographic Security Platform status when installed in a single node.

To restore a single-node Cryptographic Security Platform installation

  1. Reproduce the Cryptographic Security Platform installation used for Backing up the Cryptographic Security Platform state. Specifically:
    • Install the same Cryptographic Security Platform version.
    • Set the node hostname and IP address as in the original installation.
  2. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, restore the device configuration as explained in Restoring the HSM
  3. If the solutions of the restored installation use databases, restore the database contents as explained in Restoring databases.
  4. Copy the file generated with the clusterctl backup create command when Backing up the Cryptographic Security Platform state.
  5. Run the clusterctl backup restore command to restore the backup file. 
  6. Log into the Management Console and click Deploy for the CA Gateway solution (if deployed in the restored solution).

Restoring the state of a multi-node Cryptographic Security Platform installation

See below to restore the Cryptographic Security Platform status when installed in several nodes.

To restore a multi-node Cryptographic Security Platform installation

  1. Reproduce the Cryptographic Security Platform installation used for Backing up the Cryptographic Security Platform state. Specifically:
    • Install the same Cryptographic Security Platform version.
    • Add the same number of nodes as in the original installation.
    • Set the node hostname and IP address as in the original installation.
  2. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, restore the device configuration as explained in Restoring the HSM
  3. If the solutions of the restored installation use databases, restore the database contents as explained in Restoring databases.
  4. Import the license as explained in Setting or updating the license.
  5. Run the clusterctl certificate command to install the TLS certificate and key backup.
  6. Run the clusterctl volume capacity to restore the previous volume capacity policies.
  7. Run clusterctl retention config logs to restore the previous log retention period.
  8. Run clusterctl retention config metrics to restore the previous metric retention period.
  9. Run the clusterctl proxy set to restore the previous proxy settings.
  10. Follow the steps described in Restoring solution settings to restore and deploy the Gateway, Certificate Enrollment Gateway, and Certificate Manager solutions (if present in the restored installation).

  11. In any installation node:

    1. Copy the file generated with the clusterctl backup create command when Backing up the Cryptographic Security Platform state.

    2. Run the clusterctl backup restore command to restore the backup file. 
  12. Log into the Management Console and click Deploy for the following solutions (if deployed in the restored platform).
    • Certificate Authority
    • Validation Authority
    • Timestamping Authority