See below to restore the state of a Cryptographic Security Platform installation comprising one or several nodes.

As explained in Installing CSP, only prod-mode installations support state backup and restore.

Restoring the state of a single-node Cryptographic Security Platform installation

See below to restore the Cryptographic Security Platform status when installed in a single node.

To restore a single-node Cryptographic Security Platform installation

  1. Reproduce the Cryptographic Security Platform installation used for Backing up the state. Specifically:
    • Install the same Cryptographic Security Platform version.
    • Set the node hostname and IP address as in the original installation.

  2. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, restore the device using the tools provided by the HSM vendor. 

    If you previously ran the clusterctl backup restore command, you do not need to restore HSM-protected keys. The backup file imported by the command includes these keys.

  3. If the solutions of the restored installation use databases, follow the instructions of the DBMS vendor to restore the database contents.
  4. Copy the file generated with the clusterctl backup create command when Backing up the state.
  5. Run the clusterctl backup restore command to restore the backup file. 
  6. Log into the Management Console and click Deploy for the CA Gateway solution (if deployed in the restored solution).

Restoring the state of a multi-node Cryptographic Security Platform installation

See below to restore the Cryptographic Security Platform status when installed in several nodes.

To restore a multi-node Cryptographic Security Platform installation

  1. Reproduce the Cryptographic Security Platform installation used for Backing up the state. Specifically:
    • Install the same Cryptographic Security Platform version.
    • Add the same number of nodes as in the original installation.
    • Set the node hostname and IP address as in the original installation.

  2. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, restore the device using the tools provided by the HSM vendor. 

    If you previously ran the clusterctl backup restore command, you do not need to restore HSM-protected keys. The backup file imported by the command includes these keys.

  3. If the solutions of the restored installation use databases, follow the instructions of the DBMS vendor to restore the database contents.
  4. Import the license as explained in Setting or updating the license.
  5. Run the clusterctl certificate command to install the TLS certificate and key backup.
  6. Run the clusterctl volume capacity to restore the previous volume capacity policies.
  7. Run clusterctl retention config logs to restore the previous log retention period.
  8. Run clusterctl retention config metrics to restore the previous metric retention period.
  9. Run the clusterctl proxy set to restore the previous proxy settings.
  10. Follow the steps described in Restoring solution settings to restore and deploy the CA Gateway, Certificate Enrollment Gateway, and Certificate Manager solutions (if present in the restored installation).

  11. In any installation node:

    1. Copy the file generated with the clusterctl backup create command when Backing up the state.

    2. Run the clusterctl backup restore command to restore the backup file. 
  12. Log into the Management Console and click Deploy for the following solutions (if deployed in the restored platform).
    • Certificate Authority
    • Validation Authority
    • Timestamping Authority