Scheduling Backups
Note
This feature is not included in Community Edition and requires a valid Virtual CipherTrust Manager license. To activate your instance with a trial evaluation, or a term or perpetual license, see Licensing.
The CipherTrust Manager can periodically run database backup jobs in the background. This can be achieved by creating scheduler configurations for database backups. Scheduler configurations are supported for both system and domain scoped backups. Refer to Backups for details on backups and their types.
In a clustered environment, by default the scheduled backup can run on any cluster node. There is an option in the API and CLI to restrict which nodes can run the scheduled backup.
Caution
By default, no limit is set on the number of backup files retained on CipherTrust Manager. To avoid disk space issues, we strongly recommend using the --retention-count flag to set a limit on the number of backup files to retain.
As well, disk space issues can also occur if you do not periodically transfer or manually delete backup files. As described in scheduler you can use the --do-scp true and --conn "<scp_connection_name>" flags to send backup files to an external server registered as an external connection.
This section provides examples of backup scheduler configurations using the ksctl utility. Refer to the ksctl or API documentation for details.
Note
Scheduler itself is a generic service, so it provides granularity of a minute. A job configuration should take the nature of operation information into consideration. For example, backing up a database every minute is a highly unlikely use case.
Scheduling System Scoped Backup Jobs
To schedule a system scoped backup job, run the command:
ksctl scheduler configs create backup --name <config_name> --run-at "<cron_expression_format>" --description "<config-description>" --backup-key-id "<backup_key_ID>" --retention-count <number_of_backups_to_retain>
Here,
<config_name>: Name for the job configuration.<cron_expression_format>: Time when the job runs. The format must have five fields. If the number of fields is not equal to five, the format becomes invalid. Refer to Time Specification for details.<config_description>: Description of the job configuration.<backup_key_ID>: ID of the backup key. If a key ID is not specified, the default backup key will be used.Note
If you are operating a cluster and specify a backup key, be sure to upload that backup key to every node. Otherwise, the scheduled backup will fail on nodes that do not have the backup key.
<number_of_backups_to_retain>: An integer value indicating how many backup files to store on the CipherTrust Manager.
Example:
The following command schedules a system scoped database backup job using the specified backup key everyday at 9 AM.
$ ksctl scheduler configs create backup --name daily\_backup --run-at "0 9 * * *" --description "Daily system backup" --backup-key-id "e817b3ba-1787-496a-b5ac-27756e9efb1b" --retention-count 5
Scheduling Domain Scoped Backup Jobs
To schedule a domain scoped backup job, run the command:
ksctl scheduler configs create backup --scope "domain" --name <config_name> --run-at "<cron_expression_format>" --description "<config_description>" --retention-count <number_of_backups_to_retain>
Here,
--scope domain: Scope of the backup is domain. The scope flag must be used for scheduling domain scoped backup jobs.<config_name>: Name for the job configuration.<cron_expression_format>: Time when the job runs. The format must have five fields. If the number of fields is not equal to five, the format becomes invalid. Refer to Time Specification for details.<config_description>: Description of the job configuration.<number_of_backups_to_retain>: An integer value indicating how many backup files to store on the CipherTrust Manager.
Example:
The following command schedules a domain scoped database backup job every Monday at 9 AM.
text $ ksctl scheduler configs create backup --scope "domain" --name daily_backup --run-at "0 9 * * 1" --description "Weekly domain backup"` --retention-count 5
