Backup and Restore
CipherTrust Manager provides options to back up CTE policies and restore them to other CipherTrust Manager appliances. A CipherTrust Manager administrator with backup and restore permissions can fully or partially export CTE policies from one domain and import them into a different domain on the same CipherTrust Manager or a different CipherTrust Manager. The data under the backed up (exported) policies will remain encrypted.
This section covers the following topics:
Perform the steps in the given order.
Assumptions
Before restoring CTE policies into the same or a different CipherTrust Manager:
Restore all the keys associated with CTE policies.
Restore the backup keys.
The policy backup file contains policies with the associated resources, including:
Security rules
Key rules
LDT rules
IDT rules
Policy elements (user sets, process sets, resource sets, and signature sets)
The backed up policy data does not include:
Keys that are associated with key rules. However, if the backup of keys and CTE policies is taken together, then the linked keys are included in the backup.
Signatures associated with signature sets
Note
If the system, where the policies are being restored, contains any conflicting policy or policy elements:
Policies with the same name are skipped.
All policies using the conflicting policy elements are skipped.
Backing up and Restoring Keys and CTE Policies
Tip
CTE policies and keys used can be backed up separately (in different backup files) or together (in a single backup file.) If they are backed up separately, the key backup must be restored before the CTE policies.
Keys and CTE Policies are Backed up Together
When you want to back up the keys and CTE policies together:
Back up the keys and CTE policies.
Create a domain scoped backup key. You can also use an existing backup key. This key is needed to encrypt the backup file.
Download the domain scoped backup key. Ignore this step if you have already downloaded the key.
Download the domain scoped backup of keys and CTE policies.
A backup file of keys and CTE policies will be downloaded. You need to restore this backup file to the destination CipherTrust Manager where you want to restore the backed up keys and CTE policies.
Now, transfer the downloaded backup key and the backup file to the destination CipherTrust Manager, as described below.
Restore the backup file.
Keys and CTE Policies are Backed up Separately
When you want to back up the keys and CTE policies separately:
Back up the CTE keys.
Create a domain scoped backup key. You can also use an existing backup key. This key is needed to encrypt the exported backup file.
Download the domain scoped backup key. Ignore this step if you have already downloaded the key.
Download the domain scoped key backup.
A backup file of keys will be downloaded. You need to restore this backup file to the destination CipherTrust Manager where you want to restore the backed up keys.
Now, transfer the downloaded backup key and the backup file to the destination CipherTrust Manager, as described below.
Back up the CTE policies.
Create a domain scoped backup key. You can also use an existing backup key. This key is needed to encrypt the exported backup file.
Download the domain scoped backup key. Ignore this step if you have already downloaded the key.
Download the domain scoped CTE policy backup.
A backup file of CTE policies will be downloaded. You need to restore this backup file to the destination CipherTrust Manager where you want to restore the backed up policies.
Now, transfer the downloaded backup key and the backup file to the destination CipherTrust Manager, as described below.
Import the downloaded backup file.
Signing Files in Restored Signature Sets
The restored policy backup contains imported signature sets. As the signatures linked with the signature sets are not included in the backup, you need to sign the files in the signature sets. Refer to Signing Files in a Signature Set for details.