Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks

Backing Up and Restoring CT-VL

search

Please Note:

Backing Up and Restoring CT-VL

Create regular backups of the server to ensure restoration of CT-VL instance in the event of system failure. System failure can occur even in a clustered environment. To minimize the risk of failure, regularly back up your CT-VL implementation using the administration interface or the REST API.

Before upgrading your CT-VL version or making any major server configuration changes, use the CT-VL GUI to create a backup. Additionally, maintain a regular backup schedule using the CT-VL REST API.

Use the administration interface to restore the state of your CT-VL implementation. Backups can restore the CT-VL instance to a saved version in the following scenarios:

  • System failure.

  • Upgrade failure.

  • Due to unrecoverable system configuration errors.

Note

  • A backup cannot restore a system using a CT-VL version older than 2.2.2. A backup cannot be applied to any version of the CT-VL software that is older than the version in use when the backup was created.

    • If the backup fails due to timeout from either GUI or API, use the counter trim --tablename command to trim the counter table size, then try backup again. For more information, see CLI Reference.

Backing up CT-VL in the GUI

Use the administration interface to create and save a backup.

Perform the following steps to create a backup:

  1. Go to Settings > Backup > Create Backup tab.

  2. Accept the default values and provide the Encryption key name.

  3. (Optional) Select the Exclude counters from backup checkbox to create a backup excluding the counter table entries.

  4. Click Backup now.

The archive is generated and saved to your default download folder. The file name has the following syntax:

backup_year-month-dayTHH-MM-SS

For example:

backup_2025-04-10T10-32-33

Move the backup to your storage directory.

Managing Backup Tasks

The backup REST API endpoint retrieves a backup file of your CT-VL from anything that can send an HTTP request. We recommend using this API to schedule automatic backups. The backups would be created with default key, and the counter tables are not excluded by default.

Sample Requests

Request (Authentication)

curl -k -X POST -H "Content-Type: application/json" -d '{"username":"vtsuser","password":"Password123!"}' https://vts_server_address/api/api-token-auth/

Request (Backup)

Backup request with default key and excludecounters=false:

curl -k -X GET -H 'Authorization:Bearer <token>' https://vts_server_address/api/backup/create -o backup.zip

Backup request with key testkey and excludecounters=false:

curl -k -X GET -H 'Authorization:Bearer <token>' https://vts_server_address/api/backup/create/testkey -o backup.zip

Backup with key testkey and excludecounters=true:

curl -k -X GET -H 'Authorization:Bearer <token>' https://vts_server_address/api/backup/create/testkey?excludecounters=true -o backup.zip

Backup with default key and excludecounter=true:

curl -k -X GET -H 'Authorization:Bearer <token>' https://vts_server_address/api/backup/create/testkey?excludecounters=true -o backup.zip

Restoring the CT-VL from a Backup

If a complete system restore is required, make sure the CT-VL installation is complete before beginning this task.

Note

Make sure the CT-VL version leveraged for the backup is the same as the backup or newer than the backup and is at least version 2.2.2.

Use the following steps to restore the CT-VL to its last recorded working state using a backup:

  1. Select Backup from the administration interface left hand navigation.

  2. Click the Restore tab.

  3. Click Choose File and navigate to the required backup archive.

  4. Confirm the following back up details:

    • CT-VL version

    • Backup date

    • Encryption key name

  5. Click Restore.

Note

Depending on the size of the backup, the restore process may take some time.

If this node is a member of an existing cluster, it is removed from the cluster. Any existing data on this node is destroyed.

A new cluster is created with this node as the first node but with data restored from the backup.

When the restore completes, this node has all data from the backup including login credentials.

Note

If the user forgets the login credentials in the backup, run the createsuperuser CLI command to create a new user.

This node becomes a new node of a new cluster. It is no longer a member of any previous cluster.

Note

If this node was a member of an existing cluster prior to the restore, it must be removed from that cluster. Failure to remove this node from its previous cluster prevents new nodes from joining that cluster.

The CT-VL is restored to the state of archive. When the task is complete, a banner appears, indicating that the restore is complete. The CT-VL reboots.

When the login screen appears, enter your credentials to access the restored application.

Key Rotation

Regular encryption key rotation can increase security and also satisfy some PCI DSS requirements. To rotate CT-VL keys, ask your CT-VL Administrator to run the CT-VL CLI command security gencert on the CM that creates and stores the CT-VL keys.

Versioned keys are not permitted for tokenization.

On this page