Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Tasks

Backing Up and Restoring CT-VL

search

Please Note:

printsuggest an edit

Backing Up and Restoring CT-VL

Create regular backups of the server to restore CT-VL in the event of failure. Even in a clustered scenario, system failure can occur. To minimize this risk, backup your CT-VL implementation regularly using the administration interface or the REST API.

Use the CT-VL GUI to create a backup before upgrading your CT-VL version and before any major server configuration changes. Maintain a regular backup schedule using the CT-VL REST API.

Restore the state of your CT-VL implementation using the administration interface. Backups restore the CT-VL to the saved version in the following scenarios:

  • Restoring the application after system failure.

  • Restoring the application after upgrade failure.

  • Restoring the application due to unrecoverable system configuration errors.

Note

  • Use the same CipherTrust Manager for performing the backup and restore operations.

  • It is mandatory to reboot CT-VL after backup and restore. To reboot, use the command system> reboot.

copy link to clipboardBacking up CT-VL in the GUI

Use the administration interface to create and save a backup.

Use the following steps to create a system archive:

  1. Select Backup from the administration interface left hand navigation.

  2. Click the Create Backup tab.

  3. Accept the default values, and click Backup now.

The archive generates and is saved to your default download folder. The file name is created with the following syntax:

backup_year-month-day

For example:

backup_2018-10-20

Move the backup to your storage directory.

copy link to clipboardManaging Backup Tasks

Use the REST API to create a backup and automate system backup tasks.

You can use the Backup API to generate backups via any valid HTTP request. The syntax requires authentication using user credentials.

copy link to clipboardRestoring the CT-VL from a Backup

If a complete system restore is required, make sure the CT-VL installation is complete before beginning this task.

Note

While installing CT-VL, it is recommended to use the same CipherTrust Manager that you have used for backup.

Use the following steps to restore the CT-VL to its last recorded working state using a backup:

  1. Select Settings > Backup from the administration interface left hand navigation.

  2. Click the Restore tab.

  3. Click Choose File and navigate to the required backup archive.

  4. Confirm the following back up details:

    • CT-VL version

    • Backup date

    • Encryption key name

  5. Click Restore.

Note

  • Depending on the size of the backup, the restore process may take some time.

  • It is recommended to use CLI for the restore process.

If this node is a member of an existing cluster, it is removed from the cluster. Any existing data on this node is destroyed.

A new cluster is created with this node as the first node but with data restored from the backup.

When the restore completes, this node has all data from the backup including login credentials. Refer to Check the Restore Status for details.

Note

If the user forgets the login credentials in the backup, run the createsuperuser CLI command to create a new user.

This node becomes a new node of a new cluster. It is no longer a member of any previous cluster.

Note

If this node was a member of an existing cluster prior to the restore, it must be removed from that cluster. Failure to remove this node from its previous cluster prevents new nodes from joining that cluster.

The CT-VL is restored to the state of archive. When the task is complete, a banner appears, indicating that the restore is complete. The CT-VL reboots.

When the login screen appears, enter your credentials to access the restored application.

Note

After the restore operation has been successfully completed, you can verify using the following operations:

  • Tokenize Data

  • Detokenize Data

  • Encrypt Data

  • Decrypt Data

copy link to clipboardCheck the Restore Status

Warning

When restoring the backup, the GUI becomes unresponsive after a certain time (approximately 10 minutes) and does not show the restore status. To know the exact restore status, check logs in CLI using the following command:

vts logfile --tail clish.log

The status of the restore is given below:

vts logfile --tail clish.log
ctvl3 cluster - INFO: restore db from backup
ctvl3 cluster - INFO: Restore database using sql dumps in backup_dir: /var/backup
ctvl3 cluster - INFO: add 'default=False' parameter to new columns
ctvl3 cluster - INFO: Reset cluster complete
ctvl3 cluster - INFO: SUCCESS: restore -f /var/backup/backup_2024-09-06T12-58-35.zip

copy link to clipboardKey Rotation

Regular encryption key rotation can increase security and also satisfy some PCI DSS requirements. To rotate CT-VL keys, ask your CT-VL Administrator to run the CT-VL CLI command security gencert on the CM that creates and stores the CT-VL keys.

Versioned keys are not permitted for tokenization.

On this page

  • Restoring the CT-VL from a Backup
  • Key Rotation