The data backup and restoration feature allows you to restore the data of a hardware security module (HSM) to a previous state or to other HSMs in the same region or in a different region. This feature is suitable for scenarios in which data restoration is required or a service is available in new regions. This topic describes how to use the data backup and restoration feature.
Feature description
The feature performs a full backup for HSM data and generates an image for the full backup. If the image is used again to back up data, the original data of the image is overwritten. You can enable the data backup and restoration feature for all HSMs or a specific HSM in your cluster.
Backup content
Backup data | Description |
User information | User accounts, user passwords, and identity types. |
Certificate information | Cluster certificates and self-issued certificates. |
Key | Keys and key attributes. Key attributes include key identifiers, key types, key usage, key status, information about key owners, key check values (KCVs), elliptic curve types (for Elliptic Curve Cryptography (ECC) keys only), and Chinese Remainder Theorem (CRT) parameters (for Rivest-Shamir-Adleman (RSA) keys only). |
Hardware-protected keys of KMS rely on HSMs and include key materials (HSM keys) and key metadata. HSMs can back up the key materials of hardware-protected keys, but cannot back up the key metadata .
Key materials refer to the core parameters of keys that are generated and hosted by Key Management Service (KMS) by using a physically isolated HSM environment.
Key metadata includes business data stored in KMS. The business data includes key IDs, the KMS instance to which keys belong, Alibaba Cloud Resource Names (ARNs), and key policies.
Backup method and time
Only full backups are supported.
If you enable the data backup and restoration feature on Day T, the system performs the first backup at 00:00 (UTC+8) on Day T+1, and then backs up data once at 00:00 (UTC+8) each day after Day T+1. Each backup generates an image. If all images are occupied, a newly generated image overwrites the earliest image.
Download and deletion of backups
You cannot download backups and the images of backups or view data in the images, which reduces the risks of data being illegally copied or leaked.
You cannot manually delete backups and the images of backups. Ninety days after an HSM is released, the backups are automatically deleted, and data in all the images is released. Before the system deletes the backups of an HSM, you can use the backup data to copy or restore data across regions .
ActionTrail
You can view backup and restoration operations by using ActionTrail.
Fee
The data backup and restoration feature is charged based on the number of images. The unit price of an image is USD 10.
Backup and restoration process
Scenario 1: Restore the data of all HSMs in a cluster to a previous state
To restore the data of all HSMs in a cluster, you must first remove all HSMs from the cluster, recreate the HSMs by using the images, and then deploy the cluster. This method deletes all data in the cluster. The following process is for reference only. We recommend that you contact technical support before restoration.
Scenario 2: Copy the data from HSM 1 in Region A to the HSM cluster in Region B to launch a service in a new region
The following figure describes the process. Note that you must purchase at least two HSMs in Region B because HSMs support only dual-zone deployment. After the purchase, you do not need to perform operations such as enabling and initializing the HSMs.
Procedure
Back up HSM data
When you back up the data of an HSM, the status of the HSM must be Enabled.
You can enable the data backup and restoration feature when you purchase HSMs. In this scenario, HSMs support only the cluster mode, and you must select at least two HSMs in different zones when you purchase HSMs. In this case, the data backup and restoration feature is enabled for all HSMs. Alternatively, you can disable the data backup and restoration feature when you purchase HSMs and then enable the feature for a single HSM later.
Method 1: Enable the data backup and restoration feature when you purchase HSMs.
For more information, see Purchase and enable an HSM. After you purchase HSMs, automatic backups are performed at the predefined point of time. You can view information about the backup on the Data Backup and Restoration page.
Method 2: Disable the data backup and restoration feature when you purchase HSMs and then enable the data backup and restoration feature later.
Go to the VSMs page of the Cloud Hardware Security Module console. In the top navigation bar, select a region.
Find the HSM that you want to manage and choose
> Upgrade in the Actions column.NoteIf Upgrade is not available, the data backup and restoration feature may be already enabled for the HSM.
On the Upgrade page, enable the data backup and restoration feature and specify the number of images. Read Terms of Service and click Buy Now to complete the purchase as prompted.
After the purchase, automatic backups are performed at a predefined point of time. You can view the names of the generated backups on the Data Backup and Restoration page.
Copy images across regions
You can copy images across regions only in the Chinese mainland. After you copy an image across regions, a backup whose Backup Type is Cross-region Copy is automatically created in the destination region, and the image is added to the backup. For example, you can copy an image from the China (Hangzhou) region to the China (Shanghai) region.
Go to the Data Backup and Restoration page of the Cloud Hardware Security Module console. In the top navigation bar, select a region.
Find the backup that you want to manage and click View Image in the Actions column.
Find the image ID that you want to manage and click Cross-region Copy in the Actions column.
In the Copy Image dialog box, select a destination region and click OK.
Switch to the destination region and view the image copy on the Data Backup and Restoration page.
Find the backup whose Backup Type is Cross-region Copy and click View Image in the Actions column.
NoteThis backup contains all images copied from other regions, and this backup never expires.
View the image copy based on the copy time.
Move the pointer over the
icon next to the image ID to view the original backup ID, original image ID, original HSM ID, and original image region.
Use images to restore HSM data
You can use images to restore the data of an HSM to other HSMs in the same region or in a different region. You can use the original HSM or create an HSM as the destination HSM for image-based data restoration.
A destination HSM must meet the following conditions:
A destination HSM is in the same region as the backup. For cross-region data restoration, an image must be copied to the destination region first.
The type of a destination HSM is the same as the original HSM.
A destination HSM is not in a cluster.
A destination HSM is disabled or stopped.
A destination HSM is not initialized.
Prepare an HSM.
If no HSM is available in the destination region, purchase an HSM. For more information, see Purchase an HSM.
ImportantDo not enable an HSM after you purchase it.
If the destination HSM is in user, contact Alibaba Cloud technical support to stop and reset the HSM.
Find the image that you want to manage.
Go to the Data Backup and Restoration page of the Cloud Hardware Security Module console. In the top navigation bar, select a region.
On the Data Backup and Restoration page, find the image that you want to manage.
Same-region data restoration: Find the backup that you want to manage and click View Image in the Actions column.
Cross-region data restoration: Find the backup whose Backup Type is Cross-region Copy and click View Image in the Actions column.
Find the image ID that you want to manage and click Restore Instance in the Actions column.
In the dialog box that appears, select a destination HSM and click OK.
After the data restoration is successful, the data in the image is copied to the destination HSM.