DataPower Secure Backup/Restore and Appliance Sync

Secure backup is the only way to backup the entire DataPower device, including its keys and certificates, so it has to be performed on a periodic basis. This can be easily automated using DPBuddy. Here is an example:

dpbuddy secureBackup -cert dp-backup -toDir sbackups/backup -appendTimestamp 

Here is the same example using Ant:

<dp:secureBackup cert="dp-backup" toDir="sbackups/backup" appendTimestamp="true" />

This command does a few things:

• It creates secure backup on the device in the default domain in the “temporary:/secure-backup” directory (or you can override it using “dpDir” option).
• It downloads all the files from that remote directory to the local directory defined by “toDir”. The directory tree defined by “toDir” will be automatically created if it doesn’t exist.
• It appends the timestamp to the “backup” directory because of the “appendTimestamp” option.

It is also possible to backup multiple devices with a single command:

dpbuddy secureBackup -cert dp-backup -toDir 'sbackups/${dpEnv}/backup' -appendTimestamp -env "dev,test"

DPBuddy will resolve “dpEnv” to the name of the environment/device and create the appropriate directory structure so that all backups for a particular device reside in one place.

DPBuddy also fully supports secure restore. You can use this feature for keeping your appliances in sync, especially in the case of disaster recovery (DR) appliances. Create a secure backup on a periodic basis or after a change and restore it into your DR appliance. Note: restoring secure backup overrides network settings, so you’ll need to use DHCP or a similar mechanism to manage it:

dpbuddy secureBackup -cert dp-backup -toDir sbackups/sync
dpbuddy secureRestore -cred dp-restore -dir sbackups/sync -waitForReboot -env dr

If “-waitForReboot” is specified, “secureRestore” will wait for the appliance to complete the reboot triggered by restore.

It is also worth mentioning that DPBuddy deals with file downloads and uploads in an efficient manner — the files are streamed directly to/from disk and never loaded into memory. This means that the secure backup/restore tasks can accommodate backup of any size (subject to the available space on the device).

For more information, please refer to our documentation for secure backup/restore.

If you’re interested in automating the rest of your DataPower deployment and administration tasks, download DPBuddy and give it a try. Here you can find various examples of DPBuddy’s tasks, including backup/restore-related examples.