A backup of Notification Server cryptographic keys is required for disaster recovery. You can restore the database to a new server hardware using the backed up Notification Server cryptographic keys. These keys are used to secure data inside Notification Server database. The cryptographic keys are used to encrypt the authentication credentials that are stored in the CMDB. Examples of authentication credentials that are stored in the CMDB include the following:
Credentials that are used when you add a child Notification Server into a hierarchy
Credentials that are used when you execute a run as operation during software delivery
You can take a backup of Notification Server cryptographic keys after the installation is completed. Alternatively, you can take a backup during the first-time installation of the IT Management Suite solutions. This task is an optional step during the first-time installation.
Authentication credentials cannot be used without these keys. If your server hardware crashes, these credentials are lost unless you have taken a backup of the keys in Symantec Installation Manager. A backup of your hard disk alone does not save these keys.
The backup of the cryptographic keys is stored in a .kms file that includes the cryptographic keys which are encrypted and cannot be transferred. There may be multiple keys in one .kms file.
The following registry keys are created when you back up the keys:
Tracks the location where the keys are backed up.
Keeps a track of the date when the keys were backed up. If any keys have a newer date, a new .zip file gets created.
To back Notification Server cryptographic keys
Log on to the Notification Server computer as an administrator.
On the Install Products page, click Back up Notification Server Cryptographic Keys.
On the Back up Notification Server Cryptographic Keys page, browse and select the location where you want the key backups to be stored, or keep the default path.
Alternatively, you can take a backup of Notification Server cryptographic keys during the first-time installation of the IT Management Suite products. The Back up Notification Server Cryptographic Keys page appears after the installation is completed.
The key backups must be stored on a different server, in case the current server hardware crashes.
Provide a password for the backup cryptographic keys file.
You need this password for unencrypting the keys during the restore process. Make a note of the password and store it in a safe location.
Click Create Backup.
A confirmation message appears that states that the backup of Notification Server cryptographic keys is complete.