Skip to main content
Skip table of contents

Webconf: Backup

The Keyfactor Next Generation Hardware Appliance provides a Backup tab in Webconf.

This tab is only available after the HSM has been initialized and replaces the Restore tab!

Do not restart or shut down the appliance while the Backup is running.

On the Backup page you can configure the backup behavior of your system:

  • trigger a manual backup

  • or schedule an automated backup.

A backup is a snapshot of the system at a specific point in time. This makes it possible to restore the device to a stable state if necessary.

It is therefore advisable to create regular backups to ensure that an up-to-date backup is always available.

For appliances with a Luna S790 HSM be aware that the backup for the HSM must be taken separately. See HSM Backup for more information.

Backups can be restored to return the appliance to the same state it was in at a specific date/time.
A backup can be restored to the same device or to a different device to enable write-offs, disaster recovery, etc.

A backup contains the following data:

  • firmware configuration 

  • system configuration (cluster, network, database, HSM, etc... configuration)

  • database (internal) 

  • database configuration (only applicable for external DB)

To create a backup, you must not be logged into Webconf as an OTP user.
See create an OAuth user account to create an OAuth user account.
Log in as OAuth user and remove the OTP user.

Do not restart or shut down the Next Generation Hardware Appliance while the Backup is running.

Backup Status

Backup Status Information

  1. Log in to Next Generation Hardware Appliance.

  2. Open the Backup page.

  3. The Backup Status section hosts the Backup Status Information table with three columns providing information about the current backup status.

  • Current Backup Status

    • NOT RUNNING

    • BACKUP IN PROGRESS

  • Last Successful Backup

    • The time in minutes/hours/days, etc., since the last successful backup.

  • Next Scheduled Backup Execution

    • The time in minutes/hours/days at which the next backup will start.

    • (info) Schedule Disabled in case the Automated Backup schedule is not configured.

Backup Settings

For the basic setup, refer to the following steps:

Backup Protection

For the Backup Protection it is mandatory to define a Domain Master Secret (DMS). The DMS is a passphrase used to ensure the integrity and authenticity of the backups via encryption and signing.

The Domain Master Secret can only be set once. Therefore, make sure that you keep a copy of it in a safe place for the entire lifetime of your New Generation Hardware Appliance.

Once the DMS is set, it cannot be changed or deleted.

  1. Log in to Next Generation Hardware Appliance.

  2. Open the Backup page.

  3. In the section Backup Settings click Set Domain Master Secret to open the corresponding form.

  4. Enter the Domain Master Secret. Domain Master Secret must be at least 8 characters long!

  5. Repeat the Domain Master Secret.

  6. Click Set Domain Master Secret to confirm your entries.

  7. If the process was successful, the following message appears:
    DOMAIN MASTER SECRET IS SET.

Backup Filename (optional)

Use this field to specify a Backup Filename Prefix for you backup file name, if you want to customize it.

  1. Log in to Next Generation Hardware Appliance.

  2. Open the Backup page.

  3. In the section Backup Settings, under Backup Filename enter the prefix for the backup filename.

  4. Click Save Settings to confirm your entries.

Automated Backup Schedule

To trigger an automated backup see Scheduled Backup.

Backup Storage

Configure the storage location for the backup here.

Network File System (NFS)

To store the backup to a NFS located in your network and reachable for the Next Generation Hardware Appliance the following NFS versions are supported:

  • NFS Version 4

  • NFS Version 4.1

  • NFS Version 4.2

If you experience long loading times or even timeouts while browsing backup files from your NFS, this could be due to a blocked port 111/TCP.
Prior to version 5.2.0, the device assumed that it could send traffic to the NFS server with destination port 111. If the port is blocked by a firewall, the backup file browser freezes for a while (3 min) and then reports an error in Webconf.

For more information please refer to the Ports and Protocols documentation.

USB devices

GPT partitioned USB devices with partitions that are either ext4 orexFAT formatted are supported.

  1. Log in to Next Generation Hardware Appliance.

  2. Open the Backup page.

  3. In the Backup Storage section, select the Storage Type for the backup from the drop down menu under Backup Storage Settings.
    Available storage types:

    • None (default)

    • Network File Setting (NFS)

    • USB drive (USB stick or an external USB drive)
      Only locally connected USB devices can be used.

  4. Select the storage type to be used from the drop down menu.

  5. A new line appears for the selected path.
    NFS URL = nfs://
    USB drive URL = usb://
    followed by a field for additional entries.

  6. Enter the full path for NFS URL in case NFS is selected as storage type or path to the subdirectory on the USB drive if a USB drive is selected as the storage type.
    Keep it empty to browse the root level directory on the USB drive.
    Click Browse Storage to browse the backup location.

  7. The storage browser opens.

  8. Select/Navigate to the path where the backup is to be saved.
    Using the Filter allows to narrow down search results.
    Click Directories to navigate one level down or
    click One level up to return to the previous level.

  9. Storage Information is displayed on the right hand side of the screen:

    • Permission: e.g. read, write

    • Used Disk Space: xx,x GB/TB

    • Remaining Disc Space: xx,x GB/TB

    • Total Disc Space: xx,x GB/TB

  10. Click Use This Location to confirm your backup location.

  11. A green banner at the top of the screen indicates:
    Successfully updated backup storage configuration.

Remaining Disc Space below 20%

Automatic monitoring calculates how much storage space is already occupied.
If the free storage space is less than 20% of the total storage space, a warning appears.
These 20% may or may not be large enough to store further backups.
This depends on the total storage space of the selected storage device. It is an indicator to consider cleaning up or replacing the storage device.

If there is insufficient storage space, the backup process will fail.

After a backup has been created, just return to the Storage Browser Backup Location and click on the backup you saved. In the Storage Information section a table is displayed with all Backup Details.

Manual Backup

To trigger a manual backup see Manual Backup.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close