After installation, here are some considerations and best practices for maintaining your Virtru Private Keystore (for Virtru Solutions).
1. Load Balancer
- Scenario 1: Direct traffic to containers.
- Scenario 2: Traffic flows through a load balancer, is terminated, and then re-initiated to the containers.
Recommended Design: Use Scenario 2 for better scalability and fault tolerance.
Perform status checks on each host:
curl https://cksa.example.com:443 --insecure
curl https://cksb.example.com:443 --insecure
2. Status Check
Use the /status
endpoint to validate the health of the Virtru Private Keystore. It should return a JSON document containing a version field.
Commands:
-
Local Testing:
curl https://127.0.0.1/status --insecure
-
Single Server Deployment:
curl https://cksa.example.com:443/status --insecure
-
Validated Deployment:
curl https://cks.example.com/status
-
Multiple Checks:
max=50 for i in `seq 1 $max` do curl https://cks.example.com/status echo " - $i" done
Note: Only the /status
endpoint is accessible without authentication.
3. Backup
Backup the CKS environment by saving the folder:
/var/virtru/cks
Includes:
- Configuration files
- Certificates
4. Disaster Recovery
- Backup host with:
- Internet connection
- Docker & Docker Compose installed
- Backup of
/var/virtru/cks
Steps:
- Update DNS to point to the new host's public IP.
- Forward the same port to the new host.
- Restore the backup folder to the new host.
- Verify functionality with a status check and review container logs.
High Availability: Repeat these steps for all additional hosts.
5. Logs
By default, logs are stored using Docker’s logging system.
- Recommendation: Log to Docker and manage logs at the system level.
For advanced configurations, refer to the Docker Documentation.
6. Upgrade
To upgrade your keystore please follow the instructions here:
- Kubernetes or Linux Server Upgrade
6. Performance and Testing
Optimize Virtru Private Keystore Performance and Testing using the Docker-based testing tool.
Key Notes
- Regularly validate the
/status
endpoint to ensure system health. - Automate backups for minimal downtime.
- Use a load balancer for improved fault tolerance.