Backups of the Virtru Private Keystore (for Google Workspace CSE) environment and servers is as simple as backing up the base folder the CSE is installed to.
- The default location is /var/virtru/cse which will include all configuration files and certificates.
- If the images do not exist in the local repository, they will be downloaded automatically.
In a Disaster recovery scenario, a couple of items will need to be available:
- A backup host that has internet connection
- Host must meet these prerequisites
- Backup of the Virtru Private Keystore (for Google Workspace CSE) environment
- This step assumes that you have a fully functioning CSE server
- Public DNS Management
- Modify DNS to point to new Public IP of new host server
- Forward the same port that was used for the backup to the new host
- Install Docker on the Host
- Restore the CSE backup to the replacement server
- Connect to the host and spin up the new CSE containers via the run.sh file
- Verify with a status check of the CSE key server and check container logs
- The CSE status endpoint URL should be reachable over 443 at https://cse.<yourdomain>/status
- Verify connectivity via Google Admin > Security > Access and Data Control > Client-Side Encryption > Test Connection
- Examine container logs
- Repeat steps above for additional hosts in a high availability scenario