This document outlines key considerations and best practices for maintaining your Virtru Private Keystore for Google Workspace:
1. Load Balancer
- Scenario 1: Traffic flows directly to containers.
- Scenario 2: Traffic is terminated at a load balancer and then re-initiated to containers.
Recommendation: Implement a load balancer (Scenario 2) for better scalability and fault tolerance. Ensure status checks are performed for each host.
Command:
curl https://csesrva.example.com:443 --insecure
curl https://csesrvb.example.com:443 --insecure
2. Status Check
The /status
endpoint verifies the health of the Virtru Private Keystore. This endpoint should return a JSON document containing a version field.
Examples:
-
Local Machine (Testing):
curl https://127.0.0.1/status --insecure
-
Single Server Deployment:
curl https://csesrva.example.com:443/status --insecure
-
Validated Deployment:
curl https://csesrv.example.com/status
-
Multiple Checks:
max=50 for i in `seq 1 $max` do curl https://csesrv.example.com/status echo " - $i" done
Note: Other endpoints (i.e. Google Workspace) may require authentication and cannot be accessed without a special client.
3. Backup
Back up the environment by saving the base folder where the Virtru Private Keystore is installed:
/var/virtru/cse
This folder includes:
- Configuration files
- Certificates
4. Disaster Recovery
- A backup host with:
- Internet connection
- Docker installed
- A backup of the
/var/virtru/cse
folder.
Steps:
- Update DNS to point to the new host's public IP.
- Forward the same port used for the backup to the new host.
- Restore the backup folder to the new host.
- Verify functionality using a Status Check and review container logs.
High Availability:
- Repeat the process for each host in your high-availability setup.
5. Logs
By default, the keystore logs are managed through Docker’s logging system.
- Recommendation: Log to the server and manage logging at the system level for better control and easier troubleshooting.
For advanced customization, refer to the Docker Documentation.
6. Upgrade
To upgrade your keystore please follow the instructions here:
- Kubernetes or Linux Server Upgrade
Key Notes
- Regularly validate the status of the Virtru Private Keystore using the
/status
endpoint. - Automate backups to minimize downtime during disaster recovery.
- Ensure a robust load balancer configuration for optimal performance and fault tolerance.