See below to back up the state of a Cryptographic Security Platform installation comprising one or several nodes.

Backing up the state of a single-node Cryptographic Security Platform installation

When installed in a single node, follow the step below to back up the state of the Cryptographic Security Platform installation.

To back up the state of a single-node Cryptographic Security Platform installation

1. Run the clusterctl backup create command to generate a backup file – for example:
   
   $ sudo clusterctl backup create --file /home/sysadmin/202341014.bkp --password 7Txsxu
2. If the deployed solutions use databases, back up the database contents according to the instructions of the DBMS vendor.

3. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, back up the device using the tools provided by the HSM vendor. 

   If you previously ran the clusterctl backup create command, for example when Backing up the Cryptographic Security Platform state, you do not need to back up HSM-protected keys. The backup file generated by the command includes these keys.

4. Move all the backup data from the Cryptographic Security Platform node to a secure location – for example, using an SFTP client.

Backing up the state of a multi-node Cryptographic Security Platform installation

When installed in several nodes, perform the step below in any node to back up the state of the Cryptographic Security Platform installation

To back up the state of a multi-node Cryptographic Security Platform installation

1. Run the clusterctl backup create command to generate a backup file – for example: 
   $ sudo clusterctl backup create --file /home/sysadmin/202341014.bkp --password 7Txsxu
2. Manually backup the following data.
   • The key and certificate for TLS
   • The registration credentials
   • The volume capacity policies configured with the clusterctl volume capacity command.
   • The retention policies configured wit the clusterctl retention config logs and clusterctl retention config metrics commands.
   • The proxy settings are configured with the clusterctl proxy set command.
3. Follow the steps described in Backing up solution settings to back up the CA Gateway, Certificate Enrollment Gateway and Certificate Manager solutions.  

   The settings of the other solutions are automatically included in the backup file generated with the clusterctl backup create command.

4. If the deployed solutions use databases, back up the database contents according to the instructions of the DBMS vendor.

5. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, back up the device using the tools provided by the HSM vendor. 

   If you previously ran the clusterctl backup create command (for example, when Backing up the Cryptographic Security Platform state), you do not need to back up HSM-protected keys. The backup file generated by the command includes these keys.

6. Move all the backup data from the Cryptographic Security Platform node to a secure location – for example, using an SFTP client.