Backup
The KeyServer Data Folder (KSDF) contains all of the crucial data for your Sassafras KeyServer Platform configuration. You should include this folder as part of a regular backup procedure for your important enterprise services. The most recommended backup solution is something that will clone the entire virtual machine you likely have KeyServer running in. Because some files can't be backed up while open in KeyServer, but VSS technology allows for a full backup of all running files in a VM, this is the best solution and would also mean you are likely making the VM backup offsite for full disaster recovery.
In addition to a general backup procedure, you can configure KeyServer to create time stamped duplicates of its most crucial configuration and data files based on an internal "backup schedule".
The KeyServer executable, its license certificates, various support files, "Report Documents", and the "Purchase Documents" sub-folders are NOT included in KeyServer's internal backup!
KeyServer does not backup everything in the KeyServer Data Folder - just the files which are essential for KeyServer Configuration. The assumption is a fresh install of KeyServer with a backup copy of the KSDF will restore primary functionality. As mentioned, we also assume you have an enterprise backup solution for the server as a whole, or take other steps to ensure data like Purchase records are backed up in case of total server loss. This means of course performing an internal backup if you have full VM backups may simply be redundant data bloat.
In KeyConfigure, select “Backup Schedule...” from the Config Menu to set a daily, multi-day, or weekly backup schedule.
Enter the time at which you want the backup to occur, and enter the day(s) of the week on which you want the backups to be done. The backup process will run at any time without interrupting normal KeyServer service, but you may want to choose a time at night that avoids possible disk contention in case the KeyServer host computer is simultaneously supporting other disk intensive tasks. The Backup Now button can be used to perform an immediate backup regardless of whether a schedule has been defined.
Note you can choose to exclude Audit and Usage data from the backup. These databases can be very large, and do not contain any configuration information. They do however contain the computer audit data and usage events which form the foundation of many reports. If you have an enterprise backup of the entire server, it's not necessary to include these in a smaller incremental backup of critical configuration data.
The Backup Folder is organized with a sub-folder for each day of the week plus an Unscheduled sub-folder for "immediate" backups. The critical data files being backed up are all at the root level of the KeyServer Data Folder:
 |
KeyServer Data Folder | important site data | ||
 |
Admin Permissions | Accounts. Passwords, and Permissions for KeyConfigure | ||
 |
Audit Data | audit information database | ||
|
Audit Index Database | audit information database | ||
|
Audit Packages Data | audit information database | ||
|
Audit Packages Index Database | audit information database | ||
|
Audit Packages Primary Data | audit information database | ||
|
Audit Primary Data | audit information database | ||
|
Audit Products Data | audit information database | ||
|
Audit Products Index Database | audit information database | ||
|
Computer Database | computer identity database | ||
|
Contract Database | contracts referenced from Purchases and Policies | ||
|
Journal Database | admin journal database | ||
|
Journal History | admin journal database | ||
|
KeyServer Preferences | KeyServer settings file | ||
|
Location Filter Database | network access database | ||
|
Package Database | package database | ||
|
Printer Database | printer database | ||
|
Policy Database | policy database | ||
|
Portable Use Record | checked out licenses database | ||
|
Product Database | product database | ||
|
Program Database | program information database | ||
|
Purchase Database | purchase database | ||
|
Report Database | report database | ||
|
Reservations Record | schedules database | ||
 |
server.lic | your KeyServer license certificate (and other files with the ".lic" extension) | ||
|
Time Set Database | the record of schedules when created for custom policies | ||
|
Usage Index Database | usage events database | ||
|
Usage Log | usage events database | ||
|
User Database | user database | ||
A list of all KeyServer components, data files, etc. available here: Complete File List
If a restore from backup ever becomes necessary, first create a new KeyServer installation using the server installer appropriate for the host platform - but don't start the KeyServer process. Then copy in all the files listed above from your latest backup (replacing any default copies created by the installer). Then start the KeyServer process. Note: your backed up data files are usable under any host operating system – there is no requirement that you resurrect the KeyServer on the same host or operating system that failed (but of course you will want to preserve the DNS name so that clients can find the new installation).
Alternately, if a standard file system backup exists of the entire Server folder (containing the ks executable and its KeyServer Data Folder), it is quite probable that using it as the source for the restore will be fine - even though there is a slight possibility that an in-use file has been captured in a corrupt state so it will have to be replaced by a copy from the internal backup folder.
After restoring from a backup, re-run the latest KeyServer installer just as an easy way to get the automatic startup of the KeyServer process configured and to make sure you have the latest component versions. You should also run the dbconsist utility in the KeyServer folder after restoring your KSDF but before starting the service.