K2 blackpearl Product Documentation: Installation and Configuration Guide
Backing up Keys and Certificates

Disaster Recovery - Backing up Keys and Certificates

It is important to back up SQL Server Keys and Certificates separately as not doing so can result in data loss.

Symmetric Key

The way that K2 uses the Symmetric key is based on K2's use of Certificates. Certificates are built into SQL Server and K2 is leveraging off the SQL Server platform. Hierarchically, it can be depicted in the following way:

The encryption is applied in a top down manner, so the Operating System level secures the Service Master Key (SMK), etc.

As discussed in Database Disaster Recovery Options, there are four SQL Disaster Recovery Options which are supported by K2. In all options, the domain should be changed as the Operating System level uses the Service Account or SPN to encrypt the Service Master Key

Backup and Restore

As long as the SQL instance is still functional, the Service Master Key and Database Master Key will still be functional. Recreate the Certificate and Symmetric Keys and the data will be accessible.

Log Shipping

Visit the following link http://technet.microsoft.com/en-us/library/ms366281(SQL.90).aspx for information on how to create identical symmetric keys on two servers

Both servers should have the same Service Master Key 

Database Mirroring

The same applies as in Log Shipping

Database Clustering

The same applies as in Log Shipping, although a Microsoft Cluster Server will not need the identical symmetric keys created as, due to its nature, it is aware of the other nodes and will likely use the same key by design.

Visit the following links for information on backup of Certificates and Keys:

 

 


K2 blackpearl Product Documentation: Installation and Configuration Guide 4.6.11