Rather than performing System State or manual backups, some organizations use alternative methods for disaster recovery. These methods—binary backups and HSM backups—often depend on the role a CA plays in the CA hierarchy and the methods used to protect the CA's key pair.
For offline CAs, some organizations choose to create binary images of the computers. This is done by using disk-imaging software such as Norton Ghost or Symantec Partition Magic. These software packages make a binary-level backup of the computer's hard disk, allowing for quick CA restoration.
Note A binary backup can also require a manual or System State backup. The binary image only includes the CA database state at the time of the backup. A System State or manual restoration still might be required to restore the CA to its last working state.
The advantage of a binary backup is the speed of restoration. Both software packages mentioned earlier allow you to boot from a CD that immediately starts restoration. The disadvantage is the additional security that must be implemented to protect the backup media. If attackers gain access to the backup media, they can create an exact copy of a valid CA to issue invalid certificates.
One method that protects a CA's private key material from being extracted from the Local Machine store by a member of the local Administrators group is to move the CA's key pair to an HSM. An HSM moves the key pair or a portion of the key material and all cryptographic operations off the CA computer to a secure "black box." Because the key material is removed from the CA, proprietary methods must be used to back up and restore the CA key material.
For example, if you implement a Rainbow Chrysalis CA3 or Luna SA HSM, the key material is backed up to Luna tokens. The backup process requires the participation of three "key holders," where each key holder holds a separate PKI management role. The backup ensures that, in the event of HSM failure, the key material can be loaded onto a replacement HSM and, in the event of CA hardware failure, the replacement CA can be connected to the existing key material stored on the HSM.
Likewise, if you implement an nCipher HSM, the key material is protected by a combination of smart card tokens and encrypted files stored on the CA or a remote file system server. The key pair is re-assembled through the combination of a key pair split between a predefined number of operator cards and the encrypted data stored within the CA's \nfast\kmdata\local folder.
Was this article helpful?