IBM Cloud Docs
FAQs: High availability and disaster recovery

FAQs: High availability and disaster recovery

Read to get answers for high-availability and disaster-recovery related questions about IBM Cloud® Hyper Protect Crypto Services.

How do I set up a high availability configuration?

It is suggested that you provision at least two crypto units for high availability. In this way, there is always at least one extra crypto unit operating in a crypto unit failure. Hyper Protect Crypto Services is built to provide high availability by default.

For more information, see High availability and disaster recovery.

Can I back up my service instance manually?

You need to back up only your master key parts and signature keys for service initialization. Your data in Hyper Protect Crypto Services is backed up automatically by IBM Cloud daily.

What happens if my service instance fails?

IBM Cloud has automatic in-region failover plan in place. Currently, your data is backed up daily by the service and you don't need to do anything to enable it. For cross-region data restores, you need to open an IBM support ticket so that IBM can restore the service instance for you.

How can I restore the content from backups?

For cross-region data restores of Standard Plan instances, you can restore your data by using failover crypto units or open an IBM support ticket so that IBM can restore the service instance for you. For more information, see Restoring your data from another region.

For the plan with Unified Key Orchestrator, currently you can only open an IBM support ticket so that IBM can restore the service instance.

What happens if I delete my service instances?

If you delete your service instance, your keys that are managed are not accessible.

Can I back up the keys before I delete a service instance?

Backing up the keys manually is not supported.

What happens when I delete a key?

Within 30 days after you delete a key, you can still view the key and restore the key to reverse the deletion. After 90 days, the key is purged and permanently removed from your instance. The data that is associated with the key becomes inaccessible. Before you delete a key, make sure that the key is not actively protecting any resources. For more information, see Restoring keys.

What happens if I lose the signature key or the master key parts?

If your signature key or master key part is lost, you are not able to initialize your service instance, and your service instance is not accessible. Depending on how to store your keys, back up you key files on your workstation or back up your smart cards.