Backup and restore overview
CDM deployments include two directory services:
-
The
ds-idrepo
service, which stores identities, application data, and AM policies -
The
ds-cts
service, which stores AM Core Token Service data
Before deploying the ForgeRock Identity Platform in production, create and test a backup plan that lets you recover these two directory services should you experience data loss.
Choose a backup solution
There are numerous options you can use when implementing data backup. The CDM provides two solutions:
-
Kubernetes volume snapshots
You can also use backup products from third-party vendors. For example:
-
Backup tooling from your cloud provider. For example, Google backup for GKE.
-
Third-party utilities, such as Velero, Kasten K10, TrilioVault, Commvault, and Portworx PX-Backup. These third-party products are cloud-platform agnostic, and can be used across cloud platforms.
Your organization might have specific needs for its backup solution. Some factors to consider include:
-
Does your organization already have a backup strategy for Kubernetes deployments? If it does, you might want to use the same backup strategy for your ForgeRock Identity Platform deployment.
-
Do you plan to deploy the platform in a hybrid architecture, in which part of your deployment is on-premises and another part of it is in the cloud? If you do, then you might want to employ a backup strategy that lets you move around DS data most easily.
-
When considering how to store your backup data, is cost or convenience more important to you? If cost is more important, then you might need to take into account that archival storage in the cloud is much less expensive than snapshot storage—ten times less expensive, as of this writing.
-
If you’re thinking about using snapshots for backup, are there any limitations imposed by your cloud provider that are unacceptable to you? Historically, cloud providers have placed quotas on snapshots. Check your cloud provider’s documentation for more information.