Kyvos SaaS Disaster Recovery Deployment Steps

Prerequisites 

Before you perform the Disaster Recovery (DR), ensure you must complete the following prerequisites: 

• Ensure the database instance and secrets are promoted to the DR region.

• Disaster Recovery (specify the region for DR) must be selected before deploying a cluster.

• Provide appropriate permission on KMS in the Disaster Recovery region if another IAM user will deploy.

• Copy TLS certificates in the Disaster Recovery region bucket. 

• Create SSL certificates in the Disaster Recovery region bucket. 

• Create/import key/pair in the Disaster Recovery region.

• Create a new olapengine.lic file. 

Disaster Recovery

1. Enable Console Access for kmsadmin-stackname User.

   1. Login to IAM Console. Sign in to the AWS Management Console using your IAM user credentials.

   2. Enable Console Access for kmsadmin-stackname

      • Locate and access the IAM user named kmsadmin-stackname.

      • Enable console access for this user.

2. Provide Permissions to kmsadmin-stackname User

   • Assign the AWSKeyManagementServicePowerUser permission to the kmsadmin-stackname IAM user.

3. Login to AWS Using kmsadmin-stackname User

   • Use the login credentials (password) created for the kmsadmin-stackname user to sign in to the AWS Management Console.

4. Give Permission on KMS Keys to Your User (User who will be performing DR)

   • Navigate to the KMS console.

   • Grant Permissions on KMS Keys

     1. Locate the KMS Key: Identify the KMS key needed for DR deployment (identified by its alias, e.g., stackname).

     2. Edit Key Policy, give your user (User who will be performing DR) permission on below 3 Statement IDs

     3. Update the key policy to grant permissions for the following SIDs:

        • "Sid": "Enable IAM User Permissions"

        • "Sid": "Allow administration of the key"

        • "Sid": "Allow use of the key for Lambda, EC2 & EMR Service role"

5. Deploy DR Cluster. With the necessary permissions granted to your user on the KMS key, proceed to deploy the DR cluster in the DR region.

6. Ensure that the stack name must be the same as the primary stack name.

7. You will be able to log in to Kyvos Manager using the admin as a username and password, which are the same as those provided during the primary deployment. To login to Kyvos, use the last password provided in the primary deployment

8. Input for the Deployment environment variable is environment specific.

   • If you perform deployment in the kyvos-ms account, the input value must be dev.

   • If you perform the deployment in the kyvos-dev account, the input value should be test.

   • For production deployment, the input value must be prod.

Post deployment after Disaster Recovery

An Admin user must login to Kyvos Manager through Kyvos SaaS portal. To do this, perform the following steps.

1. Login in Kyvos Manager through Kyvos Saas Portal.

   Open

   

2. Go to Kyvos Manager Settings > Users.

   Open

   

3. Select the Admin user and change the user’s password.

4. Logout from the current session.

5. Go to Kyvos Manager Login page 

6. Login with Admin user.