Skip to content

About recovering VSatellites using the Recovery wizard

You can use the Recovery wizard in TLS Protect Cloud to restore VSatellites that are in a Lost Connection state. This can help you recover individual nodes or rebuild your VSatellite infrastructure, depending on how many VSatellites are affected.

The Recovery wizard supports two use cases:

  • Disaster recovery, when all of your VSatellites are lost and you need to manually restore trust using a backed-up DEK.
  • Node reinstallation, when you lose one or more VSatellites but still have at least one active VSatellite remaining in your environment.

In both scenarios, the wizard guides you through running the appropriate recovery commands using the vsatctl CLI.

Features and benefits

  • Recover option for unreachable VSatellites
    You can access the Recover menu item from the elipsis menu for each VSatellite that is in a Lost Connection state to begin the recovery process. You can also find a Recover button in the Drawer View of a lost VSatellite.

  • Step-by-step recovery wizard The Recovery wizard walks you through the process in three steps:

    1. Download the required vsatctl binary and review system requirements.
    2. Run a preflight validation command to confirm your environment is ready.
    3. Run the recovery command using the passphrase and recovery code provided by the wizard.

  • Automatic vs. manual DEK handling

    • If at least one VSatellite is still active, the DEK is managed for you and doesn't need to be supplied.
    • If all VSatellites are lost, you must supply the path to the previously backed-up DEK during the recovery process.

  • Secure recovery validation
    You can test the restored VSatellite connection before finishing the process to make sure recovery was successful.

Audience and use cases

This feature is designed for platform and security administrators responsible for maintaining VSatellites.

Use the Recovery wizard in the following situations:

  • Disaster recovery
    Use this flow when all VSatellites are in a Lost Connection state. You'll need to:

    • Deploy new VSatellites
    • Provide that path to a previously exported DEK file, your backup DEK
    • Provide the passphrase a recovery code (the recovery code is provided for you during the recovery process)

  • Node reinstallation
    Use this flow when one or more VSatellites are lost but others remain active. You'll:

    • Reinstall the missing VSatellites
    • Provide a recovery code (the recovery code is provided for you during the recovery process)
    • Skip supplying a DEK file (it's handled automatically)

Requirements

  • For disaster recovery, you need a previously exported DEK file and its passphrase.
  • For both use cases, meet the following requirements:
    • The vsatctl CLI must be available on the host performing the recovery.
    • Use the recovery code provided by the wizard.
  • Review the system requirements for installing new VSatellites.

Next steps