Backup / Restore / BCP documentation
I understand that there can't be step 1, 2, 3 type instructions for backing up and restoring OSDU at this point. To enable operators to make good decisions we need to have a story in the information security documentation about what the current state of affairs is.
This story might be solved simply by having a meeting where we agree who will write which documentation. It might also create some requirements for development. E.g., making regular snapshots of some hosts, or backups of ElasticSearch or something. This issue is a placeholder to have that conversation.
- BP asked: "Do you see any scenario where customers would need to port an OSDU instance from one CSP to another i.e. Azure to AWS or vice versa?". If there is a concept of backup/restore, this will solve that question. But without backup/restore how could an operator migrate?
- Wintershall Dea: Ensure that the data is backed up in an encrypted manner. Restoring data requires access to the used keys (even though they may have be changed already. Access to the previous key generation needs to be possible).
- Shell lists this as a requirement.
Definition of Done
- Information is listed in the InfoSec documentation that accurately portrays operators' ability to backup, restore, and plan for disaster recovery / business continuity