TDE Clarification

jdpjamesp

jdpjamesp

ProgressTalk.com Moderator
Staff member
Just need a quick but of clarification of something in the docs/KB that to me is a little ambiguous/unclear.

Progress Customer Community

community.progress.com community.progress.com

So... if take my prod.bck to restore it to uat.db what do I need to do? This is how I understand it:

  • Copy prod.bck and prod.ks to uat
  • rename prod.ks to uat.ks
  • prorest with the -newinstance flag
  • rebind the keystore
But won't that mean the admin passphrase is now the same as it was for Prod? So I'd then need to change the passphrase to be correct for uat?

Actually, as I type it like this, it makes more sense. But a confirmation would be helpful.
 
You're right James, the docs are not clear. The KB says that you need to use prorest ... -newinstance (create a new DB GUID) and then use proutil db -C epolicy manage keystore rebind.
https://community.progress.com/s/article/000028091
https://community.progress.com/s/article/000028092

In my testing, you don't need the -newinstance on prorest to open the restored database. You just need to restore and ensure that the KS has been copied to the new DB directory and named appropriately. Though if you do use -newinstance, then you must rebind, otherwise you get this:

Code: 
This database was created with the -newinstance option. (15678) 
Keystore rebind must be run before accessing the database. (15679)

If you want to have a different admin passphrase for UAT (a good practice), then you will need to change it after the restore, e.g.:
proutil uat -C epolicy manage keystore adminphrase
 
Thanks Rob. I think we'll stick with newinstance to be absolutely sure that the UAT/Dev Keystore can't be used on a copy of Live.
 
You must log in or register to reply here.
Back
Top