The SAKA automatically replicates all symmetric keys to other configured SAKA instances at a site, thereby protecting against failure of any single appliance with two or more configured.
The SRK on the TPM cannot be backed up or replicated. At least two appliances at a site protects against the failure of any single TPM. The encrypted EDKs can be backed up after the creation of a new domain by making a copy of the entire STRONGAUTH_HOME/tpm2
directory. Because every appliance has a unique SRK, the encrypted EDKs will need to be backed up on a per-appliance basis. Ensure that backups are clearly labeled because an EDK backup from one node will not be decryptable on any other node.
On HSM-based appliances, the asymmetric keys that must be backed up manually are the HRK and EDKs. This is done during the appliance setup and the creation of new domains. The backed up HRK is available on smart cards in the event a site loses all HSMs and can be recovered on a new HSM under control of the Key Custodians. The EDKs are backed up to files encrypted by the HRK and can be recovered in a new HSM after the HRK has been restored.
The only regular backup a site may want to perform is of the internal database. This not only backs up the encrypted symmetric keys, but also the encrypted data, logs, and other meta-information used by the appliance. Since all data is protected before it is persisted to the database, the backup of the internal database does not need to have any special considerations. However, it is recommended that backups of the database data be stored separately from standard backups in the event vulnerabilities in the encryption algorithm are discovered in the future. Controlled access to database backups will minimize any damage from such potential discoveries. The keys in the hardware modules cannot be backed up with your regular backup tools, so they will be unable to access it (the SRK can never be backed up with any tool, so its a moot issue).