Restore the Database to a New Appliance

Beginning in version 3.0.1, only the appliance that performed the database backup can restore the database and function properly. Another appliance can restore the database, but it cannot decrypt the password data, so any functionality involving that data fails. The backup requires the key encryption key from the original appliance for restoration. This requirement prevents a bad actor from getting access to a database backup so that the passwords can then be decrypted and compromised.
capam32
Beginning in version 3.0.1, only the appliance that performed the database backup can restore the database and function properly. Another appliance can restore the database, but it cannot decrypt the password data, so any functionality involving that data fails. The backup requires the key encryption key from the original appliance for restoration. This requirement prevents a bad actor from getting access to a database backup so that the passwords can then be decrypted and compromised.
To create a duplicate appliance for disaster recovery or migration purposes, follow these steps: 
  1. Deploy a 
    Privileged Access Manager
     appliance. See Deploying for instructions. 
  2. Join the original appliance in a cluster with the new appliance, configuring the new appliance as a member of a secondary site. See Set Up a Cluster for details on how to configure clustering. 
    You now have a "live" backup of the data from the original appliance because all cluster data is replicated to all nodes in the cluster. For disaster recovery, this new appliance should be in a different data center
  3. If you want a new, independent appliance, the cluster can be stopped after all of the data is synchronized between the two appliances. See Cluster Synchronization, Promotion, and Recovery for details. The new appliance and the original appliance can then move forward in separate, distinct, environments.