/
Disaster recovery for Azure

Disaster recovery for Azure

✅ Enterprise: Azure

Manual Disaster Recovery and Back up

For secondary deployment, you need to create and manage the required resources.

  1. After the resource creation, SSH on the Kyvos Manager node.

  2. Download the complete-disaster-recovery.sh (available in the primary storage account at /user/engine_work/setup/scripts/complete-disaster-recovery.sh

  3. Enter Managed Identity (MI_CLIENT_ID= client ID of managed identity attached to the VM of secondary deployment) in the complete-disaster-recovery.sh file.

  4. Execute the complete-disaster-recovery.sh file on this node.

  5. Now, login to Kyvos Manager and recover your Kyvos cloud.

Automatic Disaster Recovery Steps

This section applies to both Single node and multi-node deployments.

Storage Account – Prepare for Failover

After deployment, prepare the storage account associated with the primary cluster to support failover operations.

Steps:

  1. Navigate to the Storage Account associated with the primary cluster.

  2. In the left navigation pane, go to Data Management.

  3. Select Redundancy.

    image-20260330-081029.png

     

  4. Click Prepare for failover.

    image-20260330-081153.png

  5. Choose Unplanned Failover.

    image-20260330-075901.png

The preparation process may take approximately 10 minutes to complete. Once finished, the storage account will be ready to support failover operations in case of a disaster.

Replicate Key Vault Secrets and Keys

The secrets, keys, and certificates from the primary Key Vault must be replicated to the Disaster Recovery (DR) Key Vault.

Steps:

  1. Open the configuration file (available in Azure Installation Files): key-vault-config.sh

  2. Provide the required parameters, including:

    image-20260330-080445.png

    1. Primary Key Vault details

    2. DR Key Vault details

    3. Resource group information

    4. Subscription details

  3. Once the configuration is complete, execute the replication ./key-vault-replicate.sh script.

The script replicates the required secrets, keys, and certificates from the primary Key Vault to the DR Key Vault.

Note

Azure Key Vault provides automatic replication within an Azure region and asynchronous replication to a paired region in the same geography. The step above (Replicate Key Vault Secrets and Keys) serves only for disaster recovery verification.

PostgreSQL Flexible Server – Switchover

To prepare the environment for disaster recovery, perform a switchover for the PostgreSQL Flexible Server instances used by Kyvos and Kyvos Manager.

Steps:

  1. Perform the following steps for both Flexible servers:

    1. Kyvos PostgreSQL Flexible Server

    2. KyvosManager PostgreSQL Flexible Server

  2. Navigate to the PostgreSQL Flexible Server in the Azure portal.

  3. Go to Settings > Replication.

    image-20260330-081922.png

     

  4. Verify that the existing replication configuration is correct.

    image-20260330-080730.png

  5. Do not modify the existing configuration.

  6. Click Switch over to primary.

    image-20260330-082123.png

This action promotes the replica server in the DR region as the new primary server.

After Completing the Configuration

After completing the above steps, deploy the Kyvos secondary cluster in the DR region using the provided template (available in Azure Installation Files).

 

Copyright Kyvos, Inc. 2026. All rights reserved.