Pre-upgrade restrictions and requirements for Encryption Key Manager
You must follow certain rules and guidelines before you can upgrade Encryption Key Manager to IBM Security Guardium Key Lifecycle Manager V4.2.1.
Pre-upgrade requirements
Pre-upgrade restrictions
- Migration of Administrator TLS keystores and truststores is not supported. Guardium Key Lifecycle Manager server does not support Administrator sync capability.
- Migration of only JCEKS keystore is supported.
- IBM Security Guardium Key Lifecycle Manager
does not support the use of a key in multiple groups, unlike Encryption Key Manager, which supports the use of a key in multiple
groups.
When you migrate key data in KeyGroup.xml from Encryption Key Manager to IBM Security Guardium Key Lifecycle Manager, each key is attached to one group. A key that was previously in multiple groups in Encryption Key Manager is created in only one group in IBM Security Guardium Key Lifecycle Manager.
The migration process logs the event that the key is not created in multiple groups, and continues. If the symmetricKeySet property specifies a list or range or keys, and not a group, all keys that are specified by symmetricKeySet are migrated into a key group named DefaultMigrateGroup. If the keys from symmetricKeySet are created as a part of other groups, and the key group named DefaultMigrateGroup is empty, IBM Security Guardium Key Lifecycle Manager does not create the DefaultMigrateGroup key group, and also does not migrate the symmetricKeySet property.
To work around the problem, use the IBM Security Guardium Key Lifecycle Manager graphical or REST interface to define a default key group, for example, for LTO tape drives.
- Migrate only one Encryption Key Manager server to one Guardium Key Lifecycle Manager server. To migrate another Encryption Key Manager server, use a separate Guardium Key Lifecycle Manager server.
- The Encryption Key Manager component supports only the English locale. Therefore, you must do the migration from Encryption Key Manager to IBM Security Guardium Key Lifecycle Manager in the English locale.