Configuring for data redundancy
IBM Security Guardium Key Lifecycle Manager provides the following methods to achieve data redundancy: Backup and restore, replication, and Multi-Master cluster.
Overview
Each of these methods caters to specific use cases:
- Backup and Restore
- Backup and Restore is a basic, manual method of data replication. Using this method, you can back up cryptographic objects (key materials), configuration files, and other critical information on an IBM Security Guardium Key Lifecycle Manager server and then restore the backed-up data to create an exact copy of the IBM Security Guardium Key Lifecycle Manager server.
- Replication
- Replication is an automated Backup and Restore mechanism. With this method, you can back up cryptographic objects (key materials), configuration files, and other critical information on a server (master server), and then replicate or restore this backed up data to another server (clone server) automatically, and on a regular basis.
- Multi-Master cluster
- A Multi-Master cluster is an advanced configuration method. The cluster consists of multiple IBM Security Guardium Key Lifecycle Manager servers. Each server is called a master server. All the master servers point to a single data source that is configured for Db2 high availability disaster recovery.
Quick comparison of the methods
The following table compares the different methods on key aspects:
Backup and Restore | Replication | Multi-Master cluster | |
Overview | Creating full copy or copies of data and storing them offsite. | Automated copying and moving of data to one or multiple sites. | Creating a cluster of servers that point to a single data source that is configured for Db2 high availability disaster recovery (HADR). |
Working | Manual. Relies on snapshots which are copies of the data that is taken at a predetermined point in time. | Automated. Data generated on master server is periodically backed up and sent to the clone server. | Automated. Real-time data synchronization in the Db2 HADR cluster. |
Objective | Disaster recovery with manual intervention. | Automated disaster recovery. | High availability across sites. |
Supports high availability | No | Partially Clone servers operate in read-only mode. Support uninterrupted key serving. |
Yes |
Supports disaster recovery | Yes | Yes | Yes |
Deployment | One IBM Security Guardium Key Lifecycle Manager server | 2 - 21 IBM Security Guardium Key Lifecycle Manager servers | 2 - 4 IBM Security Guardium Key Lifecycle Manager servers |
Configuration complexity |
Low. Basic and simple method. |
Low. Requires a one-time configuration. |
High. Requires knowledge of Db2 HADR. |
Supported with IBM Security Guardium Key Lifecycle Manager traditional | Yes | Yes | Yes |
Supported with IBM Security Guardium Key Lifecycle Manager container | Yes | Yes | No |