In IBM Security Guardium Key Lifecycle Manager, high-availability
solution is implemented by using Multi-Master cluster configuration. Adding a non-HADR master server
to a cluster is an optional step in setting up a Multi-Master environment.
Before you begin
Complete the following tasks: Note: The support for adding a non-HADR master server to a Multi-Master
cluster will be deprecated in the later versions of IBM Security Guardium Key Lifecycle Manager. It is recommended to add a HADR master server to
a Multi-Master cluster.
About this task
The server from where you add the first standby master server to a cluster is
configured as the primary master server. After the cluster is created with a minimum of one primary
and one standby master server, you can add master servers from any of the master servers in the
cluster. You can use the graphical user interface or REST interface to add a master server to the
cluster. Your role must have the permission to add standby master servers to the Multi-Master
cluster.
Procedure
-
Go to the appropriate page or directory.
- Graphical user interface
-
- Log in to the graphical user interface.
- On the Welcome page, click .
- REST interface
- Open a REST client.
-
Add master server to the cluster.
- Graphical user interface
-
- Click the Basic Properties tab.
- On the Basic Properties dialog box, specify information for the master
server that you are adding.
Host name / IP address |
Specify the host name of the IBM Security Guardium Key Lifecycle Manager
instance that is added to the cluster. |
IBM Security Guardium Key Lifecycle Manager user
name |
Specify the name of the IBM Security Guardium Key Lifecycle Manager
administrator. The administrator name is displayed by default. |
IBM Security Guardium Key Lifecycle Manager
password |
Specify the password for the IBM Security Guardium Key Lifecycle Manager
server administrator. |
UI port |
Specify the HTTPS port to access IBM Security Guardium Key Lifecycle Manager graphical user interface and REST services. The
port number is displayed by default. |
- If you want the primary master server to automatically accept the certificate
of the master server that you are adding, select Accept host certificate
automatically. Otherwise, import the certificate to the truststore of the primary master
server. For instructions, see Importing a client device certificate.
Note: By default, the
certificate is not automatically accepted.
- Click Check Prerequisites. The master server performs some checks. For
example, communication between the master server that you are adding and the current primary master
server is successful, user login credentials are valid, and so
on.
- Click Add.
- REST interface
-
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the
authentication process, see Authentication process for REST services.
- Run the Check Prerequisites REST Service to ensure that the master server that you want to add meets all requirements and
conditions that are defined for a Multi-Master configuration.
- Run the Add Master REST Service. For
example:
POST https://localhost:port/SKLM/rest/v1/ckms/config/nodes/addNodes
[
{
"clusterName" : "multimaster",
"primaryHadrPort" : "60020"
},
{
"type" : "Node",
"ipHostname": "cimkc2b151",
"httpPort": "9443",
"sklmUsername": "sklmadmin",
"sklmPassword": "your_sklmadmin_password"
"autoAccept": "Yes"
}
]
The primary master server restarts, and is temporarily unavailable. The status of the Db2 HADR configuration on the
graphical user interface might be yellow for some time before it turns
green.