IBM Security Guardium Key Lifecycle Manager operations take significant amounts of time
IBM Security Guardium Key Lifecycle Manager operations take significant amounts of time to complete when you add or update a large number of keys in the IBM Security Guardium Key Lifecycle Manager keystore, such as more than 50,000 keys.
Periodically perform database maintenance. For example, when you add or update a large number of keys, take these steps:
- Perform a backup of IBM Security Guardium Key Lifecycle Manager.
- Stop the Guardium Key Lifecycle Manager server by
using the stopServer command.Alternatively on Windows systems, stop the Guardium Key Lifecycle Manager server by using Windows Computer Management:
- Open the Control Panel and click .
- Stop the Guardium Key Lifecycle Manager server service,
which has a name like
IBMWAS85Service - SKLMServer
- From a Db2 command
window, run these Db2 commands,
each on one line.
db2 reorg indexes all for table kmt_device_type allow no access db2 runstats on table sklmdb2.kmt_device_type and indexes all db2 reorg indexes all for table sklmdb2.kmt_certstr_rn allow no access db2 runstats on table sklmdb2.kmt_certstr_rn and indexes all db2 reorg indexes all for table sklmdb2.kmt_keystr_rn allow no access db2 runstats on table sklmdb2.kmt_keystr_rn and indexes all db2 reorg indexes all for table sklmdb2.kmt_group allow no access db2 runstats on table sklmdb2.kmt_group and indexes all db2 reorg indexes all for table sklmdb2.kmt_devaudit allow no access db2 runstats on table sklmdb2.kmt_devaudit and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_appinfo allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_appinfo and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_cryptoparams allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_cryptoparams and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_custom allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_custom and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_digest allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_digest and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_link allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_link and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_global_names allow no access db2 runstats on table sklmdb2.kmt_kmip_global_names and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_name allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_name and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_objectgroup allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_objectgroup and indexes all
- Start the Guardium Key Lifecycle Manager server by
using the startServer command.Alternatively on Windows systems, start the Guardium Key Lifecycle Manager server by using Windows Computer Management:
- Open the Control Panel and click .
- Start the Guardium Key Lifecycle Manager server service,
which has a name like -
IBM WebSphere Application Server V8.5 - SKLM26Server
.
- Perform another backup of IBM Security Guardium Key Lifecycle Manager.