You can restore the IBM Tivoli Key Lifecycle Manager cross-platform
backup files on a system with IBM Security Guardium Key Lifecycle Manager, Version
4.2 by using the graphical user interface or the REST interface, or the migration restore
script.
Before you begin
Install IBM Security Guardium Key Lifecycle Manager, Version 4.2 on a
system. You must have the backup file from the earlier version and the password that you used to
create the backup file. Note: You must have IBM Security Guardium Key Lifecycle Manager user role to run the backup and restore
operations.
About this task
You can use the Backup and Restore page or the Backup Run Restore
REST Service to restore a backup file.
IBM Security Guardium Key Lifecycle Manager creates backup files in a manner
that is independent of operating systems and directory structure of the application. You can restore
the backup files to an operating system that is different from the one it was backed up from.
Before you start a restore task, isolate the system for
maintenance. Take a backup of the existing system. You can later use this backup to bring the system
back to original state if any issues occur during the restore process.Note: For greater security, change the IBM Security Guardium Key Lifecycle Manager User password soon after the data migration
process.
Procedure
- Using graphical user interface.
- Log in to the graphical user interface.
- On the Welcome page, click Administration > Backup
and Restore.
- Click Browse to specify the backup file
location.
- Click Display Backups to display the backup files that you want
to restore.
- On the Backup and Restore table, select a backup file that is listed in the
table.
- Click Restore Backup.
- Using REST interface
- Open the Swagger UI.
- To run the
Backup Run Restore REST Service
, send the HTTP POST
request.
POST https://localhost:9080/SKLM/rest/v1/ckms/restore
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
{"backupFilePath":"/opt/mysklmbackups/sklm_v2.7.0.0_20130705235417-1200_
backup.jar","password":"myBackupPwd"}
- Using migration script
- Locate the IBM Security Guardium Key Lifecycle Manager restore
utilities.
- Windows
- SKLM_INSTALL_HOME\migration\utilities\vx
Default
location is C:\Program Files\IBM\SKLMV42\migration\utilities\v2.
- Linux
- SKLM_INSTALL_HOME/migration/utilities/vx
Default
location is /opt/IBM/SKLMV42/migration/utilities/v2.
- Edit restore.properties in the v1 or
v2 folder to configure properties as shown in the following example:
- Windows
-
WAS_HOME=C:\\Program Files\\IBM\\WebSphere\\AppServer
JAVA_HOME=C:\\Program Files\\IBM\\WebSphere\\AppServer\\java\8.0
BACKUP_PASSWORD=passw0rd123
DB_PASSWORD=sklmdb42
RESTORE_FILE=C:\\tklmv201_restore\\tklm_v2.0.1.5_20160429013250-0400_migration_backup.jar
WAS_USER_PWD=wasadmin
RESTORE_USER_ROLES=y
- Linux
-
WAS_HOME=/opt/IBM/WebSphere/AppServer
JAVA_HOME=/opt/IBM/WebSphere/AppServer/java/8.0
BACKUP_PASSWORD=passw0rd123
DB_PASSWORD=sklmdb42
RESTORE_FILE=/tklmv201_restore/tklm_v2.0.1.5_20160429013250-0400_migration_backup.jar
WAS_USER_PWD=wasadmin
RESTORE_USER_ROLES=y
Note: On Windows operating system, when you specify path in the properties file, use either
/
or
\\
as path separator as shown in the following
example.
C:\\tklmv201_restore
Or
C:/tklmv201_restore
- Open a command line and run the restore utility.
- Windows
- Go to the SKLM_INSTALL_HOME\migration\utilities\v2
directory and run the following command:
restoreV2.bat
- Linux
- Go to the SKLM_INSTALL_HOME/migration/utilities/v2
directory and run the following command:
restoreV2.sh
- Restart IBM Security Guardium Key Lifecycle Manager
server.
Results
The IBM Security Guardium Key Lifecycle Manager server automatically
restarts after a backup file is restored when the autoRestartAfterRestore
property value is true (default value) in the
SKLMConfig.properties file.Note: After automatic restart of the IBM Security Guardium Key Lifecycle Manager server, the windows WebSphere Application Server Liberty service status is not refreshed and is shown as
stopped.
What to do next
Determine whether the server is at the expected state. For example, you might examine the
keystore to see whether a certificate that had problems before the backup file restore is now
available for use.