Restoring IBM Tivoli Key Lifecycle Manager backup files

You can restore the IBM Tivoli Key Lifecycle Manager cross-platform backup files on a system with IBM Security Guardium Key Lifecycle Manager, Version 4.2 by using the graphical user interface or the REST interface, or the migration restore script.

Before you begin

Install IBM Security Guardium Key Lifecycle Manager, Version 4.2 on a system. You must have the backup file from the earlier version and the password that you used to create the backup file.
Note: You must have IBM Security Guardium Key Lifecycle Manager user role to run the backup and restore operations.

About this task

You can use the Backup and Restore page or the Backup Run Restore REST Service to restore a backup file.

IBM Security Guardium Key Lifecycle Manager creates backup files in a manner that is independent of operating systems and directory structure of the application. You can restore the backup files to an operating system that is different from the one it was backed up from.

Before you start a restore task, isolate the system for maintenance. Take a backup of the existing system. You can later use this backup to bring the system back to original state if any issues occur during the restore process.
Note: For greater security, change the IBM Security Guardium Key Lifecycle Manager User password soon after the data migration process.

Procedure

  • Using graphical user interface.
    1. Log in to the graphical user interface.
    2. On the Welcome page, click Administration > Backup and Restore.
    3. Click Browse to specify the backup file location.
    4. Click Display Backups to display the backup files that you want to restore.
    5. On the Backup and Restore table, select a backup file that is listed in the table.
    6. Click Restore Backup.
  • Using REST interface
    1. Open the Swagger UI.
    2. To run the Backup Run Restore REST Service, send the HTTP POST request.
      POST https://localhost:9080/SKLM/rest/v1/ckms/restore
      Content-Type: application/json
      Accept : application/json
      Authorization: SKLMAuth authId=139aeh34567m
      Accept-Language : en
      {"backupFilePath":"/opt/mysklmbackups/sklm_v2.7.0.0_20130705235417-1200_
      backup.jar","password":"myBackupPwd"}
  • Using migration script
    1. Locate the IBM Security Guardium Key Lifecycle Manager restore utilities.
      Windows
      SKLM_INSTALL_HOME\migration\utilities\vx

      Default location is C:\Program Files\IBM\SKLMV42\migration\utilities\v2.

      Linux
      SKLM_INSTALL_HOME/migration/utilities/vx

      Default location is /opt/IBM/SKLMV42/migration/utilities/v2.

    2. Edit restore.properties in the v1 or v2 folder to configure properties as shown in the following example:
      Windows
      WAS_HOME=C:\\Program Files\\IBM\\WebSphere\\AppServer
      JAVA_HOME=C:\\Program Files\\IBM\\WebSphere\\AppServer\\java\8.0
      BACKUP_PASSWORD=passw0rd123
      DB_PASSWORD=sklmdb42
      RESTORE_FILE=C:\\tklmv201_restore\\tklm_v2.0.1.5_20160429013250-0400_migration_backup.jar
      WAS_USER_PWD=wasadmin
      RESTORE_USER_ROLES=y
      Linux
      WAS_HOME=/opt/IBM/WebSphere/AppServer
      JAVA_HOME=/opt/IBM/WebSphere/AppServer/java/8.0
      BACKUP_PASSWORD=passw0rd123
      DB_PASSWORD=sklmdb42
      RESTORE_FILE=/tklmv201_restore/tklm_v2.0.1.5_20160429013250-0400_migration_backup.jar
      WAS_USER_PWD=wasadmin
      RESTORE_USER_ROLES=y
      Note: On Windows operating system, when you specify path in the properties file, use either / or \\ as path separator as shown in the following example.
      C:\\tklmv201_restore
      Or
      C:/tklmv201_restore
    3. Open a command line and run the restore utility.
      Windows
      Go to the SKLM_INSTALL_HOME\migration\utilities\v2 directory and run the following command:
      restoreV2.bat
      Linux
      Go to the SKLM_INSTALL_HOME/migration/utilities/v2 directory and run the following command:
      restoreV2.sh
    4. Restart IBM Security Guardium Key Lifecycle Manager server.

Results

The IBM Security Guardium Key Lifecycle Manager server automatically restarts after a backup file is restored when the autoRestartAfterRestore property value is true (default value) in the SKLMConfig.properties file.
Note: After automatic restart of the IBM Security Guardium Key Lifecycle Manager server, the windows WebSphere Application Server Liberty service status is not refreshed and is shown as stopped.

What to do next

Determine whether the server is at the expected state. For example, you might examine the keystore to see whether a certificate that had problems before the backup file restore is now available for use.