Restoring the Encryption Key Manager backup to IBM Security Guardium Key Lifecycle Manager

You can restore the Encryption Key Manager, Version 2.1 cross-platform backup files on a system with IBM Security Guardium Key Lifecycle Manager, Version 4.2.1 by using the graphical user interface, the REST interface, or the migration restore script.

Before you begin

Install IBM Security Guardium Key Lifecycle Manager, Version 4.2.1 on a system. You must have the Encryption Key Manager backup file and ensure that you have the password that you used when the backup file was created.
Note: You must have IBM Security Guardium Key Lifecycle Manager User role to run the backup and restore operations.

About this task

You can restore Encryption Key Manager cross-platform compatible backup files on a system with IBM Security Guardium Key Lifecycle Manager, Version 4.2.1 across operating systems.

Before you start a restore task, isolate the system for maintenance. Take a backup of the existing system. You can later use this backup to bring the system back to original state if any issues occur during the restore process.

Note: For greater security, change the IBM Security Guardium Key Lifecycle Manager User password soon after the data migration process.

Procedure

  1. Log on to the system where IBM Security Guardium Key Lifecycle Manager, Version 4.2.1 is installed.
  2. Copy the backup file, for example sklm_vEKM21_20170420113253+0530_backup.jar, from Encryption Key Manager, Version 2.1 system to a folder of your choice under SKLM_DATA directory, for example, C:\Program Files\IBM\WebSphere\Liberty\products\sklm\data. For the definition of SKLM_DATA, see Definitions for HOME and other directory variables.
  3. Restore the backup file by using any of the following methods.
    • Graphical user interface
      1. Log on to the graphical user interface as an authorized user, for example, SKLMAdmin.
      2. On the Welcome page, click Administration > Backup and Restore.
      3. Click Browse to specify the Encryption Key Manager backup file location under the SKLM_DATA directory.
      4. Click Display Backups to display the backup files that you want to restore.
      5. In the Backup and Restore table, select a backup file.
      6. Click Restore From Backup.
      7. On the Restore Backup page, specify the backup password that you used to create the backup file.
      8. Click Restore Backup.
      9. Restart IBM Security Guardium Key Lifecycle Manager server.
    • REST interface
      1. Open a REST client.
      2. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
      3. To invoke Backup Run Restore REST Service, send the HTTP POST request with backup file name with its full path and backup password as parameters. Pass the user authentication identifier that you obtained in Step b along with the request message as shown in the following example:
        POST https://localhost:port/SKLM/rest/v1/ckms/restore
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth authId=139aeh34567m
        Accept-Language: en
        {"backupFilePath":"SKLM_DATA/sklm_vEKM21_20170420113253+0530_backup.jar
        backup.jar","password":"myBackupPwd"}
      4. Restart IBM Security Guardium Key Lifecycle Manager server.
    • Migration restore script
      1. Locate the IBM Security Guardium Key Lifecycle Manager restore utilities.
        Windows
        SKLM_INSTALL_HOME\migration\utilities\ekm21

        Default location is C:\Program Files\IBM\SKLMV30\migration\utilities\ekm21.

        Linux®
        SKLM_INSTALL_HOME/migration/utilities/ekm21

        Default location is /opt/IBM/GKLMV421/migration/utilities/ekm21.

      2. Edit restore.properties in the ekm21 folder to configure properties as shown in the following example:
        Note: On Windows operating system, the restore.properties file that you use for restore operations must not contain the property keys and values with leading or trailing spaces.
        Window
        WAS_HOME=C:\\Program Files\\IBM\\WebSphere\\Liberty
        JAVA_HOME=C:\\Program Files\\IBM\\WebSphere\\Liberty\\java\8.0
        BACKUP_PASSWORD=passw0rd123
        DB_PASSWORD=db2_password
        RESTORE_FILE=SKLM_DATA\\sklm_vEKM21_20170424024117-0400_backup.jar
        
        Linux
        WAS_HOME=/opt/IBM/WebSphere/Liberty
        JAVA_HOME=/opt/IBM/WebSphere/Liberty/java/8.0
        BACKUP_PASSWORD=passw0rd123 
        DB_PASSWORD=db2_password 
        RESTORE_FILE=SKLM_DATA/20170424024117-0400_backup.jar
        
        Note: On Windows operating system, when you specify path in the properties file, use either / or \\ as path separator as shown in the following example:
        C:\\ekm_restore
        Or
        C:/ekm_restore
      3. Open a command prompt and run the restore utility.
        Windows
        Go to the SKLM_INSTALL_HOME\migration\utilities\ekm21 directory and run the following command:
        restoreEKM21.bat
        Linux
        1. Go to the SKLM_INSTALL_HOME/migration/utilities/ekm21 directory.
        2. Check whether the restoreEKM21.sh file has executable permissions. If not, give permissions by running the following command:
          chmod 755 restoreEKM21.sh
        3. Run the following command:
          restoreEKM21.sh
      4. Restart IBM Security Guardium Key Lifecycle Manager server.
    Note: After data restoration, ensure that the path for the properties in the SKLMConfig.properties, datastore.properties, and ReplicationSKLMConfig.properties files are correct before you proceed with your next task.

What to do next

Post-upgrade tasks for Encryption Key Manager