Backing up data of an earlier version of IBM Security Guardium Key Lifecycle Manager (V4.0, 4.1, 4.1.1, or 4.2)

The first step to migrate data from your existing IBM Security Guardium Key Lifecycle Manager version to V4.2.1 is to back up the data of the existing version. The next and final step is to restore this backup file to the system where IBM Security Guardium Key Lifecycle Manager V4.2.1 is installed.

Before you begin

  • Ensure that the system from which you want to migrate data and create backup has the minimum required level of IBM Security Guardium Key Lifecycle Manager version already installed. For more information, see Supported upgrade paths and migration methods.
    Note: You must have the required IBM Security Guardium Key Lifecycle Manager user role to run the backup and restore operations.
  • Ensure that IBM Security Guardium Key Lifecycle Manager, V4.2.1 is installed on the system to which you want to restore the backed-up file.
  • Ensure that the tklm.encryption.keysize property in the SKLMConfig.properties file is set to 256. Otherwise, the restore operation fails.

    If the property does not exist in the property file, add it. To do so, use the Update Config Property REST Service.

About this task

Use the IBM Security Guardium Key Lifecycle Manager backup utility to create the backup file. The backup file is independent of the operating system and directory structure of the server. You can restore this cross-platform-compatible backup file to a system with IBM Security Guardium Key Lifecycle Manager, version 4.2.1 across operating systems.

IBM Security Guardium Key Lifecycle Manager stores the transactional data of keys that are served to clients in a database table. If the number of records in the table is equal to or greater than 100,000, IBM Security Guardium Key Lifecycle Manager automatically purges the database table and archives or stores the transactional data in a comma-separated values (CSV) file.

The CSV file and a checksum file are included in an archive (JAR) file that is saved in the SKLM_DATA\ServedDataListArchives folder.

Note: The archive file is not included in the cross-platform backup files. If you want the transactional data of served keys to be backed up and restored, then select the inline migration method. For more information, see Upgrading: Installing IBM Security Guardium Key Lifecycle Manager silently.
The directory names and .bat and .sh file names vary depending on the version of IBM Security Guardium Key Lifecycle Manager that you are backing up.
IBM Security Guardium Key Lifecycle Manager version Directory with backup utility (sklmv##) Backup utility file name (backupV##.bat/ backupV##.sh
4.2 sklmv42
  • backupV42.bat
  • backupV42.sh
4.1.1 sklmv411
  • backupV411.bat
  • backupV411.sh
4.1 sklmv41
  • backupV41.bat
  • backupV41.sh
4.0 sklmv40
  • backupV40.bat
  • backupV40.sh

Procedure

  1. Run the following steps on the system where the IBM Security Guardium Key Lifecycle Manager version 4.2.1 is installed.
    1. Log in to the system with your user credentials.
    2. Locate the backup utilities folder.
      Windows
      SKLM_INSTALL_HOME\migration\utilities\sklmv##

      Default location is C:\Program Files\IBM\.GKLMV421\migration\utilities\sklmv##

      Linux®
      SKLM_INSTALL_HOME/migration/utilities/sklmv##

      Default location is /opt/IBM/GKLMV421/migration/utilities/sklmv##.

  2. Run the following steps on the system where the earlier version of IBM Security Guardium Key Lifecycle Manager, from where you want to migrate the data, is installed.
    1. Log in to the system with your user credentials.
    2. Copy the sklmv## folder from the system where IBM Security Guardium Key Lifecycle Manager, Version 4.2.1 is installed to a local directory of your choice.
    3. Edit the backup.properties file in the sklmv## directory to configure the properties. You must set values for all the properties, except for the BACKUP_DIR property (optional).

      If you do not specify the value for BACKUP_DIR, the backup file is created in the backup subdirectory under the same directory from where you run the backup utility.

      Note: On Windows operating system, the backup.properties file that you use for backup operations must not contain the property keys and values with leading or trailing spaces.
      The content in the following examples is from the backup.properties file for IBM Security Guardium Key Lifecycle Manager V4.0 with sample password values:
      Windows
      WAS_HOME=C:\\Program Files (x86)\\IBM\\WebSphere\\Liberty
      JAVA_HOME=C:\\Program Files\\IBM\WebSphere\\Liberty\\java\\8.0\\bin
      BACKUP_PASSWORD=passw0rd123
      DB_PASSWORD=sklmdb2_password
      WAS_USER_PWD=wasadmin_password
      BACKUP_DIR=C:\\sklmv40_backup
      Linux
      WAS_HOME=/opt/IBM/WebSphere/Liberty
      JAVA_HOME=/opt/IBM/WebSphere/Liberty/java/8.0
      BACKUP_PASSWORD=passw0rd123
      DB_PASSWORD=sklmdb2_password
      WAS_USER_PWD=wasadmin_password
      BACKUP_DIR=/sklmv40_backup
      Note: On Windows operating system, when you specify path in the properties file, use either / or \\ as path separator as shown in following example:
      C:\\sklmv40_backup
      Or
      C:/sklmv40_backup
    4. Open a command prompt and run the backup utility.
      Windows
      Go to the sklmv## directory (see Step b) and run the following command:
      backupV##.bat
      For example, the following command is for IBM Security Guardium Key Lifecycle Manager V4.0:
      backupV40.bat
      Linux
      1. Go to the sklmv## directory (see Step b).
      2. Check whether the backupV##.sh file has executable permissions. If not, give permissions by running the following command:
        chmod 755 backupV##.sh
        For example, the following command is for IBM Security Guardium Key Lifecycle Manager V4.0:
        chmod 755 backupV25.sh
      3. Run the backup utility:
        backupV##.sh
        For example, the following command is for IBM Security Guardium Key Lifecycle Manager V4.0:
        backupV40.sh
  3. Complete the following verification tasks:
    • Review the directory that contains backup files to ensure that the backup file exists. The backup files are created in the location that you specified for BACKUP_DIR in the backup.properties file.
    • Check the backup.log file for errors or exceptions. The backup.log file is created in the same directory where you run the backup utility. For a successful backup operation, ensure that there are no errors or exceptions in the log file.
    • Retain the backup password for future use in case you restore the backup.
    • Do not edit a file in the backup archive. The file that you attempt to edit becomes unreadable.
    Important: After backing up the data, clear the passwords in the backup.properties file.

What to do next

Restoring the backup file of an earlier version of IBM Security Guardium Key Lifecycle Manager (V4.0, 4.1, 4.1.1, or 4.2)
Table 1. Topic change log
Date Change description
27 April 2023 Added a note informing that the backup utility for 4.1.1 is not working.
07 March 2023 Initial version.