This topic explains the steps to perform the master key management operations in a
replication setup. After you complete these steps, you can perform the replication of the master
server to the clone servers.
Procedure
-
Perform the master key management operations on the replication master server.
-
Back up the replication master server.
-
Copy the backup JAR file from the master server to all the clone servers.
-
If the replication master server is configured to use an external master key store (for
example, HSM) for storing the master key, ensure that all the clone servers are also configured to
use the same external master key stores.
-
Restore the backup files on all the clone servers.
Note: On the clone servers, to enable the
Restore button on the
Backup and Restore page, add
disableCloneRestriction=true
in
the
SKLMConfig.properties
file and
restart the server. Then, restore the backup file.
After the backup file is restored, remove
disableCloneRestriction=true
from the SKLMConfig.properties
file and restart the
server.
Do not directly edit the configuration file. Instead, use Update Config Property REST Service to update the properties.
-
On all the clone servers, log on to the IBM Security Guardium Key Lifecycle Manager graphical user interface as the IBM Security Guardium Key Lifecycle Manager administrator.
-
Click .
-
Select the replication role as Clone.
The replication role was changed to Master after you restored the
backup files on the clone server from the master server.
-
Restart the clone servers for which you changed the roles.