Key management in a Multi-Master environment

In IBM Security Guardium Key Lifecycle Manager, high-availability can be achieved by using Multi-Master cluster configuration. All IBM Security Guardium Key Lifecycle Manager master servers in the multi-master cluster point to a single data source to ensure real-time availability of latest data to all the masters.

To provide continuous data availability to all the IBM Security Guardium Key Lifecycle Manager masters in a Multi-Master cluster, DB2® high availability disaster recovery (HADR) configuration is used. DB2 HADR is a database replication feature that provides a high-availability solution. HADR protects against data loss by replicating data changes from a source database, called primary, to a target database, called the standby. DB2 HADR supports up to three standby databases in your Multi-Master setup.

Key features of IBM Security Guardium Key Lifecycle Manager Multi-Master configuration

  • Keys that are created on an IBM Security Guardium Key Lifecycle Manager master are accessible to other IBM Security Guardium Key Lifecycle Manager masters in the cluster.
  • IPP devices and KMIP clients that are registered on an IBM Security Guardium Key Lifecycle Manager master can access keys on another master in the cluster.
  • Graphical user interface and REST interface to configure IBM Security Guardium Key Lifecycle Manager master servers for Multi-Master setup.