Replication overview
IBM Security Guardium Key Lifecycle Manager provides a set of operations to replicate current active files and data across systems. This replication enables cloning of IBM Security Guardium Key Lifecycle Manager environments to multiple servers in a manner that is independent of operating systems and directory structure of the server. For example, you can replicate data from a master server on a Windows system to a clone server on a Linux® system.
You can define each instance of IBM Security Guardium Key Lifecycle Manager as either
the master or a clone server. There can be only one master server
with a maximum of 20 clones.
- Master server
- Master server is the primary system that is being replicated. The replication process is triggered on its scheduled time to replicate new keys, devices, or any other data that is added or modified on the master server to the clone servers.
- Clone server
- Clone server is the secondary system to which the data is replicated.
Encryption methods to back up data for replication activities
IBM Security Guardium Key Lifecycle Manager supports the following encryption
methods for backups:
- Password-based encryption
- When you configure the master server for automated replication, a password is specified to encrypt the backup key. When data is replicated on the clone server, the same encryption password is used to decrypt and restore the backup files.
- HSM-based encryption
- You can configure IBM Security Guardium Key Lifecycle Manager to use Hardware Security Module (HSM) for storing the master encryption key on master and clone servers. When you run the replication program, the backup key on the master server is encrypted by the master key, which is stored in HSM. When data is replicated on the clone server, the master key in HSM decrypts the backup key. Backup key is used to restore the backup contents.
Date | Change description |
21 April 2023 | Corrected the definition of Master server. |
07 March 2023 | Initial version. |