Replication overview

IBM Security Guardium Key Lifecycle Manager provides a set of operations to replicate current active files and data across systems. This replication enables cloning of IBM Security Guardium Key Lifecycle Manager environments to multiple servers in a manner that is independent of operating systems and directory structure of the server. For example, you can replicate data from a master server on a Windows system to a clone server on a Linux® system.

You can define each instance of IBM Security Guardium Key Lifecycle Manager as either the master or a clone server. There can be only one master server with a maximum of 20 clones.
Master server
Master server is the primary system that is being replicated. The replication process is triggered on its scheduled time to replicate new keys, devices, or any other data that is added or modified on the master server to the clone servers.
Clone server
Clone server is the secondary system to which the data is replicated.

Encryption methods to back up data for replication activities

IBM Security Guardium Key Lifecycle Manager supports the following encryption methods for backups:
Password-based encryption
When you configure the master server for automated replication, a password is specified to encrypt the backup key. When data is replicated on the clone server, the same encryption password is used to decrypt and restore the backup files.
HSM-based encryption
You can configure IBM Security Guardium Key Lifecycle Manager to use Hardware Security Module (HSM) for storing the master encryption key on master and clone servers. When you run the replication program, the backup key on the master server is encrypted by the master key, which is stored in HSM. When data is replicated on the clone server, the master key in HSM decrypts the backup key. Backup key is used to restore the backup contents.
Table 1. Topic change log
Date Change description
21 April 2023 Corrected the definition of Master server.
07 March 2023 Initial version.