Configuring backup and restore

IBM Security Guardium Key Lifecycle Manager provides a set of operations to back up and restore current, active files and data.

IBM Security Guardium Key Lifecycle Manager creates cross-platform backup files in a manner that is independent of operating systems and directory structure of the server. You can restore the backup files to an operating system that is different from the one it was backed up from. For example, you can restore a backup file that is taken on a Linux® system and restore it on a Windows system.

You can use the cross-platform backup utility to run backup operation on earlier versions of IBM Security Guardium Key Lifecycle Manager and IBM® Tivoli® Key Lifecycle Manager to back up critical data. You can restore these backup files on current version of IBM Security Guardium Key Lifecycle Manager across operating systems.
Note: In IBM Security Guardium Key Lifecycle Manager, Version 3.0 and later, the Solaris operating system is not supported. If you are using IBM Security Guardium Key Lifecycle Manager on Solaris systems, use the cross-platform backup utility to back up the data. You can then run the restore operation to restore data on a IBM Security Guardium Key Lifecycle Manager, Version 3.0 or later system that is deployed on any of the supported operating systems, such as Windows, Linux, or AIX®.
Backed up files include the following data:
  • Data in the IBM Security Guardium Key Lifecycle Manager database tables
  • Truststore and keystore with the master key
  • IBM Security Guardium Key Lifecycle Manager configuration files

Your role must have permissions to back up or to restore files.

Warning: Failure to back up your critical data properly might result in unrecoverable loss of all access to your encrypted data. Do not encrypt your backup file, or store a backup file on an encrypting device. Failure to back up data might also result in a later inconsistency of the key manager and potential data loss on the storage device.

The IBM Security Guardium Key Lifecycle Manager backup and restore operations support the use of AES 256-bit key length for data encryption/decryption to conform to the PCI DSS (Payment Card Industry Data Security Standard) standards for increased data security.

Encryption methods to back up IBM Security Guardium Key Lifecycle Manager data

IBM Security Guardium Key Lifecycle Manager supports the following encryption methods for backups:
  • Password-based encryption
  • External master key store based encryption
For more information, see Backup and restore overview.

High-performance backup and restore

High-performance backup and restore provide backup and restoration of large amounts of encryption keys. You can configure IBM Security Guardium Key Lifecycle Manager for high-performance backup and restore operations by setting the following parameter in the SKLMConfig.properties configuration file. Do not directly edit the configuration file. Instead, use Update Config Property REST Service to update the properties.
enableHighScaleBackup=true

When IBM Security Guardium Key Lifecycle Manager is configured for high-performance backup and restore, IBM Db2 native backup technology is used to run the backup and restore operation for more efficiency. However, with this configuration, you can restore the backup only in an identical operating environment. The operating system, middleware components, and directory structures must be identical on both systems.

You cannot create a cross-platform compatible backup file if IBM Security Guardium Key Lifecycle Manager is configured for high-performance backup and restore activities. For information about how to back up large amount of data, see Backing up large amount of data.