You must specify an encryption password to back up IBM Security Guardium Key Lifecycle Manager data.
Use the same password to decrypt and restore the backup files.
About this task
You can use the Backup and Restore page or the Backup Run REST
Service to back up critical data. Your role must have the permission to back up
files.
IBM Security Guardium Key Lifecycle Manager creates
backup files in a manner that is independent of operating systems
and directory structure of the server. You can restore the backup
files to an operating system that is different from the one it was
backed up from.
Note: Backup success messages are system wide. Two administrators might
run backup tasks that overlap in time. During this interval, the administrator who starts a second
task that fails might see a false success message from the first backup task.
Procedure
-
Go to the appropriate page or directory.
- Graphical user interface
- Log on to the graphical user interface.
- On the Welcome page, click .
- REST interface
- Open a REST client.
-
Create a backup file.
You can run only one backup
or restore task at a time.
- Graphical user interface
- On the Backup and Restore table, the Backup repository
location field displays the default SKLM_DATA directory path, where the backup file is saved.
For the definition of SKLM_DATA, see Definitions for HOME and other directory variables. Click Browse to specify a
backup repository location under the SKLM_DATA
directory.
Directory path in the Backup repository location field changes
based on the value that you set for the tklm.backup.dir property in the
SKLMConfig.properties file.
- Click Create Backup.
- On the Create Backup page, specify information such as a value for the
encryption password and backup description. A read-only backup file location is displayed in the
Backup location field. Ensure that you retain the encryption password for
future use in case you restore the backup.
- Click Create Backup.
- REST interface
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST
services. For more information about the authentication process, see Authentication process for REST services.
- To run the Backup Run REST Service, send the HTTP POST request. Pass the user
authentication identifier that you obtained in
Step a
along with the request
message as shown in the following
example.POST https://localhost:port/SKLM/rest/v1/ckms/backups
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
{"backupDirectory":"/sklmbackup1","password":"myBackupPwd"}
-
A message indicates that the backup file was created, or
that the backup operation succeeded.
The
time stamp on a backup file has a Greenwich Mean Time (GMT) offset represented in RFC 822 format.
The file name contains a +hhmm or -hhmm element to specify a
timezone ahead of or behind GMT. For example, a file name might be
sklm_v3.0.1.0_20170123144220-0800_backup.jar
, where -0800 indicates that the
timezone is eight hours behind GMT.
What to do next
Retain the encryption password for future use in case
you restore the backup. Review the directory that contains the backup
files to ensure that the backup file exists. Do not edit a file in
the backup JAR file. The file that you attempt to edit becomes unreadable.