Scheduling automatic backups

Use the Replication page to automatically backup the IBM Security Guardium Key Lifecycle Manager critical data at regular intervals.

About this task

You can use the graphical user interface or the REST services to configure automatic backups by using password-based encryption.

Procedure

  • Using graphical user interface
    1. Log on to the graphical user interface.
    2. Click IBM Security Guardium Key Lifecycle Manager > Administration > Replication.
    3. Select Master.
    4. Select a replication server management option.
      Start Replication Server
      Click Start Replication Server to start the replication server for backing up IBM Security Guardium Key Lifecycle Manager data based on a configured schedule.
      Stop Replication Server
      Click Stop Replication Server to stop the replication server so that the IBM Security Guardium Key Lifecycle Manager data is not backed up.
      Replicate Now
      Click Replicate Now to immediately run the IBM Security Guardium Key Lifecycle Manager replication task, and to force a backup file creation.
    5. Configure the settings.
      Basic Properties
      Certificate from keystore Select a certificate from the list. Ensure that TLS certificate exists on the master and all clone systems that you configure for replication.
      Replication backup encryption passphrase Encryption password for the backup file to ensure data security. You need the same password to decrypt and restore the file.
      Note: If encryption based on external master key store is used for the backups, you need not specify the password.
      Confirm replication backup encryption passphrase Specify the same password again to verify the password that you specified.
      Master listen port Port number for communication when unserialized or delayed replications take place. Default master listen port is 1111.
      Advanced Properties
      Replication backup destination directory Location to store the backup files. The Replication backup destination directory field displays the default SKLM_DATA directory path, where the backup file is saved, for example, C:\Program Files\IBM\WebSphere\Liberty\products\sklm\data. For the definition of SKLM_DATA, see Definitions for HOME and other directory variables. Click Browse to specify a backup repository location under SKLM_DATA directory.
      Maximum number of replication files to keep before rollover Maximum number of replication files that you want to keep. The value must be a positive integer between 2 - 10. When the number of files exceed the specified limit, the oldest file is deleted.
      Replication frequency (in hours) Frequency to check whether the backup operation is necessary. Default value is set to 1 hour. This parameter is ignored if the value for Daily Start Replication Time is set.
      Daily replication time (in HH:MM format) Time in HH:MM format to run the replication task every day.
      Replication log file name Name and location for the replication log file. Default value for this parameter is WAS_HOME\products\sklm\logs\replication.
      Maximum log file size (in KB) Maximum size of a log file before rollover occurs. Default value is 1000 KB (kilobytes). When the file reaches the maximum size, a new log file is created.
      Maximum number of log files to keep Maximum number of log files that you want to keep. By default, IBM Security Guardium Key Lifecycle Manager keeps the last 3 log files. When the number of files exceed the specified limit, the oldest file is deleted.
    6. Click OK.
  • Using REST services
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. To run the Get Single Config Property REST Service, send the HTTP GET request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
      Service request
      GET https://localhost:port/SKLM/rest/v1/configProperties/
      replication.role
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth userAuthId=139aeh34567m
      Accept-Language: en
      Success response
      Status Code : 200 OK
      Content-Language: en
      {"replication.role" : "none"}
    4. Specify the changes. For example, you can use the Update Replication Config Property REST Service to send the following service request to change the value of the replication.role property.
      PUT https://localhost:port/SKLM/rest/v1/configProperties
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth authId=139aeh34567m
      Accept-Language: en
      { "replication.role": "master"}