Scenario: To plan a disaster recovery solution using IBM Security Guardium Key Lifecycle Manager

As an administrator, you can use replication in IBM Security Guardium Key Lifecycle Manager to protect mission-critical data and ensure business continuity.

IBM Security Guardium Key Lifecycle Manager replication ensures availability of the key materials, configuration files, and other data on a server by having at least one copy or replica of the data on another server. Each server is available for data recovery when the other one fails. In replication, IBM Security Guardium Key Lifecycle Manager creates a backup of the data and copies it to the other server according to the configured schedule.

Master server is the primary system that is being backed up and replicated to one or more secondary servers, called clone servers. You must configure IBM Security Guardium Key Lifecycle Manager on the master and clone servers to schedule replication. New keys are created only on the master server. Clone servers can serve keys.

For more information, see Configuring replication.

Solution

To achieve a disaster recovery solution, you can configure your IBM Security Guardium Key Lifecycle Manager servers to use replication with one master server and at least one clone server in geographically different zones. Ensure that incremental replication is enabled so that the clone server always contains almost up-to-date IBM Security Guardium Key Lifecycle Manager data.

You can configure maximum 20 clone servers.

Prerequisites

Ensure that IBM Security Guardium Key Lifecycle Manager is installed on the master and clone servers.

Steps

Configure replication on the master and clone servers. Incremental replication is enabled by default. For more information, see Enabling and configuring full replication.

Other data recovery options

You can consider the following options for achieving a disaster recovery solution. But they have specific considerations and limitations.
Backup and restore
Creating a data backup and restoring it on another server is a basic and simple method for protecting data. This method is manual and inexpensive. It relies on snapshots, which are copies of the data that are taken at a predetermined point in time. Hence, in case of a disaster, you can only recover the snapshot that was last restored.

For more information, see Configuring backup and restore.

Multi-Master cluster
A Multi-master cluster solution provides high availability of data and supports recovery of data in case of a disaster. This method is automated and continuously replicates data in real time. However, it involves specific installation requirements, additional configuration, and requires a specialized Db2 administrator.

For more information, see Configuring a Multi-Master cluster.