Upgrading and migrating to IBM Security Guardium Key Lifecycle Manager traditional
You can upgrade IBM Security Guardium Key Lifecycle Manager traditional from the earlier versions by using the graphical user interface or silently. You can also install the latest version on a new host system and then migrate data from the old version to the new one.
Note: To upgrade to IBM Security Guardium Key Lifecycle Manager container, see
Upgrading or migrating to IBM Security Guardium Key Lifecycle Manager container.
High-level operations
To upgrade, you must complete the following high-level operations:
- I. Install the target version.
- You can install the product by using the graphical user interface or silently.
- II. Migrate data from the existing version to the target version.
- You can use the following two methods of data migration:
- Inline migration
- When the host system of the target version is the same as the existing version, use inline migration of data.
- Cross migration
- When the host system of the target version is different than the host system of the existing
version, use cross-migration of data. You can use the backup and restore feature in the graphical
user interface to migrate the data. Also, IBM Security Guardium Key Lifecycle Manager provides sample response files that you can use
to cross-migrate data.Note: Migration does not remove the earlier version of IBM Security Guardium Key Lifecycle Manager.
Upgrade instructions
Depending on the existing version of IBM Security Guardium Key Lifecycle Manager that is installed on your host system, see the relevant topic for upgrading instructions:
To upgrade IBM Security Guardium Key Lifecycle Manager to a fix pack, see Applying a fix pack.
Updating master key size after migration from older versions
When you are migrating from an older version (2.5, 2.6, or 2.7) to higher version (3.0 or later)
of IBM Security Guardium Key Lifecycle Manager, value of the
tklm.encryption.keysize property is overwritten as 128. You must change the
property value from 128 to 256 in the higher version by running the Master Key REST Service as shown in the following
example.
POST https://localhost:<port>/SKLM/rest/v1/ckms/masterKey
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language: en
{"masterKeySize":"256"}
Note:
Do not update the master key size directly in the SKLMConfig.properties properties file. To update the master key size, run the Master Key REST Service.