Upgrading and migrating to IBM Security Guardium Key Lifecycle Manager traditional

You can upgrade IBM Security Guardium Key Lifecycle Manager traditional from the earlier versions by using the graphical user interface or silently. You can also install the latest version on a new host system and then migrate data from the old version to the new one.

Note: To upgrade to IBM Security Guardium Key Lifecycle Manager container, see Upgrading or migrating to IBM Security Guardium Key Lifecycle Manager container.

High-level operations

To upgrade, you must complete the following high-level operations:
I. Install the target version.
You can install the product by using the graphical user interface or silently.
You can install the target version on the same system that hosts the existing version, or on another host system. For example, when the system configuration of the host of the existing version does not meet the requirements of the target version, or when you need to upgrade IBM Security Guardium Key Lifecycle Manager on to a different operating system, you need to install the target version on another host system.
II. Migrate data from the existing version to the target version.
You can use the following two methods of data migration:
Inline migration
When the host system of the target version is the same as the existing version, use inline migration of data.
Cross migration
When the host system of the target version is different than the host system of the existing version, use cross-migration of data. You can use the backup and restore feature in the graphical user interface to migrate the data. Also, IBM Security Guardium Key Lifecycle Manager provides sample response files that you can use to cross-migrate data.
Note: Migration does not remove the earlier version of IBM Security Guardium Key Lifecycle Manager.

Upgrade instructions

Depending on the existing version of IBM Security Guardium Key Lifecycle Manager that is installed on your host system, see the relevant topic for upgrading instructions:

To upgrade IBM Security Guardium Key Lifecycle Manager to a fix pack, see Applying a fix pack.

Updating master key size after migration from older versions

When you are migrating from an older version (2.5, 2.6, or 2.7) to higher version (3.0 or later) of IBM Security Guardium Key Lifecycle Manager, value of the tklm.encryption.keysize property is overwritten as 128. You must change the property value from 128 to 256 in the higher version by running the Master Key REST Service as shown in the following example.
POST https://localhost:<port>/SKLM/rest/v1/ckms/masterKey
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language: en
{"masterKeySize":"256"}
Note:

Do not update the master key size directly in the SKLMConfig.properties properties file. To update the master key size, run the Master Key REST Service.