Pre-upgrade tasks for IBM Security Guardium Key Lifecycle Manager
Complete the required tasks before you upgrade IBM Security Guardium Key Lifecycle Manager.
- Download and extract the installation files for the target version. See Software download instructions.
- Review the system requirements to ensure that your host system meets the minimum requirements. See the technote: IBM Security Key Lifecycle Manager Support Matrix.
- Obtain the administrative passwords for the existing version of IBM Security Guardium Key Lifecycle Manager.
- If you are upgrading a domain-managed Windows system that has an Active Directory user as the Db2 administrator user, complete the prerequisite tasks. See Preparing to upgrade a server to use an Active Directory user as the Db2 administrator user.
- If you are planning inline migration of data, take a backup. For more information, see Configuring backup and restore.
In case of migration failure, you can use the backup file to restore the earlier state.
- If you are performing inline migration of a Multi-Master cluster from V4.1.0.0
to V4.1.1.0 on a Windows system, complete the following steps to remove the duplicate Db2 service entry:
- Go to the C:\Windows\System32\drivers\etc\ directory and open the services file in edit mode.
- Remove duplicate entry for the Db2
service:
DB2_db2_instance_name db2_port/tcp
For example:
DB2_sklmdb41 60000/tcp
- Save the services file and close it.
- Review the following considerations:
- Ensure that your enterprise allows a time interval for a temporary halt to key serving activity. A window of time for testing is also required to ensure that the new IBM Security Guardium Key Lifecycle Manager server has the expected keys and other configuration attributes that you intended to migrate.
- Ensure that there is sufficient disk space on your system. These disk space requirements are in
addition to disk space requirements that are identified by the installer for installing the target
version, and its prerequisite software.
The additional disk space is required for the migration process to move users, keys, and other metadata in the database of the existing version of the IBM Security Guardium Key Lifecycle Manager server to version 4.2.1 of the server.
- Stop the IBM Security Guardium Key Lifecycle Manager server (WebSphere Application Server Liberty) and any replica server. Key serving cannot be active during migration.
- During the inline migration process, examine the IM_DATA_DIR/logs/sklmLogs/migration.log file frequently to determine the progress of migration.
- Ensure that the migration process is not interrupted. Do not start or stop the Db2 server or the WebSphere Application Server Liberty outside of the migration process.
- Users, user groups, and roles in IBM Security Guardium Key Lifecycle Manager are not migrated from the earlier version. You need to create them post migration.
Note: If the earlier version of IBM Security Guardium Key Lifecycle Manager is configured with LDAP, specify your LDAP user ID and password for the administrator user during the installation of 4.2.1. After V4.2.1 is installed, the LDAP user ID changes to the IBM Security Guardium Key Lifecycle Manager administrator user ID, SKLMAdmin. The password remains the same as the LDAP user password.The existing LDAP configuration and users are not migrated by default. To use LDAP authentication, configure LDAP with V4.2.1. For more information, see Configuring LDAP-based user authentication.
What to do next
Depending on the mode that you want to use for installing the target version of IBM Security Guardium Key Lifecycle Manager, see the topic: