IBM Security Guardium Key Lifecycle Manager operations take significant amounts of time
IBM® Security Guardium® Key Lifecycle Manager operations take significant amounts of time to complete when you add or update a large number of keys in the IBM Security Guardium Key Lifecycle Manager keystore, such as more than 50,000 keys.
Periodically perform database maintenance. For example, when you add or update a large number of keys, take these steps:
- Perform a backup of IBM Security Guardium Key Lifecycle Manager.
- Stop the Guardium Key Lifecycle Manager server by
using the stopServer command.Alternatively on Windows systems, stop the Guardium Key Lifecycle Manager server by using Windows Computer Management:
- Open the Control Panel and click .
- Stop the Guardium Key Lifecycle Manager server service,
which has a name like
IBMWAS85Service - SKLMServer
- From a Db2® command
window, run these Db2 commands,
each on one line.
db2 reorg indexes all for table kmt_device_type allow no access db2 runstats on table sklmdb2.kmt_device_type and indexes all db2 reorg indexes all for table sklmdb2.kmt_certstr_rn allow no access db2 runstats on table sklmdb2.kmt_certstr_rn and indexes all db2 reorg indexes all for table sklmdb2.kmt_keystr_rn allow no access db2 runstats on table sklmdb2.kmt_keystr_rn and indexes all db2 reorg indexes all for table sklmdb2.kmt_group allow no access db2 runstats on table sklmdb2.kmt_group and indexes all db2 reorg indexes all for table sklmdb2.kmt_devaudit allow no access db2 runstats on table sklmdb2.kmt_devaudit and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_appinfo allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_appinfo and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_cryptoparams allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_cryptoparams and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_custom allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_custom and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_digest allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_digest and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_link allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_link and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_global_names allow no access db2 runstats on table sklmdb2.kmt_kmip_global_names and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_name allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_name and indexes all db2 reorg indexes all for table sklmdb2.kmt_kmip_attr_objectgroup allow no access db2 runstats on table sklmdb2.kmt_kmip_attr_objectgroup and indexes all
- Start the Guardium Key Lifecycle Manager server by
using the startServer command.Alternatively on Windows systems, start the Guardium Key Lifecycle Manager server by using Windows Computer Management:
- Open the Control Panel and click .
- Start the Guardium Key Lifecycle Manager server service,
which has a name like -
IBM WebSphere Application Server V8.5 - SKLM26Server
.
- Perform another backup of IBM Security Guardium Key Lifecycle Manager.