You can restore the Encryption Key Manager, Version
2.1 cross-platform backup files on a system with IBM® Security Guardium® Key Lifecycle Manager, Version 4.2 by using the graphical user interface, the
REST interface, or the migration restore script.
Before you begin
Install IBM Security Guardium Key Lifecycle Manager, Version 4.2 on a system. You must have the Encryption Key Manager backup file and ensure that you have the
password that you used when the backup file was created.Note: You must have IBM Security Guardium Key Lifecycle Manager User role to run the backup and restore
operations.
About this task
You can restore Encryption Key Manager cross-platform
compatible backup files on a system with IBM Security Guardium Key Lifecycle Manager, Version 4.2 across operating
systems.
Before you start a restore task, isolate the system for
maintenance. Take a backup of the existing system. You can later use this backup to bring the system
back to original state if any issues occur during the restore process.
Note: For greater security, change the IBM Security Guardium Key Lifecycle Manager User password soon after the data migration
process.
Procedure
-
Log on to the system where IBM Security Guardium Key Lifecycle Manager,
Version 4.2 is installed.
-
Copy the backup file, for example
sklm_vEKM21_20170420113253+0530_backup.jar, from Encryption Key Manager, Version 2.1 system to a folder of your choice
under SKLM_DATA
directory, for example, C:\Program Files\IBM\WebSphere\Liberty\products\sklm\data. For the definition of SKLM_DATA, see Definitions for HOME and other directory variables.
-
Restore the backup file by using any of the following methods.
- Graphical user interface
- Log on to the graphical user interface as an authorized user, for example,
SKLMAdmin
.
- On the Welcome page, click
.
- Click Browse to specify the Encryption Key Manager backup file location under the SKLM_DATA directory.
- Click Display Backups to display the backup files that you want to
restore.
- In the Backup and Restore table, select a backup file.
- Click Restore From Backup.
- On the Restore Backup page, specify the backup password that you used to
create the backup file.
- Click Restore Backup.
- Restart IBM Security Guardium Key Lifecycle Manager server.
- REST interface
- Open a REST client.
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the
authentication process, see Authentication process for REST services.
- To invoke Backup Run Restore REST Service, send the HTTP POST request with
backup file name with its full path and backup password as parameters. Pass the user authentication
identifier that you obtained in
Step b
along with the request message as shown in
the following
example:POST https://localhost:port/SKLM/rest/v1/ckms/restore
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language: en
{"backupFilePath":"SKLM_DATA/sklm_vEKM21_20170420113253+0530_backup.jar
backup.jar","password":"myBackupPwd"}
- Restart IBM Security Guardium Key Lifecycle Manager server.
- Migration restore script
- Locate the IBM Security Guardium Key Lifecycle Manager restore utilities.
- Windows
- SKLM_INSTALL_HOME\migration\utilities\ekm21
Default location is C:\Program
Files\IBM\SKLMV30\migration\utilities\ekm21.
- Linux®
- SKLM_INSTALL_HOME/migration/utilities/ekm21
Default location is
/opt/IBM/GKLMV42/migration/utilities/ekm21.
- Edit restore.properties in the ekm21 folder to
configure properties as shown in the following example:
Note: On Windows operating system, the
restore.properties file that you use for restore operations must not contain
the property keys and values with leading or trailing spaces.
- Window
-
WAS_HOME=C:\\Program Files\\IBM\\WebSphere\\Liberty
JAVA_HOME=C:\\Program Files\\IBM\\WebSphere\\Liberty\\java\8.0
BACKUP_PASSWORD=passw0rd123
DB_PASSWORD=db2_password
RESTORE_FILE=SKLM_DATA\\sklm_vEKM21_20170424024117-0400_backup.jar
- Linux
-
WAS_HOME=/opt/IBM/WebSphere/Liberty
JAVA_HOME=/opt/IBM/WebSphere/Liberty/java/8.0
BACKUP_PASSWORD=passw0rd123
DB_PASSWORD=db2_password
RESTORE_FILE=SKLM_DATA/20170424024117-0400_backup.jar
Note: On Windows operating system, when you specify
path in the properties file, use either
/
or
\\
as path separator as shown in the
following example:
C:\\ekm_restore
Or
C:/ekm_restore
- Open a command prompt and run the restore utility.
- Windows
- Go to the SKLM_INSTALL_HOME\migration\utilities\ekm21 directory and run the following
command:
restoreEKM21.bat
- Linux
-
- Go to the SKLM_INSTALL_HOME/migration/utilities/ekm21 directory.
- Check whether the restoreEKM21.sh file has executable permissions. If not,
give permissions by running the following command:
chmod 755 restoreEKM21.sh
- Run the following command:
restoreEKM21.sh
- Restart IBM Security Guardium Key Lifecycle Manager server.
Note: After data restoration, ensure that the path for the properties in
the SKLMConfig.properties, datastore.properties, and
ReplicationSKLMConfig.properties files are correct before you proceed with your
next task.