Managing the IBM Security Guardium Key Lifecycle Manager master key in a replication setup

This topic explains the steps to perform the master key management operations in a replication setup. After you complete these steps, you can perform the replication of the master server to the clone servers.

Before you begin

Back up the replication master server. For more information, see Configuring backup and restore.

Procedure

  1. Perform the master key management operations on the replication master server.
    For instructions, see Master Key REST Service.
  2. Back up the replication master server.
    For instructions, see Configuring backup and restore.
  3. Copy the backup JAR file from the master server to all the clone servers.
  4. If the replication master server is configured to use an external master key store (for example, HSM) for storing the master key, ensure that all the clone servers are also configured to use the same external master key stores.
  5. Restore the backup files on all the clone servers.
    For instructions, see Restoring a backup file.
    Note: On the clone servers, to enable the Restore button on the Backup and Restore page, add disableCloneRestriction=true in the SKLMConfig.properties file and restart the server. Then, restore the backup file.

    After the backup file is restored, remove disableCloneRestriction=true from the SKLMConfig.properties file and restart the server.

    Do not directly edit the configuration file. Instead, use Update Config Property REST Service to update the properties.

  6. On all the clone servers, log on to the IBM Security Guardium Key Lifecycle Manager graphical user interface as the IBM Security Guardium Key Lifecycle Manager administrator.
    1. Click Administration > Replication.
    2. Select the replication role as Clone.
      The replication role was changed to Master after you restored the backup files on the clone server from the master server.
  7. Restart the clone servers for which you changed the roles.