Modifying replication configuration for a clone server

Use the graphical user interface or REST interface to change the replication configuration parameters on a clone server. Data is replicated to the clone servers only if new cryptographic objects are added to the master server.

Procedure

  • Using graphical user interface
    1. Log in to the graphical user interface.
    2. Click Administration > Replication.
    3. Ensure that Clone role is selected.
    4. Modify the required properties in the Basic Properties tab:
      Basic Properties
      Clone listen port Port number that the clone server must listen on to receive backup files. Default port number is 2222.
      Master listen port Port number for communication when unserialized or delayed replications take place. Default master listen port is 1111.
    5. To configure or modify the advanced properties, click the Advanced Properties tab:
      Advanced Properties
      Number of retries incase of restore failure Maximum number of retries that are allowed after the first restore operation is failed. The value must be a positive integer between 0 - 2.
      Replication log file name Name and location for the replication log file. Default value for this parameter is <WAS_HOME>\products\sklm\logs\replication.
      Maximum log file size (in KB) Maximum size of a log file before rollover occurs. Default value is 1000 KB (kilobytes). When the file reaches the maximum size, a new log file is created.
      Maximum number of log files to keep Maximum number of log files that you want to keep. By default, IBM® Security Guardium® Key Lifecycle Manager keeps the last 3 log files. When the number of files exceed the specified limit, the oldest file is deleted.
    6. Click OK.
    7. Click Start Replication Server to enable replication of the cryptographic data to the clone servers based on a configured schedule.
  • Using REST interface
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. Run Update Replication Config Property REST Service.
      For example:
      PUT https://localhost:port/SKLM/rest/v1/replicationConfigProperties
      { "replication.role": "clone", "backup.TLSCertAlias":"sklmTLSCertificate", 
      "restore.ListenPort": "2222", "replication.MasterListenPort": "1111" }
      For information about the replication configuration parameters, see Replication configuration properties.

What to do next

You might want to change the settings for other clone servers. Complete this procedure on each clone server.