Modifying replication configuration for a master server
Use the graphical user interface or the REST interface to change the replication configuration parameters on a master server.
Procedure
- Using graphical user interface
- Log in to the graphical user interface.
- Click Administration > Replication.
- Ensure that Master role is selected.
- Modify the required properties in the Basic
Properties tab:
- Basic Properties
-
Property Description Certificate from keystore Select a certificate from the list. Ensure that a TLS certificate exists on the master and all clone systems that you configure for replication. Replication backup encryption passphrase Encryption password for the backup file to ensure data security. Clone server uses the same password to decrypt and restore the file. Note: If encryption method for the backup is based on the external master key store, you need not specify the password.Confirm replication backup encryption passphrase Specify the same password again to verify the password that you specified. Master listen port Port number for communication when unserialized or delayed replications take place. Default master listen port is 1111
.Click the Add Clone link in the Clone Details section to configure replication settings for clones. Clone -1 IP or Host name IP address or host name of the clone servers. For container deployment on Red Hat® OpenShift® clusters, use the route host name that is generated by the OpenShift Container Platform route.
For container deployment with a load balancer on Kubernetes clusters, specify the load balancer IP address.
You can replicate only 1 master server with a maximum of 20 clone servers. Click the Add Clone link to configure replication settings for multiple clones.
Clone -1 Port Port number for sending backup files to the clone servers. Each clone server is identified through a port number. Default port number for clone server is 2222
.
- To configure or modify the advanced properties, click the Advanced
Properties tab:
Property Description Replication backup destination directory Location to store the backup files. The Replication backup destination directory field displays the default SKLM_DATA directory path, where the backup file is saved. For example, WAS_HOME\products\sklm\data. For the definition of SKLM_DATA, see Definitions for HOME and other directory variables. Click Browse to specify a backup repository location under SKLM_DATA directory. Directory path in the Replication backup destination directory field changes based on the value that is set for the browse.root.dir property in the SKLMConfig.properties file.
Maximum number of replication files to keep before rollover Maximum number of replication files that you want to keep. The value must be a positive integer between 2 - 10. When the number of files exceed the specified limit, the oldest file is deleted. Replication frequency (in hours) Frequency to check whether the backup operation is necessary. Default value is set to 24 hours. This parameter is ignored if the value for Daily Start Replication Time is set. Daily replication time (in HH:MM format) Time in HH:MM
format to run the replication task every day.Replication log file name Name and location for the replication log file. Default value for this parameter is WAS_HOME\products\sklm\logs\replication. Maximum log file size (in KB) Maximum size of a log file before rollover occurs. Default value is 1000 KB (kilobytes). When the file reaches the maximum size, a new log file is created. Maximum number of log files to keep Maximum number of log files that you want to keep. By default, IBM® Security Guardium® Key Lifecycle Manager keeps the last three log files. When the number of files exceed the specified limit, the oldest file is deleted. - Click OK.
- Click Stop Replication Server, and then Start Replication Server to restart the replication server.
- Using REST services
- Open a REST client.
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
- Run the Update Replication Config Property REST Service. For example:
For information about the replication configuration parameters, see Replication configuration properties.PUT https://localhost:port/SKLM/rest/v1/configProperties { "replication.role": "master", "backup.EncryptionPassword": "mypassword", "backup.TLSCertAlias":"sklmTLSCertificate", "backup.ClientIP1": "myhostname", "backup.ClientPort1": "2222", "replication.MasterListenPort": "1111" , "backup.CheckFrequency":"60"}
Results
Note: Data is replicated to the clone servers on the configured schedule only if new cryptographic
objects are added to the master server.