Backing up large amount of data

You can configure IBM® Security Guardium® Key Lifecycle Manager to backup and replicate to back up or replicate large number of encryption keys. The enableHighScaleBackup property in the SKLMConfig.properties configuration file is used.

Before you begin

Set the enableHighScaleBackup=true property in the SKLM_DATA/config/SKLMConfig.properties file. To do so, complete the following steps:
  1. Open the Swagger REST client. For more information, see Using Swagger UI.
  2. Run the Update Config Property REST Service to set enableHighScaleBackup property in the SKLMConfig.properties configuration file, as shown in the following example:
    PUT https://localhost:port/SKLM/rest/v1/configProperties
    Content-Type: application/json
    Accept : application/json
    Authorization: SKLMAuth userAuthId=139aeh34567m
    Accept-Language : en
    { "enableHighScaleBackup" : "true"}

About this task

You can use the Backup and Restore page to back up data. Alternatively, you can use the Backup Run REST Service. Your role must have the permission to back up files.

Note:
  • You cannot create a cross-platform compatible backup file if IBM Security Guardium Key Lifecycle Manager is configured for high performance backup and restore activities. You can use the backup file to restore data in an identical operating environment. The operating system, middleware components, and directory structures must be identical on both systems.
  • The db2restore.log file is created during restore process only when IBM Security Guardium Key Lifecycle Manager is configured for high performance backup and restore operations.
  • If IBM Security Guardium Key Lifecycle Manager is installed on a Linux operating system, ensure that the Db2® kernel parameters are set. For more information, see Modifying kernel parameters (Linux).

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the Welcome page, click Administration > Backup and Restore.
    3. On the Backup and Restore table, the Backup repository location field displays the default SKLM_DATA directory path, where the backup file is saved. For the definition of SKLM_DATA, see Definitions for HOME and other directory variables.
    4. Click Browse to specify a backup repository location under the SKLM_DATA directory.
      Directory path in the Backup repository location field changes based on the value that you set for the tklm.backup.dir property in the SKLMConfig.properties file.
    5. Click Create Backup.
    6. On the Create Backup page, specify information such as a value for the encryption password and backup description. A read-only backup file location is displayed in the Backup location field. Ensure that you retain the encryption password for future use in case you restore the backup.
      Note: If HSM-based encryption is used for the backups, you need not specify the password.
    7. Click Create Backup.
      A message is displayed to indicate that the backup file was created, or that the backup operation succeeded.
      Note: Backup success messages are system wide. Two administrators might run backup tasks that overlap in time. During this interval, the administrator who starts a second task that fails might see a false success message from the first backup task.
  • Using the REST interface
    1. Open the Swagger REST client. For more information, see Using Swagger UI.
    2. Run the Backup Run REST Service by sending the HTTP POST request as shown in the following example.
      POST https://localhost:port/SKLM/rest/v1/ckms/backups
      Content-Type: application/json
      Accept : application/json
      Authorization: SKLMAuth userAuthId=139aeh34567m
      Accept-Language : en
      {"backupDirectory":"/sklmbackup1","password":"myBackupPwd"}
      A message is displayed to indicate that the backup file was created, or that the backup operation succeeded.
      Note: Backup success messages are system wide. Two administrators might run backup tasks that overlap in time. During this interval, the administrator who starts a second task that fails might see a false success message from the first backup task.

What to do next

Retain the encryption password for future use in case you restore the backup. Review the directory that contains the backup files to ensure that the backup file exists. Do not edit a file in the backup JAR file. The file that you attempt to edit becomes unreadable.