Scenario: To provide a primary and replica server

To ensure continuous key and certificate availability to encrypting devices, configure a primary and a replica Guardium® Key Lifecycle Manager server for your enterprise. Then, provide repeated backup and restore actions that protect critical data.

On Windows systems and other systems, both systems must have the required memory, speed, and available disk space to meet the workload.

IBM® Security Guardium Key Lifecycle Manager creates backup files in a manner that is independent of operating systems and directory structure of the application. You can restore the backup files to an operating system that is different from the one it was backed up from.

Figure 1. Primary and replica Guardium Key Lifecycle Manager server
Primary and replica Guardium Key Lifecycle Manager server

Before you create a replica server, catalog the requirements in your operation, which might include:

  • Disaster recovery procedures that are unique to your site. The procedures might require ad hoc or periodic activities to ensure concurrent availability of a primary and replica Guardium Key Lifecycle Manager server.

    Your site might require periodic exercises to demonstrate that a simulated failure of a primary Guardium Key Lifecycle Manager server causes an immediate response from a replica.

    The Guardium Key Lifecycle Manager server does not provide automatic failover. You must separately set up the necessary device controls to ensure that the replica server is available if the primary server fails.

  • Initial installation and configuration of Guardium Key Lifecycle Manager server and the devices in your installation that require keys and certificates.

    You might choose to also install and configure Guardium Key Lifecycle Manager server and its prerequisites on another server, and set a schedule to back up and restore critical data.

  • Cycles of time at which your organization normally changes keys and certificates.

    If your organization replaces keys and certificates on a monthly or quarterly basis, ensure that the key materials and other data are backed up when new keys and certificates begin their usage cycle.

  • Events that cause you to create a certificate request and send the request to a certificate authority.

    Use the secure communication process that your site or the certificate authority requires. Run a backup to protect keys and data that are associated with a certificate request until the actual certificate returns.

  • Upgrades and related middleware fix packs for the Guardium Key Lifecycle Manager server.

    Run a backup to ensure that the upgraded Guardium Key Lifecycle Manager server has the same keys and other critical data that were in use immediately prior to the upgrade.