Modifying replication configuration for a master server

Use the graphical user interface or the REST interface to change the replication configuration parameters on a master server based on your business needs.

Procedure

Using the graphical user interface

Log in to the graphical user interface.
On the home page, click the menu icon () at the upper left of the page.
Click Data redundancy > Replication.
Click Configure and select Configure as master. On the confirmation window, click OK.

On the Master configuration window, specify the properties in the Basic properties tab according to your needs.

Property	Description
Master listen port	Port number for communication when unserialized or delayed replications take place. The default master listen port is `1111`.
Certificate from keystore	Select a certificate from the list. Ensure that a TLS certificate exists on the master and all clone systems that you configure for replication.
Replication backup encryption passphrase	Encryption password for the backup file to ensure data security. Clone server uses the same password to decrypt and restore the file. Note: If encryption method for the backup is based on the external master keystore, you need not specify the password.
Confirm replication backup encryption passphrase	Specify the same password again to verify the password that you specified.
Number of replication files	Maximum number of replication files that you want to retain. The value must be a positive integer between 2 - 10. When the number of files exceed the specified limit, the oldest file is deleted.

To configure or modify the advanced properties, click the Advanced properties tab.

Property	Description
Maximum log file size (in KB)	Maximum size of a log file before rollover occurs. The default value is 1000 KB (kilobytes). When the file reaches the maximum size, a new log file is created.
Maximum number of log files to retain	Maximum number of log files that you want to retain. By default, IBM Guardium Key Lifecycle Manager retains the last three log files. When the number of files exceed the specified limit, the oldest file is deleted.
Replication frequency (in hours)	Frequency to check whether the backup operation is necessary. The default value is set to 24 hours. This parameter is ignored if the value for Daily replication time (in HH:MM format) is set.
Daily replication time (in HH:MM format)	Time in `HH:MM` format to run the replication task every day.
Incremental replication frequency	The frequency (in seconds) at which you want the incremental replication operation to run. By default, the incremental replication operation runs every 60 seconds.

Click Save.

On the Replication page, click Add clone to configure replication settings for clones. You can replicate data from a master server to a maximum of 20 clone servers.

Property Description

Property	Description
IP address or host name	IP address or host name of the clone servers. For container deployment on Red Hat® OpenShift® clusters, use the route host name that is generated by the OpenShift Container Platform route. For container deployment with a load balancer on Kubernetes clusters, specify the load balancer IP address. You can replicate data from a master server to a maximum of 20 clone servers. Click the Add Clone link to configure replication settings for multiple clones.
Port	Port number for sending backup files to the clone servers. Each clone server is identified through a port number. The default port number for clone server is `2222`.

IP address or host name

IP address or host name of the clone servers.

For container deployment on Red Hat® OpenShift® clusters, use the route host name that is generated by the OpenShift Container Platform route.

For container deployment with a load balancer on Kubernetes clusters, specify the load balancer IP address.

You can replicate data from a master server to a maximum of 20 clone servers. Click the Add Clone link to configure replication settings for multiple clones.

Port Port number for sending backup files to the clone servers. Each clone server is identified through a port number. The default port number for clone server is 2222.

Click Save.
On the Replication page, click Stop replication server, and then click Start replication server to restart the replication server.

Using REST services
1. Open a REST client.
2. Obtain a unique user authentication identifier to access IBM Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
3. Run the Update Replication Config Property REST Service as shown in the following example.
```
PUT https://localhost:port/GKLM/rest/v1/configProperties
{ "replication.role": "master", "backup.EncryptionPassword": "mypassword",
"backup.TLSCertAlias":"sklmTLSCertificate", "backup.ClientIP1": "myhostname",
"backup.ClientPort1": "2222", "replication.MasterListenPort": "1111" , "backup.CheckFrequency":"60"}
```
  For more information about the replication configuration parameters, see Replication configuration properties.

Results

Replication is configured based on the modified properties.

Note: Data is replicated to the clone servers on the configured schedule only if new cryptographic objects are added to the master server.