Scheduling automatic backups

Use the Replication page to automatically backup the IBM Guardium Key Lifecycle Manager critical data at regular intervals.

About this task

You can use the graphical user interface or the REST services to configure automatic backups by using password-based encryption.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Data redundancy > Replication.
    4. Click Configure and select Configure as master. On the confirmation window, click OK.
    5. On the Master configuration window, configure the settings.
      Basic Properties
      Property Description
      Master listen port Port number for communication when unserialized or delayed replications take place. The default master listen port is 1111.
      Certificate from keystore Select a certificate from the list. Ensure that a TLS certificate exists on the master and all clone systems that you configure for replication.
      Replication backup encryption passphrase Encryption password for the backup file to ensure data security. Clone server uses the same password to decrypt and restore the file.
      Note: If encryption method for the backup is based on the external master keystore, you need not specify the password.
      Confirm replication backup encryption passphrase Specify the same password again to verify the password that you specified.
      Number of replication files Maximum number of replication files that you want to retain. The value must be a positive integer between 2 - 10. When the number of files exceed the specified limit, the oldest file is deleted.
      Advanced Properties
      Property Description
      Maximum log file size (in KB) Maximum size of a log file before rollover occurs. The default value is 1000 KB (kilobytes). When the file reaches the maximum size, a new log file is created.
      Maximum number of log files to retain Maximum number of log files that you want to retain. By default, IBM Guardium Key Lifecycle Manager retains the last three log files. When the number of files exceed the specified limit, the oldest file is deleted.
      Replication frequency (in hours) Frequency to check whether the backup operation is necessary. The default value is set to 24 hours. This parameter is ignored if the value for Daily replication time (in HH:MM format) is set.
      Daily replication time (in HH:MM format) Time in HH:MM format to run the replication task every day.
      Incremental replication frequency (in seconds) The frequency (in seconds) at which you want the incremental replication operation to run. By default, the incremental replication operation runs every 60 seconds.
    6. On the Replication page, select a replication server management option.
      Start replication server
      Click Start replication server to start the replication server for backing up IBM Guardium Key Lifecycle Manager data based on a configured schedule.
      Stop replication server
      Click Stop replication server to stop the replication server so that the IBM Guardium Key Lifecycle Manager data is not backed up.
      Replicate now
      Click Replicate now to immediately run the IBM Guardium Key Lifecycle Manager replication task, and to force a backup file creation.
    7. Click OK.
  • Using REST services
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. Run the Get Single Config Property REST Serviceas shown in the following example.
      Service request
      GET https://localhost:port/GKLM/rest/v1/configProperties/
replication.role
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language: en
      Success response
      Status Code : 200 OK
Content-Language: en
{"replication.role" : "none"}
    4. Specify the changes. For example, you can use Update Replication Config Property REST Service to send the following service request to change the value of the replication.role property. 
      PUT https://localhost:port/GKLM/rest/v1/configProperties
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language: en
{ "replication.role": "master"}