Backup and restore overview

Back up and restore tasks provide protection for critical data, and require consideration of your site practices to ensure server availability and runtime capabilities.

IBM Guardium Key Lifecycle Manager creates backup files in a manner that is independent of operating systems and directory structure of the server. The backup files contain critical data for the current state of the IBM® Guardium Key Lifecycle Manager server. Your site practices must consider how to ensure that key serving is available.

You can use the cross-platform backup utility to run backup operation on earlier versions of IBM Guardium Key Lifecycle Manager and IBM Tivoli® Key Lifecycle Manager to back up critical data. You can restore these backup files on current version of IBM Guardium Key Lifecycle Manager to an operating system that is different from the one it was backed up from.

Note: In IBM Guardium Key Lifecycle Manager, Version 3.0, the Solaris operating system is not supported. If you are using IBM Guardium Key Lifecycle Manager on Solaris systems, use the cross-platform backup utility to back up the data. You can then run the restore operation to restore data on a IBM Guardium Key Lifecycle Manager, Version 3.0 system that is deployed on any of the supported operating systems, such as Windows, Linux®, or AIX®.

The IBM Guardium Key Lifecycle Manager backup and restore operations support the use of AES 256-bit key length for data encryption/decryption to conform to the PCI DSS (Payment Card Industry Data Security Standard) standards for increased data security.

Encryption methods to back up IBM Guardium Key Lifecycle Manager data

IBM Guardium Key Lifecycle Manager supports the following encryption methods for backups:

Password-based encryption: During the backup process, a password is specified to encrypt the backup key, and you must specify the same encryption password to decrypt and restore the backup files.
External master key store based encryption: You can configure IBM Guardium Key Lifecycle Manager to use the external master key store such as Hardware Security Module (HSM) or Unified Key Orchestrator (UKO) (formerly called IBM Enterprise Key Management Foundation Web) for storing the master encryption key. During the backup process, the backup key is encrypted by the master key, which is stored in the external master key store. During the restore process, the master key in the external key store decrypts the backup key. Then, the backup key is used to restore backup contents.

High performance backup and restore

High performance backup and restore provide backup and restoration of large amounts of encryption keys. You can configure IBM Guardium Key Lifecycle Manager for high performance backup and restore operations by setting the following parameter in the SKLMConfig.properties configuration file.

enableHighScaleBackup=true

Note:

You cannot create a cross-platform compatible backup file if IBM Guardium Key Lifecycle Manager is configured for high performance backup and restore activities. You can use the backup file to restore data in an identical operating environment. The operating system, middleware components, and directory structures must be identical on both systems.
The db2restore.log file is created during restore process only when IBM Guardium Key Lifecycle Manager is configured for high performance backup and restore operations.