Backup and restore overview
Back up and restore tasks provide protection for critical data, and require consideration of your site practices to ensure server availability and runtime capabilities.
IBM® Security Guardium® Key Lifecycle Manager creates backup files in a manner that is independent of operating systems and directory structure of the server. The backup files contain critical data for the current state of the Guardium Key Lifecycle Manager server. Your site practices must consider how to ensure that key serving is available.
The IBM Security Guardium Key Lifecycle Manager backup and restore operations support the use of AES 256-bit key length for data encryption/decryption to conform to the PCI DSS (Payment Card Industry Data Security Standard) standards for increased data security.
Encryption methods to back up IBM Security Guardium Key Lifecycle Manager data
- Password-based encryption
- During the backup process, a password is specified to encrypt the backup key, and you must specify the same encryption password to decrypt and restore the backup files.
- External master key store based encryption
- You can configure IBM Security Guardium Key Lifecycle Manager to use the external master key store such as Hardware Security Module (HSM) or IBM Enterprise Key Management Foundation Web (EKMF Web) for storing the master encryption key. During the backup process, the backup key is encrypted by the master key, which is stored in the external master key store. During the restore process, the master key in the external key store decrypts the backup key. Then, the backup key is used to restore backup contents.
High performance backup and restore
- You cannot create a cross-platform compatible backup file if IBM Security Guardium Key Lifecycle Manager is configured for high performance backup and restore activities. You can use the backup file to restore data in an identical operating environment. The operating system, middleware components, and directory structures must be identical on both systems.
- The db2restore.log file is created during restore process only when IBM Security Guardium Key Lifecycle Manager is configured for high performance backup and restore operations.