Configuring for data redundancy

IBM® Security Key Lifecycle Manager provides three methods to achieve data redundancy: Backup and restore, replication, and Multi-Master cluster.

Overview

Each of these methods caters to specific use cases:

Backup and Restore: Backup and Restore is a basic, manual method of data replication. Using this method, you can back up cryptographic objects (key materials), configuration files, and other critical information on an IBM Security Key Lifecycle Manager server and then restore the backed-up data to create an exact copy of the IBM Security Key Lifecycle Manager server.; For more information, see Configuring backup and restore.
Replication: Replication is an automated Backup and Restore mechanism. With this method, you can back up cryptographic objects (key materials), configuration files, and other critical information on a server (master server), and then replicate or restore this backed up data to another server (clone server) automatically, and on a regular basis.; Replication ensures near real-time data synchronization with continuous key and certificate availability to encrypting devices because even when the master server is not available, the clone servers can continue to serve the keys and certificates. You can install the master and clone servers in geographically different locations and achieve a disaster recovery solution.; For more information, see Configuring replication.
Multi-Master cluster: A Multi-Master cluster is an advanced configuration method. The cluster consists of multiple IBM Security Key Lifecycle Manager servers. Each server is called a master server. All the master servers point to a single data source that is configured for Db2® high availability disaster recovery.; Multi-Master cluster ensures real-time availability of the latest data to all the masters in the cluster. Use this method only if you need to achieve consistent and continuous availability of “real-time” data.; For more information, see Configuring a Multi-Master cluster.

Quick comparison of the methods

The following table compares the different methods on key aspects:

	Backup and Restore	Replication	Multi-Master cluster
Overview	Creating full copy or copies of data and storing them offsite.	Automated copying and moving of data to one or multiple sites.	Creating a cluster of servers that point to a single data source that is configured for Db2 high availability disaster recovery (HADR).
Working	Manual. Relies on snapshots which are copies of the data that is taken at a predetermined point in time.	Automated. Data generated on master server is periodically backed up and sent to the clone server.	Automated. Real-time data synchronization in the Db2 HADR cluster.
Objective	Disaster recovery with manual intervention.	Automated disaster recovery.	High availability across sites.
Supports high availability	No	Partially Clone servers operate in read-only mode. Support uninterrupted key serving.	Yes
Supports disaster recovery	Yes	Yes	Yes
Deployment	One IBM Security Key Lifecycle Manager server	2 - 21 IBM Security Key Lifecycle Manager servers	2 - 21 IBM Security Key Lifecycle Manager servers
Configuration complexity	Low. Basic and simple method.	Low. Requires a one-time configuration.	High. Requires knowledge of Db2 HADR.