Backup and restore runtime requirements

Prevent timeout failure by increasing the time interval that is allowed for backup and restore transactions for large key populations. Specify a larger value for the totalTranLifetimeTimeout setting in this file:

WAS_HOME/profiles/KLMProfile/config/cells/
SKLMCell/nodes/SKLMNode/servers/server1/server.xml

Additionally, these conditions must be true:

• Ensure that the task occurs during a time interval that allows a halt to key serving activity.
• For a backup task, the IBM Security Key Lifecycle Manager server must be running in a normal operational state. The IBM Security Key Lifecycle Manager database instance must be available.
• For a restore task, the IBM Security Key Lifecycle Manager database instance must be accessible through the IBM Security Key Lifecycle Manager data source.

  Before you start a restore task for the password-based encryption backups, ensure that you have the password that was used when the backup file was created.

• Use the following guidelines to restore HSM-based encryption backups:
  • Ensure that the same HSM partition is present with all its key entries intact on the system where the backup file is restored.
  • Master key that was used for the backup key encryption must be intact to restore the backup file. If the master key is refreshed, all the older backups are inaccessible or unusable.
  • You must connect to the same HSM and the master key for backup and restore operations irrespective of whether you use HSM-based encryption or password-based encryption.
• Ensure that the directories, which are associated with the tklm.backup.dir property exist. Also, ensure read and write access to these directories for the system and IBM Security Key Lifecycle Manager administrator accounts under which the IBM Security Key Lifecycle Manager server and the Db2® server run.