Scheduling automatic backups

Use the Replication page to automatically backup the IBM® Security Key Lifecycle Manager critical data at regular intervals.

About this task

You can use the graphical user interface, REST services, or CLI commands to configure automatic backups by using password-based encryption.

Procedure

  • Using graphical user interface
    1. Log on to the graphical user interface.
    2. Click IBM Security Key Lifecycle Manager > Administration > Replication.
    3. Select Master.
    4. Select a replication server management option.
      Start Replication Server
      Click Start Replication Server to start the replication server for backing up IBM Security Key Lifecycle Manager data based on a configured schedule.
      Stop Replication Server
      Click Stop Replication Server to stop the replication server so that the IBM Security Key Lifecycle Manager data is not backed up.
      Replicate Now
      Click Replicate Now to immediately run the IBM Security Key Lifecycle Manager replication task, and to force a backup file creation.
    5. Configure the settings.
      Basic Properties
      Certificate from keystore Select a certificate from the list. Ensure that SSL/TLS certificate exists on the master and all clone systems that you configure for replication.
      Replication backup encryption passphrase Encryption password for the backup file to ensure data security. You need the same password to decrypt and restore the file.
      Note: If HSM-based encryption is used for the backups, you need not specify the password.
      Confirm replication backup encryption passphrase Specify the same password again to verify the password that you specified.
      Master listen port Port number for communication when unserialized or delayed replications take place. Default master listen port is 1111.
      Advanced Properties
      Replication backup destination directory Location to store the backup files. The Replication backup destination directory field displays the default <SKLM_DATA> directory path, where the backup file is saved, for example, C:\Program Files\IBM\WebSphere\AppServer\products\sklm\data. For the definition of <SKLM_DATA>, see Definitions for HOME and other directory variables. Click Browse to specify a backup repository location under <SKLM_DATA> directory.
      Maximum number of replication files to keep before rollover Maximum number of replication files that you want to keep. The value must be a positive integer between 2 - 10. When the number of files exceed the specified limit, the oldest file is deleted.
      Replication frequency (in hours) Frequency to check whether the backup operation is necessary. Default value is set to 1 hour. This parameter is ignored if the value for Daily Start Replication Time is set.
      Daily replication time (in HH:MM format) Time in HH:MM format to run the replication task every day.
      Replication log file name Name and location for the replication log file. Default value for this parameter is <WAS_HOME>\products\sklm\logs\replication.
      Maximum log file size (in KB) Maximum size of a log file before rollover occurs. Default value is 1000 KB (kilobytes). When the file reaches the maximum size, a new log file is created.
      Maximum number of log files to keep Maximum number of log files that you want to keep. By default, IBM Security Key Lifecycle Manager keeps the last 3 log files. When the number of files exceed the specified limit, the oldest file is deleted.
    6. Click OK.
  • Using REST services
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Security Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. To run Get Single Config Property REST Service, send the HTTP GET request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
      Service request
      GET https://localhost:<port>/SKLM/rest/v1/configProperties/
replication.role
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language: en
      Success response
      Status Code : 200 OK
Content-Language: en
{"replication.role" : "none"}
    4. Specify the changes. For example, you can use Update Replication Config Property REST Service to send the following service request to change the value of the replication.role property. 
      PUT https://localhost:<port>/SKLM/rest/v1/configProperties
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language: en
{ "replication.role": "master"}
  • Using CLI commands
    1. Go to the WAS_HOME/bin directory.
      For example,
      Windows
      cd drive:\Program Files\IBM\WebSphere\AppServer\bin
      Linux
      cd /opt/IBM/WebSphere/AppServer/bin
    2. Start the wsadmin interface by using an authorized user ID, such as SKLMAdmin.
      For example:
      Windows
      wsadmin.bat -username SKLMAdmin -password mypwd -lang jython
      Linux
      ./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython
    3. Type the tklmReplicationConfigGetEntry command on one line to get the current value of the target property in the ReplicationSKLMConfig.properties file.
      For example, type:
      wsadmin>print AdminTask.tklmReplicationConfigGetEntry 
	('[-name replication.role]')

      An example response might be:

      none
    4. Specify the changes. For example, to change the value of the replication.role property to master, type on one line. 
      print AdminTask.tklmReplicationConfigUpdateEntry 
	('[-name replication.role -value master]')