Scheduling automatic backups
Use the Replication page to automatically backup the IBM® Security Key Lifecycle Manager critical data at regular intervals.
About this task
You can use the graphical user interface, REST services, or CLI commands to configure automatic backups by using password-based encryption.
Procedure
- Using graphical user interface
- Log on to the graphical user interface.
- Click IBM Security Key Lifecycle Manager > Administration > Replication.
- Select Master.
- Select a replication server management option.
- Start Replication Server
- Click Start Replication Server to start the replication server for backing up IBM Security Key Lifecycle Manager data based on a configured schedule.
- Stop Replication Server
- Click Stop Replication Server to stop the replication server so that the IBM Security Key Lifecycle Manager data is not backed up.
- Replicate Now
- Click Replicate Now to immediately run the IBM Security Key Lifecycle Manager replication task, and to force a backup file creation.
- Configure the settings.
- Basic Properties
-
Certificate from keystore Select a certificate from the list. Ensure that SSL/TLS certificate exists on the master and all clone systems that you configure for replication. Replication backup encryption passphrase Encryption password for the backup file to ensure data security. You need the same password to decrypt and restore the file. Note: If HSM-based encryption is used for the backups, you need not specify the password.Confirm replication backup encryption passphrase Specify the same password again to verify the password that you specified. Master listen port Port number for communication when unserialized or delayed replications take place. Default master listen port is 1111
. - Advanced Properties
-
Replication backup destination directory Location to store the backup files. The Replication backup destination directory field displays the default <SKLM_DATA> directory path, where the backup file is saved, for example, C:\Program Files\IBM\WebSphere\AppServer\products\sklm\data. For the definition of <SKLM_DATA>, see Definitions for HOME and other directory variables. Click Browse to specify a backup repository location under <SKLM_DATA> directory. Maximum number of replication files to keep before rollover Maximum number of replication files that you want to keep. The value must be a positive integer between 2 - 10. When the number of files exceed the specified limit, the oldest file is deleted. Replication frequency (in hours) Frequency to check whether the backup operation is necessary. Default value is set to 1 hour. This parameter is ignored if the value for Daily Start Replication Time is set. Daily replication time (in HH:MM format) Time in HH:MM
format to run the replication task every day.Replication log file name Name and location for the replication log file. Default value for this parameter is <WAS_HOME>\products\sklm\logs\replication. Maximum log file size (in KB) Maximum size of a log file before rollover occurs. Default value is 1000 KB (kilobytes). When the file reaches the maximum size, a new log file is created. Maximum number of log files to keep Maximum number of log files that you want to keep. By default, IBM Security Key Lifecycle Manager keeps the last 3 log files. When the number of files exceed the specified limit, the oldest file is deleted.
- Click OK.
- Using REST services
- Open a REST client.
- Obtain a unique user authentication identifier to access IBM Security Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
- To run Get Single Config Property REST Service, send the HTTP GET
request. Pass the user authentication identifier that you obtained in
Step a
along with the request message as shown in the following example.- Service request
-
GET https://localhost:<port>/SKLM/rest/v1/configProperties/ replication.role Content-Type: application/json Accept: application/json Authorization: SKLMAuth userAuthId=139aeh34567m Accept-Language: en
- Success response
-
Status Code : 200 OK Content-Language: en {"replication.role" : "none"}
- Specify the changes. For example, you can use Update Replication Config
Property REST Service to send the following service request to change the value of the
replication.role property.
PUT https://localhost:<port>/SKLM/rest/v1/configProperties Content-Type: application/json Accept: application/json Authorization: SKLMAuth authId=139aeh34567m Accept-Language: en { "replication.role": "master"}
- Using CLI commands
- Go to the
WAS_HOME/bin
directory.For example,- Windows
cd drive:\Program Files\IBM\WebSphere\AppServer\bin
- Linux
cd /opt/IBM/WebSphere/AppServer/bin
- Start the wsadmin interface by using an authorized user ID, such as
SKLMAdmin
.For example:- Windows
-
wsadmin.bat -username SKLMAdmin -password mypwd -lang jython
- Linux
-
./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython
- Type the tklmReplicationConfigGetEntry command on one line to get
the current value of the target property in the
ReplicationSKLMConfig.properties file. For example, type:
wsadmin>print AdminTask.tklmReplicationConfigGetEntry ('[-name replication.role]')
An example response might be:
none
- Specify the changes. For example, to change the value of the
replication.role property to master, type on one
line.
print AdminTask.tklmReplicationConfigUpdateEntry ('[-name replication.role -value master]')
- Go to the