You can move data across IBM® Security Guardium® Key Lifecycle Manager
servers by importing device group data that is exported from an IBM Security Guardium Key Lifecycle Manager server to another server.
Before you begin
You must have the export file and ensure that you have the password that you used when the
export file was created. Save the export files in the default
SKLM_DATA directory, for example, C:\Program
Files\IBM\WebSphere\AppServer\products\sklm\data. For the definition of
SKLM_DATA, see Definitions for HOME and other directory variables. The
SKLM_DATA directory path changes based on the value that is
set for the browse.root.dir property in the
SKLMConfig.properties file.
Version of the IBM Security Guardium Key Lifecycle Manager instance where the device group export data is
being imported must be same as the IBM Security Guardium Key Lifecycle Manager
instance from which the device group data were exported.
About this task
Sometimes the device group data that is imported might conflict with an existing data in the
database. For example, a key in the imported device group might be a key with same alias name of a
device group in the current instance of IBM Security Guardium Key Lifecycle Manager where the data is being imported. When conflicts occur, they must be resolved before the import
process can continue.
You can use the Export and Import page.
Alternatively, you can use Device Group Import REST Service to
import device groups.
Your role must have a permission to import
device groups. For more information about device group export and
import operations, see Overview of device group export and import.
Procedure
-
Go to the appropriate page or directory.
- Graphical user interface
- Log in to the graphical user interface.
- On the Welcome page, click .
- REST
interface
- Open a REST client.
-
Import a selected export file. Only one export or
import
task can run at a time. If you want import a file to an IBM Security Guardium Key Lifecycle Manager instance
on a different system, copy the export file to that system by using
media such as a disk, or electronic transmission.
- Graphical user interface
- Click Browse to specify the export file location under <SKLM_DATA>
directory, for example, C:\Program
Files\IBM\WebSphere\AppServer\products\sklm\data.
- Click Display Exports to display the export files.
- In the table, select an export
file.
- Click Import.
- Alternatively, double-click or right-click the export file and select
Import.
- On the Import
from Export Archive dialog,
specify the encryption password that you used to create the export
file.
- Click Import to start the import
operation.
- If any conflicts arise during the import process, the Conflicts while
Importing dialog appears. For more information, see Resolving the import conflicts.
Else, the progress dialog box appears. When the
import process is complete, a message box is displayed to indicate that the import operation is
complete.
- Click Close.
- REST interface
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST
services. For more information about the authentication process, see Authentication process for REST services.
- To run Device Group Import REST Service, send the HTTP POST request. Pass the
user authentication identifier that you obtained in
Step a along with the request
message as shown in the following
example.POST https://localhost:<port>/SKLM/rest/v1/ckms/deviceGroupsImport
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
{"importFilePath": "C:\\Program Files\\IBM\\WebSphere\\AppServer\\products\\sklm\\data\\sklm_v4.0.0.0_20160728040703-1200_export.exp",
"password": "passw0rd123"}
- If any conflicts arise during the import process, obtain the list of conflicts. Run the Device Group Import Conflicts REST Service.
For more
information, see Resolving the import conflicts.
-
Restart the server. For instructions about how to stop and start the server, see Restarting the Guardium Key Lifecycle Manager server.