Performing Recovery Operations › TBEMIGRT Utility › How Key Management for Disaster Recovery Backup Works
How Key Management for Disaster Recovery Backup Works
If your site runs in production with cryptographic keys stored in the ICSF CKDS, and your disaster recovery site does not have a cryptographic coprocessor, you cannot use the CKDS at the disaster recovery site. Because of this, you need to do the following:
- Back up keys from the CKDS by copying them to the BES database.
- Back up your BES database so that the backup copy can be used at the disaster recovery site.
- At the recovery site, use the BES database for encryption and decryption.
- Conclude your disaster recovery operations by backing up the mirror database.
- When you return to your home site, restore the primary and mirror databases from the mirror backup taken at your recovery site.
- Move the keys from the BES database back to the CKDS to remove them from the BES database.