How IBM Security Guardium Key Lifecycle Manager works

Enables multi-master clustering for flexibility, ease of use

IBM Security Guardium Key Lifecycle Manager supports multi-master clustering, which means that security keys may be synchronized and delivered in real time, allowing for greater flexibility and ease of use. More than 20 masters may be synchronized at a time, allowing for hyper-redundancy and localized availability, so that keys are ready and available when and where they are needed.

Provides more efficient and simplified key management

The solution allows you to manage the lifecycle of keys by automating the creation, import, distribution and back-up of keys. It enables key generation and distribution from a centralized location and groups devices into separate domains for simpler key management. It also supports role-based access control of administrative accounts.

Delivers simple secure integration with IBM storage systems

Key Lifecycle Manager provides cryptographically proven, end-to-end security for key serving. Keys are never readable outside of the encryption hardware and are only delivered to known devices through secure protocols. It offers automated replication for high-availability deployments, supports Federal Information Processing Standard (FIPS) 140-2 Level 1, and offers users the option to use FIPS 140-2 Level 3 validated hardware to enhance key security.

Reduces key management costs

With Key Lifecycle Manager, you can optimize your existing security, high availability, disaster recovery and server investments, and simplify complex key distribution. Consolidate management of keys across domains and support standards that extend management to IBM and non-IBM products, including data warehouses, cloud storage devices, network storage devices and smart meters. Gain improved availability and support for disaster recovery.

Provides certified communications

Your communications will be certified with the Storage Networking Industry Association Secure Storage Industry Forum (SNIA-SSIF) as compliant with version 1.2 of the OASIS KMIP standard.

Speeds implementation and enables interoperability

Key Lifecycle Manager reduces operating costs, speeds implementation and enables interoperability with wizard-based assistance. It allows administrators to quickly configure integration with multiple KMIP- and IPP-compatible devices and provides an administration welcome page that delivers critical notices. The solution offers a web-based GUI that helps ease key configuration and management tasks, including automating key provisioning, rotating keys and destroying keys.

Extends support and compatibility functions

The solution supports KMIP v1.0-1.4 and initial profiles for v2.0 and interoperabiity with Linux on Power, Windows, Linux and AIX. It is compatible with IPP- and KMIP-compatible clients including IBM storage solutions, DB2 and VMware vCenter. PKCS#11 integration is available with popular hardware security modules (HSM) including the SafeNet Luna SA series of HSMs.

How customers use it

  • Screen shot of multi-master node administration in IBM Security Guardium Key Lifecycle Manager

    Encryption keys are everywhere


    Your security or IT teams need a way to centrally manage your encryption keys across your organization.


    IBM Security Guardium Key Lifecycle Manager helps reduce risk and operational costs of encryption key management. It provides dedicated key storage, key serving and key lifecycle management for encryption solutions from multiple providers.

  • Screen shot ov IBM Security Guardium Key Lifecycle Manager welcome dashboard

    Different types of encryption are used across the enterprise


    Enterprises leverage different encryption for various applications and communication and need centralized key management.


    Following the Key Management Interoperability Protocol, IBM Security Guardium Key Lifecycle Manager allows for the automation of key: creation, importation, distribution and back-up for various encryption providers, all from a centralized location.

Technical details