This topic provides information about encryption key management.
- IBM® Encryption
Key Manager component for the Java™ platformNote: The Encryption Key Manager does not support the TS1140 Tape Drive.
- Tivoli® Key Lifecycle Manager
- IBM Security Key Lifecycle Manager for z/OS®
The EKS operates on supported operating systems and is designed to be a shared resource, deployed in several locations within an enterprise. For example, the EKS can serve encrypting tape drives in tape library subsystems, connected to mainframe systems through Fibre Channel connections, or installed in other computing systems.
The EKS acts as a daemon process, serving requests for key generation and key retrieval. Requests are sent through a TCP/IP communication path between the EKS and the tape library, tape controller, tape subsystem, device driver, or tape drive. The EKS uses a keystore to hold the certificates and keys (or pointers to the certificates and keys) required for all encryption tasks. Refer to the appropriate EKS documentation for detailed information about the EKS and the keystores it supports.
- Application Layer
- Initiates data transfer for tape storage, for example TSM.
- System Layer
- Everything between the application and the tape drives, for example the operating system, z/OS DFSMS, device drivers, and FICON® controllers.
- Library Layer
- The IBM System Storage™ TS3500 Tape Library, which contains an internal interface to each tape drive within it.