Planning for key lifecycle managers
DS8000® storage systems support IBM® Security Guardium Key Lifecycle Manager.
If NIST 800-131A security conformance is required on your storage
system, select the version of IBM Security
Guardium Key Lifecycle Manager that is appropriate for your encryption key server host and
connection network protocol requirements.
- If your encryption key server runs on an open system host and you do not plan to use the Transport Layer Security (TLS) 1.2 or 1.3 protocol with this key server, use IBM Security Guardium Key Lifecycle Manager V2.6 or later.
- If your encryption key server runs on an open system host and you plan to use the TLS 1.2 or 1.3 protocol with this key server, use IBM Security Guardium Key Lifecycle Manager V2.6 or later.
- If your encryption key server runs on an IBM Z host LPAR with z/OS®, use IBM Security Guardium Key Lifecycle Manager for z/OS V1.1.0.3 or later.
- If your encryption key server is Gemalto Safenet KeySecure, select version 8.0.0 or later.
If NIST 800-131A security conformance is not required on your storage system, select the
appropriate encryption key manager for your encryption key server host.
- If your encryption key server runs on an open system host, install IBM Security Guardium Key Lifecycle Manager V2.6 or later.
- If your encryption key server runs on an IBM Z host LPAR with z/OS, install IBM Security Guardium Key Lifecycle Manager for z/OS v1.0.1 or later.
If you want to acquire a different isolated key server, refer to the IBM Security Guardium Key Lifecycle Manager Installation and Configuration Guide (SC27-5335) or IBM Security Guardium Key Lifecycle Manager online product documentation for hardware and operating system requirements.
Note: You must acquire an IBM Security Guardium Key
Lifecycle Manager license for use of the IBM Security Guardium
Key Lifecycle Manager software that is ordered separately from the stand-alone server hardware. The
IBM Security Guardium Key Lifecycle Manager license includes
both an installation license for the IBM Security Guardium Key
Lifecycle Manager management software and a license for encrypting drives.
IBM Security Guardium Key Lifecycle Manager for z/OS generates encryption keys and manages their transfer to and from devices in an IBM Z environment.