Technical overview

You can use IBM Security Guardium Key Lifecycle Manager to create, back up, and manage the lifecycle of keys and certificates that an enterprise uses. You can manage encryption of symmetric keys, asymmetric key pairs, and certificates. IBM Security Guardium Key Lifecycle Manager provides a graphical user interface and REST interface to manage keys and certificates.

IBM Security Guardium Key Lifecycle Manager waits for and responds to key generation or key retrieval requests that arrive through TCP/IP communication. This communication can be from a tape library, tape controller, tape subsystem, device drive, or tape drive.

IBM Security Guardium Key Lifecycle Manager provides the following major features:

• Managing symmetric keys, asymmetric key pairs, and X.509 V3 certificates.
• Managing the creation and lifecycle of keys, which contain metadata on their intended usage.
• For disaster recovery, providing protected backup of critical data. For example, on distributed systems, backup includes cryptographic key data (actual keys and certificates that are managed), metadata about the keys, and configuration files.
• For continuous key and certificate availability to the encrypting devices, providing automated clone replication program to replicate keys and also other configuration information, such as when new keys that are rolled over.
• File-based audit logs that vary, depending on the operating system. On distributed systems, audit logs contain data in a flat file that is based on the Common Base Event (CBE) security event specification. You can also configure IBM Security Guardium Key Lifecycle Manager to generate audit records in syslog format and send them to a syslog server.