Features overview
Use IBM® Security Guardium® Key Lifecycle Manager to manage the lifecycle of the keys and certificates of an enterprise. You can manage symmetric keys, secret keys, asymmetric key pairs, and certificates.
IBM Security Guardium Key Lifecycle Manager has
the following key features:
- Role-based access control that provides permissions to do tasks such as create, modify, and delete for specific device groups. Most permissions are associated with specific device groups.
- Extension of support to devices by using industry-standard Key Management Interoperability Protocol (KMIP) for encryption of stored data and the corresponding cryptographic key management.
- Support for encryption-enabled 3592 tape drives, LTO tape drives, DS5000 storage servers, DS8000® Turbo drives, and other devices.
- A graphical user interface and REST interface to manage keys, certificates, and devices.
- Encrypted keys to one or more devices to which Guardium Key Lifecycle Manager server is connected.
- Storage of key materials for the self-signed certificates that you generate, private key, and the key metadata in a database.
- Cross-platform backup and restore to protect IBM Security Guardium Key Lifecycle Manager data, such as the configuration files and current database information.
- Cross-platform backup utility to run backup operation on IBM Tivoli® Key Lifecycle Manager 1.0, 2.0, 2.0.1, IBM Security Guardium Key Lifecycle Manager 2.5, 2.6, 2.7, and IBM Encryption Key Manager, 2.1. You can restore these backup files on current version of IBM Security Guardium Key Lifecycle Manager across operating systems.
- Migration of IBM Security Guardium Key Lifecycle Manager 2.5, 2.6, and IBM Encryption Key Manager 2.1 during installation.
- Audit records based on selected events that occur as a result of successful operations, unsuccessful operations, or both. Installing or starting IBM Security Guardium Key Lifecycle Manager writes the build level to the audit log.
- Support for configuring Hardware Security Module (HSM) or IBM Enterprise Key Management Foundation Web (EKMF Web) to store the master key, which protects the key materials that are stored in the database. By default, the master key is stored in the file-based keystore.
- A set of operations to automatically replicate current active files and data across operating systems. This replication enables cloning of IBM Security Guardium Key Lifecycle Manager environments on multiple servers in a manner that is independent of operating systems and directory structure of the server.
- Support for configuring LDAP (Lightweight Directory Access Protocol) or OpenID Connect (OIDC) for user authentication.
- Server Configuration Wizard to configure IBM Security Guardium Key Lifecycle Manager for TLS handshake. The TLS handshake enables the server and client devices to establish the connection for secure communication.
- HSM-based encryption for creating secure backups and replication when IBM Security Guardium Key Lifecycle Manager is configured with HSM to store the master key.
- Device group export and import operations to move device group data across multiple instances of IBM Security Guardium Key Lifecycle Manager.
- IBM Security Guardium Key Lifecycle Manager writes the license usage information to software identification tag files. IBM License Metric Tool helps you maintain your license compliance.
- Multi-Master configuration to achieve continuous availability of synchronized data across multiple instances of IBM Security Guardium Key Lifecycle Manager.