Enterprise Key Management Foundation — Web Edition Features

All keys are stored in a central repository with metadata such as activation dates and usage. By storing all key material in this central repository, backup can be easily achieved by including the database in existing backup procedures. This facilitates easy recovery if keys are lost.

Enhanced workflow

By employing automated, semiautomated, and bulk key management processes, workflow can be improved to enable your organization to effectively manage high key volumes.

Security-rich key generation

Learn about 4767 cryptographic coprocessor

Key generation takes place within the IBM 4767 cryptographic coprocessor where keys are generated with a random generator.

Role-based access control

The Enterprise Key Management Foundation-Web Edition access control system is role-based and controls the access to functions and keys. The security administrator can define functions and keys that are available for each role and assign users to these roles.

Dual control

Enterprise Key Management Foundation – Web Edition roles can be configured to require that two or more persons must be involved to generate, activate, and distribute keys, thus providing dual control for all operations.

Audit logging

Every important activity is logged in an IBM Db2 table and in z/OS® System Management Facility, if available.

Data set dashboard

A data set dashboard function providing an overview of data sets that are encryptable, already encrypted, or not encryptable. Various search options on this dashboard make it easy to get an overview of the encryption status on an IBM Z server.

Technical details

Software requirements

  • z/OS 2.3 and above

Hardware requirements

One of the following IBM servers:

  • z14® (all models)
  • z15™ (all models)

Gain agility and flexibility

IBM flexible payment plans help align infrastructure investments with workload needs.