IBM Guardium Key Lifecycle Manager Support Matrix

Question & Answer

Question

What is the support matrix for hardware, operating systems, browsers, hypervisors, middleware, HSMs, and KMIP across the different releases of IBM Guardium Key Lifecycle Manager?

Answer

Note:

With V5.0, IBM Security Guardium Key Lifecycle Manager is renamed as IBM Guardium Key Lifecycle Manager.

With V4.1, IBM Security Key Lifecycle Manager is renamed as IBM Security Guardium Key Lifecycle Manager.

Click a tab to know the supported hardware, operating systems, hypervisors, middleware, Hardware Security Modules (HSM), and Key Management Interoperability Protocol (KMIP) versions across the different releases of IBM Guardium Key Lifecycle Manager (SKLM/GKLM):

Supported hardware

IBM Guardium Key Lifecycle Manager V5.0 traditional and earlier versions

The following hardware requirement values apply to all active versions of IBM Guardium Key Lifecycle Manager:

System component	Minimum values¹	Recommended values²
System memory (RAM)	4 GB	8 GB
Processor speed	Linux and Windows systems 1.0 GHz single processor AIX systems 1.5 GHz (2-way)	Linux and Windows systems 3.0 GHz dual processors AIX systems 1.5 GHz (4-way)
Disk space
Disk space free for IBM Guardium Key Lifecycle Manager and prerequisite products such as Db2	16 GB	30 GB
Disk space free in "/tmp" or "C:\temp"	4 GB	4 GB
Db2 disk space free in "/home" directory or system drive for Db2	7 GB	25 GB
Disk space free in /var directory for Db2	1 GB on Linux and UNIX operating systems	1 GB on Linux and UNIX operating systems
See Disk space requirements for log files.

All file systems must be writable.

¹ Minimum values: These values enable a basic use of IBM Guardium Key Lifecycle Manager.

² Recommended values: You must use larger values that are appropriate for your production environment. The most critical requirements are to provide adequate system memory, and free disk and swap space. Processor speed is less important.

Disk space requirements for log files

Consider the following disk space requirements for log files before you install IBM Guardium Key Lifecycle Manager.

Log file name	Log file location	Maximum number of log files	Maximum size of each log file	Disk space requirements
sklm_audit.log	<WAS_HOME>\products\sklm\logs\audit	1	No limit	-
sklm.log/debug	<WAS_HOME>\products\sklm\logs	100	100 MB	10 GB
agent.log	<WAS_HOME>\products\sklm\logs	30	100 MB	3 GB
replication_audit.log¹	<WAS_HOME>\products\sklm\logs\replication	100	1 GB per log file	-

¹ Only if you have configured replication.

Note: To avoid db2diag log files overflow, back up the db2diag log files regularly or modify the level of logging. For more information, see diaglevel - Diagnostic error capture level configuration parameter.

On Linux and UNIX operating systems, you must install your Db2 product in an empty directory. If the directory that you specify as the installation path contains subdirectories or files, your Db2 installation might fail.

On Linux and UNIX operating systems, 4 GB of free space is required in the $HOME directory.

On Linux and UNIX operating systems, minimum 16 GB of free space is required in the / and /opt directory.

Installing into mapped network drives/mounted partitions is not supported.

If installation locations of more than one system component fall on the same Windows drive/UNIX partition, the cumulative space to contain all those components must be available in that drive/partition.

IBM Guardium Key Lifecycle Manager V5.0 container and earlier versions

The containerized IBM Guardium Key Lifecycle Manager application consists of two containers:

Database (PostgreSQL / Db2)
IBM Guardium Key Lifecycle Manager application

Database - PostgreSQL container

System component	Minimum values	Recommended values
System memory (RAM)	4 GB	8 GB
Processor speed	2.0 GHz	8.0 GHz
Persistent Storage (Volume)	40 GB (Storage type: File)	60 GB (Storage type: File)

Database - Db2 container

System component	Minimum values	Recommended values
Persistent Storage (Volume)	40 GB (Storage type: File)	60 GB (Storage type: File)

For detailed Db2 hardware requirements, see Db2 Community Edition 11.5.4.0.

IBM Guardium Key Lifecycle Manager application container

The following hardware requirement values apply to IBM Guardium Key Lifecycle Manager container:

System component	Minimum values	Recommended values
System memory (RAM)	4 GB	8 GB
Processor speed	1.0 GHz	4.0 GHz
Persistent Storage (Volume)	20 GB (Storage type: File)	40 GB (Storage type: File)

Supported operating systems

IBM Guardium Key Lifecycle Manager V5.0 traditional and earlier versions

		IBM Guardium Key Lifecycle Manager
Platform	Operating System	V4.1	V4.1.1	V4.2	V4.2.1	V5.0
AIX	AIX 7.2 POWER 7, 8¹	YES⁴	YES⁴	YES⁴	YES⁴	NO
AIX	AIX 7.2 POWER 9	YES^3,4	YES^3,4	YES^3,4	YES^3,4	NO
	AIX 7.3 POWER 10⁸	NO	NO	YES⁶	YES⁶	YES⁷
Linux²	SUSE Linux Enterprise Server (SLES) 12 x86-64	YES	YES	YES	YES	NO
	SUSE Linux Enterprise Server (SLES) 12 System z	YES	YES	YES	YES	NO
	SUSE Linux Enterprise Server (SLES) 15 x86-64	NO	YES	YES	YES	YES⁹
	SUSE Linux Enterprise Server (SLES) 15 System z	NO	YES	YES	YES	YES⁹
	Red Hat Enterprise Linux (RHEL) Server 7.6 - 7.9 System z (EOS OS)	YES	YES	YES	YES	NO
	Red Hat Enterprise Linux (RHEL) Server 8.2 - 8.4, 8.6, 8.8, 8.10 System z,	YES	YES	YES	YES	NO
	Red Hat Enterprise Linux (RHEL) Server 9.2, 9.4 System z	NO	YES⁵	YES⁵	YES	YES¹⁰
	Red Hat Enterprise Linux (RHEL) Server 9.6 System z	NO	NO	NO	NO	YES
	Red Hat Enterprise Linux (RHEL) Server 7.6 - 7.9 x86-64 (EOS OS)	YES	YES	YES	YES	NO
	Red Hat Enterprise Linux (RHEL) Server 8.2 - 8.4 x86-64, 8.6, 8.8 x86-64, 8.10 x86-64	YES	YES	YES	YES	NO
	Red Hat Enterprise Linux (RHEL) Server 9.6 x86-64	NO	NO	NO	YES	YES
	Red Hat Enterprise Linux (RHEL) Server 9.2, 9.4 x86-64	NO	YES⁵	YES⁵	YES	YES¹⁰
	Red Hat Enterprise Linux (RHEL) Server 7.6 - 7.9 (PowerPC Little Endian (LE)) 64 bit¹(EOS OS)	YES	YES	YES	YES	NO
	Red Hat Enterprise Linux (RHEL) Server 8.2 - 8.4, 8.6, 8.8, 8.10 (PowerPC Little Endian (LE))	YES	YES	YES	YES	NO
	Red Hat Enterprise Linux (RHEL) Server 9.2, 9.4 (PowerPC Little Endian (LE))	NO	YES⁵	YES⁵	YES	YES¹⁰
	Red Hat Enterprise Linux (RHEL) Server 9.6 (PowerPC Little Endian (LE))	NO	NO	NO	NO	YES
	Ubuntu 16.04 LTS x86_64 (EOS OS)	YES	NO	NO	NO	NO
	Ubuntu 18.04 LTS x86_64 (EOS OS)	NO	YES	YES	YES	NO
	Ubuntu 20.04 x86_64	NO	NO	YES	YES	NO
	Ubuntu 22.04 x86_64	NO	NO	YES	YES	YES
Windows	Windows Server 2012 Standard Edition x86-64 (EOS OS)	YES	YES	YES	YES	NO
	Windows Server 2012 R2 Standard Edition x86-64 (EOS OS)	YES	YES	YES	YES	NO
	Windows Server 2016 Standard Edition x86-64	YES	YES	YES	YES	NO
	Windows Server 2019 Standard Edition x86-64	YES	YES	YES	YES	NO
	Windows Server 2022 Standard Edition x86-64	NO	NO	YES	YES	YES¹¹
	Windows Server 2022 Datacenter Edition x86-64	NO	NO	YES	YES	YES
	Windows Server 2025 Standard Edition x86-64	NO	NO	NO	NO	YES¹¹

¹ - Supported hardware includes POWER9 in POWER8 mode.

² - For information about the Linux packages, see Linux packages.

³ - Supports POWER9 in POWER9 mode

⁴ - Supported only with AIX 7.2 TL3 and later.

⁵ - Support for RHEL 9.x is available only after upgrade of Db2 to version 11.5.9. Support for RHEL 9.x with the default bundled Db2 version is not available.

⁶ - Supports AIX 7.3 TL1 SP1 and later.

⁷ - Supports AIX 7.3 TL2.

⁸ - Supported hardware includes POWER10 in POWER9 and POWER10 mode.

⁹ - Supported with SUSE Linux Enterprise Server (SLES) 15 SP6.

¹⁰ - Supported with Red Hat Enterprise Linux (RHEL) Server 9.4.

¹¹ - For more information about the installation, see IBM Guardium Key Lifecycle Manager installation on Windows Server 2022 and 2025.

Notes:

Do not install IBM Guardium Key Lifecycle Manager on systems with hardened operating system. You can harden the operating system after the installation completes.
Before you install IBM Guardium Key Lifecycle Manager on a UNIX or an AIX operating system, ensure that Bash shell (bash) is installed. Also, ensure that it is the default shell. Starting IBM Guardium Key Lifecycle Manager 4.2, for AIX operating system, Bash shell is not required.
Before you install IBM Guardium Key Lifecycle Manager on an AIX operating system, ensure that the necessary libraries that are described in this technote are installed: Required gtk libraries for IBM Installation Manager on AIX.
For V4.1 and earlier versions, before you install IBM Guardium Key Lifecycle Manager on a Linux operating system, ensure that C shell (csh) is installed. Starting V4.1.1, csh is not a requirement.
Access requirements: Install IBM Guardium Key Lifecycle Manager as an administrator (root user). You can install IBM Guardium Key Lifecycle Manager as a non-root user on Linux operating systems only.
For RHEL 8 and RHEL 9 operating systems, IBM Guardium Key Lifecycle Manager will support only even digit minor release versions. For example, RHEL 8.6, RHEL 8.8, RHEL 8.10, RHEL 9.2, RHEL 9.4. This is primarily due to very short support lifecycle provided by RedHat for odd digit minor release versions. Latest minor release for RHEL will always be supported even for odd digit minor release version.

Linux packages

On Linux operating systems, IBM Guardium Key Lifecycle Manager (GKLM) requires the compat-libstdc++ package, which contains libstdc++.so.6. It also requires the libaio package, which contains the asynchronous library that is required for Db2® database servers.

libstdc package
To determine whether you have the package, run the following command:
```
rpm -qa  | grep -i "libstdc"
```
If the package is not installed, locate the rpm file on your original installation media and install it.
```
find installation_media -name compat-libstdc++*
rpm -ivh full_path_to_compat-libstdc++_rpm_file]
```
libaio package
To determine whether you have the package, run the following command:
```
rpm -qa  | grep -i "libaio"
```
If the package is not installed, locate the rpm file on your original installation media and install it.
```
find installation_media -name libaio*
rpm -ivh full_path_to_libaio_rpm_file
```

Prerequisites for GKLM installation on Red Hat Enterprise Linux 64-bit systems:

Ensure that 64-bit libaio package is installed before running db2setup. Db2 installation requires this package.
For GKLM V4.1.1 and V4.1 installation in graphical mode, ensure that a VNC package (for example, tigervnc) and a terminal emulator (for example, xterm) are installed.
For GKLM V4.1 silent installation, ensure that the tsch package is installed.

Requirements for Linux on System z operating system

Before you install IBM Guardium Key Lifecycle Manager on Linux on System z operating system, complete the following steps:

Check whether the following libraries are present on the system, which are necessary for Db2® installation.
- libpam.so.0
- libaio.so.1
- libstdc++.so.6.0.8
- libstdc++33
- libxcrypt-compat
- perl-Net-Ping
- ksh93
If the system does not contain the necessary libraries, run the following command:
```
yum install <library_name>
```
If a library has any issues, use the following command to remove a library:
```
yum remove <library_name>
```
For more information, see Db2 documentation - Additional installation considerations (Linux).
Install the IBM XL/XL C++ runtime environment:
1. Extract the setup.
2. Run ./install.
3. Run the following command if an error message is displayed about missing libraries:
```
yum install <missing_lib_name>
```
Create a link between the libraries that are installed by running the following commands:
```
ln -s /opt/ibm/lib/* /usr/lib/ 
ln -s /opt/ibm/lib64/* /usr/lib64/
```

Set the LD_LIBRARY_PATH by using the following command:

LD_LIBRARY_PATH=/opt/ibm/lib:/opt/ibm/lib64:/usr/lib64; 
export LD_LIBRARY_PATH

Ensure that the /tmp directory has all the permissions. To provide the permissions, run the following command.
```
chmod 777 /tmp
```

Requirements for Linux on PowerPC operating system

Before you install IBM Guardium Key Lifecycle Manager on Linux on PowerPC Little Endian (LE) operating system, ensure that your system meets the requirements.

Install IBM XL/XL C++ environment.
1. Extract the setup in a directory.
```
tar -xvf <setup_name>
```
2. Run ./install.
After you install the package, create a link between the libraries that are installed by running the following steps.
```
ln -s /opt/ibm/lib/* /usr/lib/                        
ln -s /opt/ibm/lib64/* /usr/lib64/
```

Set the LD_LIBRARY_PATH by using the following command.

LD_LIBRARY_PATH=/opt/ibm/lib:/opt/ibm/lib64:/usr/lib64; 
export LD_LIBRARY_PATH

Before you start the installation process, ensure that the /tmp directory has all the permissions. To provide the permissions, run the following command.
```
chmod 777 /tmp
```

Disabling Security Enhanced Linux

IBM Guardium Key Lifecycle Manager on Linux operating systems might have functional problems when the Security Enhanced Linux (SELINUX) setting is enabled.

For example, a problem might occur with the TCP/IP connections on the server ports. Follow the steps provided in the Linux documentation to disable Security Enhanced Linux.

IBM Guardium Key Lifecycle Manager V5.0 container and earlier versions

	IBM Guardium Key Lifecycle Manager
Operating system/Architecture	Linux/amd64 Linux/s390x
Container Platform	OpenShift Container Platform Version 4.11.9 or later An IBM Cloud account with Cluster Administrator permissions Kubernetes Container Platform Version 1.19.7 or later IBM zCX environment
Helm	Power: At least Version 2.12.x or later, but not Version 3.x x86: At least Version 2.17.2 or later, but not Version 3.x
Storage	NFS IBM Cloud File Storage (gold storage class) Portworx Red Hat OpenShift Container Storage 4.11 or later A hostPath PV that is a mounted clustered filesystem

Supported browsers

Applicable to IBM Guardium Key Lifecycle Manager, Version 5.0, 4.21, and 4.2

NOTE: These browser versions are also applicable in this scenario: If you installed the IBM Guardium Key Lifecycle Manager versions, V4.0.0.4 or later, V4.1.0.4 or later, V4.1.1.3 or later, and IBM Guardium Key Lifecycle Manager user interface is not loading, then upgrade your browser to the following version:

Browser	Supported versions
Google Chrome	109.0 and later
Microsoft Edge	110.0 and later
Firefox ESR	102.8 and later

Note: Supported browsers are not included with the product installation. You can access the IBM Guardium Key Lifecycle Manager graphical user interface by using any of the supported browsers from any system. You must enable the session cookies and Java Script in the browser to establish a session with the product.

Applicable to IBM Guardium Key Lifecycle Manager, Version 4.1.1 and 4.1:

Browser	Supported Versions
Google Chrome	86 and later
Microsoft Edge	44 and later
Firefox ESR	24.0 and later

Supported hypervisors

	IBM Guardium Key Lifecycle Manager
Hypervisor	V4.0 - V4.1	V4.1.1	V4.2, V4.2.1, V5.0
VMware ESXi 8.x	NO	NO	YES
VMware ESXi 7.x	YES	YES	YES
Red Hat KVM as delivered with Red Hat Enterprise Linux (RHEL) and its RHEV equivalent 7.0, 8.0 and 9.0	YES	YES	YES
IBM z/VM Hypervisor 6.1 - 6.4 and 7.1	NO	YES	YES
IBM PowerVM Hypervisor (LPAR, DPAR, Micro-Partition) any supported version	NO	YES	YES

Supported middleware

Release		Middleware
		Database	IBM WebSphere Application Server (WAS)	WebSphere SDK Java Technology Edition
Requirements (Only for V4.1 traditional and earlier)		See the Db2 requirements section	See the WebSphere Application Server requirements section	None
V5.0	For traditional	IBM Db2 Standard Edition 12.1.0.0^*	WAS Liberty: 25.0.0.9 (Java 8.0.8.50 / or Java SDK 1.8.0_u461) 25.0.0.6 (Java 8.0.8.45 / or Java SDK 1.8.0_u451) 24.0.0.9^*	JAVA: Java 8.0.8.50 / or Java SDK 1.8.0_u461 Java 8.0.8.45 / or Java SDK 1.8.0_u451 1.8.0_u421^*
V5.0	For container¹	PostgreSQL 12.2 IBM Db2 12.1.0.0 IBM Db2 for z/OS 12.0.15 with Function level 501	WAS Liberty: 24.0.0.9^*	1.8.0_u421 ^*
V4.2.1	For traditional	IBM Db2 Standard Edition 11.5.9.0^*	WAS Liberty: 25.0.0.9 (Java 8.0.8.50 / or Java SDK 1.8.0_u461) 25.0.0.6 (Java 8.0.8.45 / or Java SDK 1.8.0_u451) 24.0.0.9 (1.8.0_u421) 24.0.0.4 ( 1.8.0_391 ^* ) 23.0.0.12 23.0.0.9^*	JAVA: Java 8.0.8.50 / or Java SDK 1.8.0_u461 Java 8.0.8.45 / or Java SDK 1.8.0_u451 1.8.0_u421 1.8.0_u411 1.8.0_401 1.8.0_391 ^*
V4.2.1	For container¹	PostgreSQL 12.2 IBM Db2 11.5.9.0 IBM Db2 for z/OS 12.0.15 with Function level 501	WAS Liberty: 23.0.0.9^*	1.8.0_391^*
V4.2	For traditional	IBM Db2 Standard Edition 11.5.9.0² 11.5.8.0^*	WAS Liberty: 25.0.0.9 (Java 8.0.8.50 / or Java SDK 1.8.0_u461) 25.0.0.6 (Java 8.0.8.45 / or Java SDK 1.8.0_u451) 24.0.0.9 (1.8.0_u421) 24.0.0.4 ( 1.8.0_351 SR7 FP20^* ) 23.0.0.12 23.0.0.9 (Bundled in GKLM fix pack 4.2.0.2) 23.0.0.6 (Java 1.8.0_371 SR8 FP5) 23.0.0.3 (Java 1.8.0_361 SR8)⁵ 22.0.0.12^*	JAVA: Java 8.0.8.50 / or Java SDK 1.8.0_u461 Java 8.0.8.45 / or Java SDK 1.8.0_u451 1.8.0_u421 1.8.0_391 1.8.0_371 SR8 FP5 1.8.0_361 SR8 1.8.0_351 SR7 FP20^*
V4.2	For container¹	PostgreSQL 12.2 IBM Db2 11.5 IBM Db2 for z/OS 12.0 with Function level 501	WAS Liberty: 23.0.0.3 (Java 1.8.0_361 SR8)⁵ 22.0.0.12^*	1.8.0_361 SR8 1.8.0_351 SR7 FP20^*
V4.1.1	For traditional	IBM Db2 Standard Edition 11.5.9.0² 11.5.8.0² 11.5.7.0² 11.5.6.0^*	WAS Liberty: 25.0.0.9 (Java 8.0.8.50 / or Java SDK 1.8.0_u461) 25.0.0.6 (Java 8.0.8.45 / or Java SDK 1.8.0_u451) 24.0.0.4 ( 1.8.0_26 SR6 FP26^* ) 23.0.0.12 (Bundled in GKLM fix pack 4.1.1.8) 23.0.0.9 23.0.0.6 (Java 1.8.0_371 SR8 FP5) 23.0.0.3 (Java 1.8.0_361 SR8) ~~22.0.0.12~~⁶ 22.0.0.9 22.0.0.6⁵ 21.0.0.12⁴ 21.0.0.6^*	JAVA: Java 8.0.8.50 / or Java SDK 1.8.0_u461 Java 8.0.8.45 / or Java SDK 1.8.0_u451 1.8.0_391 1.8.0_371 SR8 FP5 1.8.0_361 SR8 1.8.0_341 SR7 FP15 1.8.0_311 SR7 1.8.0_26 SR6 FP26^*
V4.1.1	For container¹	PostgreSQL 12.2 IBM Db2 11.5 IBM Db2 for z/OS 12.0	WAS Liberty: 22.0.0.6⁵ 21.0.0.6^*	1.8.0_26 SR6 FP26^*
V4.1	For traditional	IBM Db2 Standard Edition 11.5.8.0² 11.5.7.0² 11.5.6.0³ 11.5.5.0³ 11.5.4.0^*	WAS traditional: 9.0.5.19 (Java 1.8.0_261 SR6 FP15) 9.0.5.18 9.0.5.17 9.0.5.16 (Java 1.8.0_371 SR8 FP5) 9.0.5.6 - 9.0.5.15 9.0.5.5^*	JAVA: 1.8.0_371 SR8 FP5 1.8.0_361 SR8 1.8.0_341 SR7 FP15 1.8.0_321 SR7 FP5 1.8.0_311 SR7 1.8.0_301 SR6 FP36 1.8.0_26 SR6 FP26 1.8.0_261 SR6 FP15^*
V4.1	For container¹	PostgreSQL 12.2 IBM Db2 11.5 IBM Db2 for z/OS 12.0	WAS Liberty: 20.0.0.9	1.8.0_261 SR6 FP15^*
For more information about the Java SDK version shipped with IBM WebSphere Application Server, see Verify Java SDK version shipped with IBM WebSphere Application Server fix packs.

*- This is the default packaged version with the GA release.

¹ - The database must be separately installed. It is not bundled with the product.
² - You must first install GKLM with the default bundled IBM Db2 version, then upgrade to this version. For instructions, see the relevant topic:

Db2 11.1.4.6
Db2 11.1.4.5

For instructions to install Db2 fix pack, see How to install Db2 fix pack when IBM Security Guardium Key Lifecycle Manager is installed.

³ - After you apply the Db2 fix pack, run the Db2 commands in the following order:

db2 connect to <databasename>
db2 bind db2schema.bnd blocking all grant public sqlerror continue
db2 terminate
db2stop
db2start

Then, restart the server.

⁴ - You must first install GKLM with the default bundled WebSphere Liberty version, then upgrade to this version. For instructions, see Recommended updates for WebSphere Application Server.

⁵ - This is the version packaged with the latest fix pack release.

⁶ - If you have GKLM 4.1.1.x installed, do not upgrade to WebSphere Liberty 22.0.0.12. There are some issues in this version that causes GKLM 4.1.1.x to not load. For more information, see https://github.com/OpenLiberty/open-liberty/issues/21992.

Db2 requirements

The database stores the data of IBM Guardium Key Lifecycle Manager. Before you install IBM Guardium Key Lifecycle Manager, ensure that the database requirements are met.

IBM Guardium Key Lifecycle Manager requires DB2® Advanced Workgroup Server Edition, Version 11.1.2.2 and the future fix packs on the same system on which the IBM Guardium Key Lifecycle Manager server runs.
Note

You must use IBM Guardium Key Lifecycle Manager to manage the database. To avoid data synchronization problems, do not use tools that the database application might provide.
For improved performance of Db2 Version 11.1.2.2 on AIX systems, ensure that you install and configure the I/O completion ports (IOCP) package that is described in the Db2 documentation - Configuring IOCP (AIX).
If an existing copy of Db2 Advanced Workgroup Server Edition was installed as the root user at the correct version for the operating system, you can use the existing Db2 Advanced Workgroup Server Edition. IBM Guardium Key Lifecycle Manager installer does not detect the presence of Db2. You must specify the Db2 installation path.

SuSE Linux Enterprise Server Version 12 (System z) systems contain the libstdc++.6.so package. But, IBM Guardium Key Lifecycle Manager requires the libstdc++.5.so package for Db2 installation.

For more information about Db2 prerequisites, see Db2 documentation - db2prereqcheck - Check installation prerequisites.

Db2 kernel settings

To avoid performance issues, set the Db2 kernel parameters. The following is an example for a computer with 16 GB RAM:

#Example for a computer with 16 GB RAM 
sysctl -w kernel.msgmni=16384
sysctl -w kernel.sem="250 1024000 100 4096"
echo "kernel.msgmni=16384" >>/etc/sysctl.conf 
echo "kernel.sem=250 1024000 100 4096" >>/etc/sysctl.conf

AIX systems: None required.
Linux systems: For information about kernel settings, see Db2 documentation - Modifying kernel parameters (Linux).
Window systems: None required.

WebSphere Application Server requirements

IBM Guardium Key Lifecycle Manager includes and installs WebSphere Application Server. During installation, IBM Guardium Key Lifecycle Manager customizes WebSphere Application Server configuration and profiles to suit its operations. This customization might cause problems with products that use the same server when you uninstall IBM Guardium Key Lifecycle Manager. Therefore, you must consider the following aspects to avoid the issues:

Do not install IBM Guardium Key Lifecycle Manager in a WebSphere Application Server instance that another product provides.
Do not install another product in the instance of WebSphere Application Server that IBM Guardium Key Lifecycle Manager provides.

IBM Guardium Key Lifecycle Manager requires Java Runtime Environment. IBM Java Runtime Environment is included with WebSphere® Application Server.

Use of an independently installed development kit for Java™, from IBM® or other vendors, is not supported. For more information, see Java SE 8 in WebSphere Application Server traditional V9.

Federal Information Processing Standard (FIPS)

Support for RSA encryption is removed in Java 8.0.8.20 and later versions for security reasons. Due to this change, endpoints (device groups) such as 3592, TS4500 and DS8000 will not work with the Federal Information Processing Standard (FIPS) option turned on. To use these endpoints in IBM Guardium Key Lifecycle Manager, you need to turn off the FIPS option.

You must use the following REST service to turn off the FIPS option.

Update Security Configurations REST Service

Supported HSMs/Cryptographic cards

IBM Guardium Key Lifecycle Manager uses the IBM PKCS11 Cryptographic Provider, and supports the cryptographic cards that the provider supports.

For a list of the supported cryptographic cards, see IBM Java V8.0 Documentation - IBM PKCS11 Cryptographic Provider. In addition to this list, the cards that are listed in the following table are also supported.

HSMs/Cryptographic cards	IBM Guardium Key Lifecycle Manager Version
IBM HPCS PKCS11 Client Library Version 2.5.12 or later	4.1.1 and later
Entrust nShield HSMs v13.3.2 (Compatible with mixed estates and nShield as a Service)	4.2.0.1
Entrust nShield Connect XC 12.60 (Compatible with nShield as a service)	4.0 and later

Supported KMIP versions

	IBM Guardium Key Lifecycle Manager
	V4.1.x.x	V4.2	V4.2.1	V5.0
Key Management Interoperability Protocol (KMIP)		3.0^*	3.0	3.0
	2.1	2.1	2.1	2.1
	2.0	2.0	2.0	2.0
	1.4	1.4	1.4	1.4
	1.3	1.3	1.3	1.3
	1.2	1.2	1.2	1.2
	1.1	1.1	1.1	1.1
	1.0	1.0	1.0	1.0

For more information about the supported KMIP profiles, see Key Management Interoperability Protocol (KMIP) profiles supported by IBM Security Guardium Key Lifecycle Manager.

* - IBM Guardium Key Lifecycle Manager 4.2 uses KMIP 3.0 specifications that is currently in draft mode.

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSXM6G0","label":"IBM Guardium Key Lifecycle Manager"},"ARM Category":[{"code":"a8m0z000000cvdLAAQ","label":"SKLM"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

IBM Guardium Key Lifecycle Manager Support Matrix

Question & Answer

Question

Answer

Supported hardware

IBM Guardium Key Lifecycle Manager V5.0 traditional and earlier versions

Disk space requirements for log files

IBM Guardium Key Lifecycle Manager V5.0 container and earlier versions

Database - PostgreSQL container

Database - Db2 container

IBM Guardium Key Lifecycle Manager application container

Supported operating systems

IBM Guardium Key Lifecycle Manager V5.0 traditional and earlier versions

Linux packages

Requirements for Linux on System z operating system

Requirements for Linux on PowerPC operating system

Disabling Security Enhanced Linux

IBM Guardium Key Lifecycle Manager V5.0 container and earlier versions

Supported browsers

Supported hypervisors

Supported middleware

Db2 requirements

Db2 kernel settings

WebSphere Application Server requirements

Federal Information Processing Standard (FIPS)

Supported HSMs/Cryptographic cards

Supported KMIP versions

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?