IBM Support

IBM Security Key Lifecycle Manager Support Matrix

Question & Answer


Question

What is the support matrix for hardware, operating systems, browsers, hypervisors, middleware, HSMs, and KMIP across the different releases of IBM Security Key Lifecycle Manager?

Answer

Click a tab to know the supported hardware, operating systems, hypervisors, middleware, Hardware Security Modules (HSM), and Key Management Interoperability Protocol (KMIP) versions across the different releases of IBM Security Key Lifecycle Manager (SKLM):

 

Supported hardware

Following hardware requirement values apply to all active versions of IBM Security Key Lifecycle Manager:

System component

Minimum values1

Recommended values2

System memory (RAM) 4 GB 8 GB
Processor speed Linux and Windows systems

1.0 GHz single processor

AIX systems
1.5 GHz (2-way)

Linux and Windows systems

3.0 GHz dual processors

AIX systems
1.5 GHz (4-way)

Disk space free for IBM Security Key Lifecycle Manager and prerequisite products such as Db2 16 GB 30 GB
Disk space free in "/tmp" or "C:\temp" 4 GB 4 GB
Db2 Disk space free in "/home" directory or system drive for Db2 7 GB 25 GB
Disk space free in /var directory for Db2 1 GB on Linux and UNIX operating systems 1 GB on Linux and UNIX operating systems

All file systems must be writable.

1 Minimum values: These values enable a basic use of IBM Security Key Lifecycle Manager.

2 Recommended values: You must use larger values that are appropriate for your production environment. The most critical requirements are to provide adequate system memory, and free disk and swap space. Processor speed is less important.

On Linux and UNIX operating systems, you must install your Db2 product in an empty directory. If the directory that you specify as the installation path contains sub-directories or files, your Db2 installation might fail.

On Linux and UNIX operating systems, 4 GB of free space is required in the $HOME directory.

On Linux and UNIX operating systems, minimum 16 GB of free space is required in the / and /opt directory.

Installing into mapped network drives/mounted partitions is not supported.

If installation locations of more than one system component fall on the same Windows drive/UNIX partition, the cumulative space to contain all those components must be available in that drive/partition.

 

Supported operating systems

 
IBM Security Key Lifecycle Manager

Platform

Operating System

V2.6

V2.7

V3.0

V3.0.1

V4.0
AIX
 
AIX 6.1 POWER 7
YES
NO
NO
NO NO
AIX 7.1 TL4 SP6 POWER 7, 82
YES
YES
YES
YES YES
AIX 7.1 TL5 POWER 7, 82
YES
YES
YES
YES YES
AIX 7.2 POWER 7, 82 NO YES YES YES YES
AIX 7.2 POWER 9
NO
NO
NO
NO YES4
Linux3
 
 
 
 
 
 
 
 
 
 
 
SUSE Linux Enterprise Server (SLES) 12 x86-64
NO
YES1
YES
YES YES
SUSE Linux Enterprise Server (SLES) 12 System z
NO
YES
YES
YES YES
SUSE Linux Enterprise Server (SLES) 11 x86-64
YES
NO
NO
NO NO
SUSE Linux Enterprise Server (SLES) 11 System z
YES
NO
NO
NO NO
SUSE Linux Enterprise Server (SLES) 10 x86-64
YES
NO
NO
NO NO
SUSE Linux Enterprise Server (SLES) 9 x86-64
YES
NO
NO
NO NO
Red Hat Enterprise Linux (RHEL) Server 7.1 - 7.7 System z
YES
YES
YES
YES YES
Red Hat Enterprise Linux (RHEL) Server 7.1 - 7.7 x86-64
YES
YES
YES
YES YES
Red Hat Enterprise Linux (RHEL) Server 7.1 - 7.7 (PowerPC Little Endian (LE)) 64 bit2
NO
NO
YES
YES YES
Red Hat Enterprise Linux (RHEL) Server 6.7 - 6.10 System z
YES
YES
NO
NO NO
Red Hat Enterprise Linux (RHEL) Server 6.7 - 6.10 x86-64
YES
YES
YES
YES YES
Ubuntu 16 x86_64 NO NO NO YES YES
Windows
 
 
 
Windows Server 2012 Standard Edition x86-64
YES
YES
YES
YES YES
Windows Server 2012 R2 Standard Edition x86-64
YES
YES
YES
YES YES
Windows Server 2016 Standard Edition x86-64 NO NO YES YES YES

1  - IBM Security Key Lifecycle Manager, Version 2.7 supports SuSE Linux Enterprise Server 12, in x86 64–bit mode. For more information, see  http://www-01.ibm.com/support/docview.wss?uid=swg22001695 .

2 - Supported hardware includes POWER9 in POWER8 mode.

3 - For information about the Linux packages, see Linux packages.

4 - Supports POWER 9 in POWER9 mode

Notes:

  • Do not install IBM Security Key Lifecycle Manager on systems with hardened operating system.

  • Before you install IBM Security Key Lifecycle Manager on a UNIX or an AIX operating system, ensure that Bash shell (bash) is installed. Also, ensure that it is the default shell.

  • Before you install IBM Security Key Lifecycle Manager on an AIX operating system, ensure that the necessary libraries that are described in this technote are installed: http://www-01.ibm.com/support/docview.wss?uid=swg21631478

  • Before you install IBM Security Key Lifecycle Manager on a Linux operating system, ensure that C shell (csh) is installed.

  • Access requirements: Install IBM Security Key Lifecycle Manager as an administrator (root user). You can install IBM Security Key Lifecycle Manager as a non-root user on Linux operating systems only.

Linux packages

On Linux operating systems, IBM Security Key Lifecycle Manager requires the compat-libstdc++ package, which contains libstdc++.so.6. It also requires the libaio package, which contains the asynchronous library that is required for Db2® database servers.

  • libstdc package
    To determine whether you have the package, run this command:
    rpm -qa  | grep -i "libstdc"
    If the package is not installed, locate the rpm file on your original installation media and install it.
    find installation_media -name compat-libstdc++*
    rpm -ivh full_path_to_compat-libstdc++_rpm_file]
  • libaio package
    To determine whether you have the package, run this command:
    rpm -qa  | grep -i "libaio"
    If the package is not installed, locate the rpm file on your original installation media and install it.
    find installation_media -name libaio*
    rpm -ivh full_path_to_libaio_rpm_file

On Red Hat Enterprise Linux 64-bit systems, Db2 installation requires that two separate libaio packages must be installed before running db2setup. These packages are both named libaio. However, there are two different RPM files to install: one of which is an i386 RPM file, and the other is an x86_64 RPM file.

To install IBM Security Key Lifecycle Manager on Red Hat Enterprise Linux 6.7, you must upgrade 32 bit glib library to version 7.3 or above.

  1. Configure the system with Red Hat Enterprise Linux 6.7, to get the libraries. For the steps on how to register and subscribe a system to the Red Hat Customer Portal by using Red Hat Subscription-Manager, see https://access.redhat.com/solutions/253273.
  2. Upgrade the glib libraries.
    yum install glibc-2.12-1.166.el6_7.3.i686
  3. Run IBM Security Key Lifecycle Manager installation.

XL C/C++ requirements for Linux systems

IBM Security Key Lifecycle Manager requires XL C/C++ runtime environment package for Linux systems.

Requirements for Linux on System z operating system

Before you install IBM Security Key Lifecycle Manager on Linux on System z operating system, complete the following steps:

  1. Check whether the following libraries are present on the system, which are necessary for DB2® installation.
    • libpam.so.0
    • libaio.so.1
    • libstdc++.so.6.0.8
    • libstdc++33
    • ksh93
    If the system does not contain the necessary libraries, run the following command.
    yum install <library_name>
    If a library has any issues, use the following command to remove a library.
    yum remove <library_name>
    For more information, see Db2 documentation http://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.qb.server.doc/doc/r0008865.html.
     
  2. Install the IBM XL/XL C++ runtime environment:
    1. Extract the setup.
    2. Run ./install.
    3. Run the following command if an error message is displayed about missing libraries.
      yum install <missing_lib_name>
  3. Create a link between the libraries that are installed by running the following commands:
    ln -s /opt/ibm/lib/* /usr/lib/ 
    ln -s /opt/ibm/lib64/* /usr/lib64/
  4. Set the LD_LIBRARY_PATH by using the following command:
    LD_LIBRARY_PATH=/opt/ibm/lib:/opt/ibm/lib64:/usr/lib64; 
    export LD_LIBRARY_PATH
  5. Ensure that the /tmp directory has all the permissions. To provide the permissions, run the following command.
    chmod 777 /tmp

Requirements for Linux on PowerPC operating system

Before you install IBM Security Key Lifecycle Manager on Linux on PowerPC Little Endian (LE) operating system, ensure that your system meets the requirements.

  1. Install IBM XL/XL C++ environment.
    1. Extract the setup in a directory.
      tar -xvf <setup_name>
    2. Run ./install.
  2. After you install the package, create a link between the libraries that are installed by running the following steps.
    ln -s /opt/ibm/lib/* /usr/lib/                        
    ln -s /opt/ibm/lib64/* /usr/lib64/
  3. Set the LD_LIBRARY_PATH by using the following command.
    LD_LIBRARY_PATH=/opt/ibm/lib:/opt/ibm/lib64:/usr/lib64; 
    export LD_LIBRARY_PATH
  4. Before you start the installation process, ensure that the /tmp directory has all the permissions. To provide the permissions, run the following command.
    chmod 777 /tmp

Disabling Security Enhanced Linux 

IBM Security Key Lifecycle Manager on Linux operating systems might have functional problems when the Security Enhanced Linux (SELINUX) setting is enabled.

For example, a problem might occur with the TCP/IP connections on the server ports. Follow the steps provided in the Linux documentation to disable Security Enhanced Linux.

 

Supported browsers

Following browser support applies to all active versions of IBM Security Key Lifecycle Manager:

Browser

Supported Versions
Firefox ESR  24.0 or later
Microsoft Internet Explorer
 9.0, 10.0, 11.0
 (Only supported on Windows Server 2016, Windows Server 2012, Windows Server 2012 R2)
Note: Supported browsers are not included with the product installation.  You can access the IBM Security Key Lifecycle Manager graphical user interface by using any of the supported browsers from any system. You must enable the session cookies and Java Script in the browser to establish a session with the product.

 

Supported hypervisors

IBM Security Key Lifecycle Manager

Hypervisor

V2.6

V2.7

V3.0

V3.0.1

V4.0
VMware ESXi 5.x, 6.x YES YES YES YES YES
Red Hat KVM as delivered with Red Hat Enterprise Linux (RHEL) and its RHEV equivalent 6.7  and 7.0 NO YES YES YES YES

 

Supported middleware (Db2 and WebSphere Application Server)

IBM Security Key Lifecycle Manager

Middleware

Requirements

V2.6

V2.7

V3.0 / V3.0.1

V4.0
IBM Db2
Db2 requirements
10.5.0.6
11.1
11.1.2.2
11.1.2.2
11.1.4.4 interim fix 1
IBM WebSphere Application Server
WebSphere Application Server requirements
8.5.5.7
9.0.0.1
9.0.0.5
9.0.5.0
WebSphere SDK Java Technology Edition
 None
1.7.0 SR3 FP10
1.8.0 SR3 FP20
1.8.0_144 SR5
8.0.5.37
  

Db2 requirements

The database stores the data of IBM Security Key Lifecycle Manager. Before you install IBM Security Key Lifecycle Manager, ensure that the database requirements are met.

IBM Security Key Lifecycle Manager requires DB2® Advanced Workgroup Server Edition, Version 11.1.2.2 and the future fix packs on the same system on which the IBM Security Key Lifecycle Manager server runs. Note
  • You must use IBM Security Key Lifecycle Manager to manage the database. To avoid data synchronization problems, do not use tools that the database application might provide.
  • For improved performance of Db2 Version 11.1.2.2 on AIX systems, ensure that you install and configure the I/O completion ports (IOCP) package that is described in the Db2 documentation (http://www-01.ibm.com/support/knowledgecenter/SSEPGG_11.1.0/com.ibm.db2.luw.admin.perf.doc/doc/t0054518.html).
  • If an existing copy of Db2 Advanced Workgroup Server Edition was installed as the root user at the correct version for the operating system, you can use the existing Db2 Advanced Workgroup Server Edition. IBM Security Key Lifecycle Manager installer does not detect the presence of Db2. You must specify the Db2 installation path.

SuSE Linux Enterprise Server Version 12 (System z) systems contain the libstdc++.6.so package. But, IBM Security Key Lifecycle Manager requires the libstdc++.5.so package for DB2 installation.

For more information about Db2 prerequisites, see Db2 documentation (http://www-01.ibm.com/support/knowledgecenter/SSEPGG_11.1.0/com.ibm.db2.luw.admin.cmd.doc/doc/r0059710.html).

Db2 kernel settings

Ensure that the kernel settings are correct. 

AIX systems
None required.
Linux systems
For information about kernel settings, see Db2 documentation (http://www-01.ibm.com/support/knowledgecenter/SSEPGG_11.1.0/com.ibm.db2.luw.qb.server.doc/doc/t0008238.html).
Window systems
None required.

WebSphere Application Server requirements

IBM Security Key Lifecycle Manager includes and installs WebSphere Application Server. During installation, IBM Security Key Lifecycle Manager customizes WebSphere Application Server configuration and profiles to suit its operations. This customization might cause problems with products that use the same server when you uninstall IBM Security Key Lifecycle Manager. Therefore, you must consider the following aspects to avoid the issues:

  • Do not install IBM Security Key Lifecycle Manager in a WebSphere Application Server instance that another product provides.
  • Do not install another product in the instance of WebSphere Application Server that IBM Security Key Lifecycle Manager provides.

IBM Security Key Lifecycle Manager requires Java Runtime Environment. IBM Java Runtime Environment is included with WebSphere® Application Server.

Use of an independently installed development kit for Java™, from IBM® or other vendors, is not supported. For more details, see http://www.ibm.com/support/knowledgecenter/SSEQTP_9.0.0/com.ibm.websphere.base.doc/ae/covr_javase8.html.

 

Supported HSMs/Cryptographic cards

 IBM Security Key Lifecycle Manager uses the IBM PKCS11 Cryptographic Provider, and supports the cryptographic cards that the provider supports. 

 The following table lists the commonly used cryptographic cards:

IBM Security Key Lifecycle Manager (SKLM)

Cryptographic card

V2.6

V2.7

V3.0, V3.0.1, V4.0

Gemalto/SafeNet Luna SA

4.5
5.0
5.4.7-1

4.5
5.0
5.4.7-1
6.1

4.5
5.0
5.4.7-1
6.1
7.x

Thales nShield Connect 1500

Yes

Yes

Yes

Thales nShield Connect 6000

No

Yes

Yes

IBM 4765 PCIe Cryptographic Coprocessor

Yes

Yes

Yes

Complete list of supported cryptographic cards:

SKLM V2.6

SKLM V2.7, V3.0, V3.0.1. V4.0

IBM Java V8.0 Knowledge Center - IBM PKCS11 Cryptographic Provider

 

Supported KMIP versions

 
IBM Security Key Lifecycle Manager

V2.6

V2.7

V3.0, V3.0.1, V4.0

Key Management Interoperability Protocol (KMIP)

1.2
1.1
1.0

1.4
1.3
1.2
1.1
1.0

2.0
1.4
1.3
1.2
1.1
1.0

For more information about the supported KMIP profiles, see  http://www.ibm.com/support/docview.wss?uid=swg22008933.

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSWPVP","label":"IBM Security Key Lifecycle Manager"},"Component":"Distributed","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.6;2.7;3.0;3.0.1;4.0","Edition":""}]

Document Information

Modified date:
06 February 2020

UID

swg22008774