The z/OS® Trusted Key Entry Workstation allows you to manage IBM Z® host cryptographic modules running in
If you are new to the crypto world or having trouble defining your policy, no problem. TKE provides a set of wizards that help you define and implement a set of security policies for managing your TKE appliance and your host crypto modules.
Enable extensive encryption of data in-flight and at-rest.
Set up TKE by installing the console.
IBM Z Service Guide for Trusted Key Entry Workstations
(You need an IBM ID for
Identify the TKE console and plan to configure the TKE Cryptographic Coprocessor Adapter. (See Chapter 2 for information).
IBM Z Service Guide for Trusted Key Entry Workstations.
(You need an IBM ID for
Install the TKE console, configure the TKE Cryptographic Coprocessor Adapter, connect it to the system, and perform any necessary maintenance.
Establish the security policies for your system.
After a TKE has been configured according to your TKE security policy, the TKE local crypto adapter contains user-defined profiles and sometimes user-defined roles.
Update
After the service representative and the security administer have completed their tasks, use the TKE security policy wizards to implement security policies for managing access to the TKE workstation and managing host crypto modules.
Before using the TKE security policy wizards, analyze your environment and decide which of the policies you need to implement.
- Run the TKE Smart Card Wizard to create all the smart cards needed by the other TKE security policy wizards. This wizard can also help you define your policies.
- Run the TKE Workstation Logon Profile Wizard to control access to the TKE workstation.
- Run the Setup Module Policy Wizard to control who can manage CCA legacy settings.
- Run the Setup PCI Environment Wizard to control who can manage CCA PCI-compliant domain settings.
- Run the Setup Module Policy Wizard to control who can manage EP11 module-wide settings.
- Run the Setup Domain Policy Wizard to control who can manage EP11 domain-specific settings.
Find a comprehensive collection of content about z/OS Trusted Key Entry Workstation.
The TKE Hardware Support and Migration Information white paper introduces key concepts.
Streamline Management of the IBM z Systems Host Cryptographic Module Using IBM Trusted Key Entry.
Trusted Key Entry (TKE) Workstation publications
IBM z14 features enhance performance, encryption, and flexibility to accelerate your digital transformation.
IBM Z Service Guide for Trusted Key Entry Workstations. Note: You need an IBM ID for Resource Link to view and download this publication.
TKE has a set of wizards for you to use to help manage your IBM Z host crypto modules.
This video shows you how to set up your TKE workstation using the Trusted Key Entry Workstation Setup Wizard.
An 8-video series that shows you everything you need to do in order to load master keys from the TKE product.
This video shows you how to migrate or clone a TKE workstation.
This video provides an introduction to the host crypto module migration feature of the IBM Trusted Key Entry (TKE) product.
This video shows you how to initialize all the smart cards you will need to access your TKE workstation and manage CCA host crypto module and domains.
This video shows you how to create the profiles you need to access your TKE workstation. These profiles are used when you open TKE applications and utilities.
Enable extensive encryption of data in-flight and at-rest.
Links to IBM Documentation have been updated to use the z/OS 2.5 library.
The Big Picture section has been modified for accessibility.
The link to a Hot Topics article on the Other resources tab in the Technical resources section was updated to find the article in the archives of the new IBM Z Hot Topics website.