How IBM Security Key Lifecycle Manager works
Enables multi-master clustering for flexibility, ease of use
IBM Security Key Lifecycle Manager supports multi-master clustering, which means that security keys may be synchronized and delivered in real time, allowing for greater flexibility and ease of use. More than 20 masters may be synchronized at a time, allowing for hyper-redundancy and localized availability, so that keys are ready and available when and where they are needed.
Provides more efficient and simplified key management
The solution allows you to manage the lifecycle of keys by automating the creation, import, distribution and back-up of keys. It enables key generation and distribution from a centralized location and groups devices into separate domains for simpler key management. It also supports role-based access control of administrative accounts.
Delivers simple secure integration with IBM storage systems
Key Lifecycle Manager provides cryptographically proven, end-to-end security for key serving. Keys are never readable outside of the encryption hardware and are only delivered to known devices through secure protocols. It offers automated replication for high-availability deployments; supports Federal Information Processing Standard (FIPS) 140-2 Level 1 and offers users the option to use FIPS 140-2 Level 3 validated hardware to enhance key security.
Reduces key management costs
With Key Lifecycle Manager, you can optimize your existing security, high availability, disaster recovery and server investments, and can simplify complex key distribution. Consolidate management of keys across domains and support standards that extend management to IBM and non-IBM products, including data warehouses, cloud storage devices, network storage devices and smart meters. Gain improved availability and support for disaster recovery.
Provides certified communications
Your communications will be certified with the Storage Networking Industry Association Secure Storage Industry Forum (SNIA-SSIF) as compliant with version 1.2 of the OASIS KMIP standard.
Speeds implementation and enables interoperability
Key Lifecycle Manager reduces operating costs, speeds implementation and enables interoperability with wizard-based assistance. It allows administrators to quickly configure integration with multiple KMIP- and IPP-compatible devices and provides an administration welcome page that delivers critical notices. The solution offers a web-based GUI that helps ease key configuration and management tasks, including automating key provisioning, rotating keys and destroying keys.
Extends support and compatibility functions
The solution supports KMIP v1.0-1.4 and initial profiles for v2.0 and interoperabiity with Linux on Power, Windows, Linux and AIX. It is compatible with IPP- and KMIP-compatible clients including IBM storage solutions, DB2 and VMware vCenter. PKCS#11 integration is available with popular hardware security modules (HSM) including the SafeNet Luna SA series of HSMs.