Key Management Deployment Guide using the IBM Enterprise Key Management Foundation

A draft IBM Redbooks publication


In an increasingly interconnected world, data breaches grab headlines. The security of sensitive information is vital; and new requirements and regulatory bodies such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX) create challenges for enterprises that use encryption to protect their information. As encryption becomes more widely adopted, organizations also must contend with an evergrowing set of encryption keys. Effective management of these keys is essential to ensure both the availability and security of the encrypted information. Centralized management of keys and certificates is necessary to perform the complex tasks related to key and certificate generation, renewal, backup and recovery.

The IBM Enterprise Key Management Foundation is a flexible and highly secure key management system for the enterprise. It provides centralized key management on IBM zEnterprise® and distributed platforms for streamlined, efficient and secure key and certificate management operations.

This IBM Redbooks publication introduces key concepts around a centralized key management infrastructure and depicts the proper planning, implementation, and management of such a system using the IBM Enterprise Key Management Foundation solution.

Table of contents

Part 1. Business context and solution architecture
Chapter 1. Business context for enterprise key management
Chapter 2. Solution architecture
Chapter 3. Deployment, administration and maintenance
Part 2. Use case scenario
Chapter 4. Overview of scenario, requirements, and approach
Chapter 5. Key manager infrastructure setup and deployment
Appendix A. Troubleshooting
Appendix B. Operational procedures


These pages are Web versions of IBM Redbooks- and Redpapers-in-progress. They are published here for those who need the information now and may contain spelling, layout and grammatical errors.

This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. Your feedback is welcomed to improve the usefulness of the material to others.

IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a customer responsibility and depends upon the customer's ability to evaluate and integrate them into the customer's operational environment.


Last Update
17 June 2014

Rating: Not yet rated




IBM Form Number

Number of pages