IBM Tivoli Key Lifecycle Manager for z/OS
An IBM Redpaper publication
Note: This is publication is now archived. For reference only.
This IBM® Redbooks® publication provides details of a new offering called IBM Tivoli® Key
Lifecycle Manager. We introduce the product, provide planning suggestions, and detail the
installation of IBM Tivoli Key Lifecycle Manager on the z/OS® operating system running on a
System z® server.
Tivoli Key Lifecycle Manager is IBM’s latest storage device encryption solution. It allows
enterprises to create, manage, backup, and distribute their cryptographic key material from a
single control point. Tivoli Key Lifecycle Manager has evolved from the existing IBM Encryption Key
Manager solution. Unlike IBM Encryption Key Manager, which only provided a key server,
Tivoli Key Lifecycle Manager provides real key management, security policy capabilities, and
a web-based user-interface for ease of use. It leverages the existing security strengths of the
z/OS platform by using Integrated Cryptographic Services Facility (ICSF), System
Authorization Facility (SAF), and Java-based keystores to store all the key material.
Chapter 1. Introduction
Chapter 2. Planning for Tivoli Key Lifecycle Manager and its keystores
Chapter 3. Tivoli Key Lifecycle Manager installation
Chapter 4. Tivoli Key Lifecycle Manager backup and restore
Appendix A. Troubleshooting
Appendix B. Basics of cryptography