IBM Security Key Lifecycle Manager for z/OS: Deployment and Migration Considerations

An IBM Redpaper publication

thumbnail 

Published on October 07, 2011

  1. .EPUB (0.7 MB)
  2. .PDF (0.8 MB)

Share this page:   

IBM Form #: REDP-4646-01


Authors: Axel Buecker and William C. Johnston

    menu icon

    Abstract

    This IBM® Redpaper™ publication discusses IBM Security Key Lifecycle Manager (ISKLM) for IBM z/OS® V1.1 and includes topics that discuss encryption capabilities, installation considerations, keystores, auditing, troubleshooting, and migration considerations. We also discuss common practices for key management and provide a sample REXX code procedure for exporting a data key.

    IBM Security Key Lifecycle Manager for z/OS manages encryption keys for storage, simplifying deployment and maintaining availability to data at rest natively on the System z mainframe environment. Security Key Lifecycle Manager for z/OS simplifies key management and compliance reporting for privacy of data and compliance with security regulations. It is designed to help manage the growing volume of encryption keys across an organization with simplified deployment, configuration and administration of key generation, as well as key life cycle management.

    The IBM Security Key Lifecycle Manager centralizes key management for devices across an organization. It supports the encryption of IBM 3592 and IBM LTO tape, as well as IBM DS800 disk. Security Key Lifecycle Manager for z/OS can simplify event logging through the use of z/OS System Management Facility.

    In this IBM Redpaper, we discuss encryption key management using IBM Security Key Lifecycle Manager and sharing IBM Security Key Lifecycle Manager data within and outside of a sysplex environment, and the configuration options available for your organization.

    This paper is intended for anyone who is interested in learning more about encryption capabilities, installation considerations, keystores, auditing, troubleshooting, and migration considerations.

    Table of Contents

    Overview

    Device-based encryption overview

    IBM Security Key Lifecycle Manager overview

    Installation considerations on z/OS

    Keystore options

    Sysplex considerations

    Auditing options

    Troubleshooting on z/OS

    Migration from IBM Encryption Key Manager

    Common practices

    Sample of ICSF API usage

     

    Others who read this also read