This IBM® Redpaper™ publication discusses IBM Security Key Lifecycle Manager (ISKLM) for IBM z/OS® V1.1 and includes topics that discuss encryption capabilities, installation considerations, keystores, auditing, troubleshooting, and migration considerations. We also discuss common practices for key management and provide a sample REXX code procedure for exporting a data key.

IBM Security Key Lifecycle Manager for z/OS manages encryption keys for storage, simplifying deployment and maintaining availability to data at rest natively on the System z mainframe environment. Security Key Lifecycle Manager for z/OS simplifies key management and compliance reporting for privacy of data and compliance with security regulations. It is designed to help manage the growing volume of encryption keys across an organization with simplified deployment, configuration and administration of key generation, as well as key life cycle management.

The IBM Security Key Lifecycle Manager centralizes key management for devices across an organization. It supports the encryption of IBM 3592 and IBM LTO tape, as well as IBM DS800 disk. Security Key Lifecycle Manager for z/OS can simplify event logging through the use of z/OS System Management Facility.

In this IBM Redpaper, we discuss encryption key management using IBM Security Key Lifecycle Manager and sharing IBM Security Key Lifecycle Manager data within and outside of a sysplex environment, and the configuration options available for your organization.

This paper is intended for anyone who is interested in learning more about encryption capabilities, installation considerations, keystores, auditing, troubleshooting, and migration considerations.

Overview

Device-based encryption overview

IBM Security Key Lifecycle Manager overview

Installation considerations on z/OS

Keystore options

Sysplex considerations

Auditing options

Troubleshooting on z/OS

Migration from IBM Encryption Key Manager

Common practices

Sample of ICSF API usage