Table of Contents
Advertisement
keystore in secure-key mode and with the secure-key configuration flag set in IBM
Security Key Lifecycle Manager, then IBM Security Key Lifecycle Manager 3
(V1.0.0.3 or later) is required.
To enable encryption on a storage system with version 8.1 (88.10.112.0) or later
using TKLM or SKLM, you must upgrade to one of the following versions of
TKLM or SKLM that has the Gen2 CA root installed:
v TKLM version 2.0.1 or later on Open Systems
v SKLM (all versions) on Open Systems
v SKLM version 1.1.0.2 or later on z/OS
This SKLM/TKLM upgrade requirement applies to DS8000 shipped with version
8.1 (88.10.112.0) and later.
Planning for key lifecycle managers
DS8000 storage systems support IBM Security Key Lifecycle Manager.
If NIST 800-131A security conformance is required on your storage system, select
the version of IBM Security Key Lifecycle Manager that is appropriate for your
encryption key server host and connection network protocol requirements.
v If your encryption key server runs on an open system host and you do not plan
v If your encryption key server runs on an open system host and you plan to use
v If your encryption key server runs on an IBM Z host LPAR with z/OS, use IBM
v If your encryption key server is Gemalto Safenet KeySecure, select version 8.0.0
If NIST 800-131A security conformance is not required on your storage system,
select the appropriate encryption key manager for your encryption key server host.
v If your encryption key server runs on an open system host, install IBM Security
v If your encryption key server runs on an IBM Z host LPAR with z/OS, install
IBM Storage Appliance 2421 Model AP1 can be ordered either as a single isolated
key server (feature code 1761) or as two isolated key servers (feature codes 1761
and 1762, ordered together). This order must include an indicator for IBM Security
Key Lifecycle Manager (feature code 0204), which indicates that a DVD with IBM
Security Key Lifecycle Manager software is provided with Storage Appliance AP1.
For more information, search for "IBM Storage Appliance 2421 Model AP1" at the
IBM Publications Center website (www.ibm.com/shop/publications/order).
If you want to acquire a different isolated key server, refer to the IBM Security Key
Lifecycle Manager Installation and Configuration Guide (SC27-5335) or IBM Security
Key Lifecycle Manager online product documentation(www.ibm.com/support/
knowledgecenter/SSWPVP/) for hardware and operating system requirements.
Note: You must acquire an IBM Security Key Lifecycle Manager license for use of
the IBM Security Key Lifecycle Manager software that is ordered separately from
the stand-alone server hardware. The IBM Security Key Lifecycle Manager license
184
DS8880 Introduction and Planning Guide
to use the Transport Layer Security (TLS) 1.2 protocol with this key server, use
IBM Security Key Lifecycle Manager V2.0.1 or later.
the TLS 1.2 protocol with this key server, use IBM Security Key Lifecycle
Manager V2.5 or later.
Security Key Lifecycle Manager for z/OS V1.1.0.3 or later.
or later.
Key Lifecycle Manager V2.0.1 or later.
IBM Security Key Lifecycle Manager for z/OS v1.0.1 or later.
- Quick Links:
- Hardware
- Storage Enclosures
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the DS8880 Series and is the answer not in the manual?
Questions and answers