Enabling encryption with key servers
Encryption key servers create and manage encryption keys that are used by the system. In environments with many systems, key servers distribute keys remotely without requiring physical access to the systems.
A key server is a centralized system that generates, stores, and sends encryption keys to the system. Some key server providers support replication of keys among multiple key servers. If multiple key servers are supported, you can specify up to four key servers that connect to the system over both a public network or a separate private network. The system supports IBM® Security Guardium® Key Lifecycle Manager or Gemalto SafeNet Key Secure key servers to handle key management on the system. These supported key server management applications create and manage cryptographic keys for the system and provide access to these keys through a certificate. Only one type of key server management application can be enabled on the system at a time. Authentication takes place when certificates are exchanged between the system and the key server. Certificates must be managed closely because expired certificates can cause system outages. Key servers must be installed and configured before they are defined on the system.
When using key servers to manage the master key for the system, the encryption key is stored on each key server. The master key is an AES-256 bit key generated by the key server.
The supported key server versions for IBM Spectrum Virtualize products are shown at the following website: