Unified Key Orchestrator for IBM® z/OS®, formerly IBM Enterprise Key Management Foundation-Web Edition, is a key management software that centrally orchestrates and secures the lifecycle of encryption keys across your enterprise for both on-premises and multiple cloud environments, including IBM Cloud®, AWS KMS, Azure Key Vault and Google Cloud.
Unified Key Orchestrator for z/OS (UKO for z/OS) can help your enterprise manage and move key management workloads across and between your on-premises and cloud environments, assisting with compliance and security. With UKO for z/OS, you can manage your encryption keys across your enterprise from a single, trusted user interface. Deployed as a z/OS software, UKO for z/OS enables you to orchestrate keys across all your IBM z/OS systems and multiple public clouds. It even extends support to key management for zKey on Linux® on IBM Z® and IBM Security® Guardium® Key Lifecycle Manager. Unified Key Orchestrator for z/OS is also designed for key management specific to IBM z/OS data set encryption to support your IBM Z Pervasive Encryption journey.
Updates and enhancement to functions and features
Find out how many keys should be used for z/OS data set encryption
Orchestrate your keys across your enterprise for both on-premises and cloud environments from a single pane of glass.
Prepare and use Bring Your Own Key (BYOK) for a secure transfer to IBM Cloud Key Protect, AWS KMS, Microsoft Azure Vault and Google Cloud.
Back up and recover key material to prevent losing access due to cryptographic erasure.
Proactively manage your data set encryption deployment with an enterprise view of which data sets are encrypted and which keys are in use.
Generate keys with IBM Federal Information Processing Standards (FIPS) 140-2 level 4 certified CryptoExpress card on IBM Z for hardware-generated keys.
Create your key templates to generate keys that adhere to your internal policies such as enforcing key naming conventions.
Comply with security standards with role-based access that defines functions for each role, and enforce dual control requiring 2 or more people to activate EKMF.
Integrate key management with your business processes. Set up keys for Pervasive Encryption, Key Protect, Azure, AWS, zkey, Google Cloud and IBM Security® Guardium® Key Lifecycle Manager (GKLM).
Provide auditors with consolidated key management logs for all keys managed.
Rotate managed keys, including master keys, on demand to comply with your policy requirements.
Use secure repositories with fine-grained access controls known as vaults to enable multi-tenancy and self-service key management.
Set up UKO for z/OS and Enterprise Key Management Foundation Workstation (EKMF Workstation) for secure room operation.
When planning to install UKO, it is important to understand planning considerations and program requirements.
Get an understanding of supported operating systems, related software, hypervisors, hardware requirements and detailed system requirements, including component-level details.
Get an understanding of specific installation skills required to prepare for the installation of UKO.
Learn how to use the zkey utility to perform all the tasks on UKO for z/OS to manage your keys.
Explore a set of wizards to help you manage your Trusted Key Entry (TKE) appliance and your host's crypto modules.
Find out how many keys should be used for z/OS data set encryption.
Protect your data across multicloud environments and keep your own key (KYOK) for exclusive key control.
Use high performance hardware security module (HSM) for your high security cryptographic needs.
Centralize, simplify and automate encryption key management process to protect encrypted data.