What's new in this release
IBM® Security Key Lifecycle Manager provides a centralized and automated key management solution to protect keys that are used for encryption. With the new set of features and enhancements, IBM Security Key Lifecycle Manager version 4.0 offers improved key management capabilities for the key management infrastructure to protect data.
- Installation, upgrade, migration enhancement
- IBM Security Key Lifecycle Manager processes now run under a non-administrator or non-root user account even when you install the product under an administrator or root user account. For more information, see Validating services, ports, and processes.
- New REST-based key management and serving
- Cloud applications or clients that need to use keys and other cryptographic objects from IBM Security Key Lifecycle Manager can now use REST APIs to communicate with the IBM Security Key Lifecycle Manager server. For more information, see Using REST APIs to manage and serve keys, certificates, and other cryptographic objects.
- Improved replication performance
- IBM Security Key Lifecycle Manager now supports incremental replication.
- Enhanced support for storage systems
- Support for PEER-TO-PEER and DS8000® TCT storage systems is now enhanced. For more information, see Managing and serving keys, certificates, and other cryptographic objects.
- Enhancements to the Multi-Master feature
-
- You can now start, stop, and restart a Multi-Master cluster by using the graphical user interface, REST interface, or scripts. For more information, see Starting, stopping, and restarting a Multi-Master cluster service.
- Data availability is now enhanced in a Multi-Master cluster with support to new HADR takeover scenarios. For more information, see Auto takeover scenarios.
- The capability of the Test connection button on the Add master page is now enhanced. When you click the button, IBM Security Key Lifecycle Manager checks the prerequisites to add a master server, and in case of an error, displays the relevant message. Also, the button is renamed as Check prerequisites. For more information, see Adding a non-HADR master server to a cluster and Adding a standby master server to a cluster.
- Graphical user interface (GUI) enhancements
-
- You can use the following options in the SKLM user (for example, sklmadmin) menu to change the corresponding user passwords: Change WebSphere® Application Server Password, Change Database Password
- You can now upload and download files (for example, certificates, keys, backup files) in the
IBM Security Key Lifecycle Manager server from the user interface.
For more information, see Exporting and importing keys, Managing client device certificates, Managing device groups, Managing the server certificate, Configuring backup and restore, and Downloading log files.
- The Replication section on the Welcome page is enhanced to display the status of the last run of the replication process. A relevant message is displayed if an error occurs. You can review the error message to identify the problem and take a corrective action. For more information, see Viewing status of full replication.
- The Clients and Groups option on the Welcome page is now renamed as Clients.
- Enhanced administration
- Support to archive served key data
- Interactive and easy-to-use REST API console
- Swagger UI is now integrated with IBM Security Key Lifecycle Manager, and you can use it to call any REST API.
- Enhanced support for KMIP profile
- IBM Security Key Lifecycle Manager now includes enhanced support for Key Management Interoperability Protocol (KMIP) 2.0 profile.