IBM Security Guardium

 View Only

SKLM Deployment Checklist

By Rinkesh Bansal posted Thu May 07, 2020 04:57 AM

  
Guardium.jpg
IBM Security Key Lifecycle Manager (SKLM) is one of the leading Key Management server which supports IBM and industry standard protocol like KMIP, IPP and Rest based key serving.

We frequently get questions related to SKLM deployments. People struggle between lot of material out there and couldn't find single checklist which guides them in deployment from Planning stage to post-installation stage. 

Here is the checklist in form of Q&A which will be useful for anyone who is planning to deploy SKLM.

Important links



Planning

Q: Which Operating System can I use to install IBM Security Key Lifecycle Manager?
A: See the "Operating Systems" tab in the Support matrix: https://ibm.biz/BdqPFB.
Also, ensure that you to read the Notes and other information on the page.


Q: What is the Hardware requirement for installing IBM Security Key Lifecycle Manager?
A: See the "Hardware" tab in the Support matrix: https://ibm.biz/BdqPFB


Q What are the other infrastructure entities like HSMs, Firewalls, etc that impact IBM Security Key Lifecycle Manager?
A:  See the "HSM/Cryptographic Cards" tab in the Support matrix: https://ibm.biz/BdqPFB
For port information, see:


Q: Where can I find configurations required in SKLM related to security standards like FIPS, NIST, etc?
A: For Security compliances, see:


Q: Which devices can be attached to IBM Security Key Lifecycle Manager?
A: SKLM supports many devices which are configured and charged differently. For more information, see Supported devices: https://ibm.biz/BdqPFd

Q: What should be my High-availability and Disaster recover (HADR) strategy?
A: SKLM supports the following HADR strategies:

  • Backup & Restore
  • Replication (Bulk and Incremental)
  • Multi-Master: Required for P2P device group

For more information, see the IBM Knowledge Center: https://ibm.biz/BdqMj6


Q: Have I purchased the right licenses and entitlements to use SKLM?
A: Based on the HADR strategy and devices that are attached to SKLM, there are different entitlements. Connect with the IBM Sales Executive or the IBM SKLM Offering Management for more information about the entitlements.

Q: I have earlier version of SKLM installed, can I upgrade to newer version of SKLM?

A: Yes. If you have valid S&S than you can upgrade to newer version of SKLM free of cost.


Pre-Installation checklist
Q: What configuration is required before I install the product?
A: Use the worksheets mentioned on links below:

 

Q: From where I can download SKLM and its fixes?
A: Based on the product version, see the relevant link:

 

Installation checklist
Q: Do I have the required Hardware configured for SKLM installation?
A: See the "Hardware" tab in the Support matrix: https://ibm.biz/BdqPFB


Q: Do I have the supported version of the operating system installed?

A: See the "Operating Systems" tab in the Support matrix: https://ibm.biz/BdqPFB.

Also, ensure that you to read the Notes and other information on the page.

Q: Do I need to do any configuration on the operating system before installing the product?
A: See the guidelines here:

 

Q: Do we need any Kernel parameter settings for a successful installation?
A: See the Db2 requirements section in the "Middleware Versions" tab in the Support matrix:  https://ibm.biz/BdqPFB

 

Q: Should I be aware of any Installation limitations or issues?

A: See the Known issues page:

 

Q: Where can I find the installation instructions?
A: See instructions on this page:

 

Q: I have earlier version of SKLM installed. How can I upgrade to newer versions of SKLM?

A: SKLM have two type of upgrade mechanism.

  1. Inline Migration
  2. Cross Migration. This is preferable mechanism.

See instructions on this page for more information:

 

Post-installation checklist
Q: How do I confirm whether IBM Security Key Lifecycle Manager is installed correctly?
A: See the instructions on this page:

 

Q: Are there any other post-installation step to note?
A: Create a server certificate on the IBM Security Key Lifecycle Manager server that is selected to be the Primary master server in the Multi-Master cluster.

**DO NOT** create a server certificate or any keys on the other master servers that you plan to add to the Multi-Master cluster.



Multi-Master cluster configuration
Q: How many master servers can be added to a Multi-Master cluster?
A: IBM Security Key Lifecycle Manager supports minimum two master servers and maximum 21 master servers in a Multi-Master cluster.

Q: Any important points to remember before starting the Multi-Master configuration?
A: Review the following points:

  • Ensure all the master servers are clean without any keys or certificates
  • Ensure that the Operating System kernel parameters are correctly set
  • Other requirements for Multi-Masters are mentioned here

 

Q: Is there any video for Multi-Master configuration?

A: Yes. Video can be found here: https://ibm.biz/BdqKfh

0 comments
50 views

Permalink