IBM Security Guardium

IBM Security Key Lifecycle Manager (SKLM) is one of the leading Key Management server which supports IBM and industry standard protocol like KMIP, IPP and Rest based key serving.

We frequently get questions related to SKLM deployments. People struggle between lot of material out there and couldn't find single checklist which guides them in deployment from Planning stage to post-installation stage. 

Here is the checklist in form of Q&A which will be useful for anyone who is planning to deploy SKLM.

Important links

• Support Dashboard (Tip: Bookmark this page): https://ibm.biz/BdqPFc
• Support matrix: https://ibm.biz/BdqPFB
• Supported devices: https://ibm.biz/BdqPFd
• Videos: https://ibm.biz/BdqPFx
• Documentation regarding Multi-Master requirements:
  • SKLM V4.0: https://ibm.biz/BdqPFX
  • SKLM V3.0.1: https://ibm.biz/BdqPFF

Planning

Q: Which Operating System can I use to install IBM Security Key Lifecycle Manager?
A: See the "Operating Systems" tab in the Support matrix: https://ibm.biz/BdqPFB.
Also, ensure that you to read the Notes and other information on the page.

Q: What is the Hardware requirement for installing IBM Security Key Lifecycle Manager?
A: See the "Hardware" tab in the Support matrix: https://ibm.biz/BdqPFB

Q What are the other infrastructure entities like HSMs, Firewalls, etc that impact IBM Security Key Lifecycle Manager?
A:  See the "HSM/Cryptographic Cards" tab in the Support matrix: https://ibm.biz/BdqPFB
For port information, see:

• SKLM V4.0: https://ibm.biz/BdqPF2
• SKLM V3.0.1: https://ibm.biz/BdqPFY

Q: Where can I find configurations required in SKLM related to security standards like FIPS, NIST, etc?
A: For Security compliances, see:

• SKLM V4.0: https://ibm.biz/BdqMjk
• SKLM V3.0.1: https://ibm.biz/BdqMjt

Q: Which devices can be attached to IBM Security Key Lifecycle Manager?
A: SKLM supports many devices which are configured and charged differently. For more information, see Supported devices: https://ibm.biz/BdqPFd

Q: What should be my High-availability and Disaster recover (HADR) strategy?
A: SKLM supports the following HADR strategies:

• Backup & Restore
• Replication (Bulk and Incremental)
• Multi-Master: Required for P2P device group

For more information, see the IBM Knowledge Center: https://ibm.biz/BdqMj6

Q: Have I purchased the right licenses and entitlements to use SKLM?
A: Based on the HADR strategy and devices that are attached to SKLM, there are different entitlements. Connect with the IBM Sales Executive or the IBM SKLM Offering Management for more information about the entitlements.

Q: I have earlier version of SKLM installed, can I upgrade to newer version of SKLM?

A: Yes. If you have valid S&S than you can upgrade to newer version of SKLM free of cost.

Pre-Installation checklist
Q: What configuration is required before I install the product?
A: Use the worksheets mentioned on links below:

• SKLM V4.0: https://ibm.biz/BdqPFq
• SKLM V3.0.1: https://ibm.biz/BdqPFz

 

Q: From where I can download SKLM and its fixes?
A: Based on the product version, see the relevant link:

• SKLM V4.0: https://ibm.biz/BdqPFP
• SKLM V3.0.1: https://ibm.biz/BdqPFy

 

Installation checklist
Q: Do I have the required Hardware configured for SKLM installation?
A: See the "Hardware" tab in the Support matrix: https://ibm.biz/BdqPFB

Q: Do I have the supported version of the operating system installed?

A: See the "Operating Systems" tab in the Support matrix: https://ibm.biz/BdqPFB.

Also, ensure that you to read the Notes and other information on the page.

Q: Do I need to do any configuration on the operating system before installing the product?
A: See the guidelines here:

• SKLM V4.0: https://ibm.biz/BdqPFM
• SKLM V3.0.1: https://ibm.biz/BdqMj5

 

Q: Do we need any Kernel parameter settings for a successful installation?
A: See the Db2 requirements section in the "Middleware Versions" tab in the Support matrix:  https://ibm.biz/BdqPFB

 

Q: Should I be aware of any Installation limitations or issues?

A: See the Known issues page:

• SKLM V4.0: https://ibm.biz/BdqPFv
• SKLM V3.0.1: https://ibm.biz/BdqPFS

 

Q: Where can I find the installation instructions?
A: See instructions on this page:

• SKLM V4.0: https://ibm.biz/BdqPFK
• SKLM V3.0.1: https://ibm.biz/BdqPFm
• Video: https://ibm.biz/BdqPFa

 

Q: I have earlier version of SKLM installed. How can I upgrade to newer versions of SKLM?

A: SKLM have two type of upgrade mechanism.

1. Inline Migration
2. Cross Migration. This is preferable mechanism.

See instructions on this page for more information:

• SKLM V4.0: https://ibm.biz/BdqMGL
• SKLM V3.0.1: https://ibm.biz/BdqMGQ
• Video: https://ibm.biz/BdqMG3

 

Post-installation checklist
Q: How do I confirm whether IBM Security Key Lifecycle Manager is installed correctly?
A: See the instructions on this page:

• SKLM V4.0: https://ibm.biz/BdqPFn
• SKLM V3.0.1: https://ibm.biz/BdqPFG

 

Q: Are there any other post-installation step to note?
A: Create a server certificate on the IBM Security Key Lifecycle Manager server that is selected to be the Primary master server in the Multi-Master cluster.

**DO NOT** create a server certificate or any keys on the other master servers that you plan to add to the Multi-Master cluster.

Multi-Master cluster configuration
Q: How many master servers can be added to a Multi-Master cluster?
A: IBM Security Key Lifecycle Manager supports minimum two master servers and maximum 21 master servers in a Multi-Master cluster.

Q: Any important points to remember before starting the Multi-Master configuration?
A: Review the following points:

• Ensure all the master servers are clean without any keys or certificates
• Ensure that the Operating System kernel parameters are correctly set
• Other requirements for Multi-Masters are mentioned here
  • SKLM V4.0: https://ibm.biz/BdqPFX
  • SKLM V3.0.1: https://ibm.biz/BdqPFF

 

Q: Is there any video for Multi-Master configuration?

A: Yes. Video can be found here: https://ibm.biz/BdqKfh