book

IBM DS8000 Encryption for data at rest, Transparent Cloud Tiering, and Endpoint Security (DS8000 Release 9.0)

Name: IBM DS8000 Encryption for data at rest, Transparent Cloud Tiering, and Endpoint Security (DS8000 Release 9.0)
ISBN: 9780738458427

by Bert Dufrasne, Anreas Reinhardt, Tony Eriksson. Lisa Martinez

April 2020

Intermediate to advanced

200 pages

5h 48m

English

IBM Redbooks

Read now

Unlock full access

Front cover
Notices
Trademarks
Preface
AuthorsNow you can become a published author, tooComments welcomeStay connected to IBM Redbooks
Summary of changes
January 2020, Ninth Edition
Chapter 1. Encryption overview
1.1 Business context1.1.1 Threats and security challenges1.1.2 Need for data at rest encryption1.1.3 Need for Transparent Cloud Tiering encryption1.1.4 Need for Endpoint Security1.2 Encryption concepts and terminology1.2.1 Symmetric key encryption1.2.2 Asymmetric key encryption1.2.3 Hybrid encryption1.2.4 Communication protocols IPP, SSL/TLS V1.2, and KMIP1.3 Encryption challenges1.4 Key Manager1.4.1 IBM Security Key Lifecycle Manager v3.0 and later features overview1.4.2 Key serving1.4.3 How to protect IBM Security Key Lifecycle Manager data1.5 IBM Security Key Lifecycle Manager for z/OS1.5.1 IBM Security Key Lifecycle Manager for z/OS components1.5.2 Functions that are performed by IBM SKLM for z/OS1.5.3 Preventing a deadlock situation1.5.4 Installing the IBM Security Key Lifecycle Manager for z/OS and keystores1.6 Gemalto SafeNet KeySecure
Chapter 2. IBM DS8000 encryption mechanisms
2.1 DS8000 data at rest disk encryption2.1.1 Key management for IPP with IBM SKLM2.1.2 Key Management by using KMIP2.2 Encryption deadlock2.3 Working with a recovery key2.3.1 Recovery key management2.3.2 Disabling or enabling a recovery key2.4 Dual key server support2.5 DS8000 TCT Encryption Key Management using KMIP2.6 DS8000 Endpoint Encryption Key Management using KMIP2.6.1 IFCES settings and policies
Chapter 3. Planning and guidelines for IBM DS8000 encryption
3.1 About certificates3.2 Planning and implementation process flow3.3 Encryption-capable DS8000 ordering and configuration3.4 Licensing3.5 Advice for encryption in storage environments3.5.1 Using LDAP authentication3.5.2 Availability3.5.3 Encryption deadlock prevention3.6 Multiple IBM Security Key Lifecycle Managers for redundancy
Chapter 4. IBM DS8000 encryption implementation
4.1 Installing IBM SKLM V3.0 in silent mode4.1.1 Before you start the installation4.1.2 Silent mode installation on Linux4.1.3 Installing Fix Pack 1 (or later) for Security Key Lifecycle Manager V3.04.2 WebSphere, Java, and SKLM hardening4.2.1 WebSphere Application Server hardening4.2.2 Java hardening4.2.3 SKLM hardening4.3 Key Manager setup4.3.1 IBM Security Key Lifecycle Manager V3.0 configuration4.3.2 SafeNet KeySecure configuration4.4 Configuration for data at rest Configuration4.4.1 SKLM Key management setup by using IPP4.4.2 SKLM Key management setup by using KMIP4.4.3 DS8000 configuration for data at rest encryption4.4.4 DS8000 CLI configuration for data at rest encryption4.4.5 Configuring and administering encrypted storage pools4.4.6 Managing the recovery keys4.5 Configuration for TCT encryption4.5.1 Setting up TCT encryption4.6 Configuration for Endpoint Security4.6.1 DS8000 GUI configuration for Endpoint Security4.6.2 DS8000 CLI configuration for Endpoint Security4.7 Data at rest encryption and Copy Services functions4.8 NIST SP 800-131a requirements for key servers4.8.1 Configuration steps for changing SKLM to use TLS 1.24.9 Migrating certificates4.9.1 Migration from Gen 1 to a Gen 2 certificate for encryption4.9.2 Migration from Gen 2 to a Gen 3 certificate for encryption4.10 Using a custom generated Gen 1 or Gen 2 certificate4.10.1 Configuring a Custom Certificate by using DSGUI4.10.2 Configuring a custom certificate by using DSCLI
Chapter 5. Maintaining the IBM DS8000 encryption environment
5.1 Rekeying the data key for data at rest encryption5.1.1 Rekey the data key when using the IPP protocol5.1.2 Rekey the data key when using the KMIP protocol5.2 Recovery key use and maintenance5.2.1 Validating or testing a recovery key5.2.2 Using the recovery key in an emergency-deadlock situation (recovery action)5.2.3 Rekeying the recovery key5.2.4 Deleting or deconfiguring a recovery key5.3 Recovery key state summary
Related publications
IBM RedbooksOther publicationsOnline resourcesHelp from IBM

Back cover

Content preview from IBM DS8000 Encryption for data at rest, Transparent Cloud Tiering, and Endpoint Security (DS8000 Release 9.0)

IBM DS8000 encryption implementation

This chapter reviews the sequence of tasks for deployment of an encryption-capable DS8000, from ordering to installation and use.

This chapter includes the following topics:

•4.1, “Installing IBM SKLM V3.0 in silent mode” on page 68

•4.2, “WebSphere, Java, and SKLM hardening” on page 72

•4.3, “Key Manager setup” on page 74

•4.4, “Configuration for data at rest Configuration” on page 117

•4.5, “Configuration for TCT encryption” on page 142

•4.6, “Configuration for Endpoint Security” on page 150

•4.7, “Data ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780738458427Other

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

IBM DS8000 Encryption for data at rest, Transparent Cloud Tiering, and Endpoint Security (DS8000 Release 9.0)

by Bert Dufrasne, Anreas Reinhardt, Tony Eriksson. Lisa Martinez

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.