IBM Support

IBM Security Guardium Key Lifecycle Manager Support Matrix

Question & Answer


Question

What is the support matrix for hardware, operating systems, browsers, hypervisors, middleware, HSMs, and KMIP across the different releases of IBM Security Guardium Key Lifecycle Manager?

Answer

Note: With V4.1, IBM Security Key Lifecycle Manager is renamed as IBM Security Guardium Key Lifecycle Manager.
Click a tab to know the supported hardware, operating systems, hypervisors, middleware, Hardware Security Modules (HSM), and Key Management Interoperability Protocol (KMIP) versions across the different releases of IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM):
 

Supported hardware

IBM Security Guardium Key Lifecycle Manager V4.2 traditional and earlier versions

The following hardware requirement values apply to all active versions of IBM Security Guardium Key Lifecycle Manager:

System component

Minimum values1

Recommended values2
System memory (RAM) 4 GB 8 GB
Processor speed Linux and Windows systems

1.0 GHz single processor

AIX systems
1.5 GHz (2-way)

 Linux and Windows systems

3.0 GHz dual processors

AIX systems
1.5 GHz (4-way)
Disk space
Disk space free for IBM Security Guardium Key Lifecycle Manager and prerequisite products such as Db2 16 GB 30 GB
Disk space free in "/tmp" or "C:\temp" 4 GB 4 GB
Db2 disk space free in "/home" directory or system drive for Db2 7 GB 25 GB
Disk space free in /var directory for Db2 1 GB on Linux and UNIX operating systems 1 GB on Linux and UNIX operating systems
See Disk space requirements for log files.

All file systems must be writable.

1 Minimum values: These values enable a basic use of IBM Security Guardium Key Lifecycle Manager.

2 Recommended values: You must use larger values that are appropriate for your production environment. The most critical requirements are to provide adequate system memory, and free disk and swap space. Processor speed is less important.

Disk space requirements for log files

Consider the following disk space requirements for log files before you install IBM Security Guardium Key Lifecycle Manager.

Log file name Log file location Maximum number of log files Maximum size of each log file Disk space requirements
sklm_audit.log <WAS_HOME>\products\sklm\logs\audit 1 No limit -
sklm.log/debug <WAS_HOME>\products\sklm\logs 100 100 MB 10 GB
agent.log <WAS_HOME>\products\sklm\logs 30 100 MB 3 GB
replication_audit.log1 <WAS_HOME>\products\sklm\logs\replication 100 1 GB per log file -

1 Only if you have configured replication.

Note: To avoid db2diag log files overflow, back up the db2diag log files regularly or modify the level of logging. For more information, see diaglevel - Diagnostic error capture level configuration parameter.

On Linux and UNIX operating systems, you must install your Db2 product in an empty directory. If the directory that you specify as the installation path contains subdirectories or files, your Db2 installation might fail.

On Linux and UNIX operating systems, 4 GB of free space is required in the $HOME directory.

On Linux and UNIX operating systems, minimum 16 GB of free space is required in the / and /opt directory.

Installing into mapped network drives/mounted partitions is not supported.

If installation locations of more than one system component fall on the same Windows drive/UNIX partition, the cumulative space to contain all those components must be available in that drive/partition.

Back to top

IBM Security Guardium Key Lifecycle Manager V4.2 container and earlier versions

The containerized IBM Security Guardium Key Lifecycle Manager application consists of two containers:

Database - PostgreSQL container

System component Minimum values Recommended values
System memory (RAM) 4 GB 8 GB
Processor speed 2.0 GHz 8.0 GHz
Persistent Storage (Volume) 40 GB (Storage type: File) 60 GB (Storage type: File)

Database - Db2 container

System component Minimum values Recommended values
Persistent Storage (Volume) 40 GB (Storage type: File) 60 GB (Storage type: File)
For detailed Db2 hardware requirements, see Db2 Community Edition 11.5.4.0.

IBM Security Guardium Key Lifecycle Manager application container

The following hardware requirement values apply to IBM Security Guardium Key Lifecycle Manager container:
System component Minimum values Recommended values
System memory (RAM) 4 GB 8 GB
Processor speed 1.0 GHz 4.0 GHz
Persistent Storage (Volume) 20 GB (Storage type: File) 40 GB (Storage type: File)
 

Supported operating systems

IBM Security Guardium Key Lifecycle Manager V4.2 traditional and earlier versions

 
IBM Security Guardium Key Lifecycle Manager
Platform

Operating System V3.0

V3.0.1 V4.0 V4.1 V4.1.1 V4.2 V4.2.1
AIX AIX 7.1 TL4 SP6 POWER 7, 81 YES YES YES NO NO NO NO
AIX 7.1 TL5 POWER 7, 81 YES YES YES NO NO NO NO
AIX 7.2 POWER 7, 81 YES YES YES YES4 YES4 YES4 YES4
AIX 7.2 POWER 9 NO NO YES3 YES3,4 YES3,4 YES3,4 YES3,4
AIX 7.3 TL1 SP1 POWER 10 NO NO NO NO NO YES YES
Linux2 SUSE Linux Enterprise Server (SLES) 12 x86-64 YES YES YES YES YES YES YES
SUSE Linux Enterprise Server (SLES) 12 System z YES YES YES YES YES YES YES
SUSE Linux Enterprise Server (SLES) 15 x86-64 NO NO NO NO YES YES YES
SUSE Linux Enterprise Server (SLES) 15 System z NO NO NO NO YES YES YES
Red Hat Enterprise Linux (RHEL) Server 8.2 - 8.4 System z,
Red Hat Enterprise Linux (RHEL) Server 8.6, 8.8 System z
 NO NO NO YES YES YES YES
Red Hat Enterprise Linux (RHEL) Server 9.2 System z NO NO NO NO YES5 YES5 YES
Red Hat Enterprise Linux (RHEL) Server 8.2 - 8.4 x86-64,
Red Hat Enterprise Linux (RHEL) Server 8.6, 8.8 x86-64
 NO NO NO YES YES YES YES
Red Hat Enterprise Linux (RHEL) Server 9.2  x86-64 NO NO NO NO YES5 YES5 YES
Red Hat Enterprise Linux (RHEL) Server 8.2 - 8.4 (PowerPC Little Endian (LE)),
Red Hat Enterprise Linux (RHEL) Server 8.6, 8.8 (PowerPC Little Endian (LE))                                                                        		 NO NO NO YES YES YES YES
Red Hat Enterprise Linux (RHEL) Server 9.2 (PowerPC Little Endian (LE)) NO NO NO NO YES5 YES5 YES
Red Hat Enterprise Linux (RHEL) Server 7.6 - 7.9 System z YES YES YES YES YES YES YES
Red Hat Enterprise Linux (RHEL) Server 7.6 - 7.9 x86-64 YES YES YES YES YES YES YES
Red Hat Enterprise Linux (RHEL) Server 7.6 - 7.9 (PowerPC Little Endian (LE)) 64 bit1 YES YES YES YES YES YES YES
Red Hat Enterprise Linux (RHEL) Server 6.7 - 6.10 x86-64(EOS OS) YES YES YES NO NO NO NO
Ubuntu 16.04 LTS x86_64 (EOS OS) NO YES YES YES NO NO NO
Ubuntu 18.04 LTS x86_64 (EOS OS) NO NO NO NO YES YES YES
Ubuntu 20.04 x86_64 NO NO NO NO NO YES YES
Ubuntu 22.04 x86_64 NO NO NO NO NO YES YES
Windows Windows Server 2012 Standard Edition x86-64 YES YES YES YES YES YES YES
Windows Server 2012 R2 Standard Edition x86-64 YES YES YES YES YES YES YES
Windows Server 2016 Standard Edition x86-64 YES YES YES YES YES YES YES
Windows Server 2019 Standard Edition x86-64 NO NO NO YES YES YES YES
Windows Server 2022 Standard Edition x86-64 NO NO NO NO NO YES YES

1 - Supported hardware includes POWER9 in POWER8 mode.

2 - For information about the Linux packages, see Linux packages.

3 - Supports POWER9 in POWER9 mode

4 - Supported only with AIX 7.2 TL3 and later.

5 - Support for RHEL 9.x is available only after upgrade of Db2 to version 11.5.9. Support for RHEL 9.x with the default bundled Db2 version is not available.

Notes:

  • Do not install IBM Security Guardium Key Lifecycle Manager on systems with hardened operating system. You can harden the operating system after the installation completes.

  • Before you install IBM Security Guardium Key Lifecycle Manager on a UNIX or an AIX operating system, ensure that Bash shell (bash) is installed. Also, ensure that it is the default shell. Starting IBM Security Guardium Key Lifecycle Manager 4.2, for AIX operating system, Bash shell is not required.

  • Before you install IBM Security Guardium Key Lifecycle Manager on an AIX operating system, ensure that the necessary libraries that are described in this technote are installed: Required gtk libraries for IBM Installation Manager on AIX.

  • For V4.1 and earlier versions, before you install IBM Security Guardium Key Lifecycle Manager on a Linux operating system, ensure that C shell (csh) is installed. Starting V4.1.1, csh is not a requirement.

  • Access requirements: Install IBM Security Guardium Key Lifecycle Manager as an administrator (root user). You can install IBM Security Guardium Key Lifecycle Manager as a non-root user on Linux operating systems only.

  • For RHEL 8 operating system, IBM Security Guardium Key Lifecycle Manager will support only even digit minor release versions. For example, RHEL 8.6, RHEL 8.8, RHEL 8.10This is primarily due to very short support lifecycle provided by RedHat for odd digit minor release versions.

Linux packages

On Linux operating systems, IBM Security Guardium Key Lifecycle Manager (GKLM) requires the compat-libstdc++ package, which contains libstdc++.so.6. It also requires the libaio package, which contains the asynchronous library that is required for Db2® database servers.

  • libstdc package
    To determine whether you have the package, run the following command: 
    rpm -qa  | grep -i "libstdc"
    If the package is not installed, locate the rpm file on your original installation media and install it. 
    find installation_media -name compat-libstdc++*
rpm -ivh full_path_to_compat-libstdc++_rpm_file]
  • libaio package
    To determine whether you have the package, run the following command: 
    rpm -qa  | grep -i "libaio"
    If the package is not installed, locate the rpm file on your original installation media and install it. 
    find installation_media -name libaio*
rpm -ivh full_path_to_libaio_rpm_file
Prerequisites for GKLM installation on Red Hat Enterprise Linux 64-bit systems:
  • Ensure that 64-bit libaio package is installed before running db2setup. Db2 installation requires this package.
  • For GKLM V4.1.1 and V4.1 installation in graphical mode, ensure that a VNC package (for example, tigervnc) and a terminal emulator (for example, xterm) are installed. 
  • For GKLM V4.1 silent installation, ensure that the tsch package is installed.  

Requirements for Linux on System z operating system

Before you install IBM Security Guardium Key Lifecycle Manager on Linux on System z operating system, complete the following steps:

  1. Check whether the following libraries are present on the system, which are necessary for Db2® installation.
    • libpam.so.0
    • libaio.so.1
    • libstdc++.so.6.0.8
    • libstdc++33
    • ksh93
    If the system does not contain the necessary libraries, run the following command: 
    yum install <library_name>
    If a library has any issues, use the following command to remove a library: 
    yum remove <library_name>
    For more information, see Db2 documentation - Additional installation considerations (Linux).
     
  2. Install the IBM XL/XL C++ runtime environment:
    1. Extract the setup.
    2. Run ./install.
    3. Run the following command if an error message is displayed about missing libraries: 
      yum install <missing_lib_name>
  3. Create a link between the libraries that are installed by running the following commands: 
    ln -s /opt/ibm/lib/* /usr/lib/ 
ln -s /opt/ibm/lib64/* /usr/lib64/
  4. Set the LD_LIBRARY_PATH by using the following command: 
    LD_LIBRARY_PATH=/opt/ibm/lib:/opt/ibm/lib64:/usr/lib64; 
export LD_LIBRARY_PATH
  5. Ensure that the /tmp directory has all the permissions. To provide the permissions, run the following command. 
    chmod 777 /tmp

Back to top

Requirements for Linux on PowerPC operating system

Before you install IBM Security Guardium Key Lifecycle Manager on Linux on PowerPC Little Endian (LE) operating system, ensure that your system meets the requirements.

  1. Install IBM XL/XL C++ environment.
    1. Extract the setup in a directory. 
      tar -xvf <setup_name>
    2. Run ./install.
  2. After you install the package, create a link between the libraries that are installed by running the following steps. 
    ln -s /opt/ibm/lib/* /usr/lib/                        
ln -s /opt/ibm/lib64/* /usr/lib64/
  3. Set the LD_LIBRARY_PATH by using the following command. 
    LD_LIBRARY_PATH=/opt/ibm/lib:/opt/ibm/lib64:/usr/lib64; 
export LD_LIBRARY_PATH
  4. Before you start the installation process, ensure that the /tmp directory has all the permissions. To provide the permissions, run the following command. 
    chmod 777 /tmp

Back to top

Disabling Security Enhanced Linux 

IBM Security Guardium Key Lifecycle Manager on Linux operating systems might have functional problems when the Security Enhanced Linux (SELINUX) setting is enabled.

For example, a problem might occur with the TCP/IP connections on the server ports. Follow the steps provided in the Linux documentation to disable Security Enhanced Linux.

Back to top

IBM Security Guardium Key Lifecycle Manager V4.2 container and earlier versions

IBM Security Guardium Key Lifecycle Manager V4.2 container and earlier versions
Operating system/Architecture
  • Linux/amd64
  • Linux/s390x
Container Platform
  • OpenShift Container Platform Version 4.11.9 or later
    • An IBM Cloud account with Cluster Administrator permissions
  • Kubernetes Container Platform Version 1.19.7 or later
  • IBM zCX environment
Helm
  • Power: At least Version 2.12.x or later, but not Version 3.x
  • x86: At least Version 2.17.2 or later, but not Version 3.x
Storage
  • NFS
  • IBM Cloud File Storage (gold storage class)
  • Portworx
  • Red Hat OpenShift Container Storage 4.11 or later
  • A hostPath PV that is a mounted clustered filesystem

Supported browsers

The following browser support applies to all active versions of IBM Security Guardium Key Lifecycle Manager:

Browser Supported Versions
Google Chrome1  86 and later
Microsoft Edge1  44 and later
Firefox ESR  24.0 and later
Microsoft Internet Explorer  9.0, 10.0, 11.0
 (Only supported on Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2)
1 - Only supported by IBM Security Guardium Key Lifecycle Manager V4.1.x.x
Applicable to GKLM 4.2:
NOTE: These browser versions are also applicable in this scenario: If you installed the GKLM versions, V4.0.0.4 or later, V4.1.0.4 or later, V4.1.1.3 or later, and GKLM user interface is not loading, then upgrade your browser to the following version:
Browser Supported versions
Google Chrome 109.0 and later
Microsoft Edge 110.0 and later
Firefox ESR 102.8 and later
Microsoft Internet Explorer 11.0 and later
Note: Supported browsers are not included with the product installation. You can access the IBM Security Guardium Key Lifecycle Manager graphical user interface by using any of the supported browsers from any system. You must enable the session cookies and Java Script in the browser to establish a session with the product.

Supported hypervisors

IBM Security Guardium Key Lifecycle Manager
Hypervisor V3.0 - V3.0.1 V4.0 - V4.1 V4.1.1 V4.2-V4.2.1
VMware ESXi 7.x NO YES YES YES
Red Hat KVM as delivered with Red Hat Enterprise Linux (RHEL) and its RHEV equivalent 7.0, 8.0 and 9.0 YES YES YES YES
IBM z/VM Hypervisor 6.1 - 6.4 and 7.1 NO NO YES YES
IBM PowerVM Hypervisor (LPAR, DPAR, Micro-Partition) any supported version NO NO YES YES

Supported middleware

 
Release                                           Middleware
Database IBM WebSphere Application Server (WAS) WebSphere SDK Java Technology Edition
Requirements (Only for V4.1 traditional and earlier) See the Db2 requirements section See the WebSphere Application Server requirements section  None
V4.2.1 For traditional IBM Db2 Standard Edition 11.5.9.0*
WAS Liberty:
  • 23.0.0.12
  • 23.0.0.9*
  • 1.8.0_401
  • 1.8.0_391 *
For container1
  • PostgreSQL 12.2 
  • IBM Db2 11.5.9.0
  • IBM Db2 for z/OS 12.0.15 with Function level 501
WAS Liberty:
  • 23.0.0.9*
  • 1.8.0_391*
V4.2 For traditional
IBM Db2 Standard Edition 
  • 11.5.9.02
  • 11.5.8.0*
WAS Liberty:
  • 23.0.0.12
  • 23.0.0.6 (Java 1.8.0_371 SR8 FP5)
  • 23.0.0.3 (Java 1.8.0_361 SR8)5
  • 22.0.0.12*
  • 1.8.0_391
  • 1.8.0_371 SR8 FP5
  • 1.8.0_361 SR8
  • 1.8.0_351 SR7 FP20*
For container1
  • PostgreSQL 12.2 
  • IBM Db2 11.5
  • IBM Db2 for z/OS 12.0 with Function level 501
WAS Liberty:
  • 23.0.0.3 (Java 1.8.0_361 SR8)5
  • 22.0.0.12*
  • 1.8.0_361 SR8
  • 1.8.0_351 SR7 FP20*
V4.1.1 For traditional
IBM Db2 Standard Edition
  • 11.5.9.02
  • 11.5.8.02
  • 11.5.7.02
  • 11.5.6.0*
WAS Liberty:
  • 23.0.0.12 (Bundled in GKLM fix pack 4.1.1.8)
  • 23.0.0.6 (Java 1.8.0_371 SR8 FP5)
  • 23.0.0.3 (Java 1.8.0_361 SR8)
  • 22.0.0.126
  • 22.0.0.9
  • 22.0.0.65
  • 21.0.0.124
  • 21.0.0.6*
  • 1.8.0_391
  • 1.8.0_371 SR8 FP5
  • 1.8.0_361 SR8
  • 1.8.0_341 SR7 FP15
  • 1.8.0_311 SR7
  • 1.8.0_26 SR6 FP26*
For container1
  • PostgreSQL 12.2 
  • IBM Db2 11.5
  • IBM Db2 for z/OS 12.0
WAS Liberty:
  • 22.0.0.65
  • 21.0.0.6*
1.8.0_26 SR6 FP26*
V4.1 For traditional IBM Db2 Standard Edition
  • 11.5.8.02
  • 11.5.7.02
  • 11.5.6.03
  • 11.5.5.03
  • 11.5.4.0*
WAS traditional:
  • 9.0.5.18
  • 9.0.5.17
  • 9.0.5.16 (Java 1.8.0_371 SR8 FP5)
  • 9.0.5.6 - 9.0.5.15
  • 9.0.5.5*
  • 1.8.0_371 SR8 FP5
  • 1.8.0_361 SR8
  • 1.8.0_341 SR7 FP15
  • 1.8.0_321 SR7 FP5
  • 1.8.0_311 SR7
  • 1.8.0_301 SR6 FP36
  • 1.8.0_26 SR6 FP26
  • 1.8.0_261 SR6 FP15*
For container1
  • PostgreSQL 12.2 
  • IBM Db2 11.5
  • IBM Db2 for z/OS 12.0
WAS Liberty:
20.0.0.9
1.8.0_261 SR6 FP15*
V4.0 IBM Db2 Advanced Workgroup Server Edition
  • 11.1.4.72
  • 11.5.4.02
  • 11.1.4.62
  • 11.1.4.4 interim fix 1*
WAS traditional:
  • 9.0.5.18
  • 9.0.5.17
  • 9.0.5.16 (Java 1.8.0_371 SR8 FP5)
  • 9.0.5.4 - 9.0.5.15
  • 9.0.5.0*
  • 1.8.0_371 SR8 FP5
  • 1.8.0_361 SR8
  • 1.8.0_341 SR7 FP15
  • 1.8.0_321 SR7 FP5
  • 1.8.0_311 SR7
  • 1.8.0_301 SR6 FP36
  • 1.8.0_211 SR5 FP37
  • 1.8.0_26 SR6 FP26*
V3.0/V3.0.1
IBM Db2 Advanced Workgroup Server Edition
  • 11.1.4.72
  • 11.1.4.62
  • 11.1.4.52
  • 11.1.2.2*
WAS traditional:
  • 9.0.5.14
  • 9.0.5.114
  • 9.0.5.5
  • 9.0.0.5*
  • 1.8.0_321 SR7 FP5
  • 1.8.0_26 SR6 FP26
  • 1.8.0_144 SR5*
For more information about the Java SDK version shipped with IBM WebSphere Application Server, see Verify Java SDK version shipped with IBM WebSphere Application Server fix packs.
*-  This is the default packaged version with the GA release.
1 -  The database must be separately installed. It is not bundled with the product.
2 - You must first install GKLM with the default bundled IBM Db2 version, then upgrade to this version. For instructions, see the relevant topic:
3 -  After you apply the Db2 fix pack, run the Db2 commands in the following order: 
db2 connect to <databasename>
db2 bind db2schema.bnd blocking all grant public sqlerror continue
db2 terminate
db2stop
db2start
4 - You must first install GKLM with the default bundled WebSphere Liberty version, then upgrade to this version. For instructions, see Recommended updates for WebSphere Application Server.
5 - This is the version packaged with the latest fix pack release.
6 - If you have GKLM 4.1.1.x installed, do not upgrade to WebSphere Liberty 22.0.0.12. There are some issues in this version that causes GKLM 4.1.1.x to not load. For more information, see https://github.com/OpenLiberty/open-liberty/issues/21992.

Db2 requirements

The database stores the data of IBM Security Guardium Key Lifecycle Manager. Before you install IBM Security Guardium Key Lifecycle Manager, ensure that the database requirements are met.

IBM Security Guardium Key Lifecycle Manager requires DB2® Advanced Workgroup Server Edition, Version 11.1.2.2 and the future fix packs on the same system on which the IBM Security Guardium Key Lifecycle Manager server runs.
Note
  • You must use IBM Security Guardium Key Lifecycle Manager to manage the database. To avoid data synchronization problems, do not use tools that the database application might provide.
  • For improved performance of Db2 Version 11.1.2.2 on AIX systems, ensure that you install and configure the I/O completion ports (IOCP) package that is described in the Db2 documentation - Configuring IOCP (AIX).
  • If an existing copy of Db2 Advanced Workgroup Server Edition was installed as the root user at the correct version for the operating system, you can use the existing Db2 Advanced Workgroup Server Edition. IBM Security Guardium Key Lifecycle Manager installer does not detect the presence of Db2. You must specify the Db2 installation path.

SuSE Linux Enterprise Server Version 12 (System z) systems contain the libstdc++.6.so package. But, IBM Security Guardium Key Lifecycle Manager requires the libstdc++.5.so package for Db2 installation.

For more information about Db2 prerequisites, see Db2 documentation - db2prereqcheck - Check installation prerequisites.

Db2 kernel settings

To avoid performance issues, set the Db2 kernel parameters. The following is an example for a computer with 16 GB RAM:

#Example for a computer with 16 GB RAM 
sysctl -w kernel.msgmni=16384
sysctl -w kernel.sem="250 1024000 100 4096"
echo "kernel.msgmni=16384" >>/etc/sysctl.conf 
echo "kernel.sem=250 1024000 100 4096" >>/etc/sysctl.conf
AIX systems
None required.
Linux systems
For information about kernel settings, see Db2 documentation - Modifying kernel parameters (Linux).
Window systems
None required.

Back to top

WebSphere Application Server requirements

IBM Security Guardium Key Lifecycle Manager includes and installs WebSphere Application Server. During installation, IBM Security Guardium Key Lifecycle Manager customizes WebSphere Application Server configuration and profiles to suit its operations. This customization might cause problems with products that use the same server when you uninstall IBM Security Guardium Key Lifecycle Manager. Therefore, you must consider the following aspects to avoid the issues:

  • Do not install IBM Security Guardium Key Lifecycle Manager in a WebSphere Application Server instance that another product provides.
  • Do not install another product in the instance of WebSphere Application Server that IBM Security Guardium Key Lifecycle Manager provides.

IBM Security Guardium Key Lifecycle Manager requires Java Runtime Environment. IBM Java Runtime Environment is included with WebSphere® Application Server.

Use of an independently installed development kit for Java™, from IBM® or other vendors, is not supported. For more information, see Java SE 8 in WebSphere Application Server traditional V9.

Back to top

Supported HSMs/Cryptographic cards

IBM Security Guardium Key Lifecycle Manager uses the IBM PKCS11 Cryptographic Provider, and supports the cryptographic cards that the provider supports. 

For a list of the supported cryptographic cards, see IBM Java V8.0 Documentation - IBM PKCS11 Cryptographic Provider. In addition to this list, the cards that are listed in the following table are also supported.

HSMs/Cryptographic cards IBM Security Guardium Key Lifecycle Manager Version
IBM HPCS PKCS11 Client Library Version 2.5.12 or later 4.1.1 and later
Entrust nShield HSMs v13.3.2 (Compatible with mixed estates and nShield as a Service) 4.2.0.1
Entrust nShield Connect XC 12.60 (Compatible with nShield as a service) 3.0.1 and later

Supported KMIP versions

IBM Security Guardium Key Lifecycle Manager
V3.0 - V4.0

V4.1.x.x

 V4.2 V4.2.1
Key Management Interoperability Protocol (KMIP)
 3.0* 3.0
2.1 2.1 2.1
2.0 2.0 2.0 2.0
1.4 1.4 1.4 1.4
1.3 1.3 1.3 1.3
1.2 1.2 1.2 1.2
1.1 1.1 1.1 1.1
1.0 1.0 1.0 1.0

For more information about the supported KMIP profiles, see Key Management Interoperability Protocol (KMIP) profiles supported by IBM Security Guardium Key Lifecycle Manager.

* - GKLM 4.2 uses KMIP 3.0 specifications that is currently in draft mode.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTJE47","label":"IBM Security Guardium Key Lifecycle Manager"},"ARM Category":[{"code":"a8m0z000000cvdLAAQ","label":"SKLM"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
18 April 2024

UID

swg22008774

Page Feedback