<Curious what folks are doing to provide SKLM to your IBM Z DASD and tape <devices? < <Are people using an IBM Storage Appliance (such as 2421 model AP1), <hosting SKLM on your own dedicated "in room" Linux machines, using <competing KMIP-compliant solutions, or something else entirely?
So, its a bit confusing...there is the full blown SKLM (security Key lifecycle manager), and there is ISKLM, which is a single-purpose java app that sole purpose in life is to serve encryption keys to IBM hardware (DASD, and tape). IBM does charge for it oddly, should be freebie with the hardware. We ran it years ago when we still had real tape drives in the VTS, then retired it until we brought ds8K's in this year. We host it on a couple of our z/OS images with DVIPA addresses and it bounces between a couple of lpars during maintenance IPL's. DS8K's only *need* to retrieve keys at IML time, but does reach out regularly for heartbeat, and will phone home if unreachable. Pretty easy to setup, let me know you need any assist. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
