Re: SKLM Servers
Have it on two Virtual Windows Servers. I agree it is crazy we have to pay for such software to utilize encryption on our IBM Disk. -Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Jaffe Sent: Tuesday, March 23, 2021 9:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SKLM Servers Curious what folks are doing to provide SKLM to your IBM Z DASD and tape devices? Are people using an IBM Storage Appliance (such as 2421 model AP1), hosting SKLM on your own dedicated "in room" Linux machines, using competing KMIP-compliant solutions, or something else entirely? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.phoenixsoftware.com=fac293a5-ed50-4d77-bd32-2b78f3775a9a=d15df2c165e24fb53bc026dba1ee9b619a161a5a-3acb7217a1221f25c4ed7cbac39d4bb4b811fd07 This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
Tom Brennan wrote: >SKLM also has a backup function that creates a *.jar data file with all >its certs and settings. I've installed totally new versions of SKLM, >restored a jar file, set the SKLM servers to the old IP address, and the >DS/TS boxes grab their keys without any knowledge of the hardware switch. > >So if you can get a new server fast enough after a total failure, such >an install and jar file restore may be faster than my one experience >with the recovery key. Of course you have to have a backup jar file :) One possible, interesting DR approach you could take is to run a containerized instance of IBM Security Guardium Key Lifecycle Manager -- I suppose it's "SGKLM" now -- off-site at an IBM Cloud Hyper Protect Virtual Servers site (Sydney, Dallas, Frankfurt, etc.) Probably along with your encrypted cloud object storage, via DS8000 and TS7700 Transparent Cloud Tiering and Cloud Tape Connector for z/OS. Thus IBM Cloud becomes your off site/arms length "data vault," including for storage device key recovery, with extremely robust security. Nobody from IBM even has the technical ability to access your keys or your data this way. One set of scenarios you ought to think through is how to deal with disasters borne of malicious intent, even from inside the organization. The approach I'm sketching out is consistent with recovery in these scenarios and some others. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
SKLM also has a backup function that creates a *.jar data file with all its certs and settings. I've installed totally new versions of SKLM, restored a jar file, set the SKLM servers to the old IP address, and the DS/TS boxes grab their keys without any knowledge of the hardware switch. So if you can get a new server fast enough after a total failure, such an install and jar file restore may be faster than my one experience with the recovery key. Of course you have to have a backup jar file :) On 3/23/2021 3:38 PM, Baumgarte, Randall wrote: There is also a recovery key that is used in the event SKLM isn't reachable. It needed to be setup when encryption was enabled. -Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Jaffe Sent: Tuesday, March 23, 2021 1:12 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: SKLM Servers This message was sent from an external source outside of Western & Southern's network. Do not click links or open attachments unless you recognize the sender and know the contents are safe. On 3/23/2021 10:05 AM, Dave Jousma wrote: DS8K's only *need* to retrieve keys at IML time, but does reach out regularly for heartbeat, and will phone home if unreachable.Pretty easy to setup, let me know you need any assist. We have the Java-based ISKLM running on two z/OS LPARs for our tape. I assumed ISKLM would not be usable for DASD because of the "catch-22" situation of needing the DASD to IPL z/OS. Suppose we had a complete power down of the computer room. Could we still somehow IPL z/OS from DASD that has not yet contacted its z/OS-based SKLM? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
There is also a recovery key that is used in the event SKLM isn't reachable. It needed to be setup when encryption was enabled. -Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Jaffe Sent: Tuesday, March 23, 2021 1:12 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: SKLM Servers This message was sent from an external source outside of Western & Southern's network. Do not click links or open attachments unless you recognize the sender and know the contents are safe. On 3/23/2021 10:05 AM, Dave Jousma wrote: > DS8K's only *need* to retrieve keys at IML time, but does reach out regularly > for heartbeat, and will phone home if unreachable.Pretty easy to setup, > let me know you need any assist. We have the Java-based ISKLM running on two z/OS LPARs for our tape. I assumed ISKLM would not be usable for DASD because of the "catch-22" situation of needing the DASD to IPL z/OS. Suppose we had a complete power down of the computer room. Could we still somehow IPL z/OS from DASD that has not yet contacted its z/OS-based SKLM? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
Because I (stupidly? ha) worked somewhat with Linux over the years, I became the SKLM person at the company I work for. Over the past 5 years we've ordered 2421's with DS8000 boxes. They came with SUSE installed, but I would often replace it with the latest SUSE version, and then install SKLM on top of that. Then the DS8000 needs to be told the IP addresses of the 2 SKLM boxes (Master and Clone) to do the encryption process which is pretty quick. This must be done prior to defining the DASD layout (DS8000 must be empty). If there's a power outage, the DS8000 will query for the keys after everything comes back up. Like Dave said, The DS8000 also checks the connection periodically even when it doesn't need the keys, and calls home if there is a connection problem or one of the SKLM's is down for some reason. Same for a DS7000 (running internally as a DS5000). From what I've seen, keys are only retrieved real-time for things like 3592 physical tapes with chips on them. Been a while since I've seen a real tape directly accessed by z/OS though. IBM is discontinuing the ability to order the 2421's with a DS8000, so our response is to order a couple of Dell R240's and deliver those separately. By coincidence our first 2 of these boxes are sitting at my feet since last week, running Redhat 7.9 and SKLM 3.0.1.5 and working great, ready for delivery. I chose older versions of both Redhat and SKLM for various reasons, but they should be fine. Last time I saw key management running on z/OS was many years ago, and it was TKLM the predecessor for SKLM (wish they would quit changing the name). And like Dave mentioned, when you setup encryption on a DS8000 you get a "Recovery Key" which can be used after a power failure even if SKLM is not working. The problem is that I only tested this recovery key process once, and it took many hours and probably should be considered a last resort. We never used the KMIP protocol, but found out last year that is required (including client keys imported to the SKLM boxes) with the newest TS7000 boxes. Something to be aware of next time I guess. Ok! Long note. Ready for corrections by Mr. Sipples and others :) On 3/23/2021 9:34 AM, Ed Jaffe wrote: Curious what folks are doing to provide SKLM to your IBM Z DASD and tape devices? Are people using an IBM Storage Appliance (such as 2421 model AP1), hosting SKLM on your own dedicated "in room" Linux machines, using competing KMIP-compliant solutions, or something else entirely? Thanks... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [External] Re: SKLM Servers
Hi Ed, I believe you're right in that you're in a catch-22 with z/OS based ISKLM servers. If your DC has a complete power down and the DS8Ks need to get keys before coming up and those keys are on z/OS that needs the DS8K up to IPL you're going to have trouble. That's why we're reliant on a Windows box (2 actually) to serve our keys. If the people who installed your DS8K(s) set it up, there's a recovery key that can be used in an emergency to bring the DS8K up without the ISKLM servers running. Never had to use it so I don't know what the process would be but that's the purpose for the recovery key. Rex -Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Jaffe Sent: Tuesday, March 23, 2021 12:12 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [External] Re: SKLM Servers On 3/23/2021 10:05 AM, Dave Jousma wrote: > DS8K's only *need* to retrieve keys at IML time, but does reach out regularly > for heartbeat, and will phone home if unreachable.Pretty easy to setup, > let me know you need any assist. We have the Java-based ISKLM running on two z/OS LPARs for our tape. I assumed ISKLM would not be usable for DASD because of the "catch-22" situation of needing the DASD to IPL z/OS. Suppose we had a complete power down of the computer room. Could we still somehow IPL z/OS from DASD that has not yet contacted its z/OS-based SKLM? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN The information contained in this message is confidential, protected from disclosure and may be legally privileged. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, distribution, copying, or any action taken or action omitted in reliance on it, is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
We host our SKLM on Windows virtual servers that can - and do - migrate from VMWare cluster to VMWare cluster in a couple of widely separated datacenters. Bruce Lightsey Mainframe and Database Manager MS Department of Information Technology Services 601-432-8144 | www.its.ms.gov DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited -Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Jaffe Sent: Tuesday, March 23, 2021 12:12 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: SKLM Servers On 3/23/2021 10:05 AM, Dave Jousma wrote: > DS8K's only *need* to retrieve keys at IML time, but does reach out regularly > for heartbeat, and will phone home if unreachable.Pretty easy to setup, > let me know you need any assist. We have the Java-based ISKLM running on two z/OS LPARs for our tape. I assumed ISKLM would not be usable for DASD because of the "catch-22" situation of needing the DASD to IPL z/OS. Suppose we had a complete power down of the computer room. Could we still somehow IPL z/OS from DASD that has not yet contacted its z/OS-based SKLM? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: [External] SKLM Servers
We're using ISKLM on a pair of Windows servers for both disk and tape. -Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Jaffe Sent: Tuesday, March 23, 2021 11:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [External] SKLM Servers Curious what folks are doing to provide SKLM to your IBM Z DASD and tape devices? Are people using an IBM Storage Appliance (such as 2421 model AP1), hosting SKLM on your own dedicated "in room" Linux machines, using competing KMIP-compliant solutions, or something else entirely? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN The information contained in this message is confidential, protected from disclosure and may be legally privileged. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, distribution, copying, or any action taken or action omitted in reliance on it, is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
We replicate our storage subsystems to our own DR data center, we have 2 SKLM servers that are standalone Linux based servers one in each data center, one primary and one backup. Carmen Vitullo -Original Message- From: Ed To: IBM-MAIN Date: Tuesday, 23 March 2021 12:14 PM CDT Subject: Re: SKLM Servers On 3/23/2021 10:05 AM, Dave Jousma wrote: > DS8K's only *need* to retrieve keys at IML time, but does reach out regularly > for heartbeat, and will phone home if unreachable. Pretty easy to setup, let > me know you need any assist. We have the Java-based ISKLM running on two z/OS LPARs for our tape. I assumed ISKLM would not be usable for DASD because of the "catch-22" situation of needing the DASD to IPL z/OS. Suppose we had a complete power down of the computer room. Could we still somehow IPL z/OS from DASD that has not yet contacted its z/OS-based SKLM? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
>We have the Java-based ISKLM running on two z/OS LPARs for our tape. >I assumed ISKLM would not be usable for DASD because of the "catch-22" >situation of needing the DASD to IPL z/OS. >Suppose we had a complete power down of the computer room. Could we >still somehow IPL z/OS from DASD that has not yet contacted its >z/OS-based SKLM? yes, that is an issue, we have an instance running in two separate datacenters, and all ds8k's have both coded. So, yes you could be at the mercy of a windows box for your entire mainframe fleet. :) Seems as though IBM also gave my guys some kind of key to manually enter if the need arose. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
On 3/23/2021 10:05 AM, Dave Jousma wrote: DS8K's only *need* to retrieve keys at IML time, but does reach out regularly for heartbeat, and will phone home if unreachable.Pretty easy to setup, let me know you need any assist. We have the Java-based ISKLM running on two z/OS LPARs for our tape. I assumed ISKLM would not be usable for DASD because of the "catch-22" situation of needing the DASD to IPL z/OS. Suppose we had a complete power down of the computer room. Could we still somehow IPL z/OS from DASD that has not yet contacted its z/OS-based SKLM? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
Re: SKLM Servers
On 3/23/2021 9:56 AM, Ed Jaffe wrote: They have since replaced the word "Security" with "Guardium" ... Actually they *inserted* the word "Guardium"... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
On 3/23/2021 9:40 AM, Farley, Peter x23353 wrote: OK, I'll bite. I googled that KMIP stands for "Key Management Interoperability Protocol", but what is SKLM? I googled (actually Duck-Duck-Goed) for "IBM SKLM" and right away saw it was "Security Key Lifecycle manager". They have since replaced the word "Security" with "Guardium" apparently to brand this better... https://www.ibm.com/products/ibm-security-key-lifecycle-manager -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
Security Key Lifecycle Manager. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com ‐‐‐ Original Message ‐‐‐ On Tuesday, March 23rd, 2021 at 12:40 PM, Farley, Peter x23353 <031df298a9da-dmarc-requ...@listserv.ua.edu> wrote: > OK, I'll bite. I googled that KMIP stands for "Key Management > Interoperability Protocol", but what is SKLM? > > Peter > > -Original Message- > > From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of Ed > Jaffe > > Sent: Tuesday, March 23, 2021 12:35 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: SKLM Servers > > Curious what folks are doing to provide SKLM to your IBM Z DASD and tape > devices? > > Are people using an IBM Storage Appliance (such as 2421 model AP1), hosting > SKLM on your own dedicated "in room" Linux machines, using competing > KMIP-compliant solutions, or something else entirely? > > Thanks... > > -- > > This message and any attachments are intended only for the use of the > addressee and may contain information that is privileged and confidential. If > the reader of the message is not the intended recipient or an authorized > representative of the intended recipient, you are hereby notified that any > dissemination of this communication is strictly prohibited. If you have > received this communication in error, please notify us immediately by e-mail > and delete the message and any attachments from your system. > > > - > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SKLM Servers
OK, I'll bite. I googled that KMIP stands for "Key Management Interoperability Protocol", but what is SKLM? Peter -Original Message- From: IBM Mainframe Discussion List On Behalf Of Ed Jaffe Sent: Tuesday, March 23, 2021 12:35 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SKLM Servers Curious what folks are doing to provide SKLM to your IBM Z DASD and tape devices? Are people using an IBM Storage Appliance (such as 2421 model AP1), hosting SKLM on your own dedicated "in room" Linux machines, using competing KMIP-compliant solutions, or something else entirely? Thanks... -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
SKLM Servers
Curious what folks are doing to provide SKLM to your IBM Z DASD and tape devices? Are people using an IBM Storage Appliance (such as 2421 model AP1), hosting SKLM on your own dedicated "in room" Linux machines, using competing KMIP-compliant solutions, or something else entirely? Thanks... -- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN