Integrating Power Virtual Server with IBM Cloud Key Management Services
IBM Power Virtual Server located in IBM data centers: Off-premises
IBM Power Virtual Server Private Cloud: On-premises
On-premisesTo integrate IBM® Power® Virtual Server with IBM Cloud key management services, establish a connection from your virtual machine to IBM Cloud.
IBM provides two Cloud key management services that integrate with Power Virtual Server workloads:
- IBM Cloud® Hyper Protect Crypto Services (HPCS) is a dedicated key management service and hardware security module (HSM) based on IBM Cloud. You can integrate HPCS with Power Virtual Server to securely store and protect encryption key information for AIX and Linux.
- IBM Key Protect is a full-service multi-tenant encryption solution that allows data to be secured and stored in IBM Cloud™ with the envelope encryption techniques. You can integrate Key Protect with Power Virtual Server to securely store and protect encryption key information for AIX and Linux.
Using Hyper Protect Crypto Services (HPCS) and Key Protect for AIX
HPCS and Key Protect are supported by AIX 7.3 TL1 for AIX logical volume encryption.
Power-AIX integration for PKCS11/TDE integration for Oracle or Db2 workloads is not available currently. No impact to the volume-level encryption for AIX, Power-Linux with HPCS.
You can use Power Virtual Server to integrate with HPCS and Key Protect to use encryption on AIX file systems with keysvrmgr
and hdcryptmgr
command.
The keysvrmgr
command manages the Object Data Manager (ODM) database entries that are associated with the encryption key server when the logical or physical volume uses the key server key-protection method for encryption. For more
information, see keysvrmgr Command.
The hdcryptmgr
command helps to manage the cryptographic management of logical volumes (LV) and physical volumes (PV). For more information, see hdcryptmgr Command.
Using Hyper Protect Crypto Services (HPCS) or Key Protect for Linux
You can use Power Virtual Server to integrate with HPCS or Key Protect to protect Linux Unified Key set up (LUKS) encryption keys from being compromised. Either key management service can act as the single point of control to enable or disable access to data across the enterprise. It is done by successively wrapping encryption keys, with the ultimate control being a master key that resides in a hardware security module (HSM).
For more information, see Protect LUKS encryption keys with IBM Cloud Hyper Protect Crypto Services and Key Protect.
Additional support for configuring Hyper Protect Crypto Services or Key Protect
For any additional information and assistance on HPCS or Key Protect for AIX or Linux, contact IBM.