Centralize, simplify and automate encryption key management

Encrypting data with confidence,
across the enterprise and beyond

IBM® Security Key Lifecycle Manager—formerly Tivoli Key Lifecycle Manager—centralizes, simplifies and automates the encryption key management process to help minimize risk and reduce operational costs of encryption key management. It offers secure and robust key storage, key serving and key lifecycle management for IBM and non-IBM storage solutions using the OASIS Key Management Interoperability Protocol (KMIP).

IBM Security Key Lifecycle Manager helps customers meet regulations and standards such as the Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA) by providing centralized control and management of encryption keys.

IBM Security Key Lifecycle Manager:

Provides more efficient, simplified, consolidated and transparent key management

Offers simple secure integration between IBM storage systems and IBM Security Key Lifecycle Manager

Reduces key management costs

Certified Communications

Reduces operating costs, speeds implementation and enables interoperability with wizard-based assistance

IBM Security Key Lifecycle Manager

IBM Security Key Lifecycle Manager V2.6 enhancements include:


OS-independent Replication, Backup, and Restore


Expanded replication support


NSA Suite B compliance


Expanded SSL/KMIP Server certificate support


Compliance with KIMP 1.2 and Storage Networking Industry Association Secure Storage Industry Forum (SNIA-SSIF) certification


AES 256-bit Master Key


Basic Operating System Requirements for IBM Security Key Lifecycle Manager V2.7:


System components

Minimum values*

Recommended Values**

System memory (RAM)

4 GB

8 GB

Processor speed

Linux and Windows systems
1.0 GHz single processor
AIX and Sun Solaris systems
1.5 GHz (2-way)

Linux and Windows systems
5.0 GHz single processor
AIX and Sun Solaris systems
1.5 GHz (4-way)

Disk space free for IBM Security Key Lifecycle Manager and prerequisite products such as DB2

16 GB

30 GB

Disk space free in /tmp or C:\temp

4 GB

4 GB

Disk space free in /home directory for DB2

7 GB

7 GB

Disk space free in /var directory for DB2

1 GB on Linux and UNIX operating systems

1 GB on Linux and UNIX operating systems


All file systems must be writable.

* Minimum values: These values enable a basic use of IBM Security Key Lifecycle Manager.

** Recommended values: You must use larger values that are appropriate for your production environment. The most critical requirements are to provide adequate system memory, and free disk and swap space. Processor speed is less important.

Operating System Support Refresh provides support for the following Operating Systems for SKLM V2.7



Operating System






SUSE Linux Enterprise Server (SLES) 12 System z (x86-64)


Red Hat Enterprise Linux (RHEL) Server 7.1 x86-64


Red Hat Enterprise Linux (RHEL) Server 7.1 System z (x86-64)


Red Hat Enterprise Linux (RHEL) Server 6.7 x86-64


Windows Server 2012 Standard Edition x86-64


Windows Server 2012 R2 Standard Edition x86-64

IBM Security Key Lifecycle Manager and IBM Security Key Lifecycle Manager for z/OS® support a range of storage products and models on both distributed and mainframe platforms.

Product – Tape Storage

Product – Tape Storage Machine Type Model
TS1120 Tape Drive 3592 E05
TS1130 Tape Drive 3592 E06/EU6
TS1140 Tape Drive 3592 E07
TS1150 Tape Drive 3592 E08
LTO4 Tape Drive 3588 F4A
LTO5 Tape Drive 3588 F5A/F5C
LTO6 Tape Drive 3588 F6A/F6C
LTO7 Tape Drive 3588 F7A/F7C
TS2900 Tape Autoloader 3572 S4H, S5H, S6H, S7H
TS3100 Tape Library 3573 L2U, L4U
TS3200 Tape Library 3573 L2U, L4U
TS3310 Tape Library 3576 L5B
TS3400 Tape Library 3577 L5U
TS3500 Tape Library 3584 L32, L22, L23, L52, L53
TS4500 Tape Library 3584 L25, L55
3494 Tape Library 3494 L10, L12, L14, L22

Product –Disk Storage

Product –Disk Storage Machine Type Model
DS8000 Storage Controller 242x 941, 951, 961
DS8800 Storage Controller 283x 980, 981, 982, 984, 985, 986
DS8800 Storage Controller 533x 984, 985, 986, 988
DS5020 Storage Controller 1814 20A
DS5100 Storage Controller 1818 51A
DS5300 Storage Controller 1818 53A
DS3500 Storage Controller 1746 C2A, C4A, C4T, A2S, A2D, A4S, AD, T4D
DS3700 Storage Controller 1818 80C
IBM System Storage SAN32B-E4 2498-E32

Other Storage Products

Other Storage Products Machine Type Model
IBM Spectrum Accelerate Storage System (formerly XIV) 2810, 2812 214
IBM Spectrum Scale General Parallel File System (formerly GPFS)
IBM FlashSystems A9000 9836-415, 9838-415
IBM FlashSystems A9000R 9835-415. 9837-415
IBM FlashSystem V9000 9846-AC2, 9846-AC3, 9848-AC2, 9848-AC3
IBM SAN Volume Controller (SVC) 2145-DH8, 2145-SV1, & 2147-SV1
IBM Spectrum Virtualize as Software Only Software Only Solution
IBM Storwize V7000F 2076-524, 2076-624
IBM Storwize V7000 2076-AF6
IBM Storwize V5020 2077-212, 2077-224, 2078-212, 2078-224
IBM Storwize V5030 2077-312, 2077-324, 2078-312, 2078-324
IBM Storwize V5030F 2077-AF3, 2078-AF3
Quantum i500 and i2000 Tape Libraries
Quantum i6000
Spectra T50
Spectra T50e
Spectra T120
Spectra T200
Spectra T380
Spectra T680
Spectra T950
Spectra TFinity
Dell ML6000 Tape Library
Dell TL1000 Tape Library
Dell TL2000 Tape Library
Dell TL4000 Tape Library
Emulex OneCommand Guardian (part number 2Port-02-100) with OneSecure HBAs using a prefix that starts with LPSe12002
NetApp Network Appliance FAS2040 FAS 2040
Network Appliance FAS2240 FAS 22xx
Network Appliance FAS2552, FAS2554, & FAS2520 FAS 25xx
Network Appliance FAS2554A FAS 25xx
Network Appliance FAS3200 FAS 32xx
Network Appliance FAS6200 FAS 62xx
Network Appliance FAS8000 FAS 8xxx
Lenovo System x Servers with Self-Encrypting Drives
VMWare vSphere 6.5
DB2 11.1

Not in United States?

Contact IBM

Considering a purchase?