Integrating Power Virtual Server with IBM Cloud Key Management Services

Using Hyper Protect Crypto Services (HPCS) and Key Protect for AIX

HPCS and Key Protect are supported by AIX 7.3 TL1 for AIX logical volume encryption.

Power-AIX integration for PKCS11 / TDE integration for Oracle/DB2 workloads is not available at this time. There is no impact to the volume-level encryption for AIX, Power-Linux with HPCS.

You can use Power Virtual Server to integrate with HPCS and Key Protect to leverage for encryption of AIX file systems with keysvrmgr and hdcryptmgr command.

The keysvrmgr command manages the Object Data Manager (ODM) database entries that are associated with the encryption key server when the logical or physical volume uses the key server key-protection method for encryption. For more information, see keysvrmgr Command.

The hdcryptmgr command helps to manage the cryptographic management of logical volumes (LV) and physical volumes (PV). For more information, see hdcryptmgr Command.

Using Hyper Protect Crypto Services (HPCS) or Key Protect for Linux

You can use Power Virtual Server to integrate with HPCS or Key Protect to protect Linux Unified Key Setup (LUKS) encryption keys from being compromised. Either key management service can act as the single point of control to enable or disable access to data across the enterprise. This is done by successively wrapping encryption keys, with the ultimate control being a master key that resides in a hardware security module (HSM).

For more information, see Protect LUKS encryption keys with IBM Cloud Hyper Protect Crypto Services and Key Protect.

Additional support for configuring Hyper Protect Crypto Services or Key Protect

For any additional information and assistance on HPCS or Key Protect for AIX or Linux, contact IBM.