Introduction
This document describes the integration of IBM DB2 with the Entrust Cryptographic Security Platform (CSP) Key Management Solution (KMS). Entrust CSP can serve as a KMS for IBM DB2 by using the open standard Key Management Interoperability Protocol (KMIP).
Documents to read first
This guide describes how to configure the Entrust Cryptographic Security Platform server as a KMS for IBM DB2.
To install and configure the Entrust CSP server as a KMIP server, see the Entrust Cryptographic Security Platform Key Management Vault: nShield HSM Integration Guide. You can access it from the Entrust Document Library and from the nShield Product Documentation website.
Also refer to the IBM DB2 online documentation.
Requirements
-
Entrust Cryptographic Security Platform Key Management Vault 10.5.1 or later.
An Entrust CSP Vault license is required for the installation. You can obtain this license from your Entrust CSP account team, your IBM DB2 account team, or Entrust CSP customer support.
-
IBM DB2 Server 12.1 or later.
| Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks. |
High-availability considerations
Entrust Cryptographic Security Platform uses an active-active deployment that provides high availability for managing encryption keys. Entrust recommends this deployment configuration. In an active-active cluster, changes made to any CSP node in the cluster are automatically reflected on all nodes in the cluster. For information about Entrust CSP, see the Entrust Cryptographic Security Platform Product Overview.