Introduction

This document describes the integration of IBM DB2 with the Entrust KeyControl Key Management Solution (KMS). Entrust KeyControl can serve as a KMS to IBM DB2 using the open standard Key Management Interoperability Protocol (KMIP).

Documents to read first

This guide describes how to configure the Entrust KeyControl server as a KMS in IBM DB2.

To install and configure the Entrust KeyControl server as a KMIP server, see the Entrust KeyControl nShield HSM Integration Guide. You can access it from the Entrust Document Library and from the nShield Product Documentation website.

Also refer to the IBM DB2 online documentation.

Requirements

  • Entrust KeyControl version 10.4.1 or later.

    An Entrust KeyControl license is required for the installation. You can obtain this license from your Entrust KeyControl and IBM DB2 account team or through Entrust KeyControl customer support.

  • IBM DB2 Server 12.1 or later.

Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.

High-availability considerations

Entrust KeyControl uses an active-active deployment, which provides high-availability capability to manage encryption keys. Entrust recommends this deployment configuration. In an active-active cluster, changes made to any KeyControl node in the cluster are automatically reflected on all nodes in the cluster. For information about Entrust KeyControl, see the Entrust KeyControl Product Overview.

Product configuration

The integration between the IBM DB2 Server and Entrust KeyControl has been successfully tested in the following configurations:

Product Version

Linux

Red Hat 9

IBM DB2 Server

12.1

Entrust KeyControl

10.4.1