banner

Thales Partners

IBM Thales Partners Technology

IBM

IBM® Corporation is the world’s largest information technology company. A leader in the creation, development and manufacture of information technologies, including computer systems, software, networking systems, storage devices and microelectronics. IBM Corporation has licensed SafeNet’s Chrystoki software, in order to help its customers become “e-businesses”. IBM will use Chrystoki software to add digital signature, encrypted smart card, and high-security PC Card support into its SecureWay line of electronic commerce software. This will give IBM customers a variety of secure methods to access their Internet electronic commerce business applications. Further information on IBM’s implementation of Chrystoki software can be found on the IBM I/T Security home page at www.ibm.com/security. 1 New Orchard RoadArmonkNY United StatesNorth Americas10504-1722914-499-1900

 

IBM HTTP Server and Websphere Application Server

IBM WebSphere Application Server is a software platform for deploying enterprise Java based applications utilizing IBM HTTP Server. Websphere allows organizations to extend packaged and legacy programs – including applications from non-IBM servers such as Tomcat, JBoss and Oracle – to the web.

Thales HSMs provides key management security for certificates and certificate-based authentication (including import of trusted CA certificates from software based keystore to hardware based keystores), self-signed certificate generation, and personal certificate requests via the IBM Key Management Utility. In addition, Thales HSMs offloads cryptographic operations such as signing for associated private keys, and accelerates SSL operations to free valuable compute resources on the server.

Thales Authentication Client (SAC) is a public key infrastructure (PKI) middleware that provides a secure method for exchanging information based on public key cryptography, enabling trusted third-party verification of user identities. Thales certificate-based tokens provide secure remote access, as well as other advanced functions, in a single token, including digital signing, password management, network logon, and combined physical/logical access.

Resources and Additional Information

IBM Websphere Application Server and Thales Luna HSM and Thales Data Protection on Demand Integration Guide

Using SAC CBA for IBM WebSphere Application Server

IBM Websphere MQ: Web Server and Thales Luna HSM

IBM Websphere MQ is a messaging middleware that simplifies the integration of diverse applications and business data across disparate platforms. IBM MQ sends and receives message data through messaging queues to facilitate secure, reliable and assured information exchange between applications, systems, services and file. These queues simplify: business application creation and maintenance, deployment of enterprise-wide messaging, and connectivity for the internet of things and mobile devices.

IBM Websphere MQ integrates with Thales Luna HSM to securely store keys used in SSL transactions.

Resources and Additional Information

IBM Websphere MQ and Thales Luna HSM Integration Guide

 

IBM Cloud: Virtual Machine Encryption and Thales Key Management

Thales ProtectV virtual disk encryption offers security for virtual machines, storage volumes, and encryption keys residing in the IBM SoftLayer cloud. By encrypting the entire virtual machine instance and attached storage volumes, Thales ProtectV completely isolates data to allow for well-tailored separation of duties amongst IT administrators. Thales ProtectV’s StartGuard pre-boot authentication prevents any secured virtual machine instance from launching without proper authorization. Thales ProtectV encryption, and the data control it offers, allows organizations to migrate their sensitive workloads to the IBM SoftLayer cloud—no matter what level of security is needed. Thales ProtectV is available for sale on the IBM Cloud Marketplace.

Thales Virtual KeySecure centralizes key management for Thales ProtectV-secured virtual instances, as well as other applications and devices in a hardened software appliance that runs in the IBM SoftLayer cloud. Thales Virtual KeySecure and the encryption it manages enables organizations to prove ownership of their sensitive data in IBM SoftLayer Cloud environments, increasing security and compliance. Thales Virtual KeySecure allows organizations to quickly deploy centralized key management in high-availability, clustered configurations. Additionally, Thales Virtual KeySecure ensures that organizations maintain ownership of their encryption keys at all times by hardening the appliance OS and encrypting the entire virtual appliance.

 

IBM DB2 with Thales Luna HSMs

IBM DB2 is the database of choice for enterprise-wide solutions Optimized to deliver industry-leading performance while lowering costs, IBM DB2 offers extreme performance, flexibility, scalability and reliability for any size organization.

Resources and Additional Information

IBM DB2 with Thales Luna HSMs Integration Guide

IBM Security Access Manager: with Thales Luna HSM

IBM and Thales, via IBM Security Access Manager and Thales Luna HSM, deliver integrated capabilities that enable customers to optimize the security and performance of online communications and transactions. Together, enterprises can harness secure key and certificate storage and robust SSL acceleration to protect their online presence and business applications, along with transactions.

IBM Security Access Manager includes a high-performance web server that allows customers to apply fine-grained security policies to their web-based Security Access Manager environments. ISAM provides single sign-on capabilities and enables customers to apply policies to back-end web application server resources. Using IBM Global Security Kit (GSKit) libraries, ISAM WebSEAL uses encryption to secure network communications. To maintain the integrity of SSL operations, ISAM stores encryption keys at the root of the SSL handshake in Thales Luna HSMs.

Resources and Additional Information

Thales Luna HSM and IBM Security Access Manager Integration Guide

IBM DB2 for IBM i for Power Systems: Database and File Encryption with Thales ProtectApp and Thales KeySecure

IBM DB2Database and File EncryptionembeddedIBM DB2 for IBM i for Power Systems: Database and File Encryption with Thales ProtectApp and Thales KeySecure

DB2 for IBM i is an advanced relational database management system (RDBMS) that is pre-installed on the IBM i operating system. It supports applications and development environments running on the IBM i platform and uses several IBM Power System features, such as Dynamic Logical Partitioning, cost-based query optimizer, Capacity Upgrade on Demand, and PowerVM virtualization. The new FIELDPROC exit point in DB2 for IBM i allows users to secure sensitive application data with transparent encryption using third-party encryption APIs.

Thales ProtectApp is an application encryption solution that integrates with DB2 for IBM i to encrypt data at the field and column level without requiring changes to the database or the format of the fields it secures. With Thales KeySecure, Thales ProtectApp also centralizes application encryption policy and key management to increase the level of control that administrators have over their data. Thales ProtectApp uses a comprehensive set of encryption and decryption APIs to secure data from applications written in COBOL, RPG, and Java, among other languages. Because encryption and decryption is transparent, end-users will not see any change to their experience and the data is secured in the database. In addition to the encryption solution for DB2 for IBM i, Thales ProtectApp offers APIs for digital signing and verification, secure hash algorithms (SHA), and hash-based message authentication code (HMAC), making it a versatile and important component of any organization’s security infrastructure.

Resources and Additional Information

Encrypting Sensitive Data in DB2 for IBM i (AS400) solution brief

 

IBM DataPower Gateway: Web Server and Thales Luna HSM

IBM DataPower Gateway is a security and integration platform for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. It enables you to rapidly expand the scope of valuable IT assets to new channels—giving customers, employees and partners access to critical resources. It helps you quickly secure, integrate, control and optimize access to a range of workloads through a single, extensible gateway platform available in both physical and virtual form factors.

Thales Luna Enterprise HSM provides key management security for certificates and certificate-based authentication (including import of trusted CA certificates from software based keystore to hardware based keystores), self-signed certificate generation, and personal certificate requests via the IBM Key Management Utility. In addition, Luna Enterprise HSM offloads cryptographic operations such as signing for associated private keys, and accelerates SSL operations to free valuable compute resources on the server.

Additional Resources:

DataPower Gateway Virtual Appliance and Thales Luna Network HSM Integration Guide

DataPower Gateway and Luna HSM Integration Guide 

IBM PureData for Transactions: Database Encryption with Thales KeySecure and Thales ProtectDB

IBM PureData for TransactionsDatabase and File EncryptionembeddedIBM PureData for Transactions: Database Encryption with Thales KeySecure and Thales ProtectDB

 IBM PureData System for Transactions, powered by IBM’s DB2® database software, is a fully integrated system optimized for delivering highly scalable transactional workloads. Capable of consolidating more than one hundred databases on a single system, its active clusters ensure reliable data availability as systems scale. Thales KeySecure and Thales ProtectDB deliver powerful database encryption and centralized key management to secure sensitive data automatically as it flows into and out of PureData System for Transactions databases. Encryption takes place at the column level, altering existing tables to store the resulting ciphertext so customers benefit from security without losing important database functions.

Thales KeySecure with Thales ProtectDB provides a fast, flexible, and seamless solution to address business needs and compliance requirements. IBM PureData System for Transactions provides highly scalable and highly reliable data services, ready in minutes, which Thales secures—making it an ideal combination for mission-critical enterprise applications.

Resources and Additional Information

PureData for Transactions and Thales KeySecure Solution Brief

PureData for Transactions and Thales KeySecure White Paper

IBM Security Access Manager (ISAM) for Enterprise Single Sign-On (eSSO): Remote Access with Thales Authentication Solutions

IBM Security Access Manager (ISAM) for Enterprise Single Sign-On (eSSO)Remote AccessembeddedIBM Security Access Manager (ISAM) for Enterprise Single Sign-On (eSSO) Remote Access with Thales Authentication

ISAM eSSO and Thales authentication solutions provides strong authentication for eSSO users for both personal and shared workstation configurations. Thales eTokens are USB-based authenticators that provide strong user authentication and cost-effective password management

 

IBM Security Access Manager: Identity Access Management and Thales Authentication

IBM Security Access Manager (ISAM)IAMembeddedIBM Security Access Manager: Identity Access Management and Thales Authentication

Thales Authentication Service and its Thales certificate based authentication solutions integrate with ISAM to safeguard online applications with an extra layer of identity protection that protects against advanced web threats and reduces the risk of unauthorized access from identity theft. SAS and Thales certificate based authentication solutions are certified with ISAM under the Ready for IBM Security Intelligence program.

Resources and Additional Information

ISAM for Web/Thales Authentication Solution Brief

IBM Security Access Manager and Thales Authentication Client Integration Guide

EAI Agent for IBM Security Access Manager for Web 7.0 Integration Guide

Using Thales Authentication Service as an Identity Provider for IBM Security Access Manager (ISAM) for Web 9.0

Thales Authentication Client using CBA for IBM Security Access Manager 9.0

 

IBM Global Security Kit (GSKit) Encryption Libraries: Encryption Key Storage with Thales Enterprise HSM

IBM Global Security Kit (GSKit) Encryption LibrariesKey ManagementembeddedIBM Global Security Kit (GSKit) Encryption Libraries: Encryption Key Storage with Thales Enterprise HSM

GSKit provides libraries and utilities for SSL communication, enabling organizations to add encryption protection to over 200 IBM applications, including the IBM WebSphere Suite and IBM Security Access Manager (ISAM). Businesses stand to lose substantially – both in revenue and reputation – when there is a breach of online channels they use for communication, transactions, and applications. SSL encryption secures these web based communications and services. Thales Enterprise HSM (formerly Luna SA) stores SSL certificates in a tamper-proof hardware security module to serve as a reliable root of trust for network cryptographic operations. 

 Additionally, Thales Enterprise HSM offloads SSL operations from general-use servers, stores them within the hardware appliance for added security, and improves server performance. It can also provide true random number generation and streamline key administration by performing both symmetric and asymmetric key functions on a single platform. Together, IBM and Thales optimize the security and performance of online communications and transactions.

Resources and Additional Information

IBM GSKit and Thales Enterprise HSM flier

Thales Enterprise HSM and IBM WebSEAL Solution Brief

IBM N Series NAS Filers

Thales provides advanced encryption services based on high-speed, 256-bit AES encryption for IBM NAS-based storage solutions, featuring redundant components and clustered failover for high reliability. Strengthen existing LDAP, MS AD & NIS controls by adding an additional layer of access controls, secure data for compliance mandates, and protect offline data in archives from unauthorized access or theft.

Resources and Additional Information

n series

CipherTrust Manager and IBM N Series - Solution Brief

IBM zOS: Encryption and Key Management with PKWare and Thales KeySecure

IBM z/OS: Encryption and Key Management with PKWare and Thales KeySecureKey ManagementembeddedIBM z/OS: Encryption and Key Management with PKWare and Thales KeySecureIBM z/OS mainframe users can secure their sensitive data with PKWARE Smart Encyption Platform SecureZIP for z/OS. PKWare SecureZIP for z/OS is flexible; customers can embed encryption directly into their applications, or secure mainframe databases with field-level, length-preserving encryption. In any of its deployment scenarios, end-users see no change to their experience while organizations escape needing significant changes to their underlying infrastructure. As a bonus, the ability to compress data reduces strains on bandwidth and allows customers to derive greater return on storage investments.

Thales KeySecure encryption and key management appliance secures and centralizes the administration of SecureZIP’s keys and certificates. Consolidating policy and key management simplifies administration to reduce the risk of errors and blindspots, while also freeing time for personnel to tackle other tasks. It makes key surveillance, rotation, and deletion easier which improves security.

 

 

 

IBM QRadar: Security information and Event Management with Thales KeySecure

IBM QRadar

The QRadar Security Intelligence Platform consolidates and organizes millions of points of data from network security events for better security and deeper, actionable, security insights. The platform unifies SIEM, log management, anomaly detection, and configuration and vulnerability management into one solution. Thales KeySecure’s centralized key management allows for detailed logs that can track key state changes, errors, and even application access. QRadar integrates these logs so administrators can visualize key management data for a proactive approach to enterprise key security.

Resources and Additional Information

IBM QRadar and Thales KeySecure Solution Brief

IBM XIV Storage: Storage and Archive with Thales KeySecure

IBM XIV and A9000/A9000R StorageStorage and ArchiveembeddedSecuring IBM's XIV and A9000/A9000R Storage: Enterprise Key Management with Thales KeySecure
The Solution
 
IBM's XIV and A9000/A9000R storage systems have several features built specifically for the needs of  big data. Built into XIVand A9000/A9000R is AES-256 encryption that secures the entire drive. Thales KeySecure integrates with these IBM platforms to store and centrally manage the keys for the system’s selfencrypting drives.
 

Resources and Additional Information

Securing IBM's XIV and A9000/A9000R Storage:  Enterprise Key Management with Thales KeySecure  

IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Backup and StorageembeddedSecuretly Store Keys Used in SSL TransactionsIBM Sterling B2B Integrator integrates with Thales Enterprise HSM to securely store keys used in SSL transactions.
 

 Use a Hardware Security Module (HSM)  

IBM zOS: Multi-Factor Authentication with Thales Authentication Service

IBM z/OS: Multi-Factor Authentication with Thales Trusted Access IAMembeddedIBM z/OS: Multi-Factor Authentication with Thales Trusted Access

IBM MFA for z/OS provides a way to raise the assurance level of user authentication to z/OS applications and hosting environments by allowing the use of multiple authentication factors. 

 

Building on Thales’s award winning authentication service, ThalesTrusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

Thales Authentication Service (SAS) is now Thales Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

IBM Domino and Notes

IBM DominoSaaS and Web AppsembeddedIBM Domino and Notes: SaaS and Web apps with Thales Trusted Access

IBM Notes and IBM Domino are the client and server, respectively, of a collaborative client-server software platform marketed by IBM. The IBM Notes software client simplifies today’s complex world by integrating messaging, business applications, and social collaboration into one easy-to-use workspace.

Building on Thales’s award winning authentication service, Thales Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Thales Authentication Client (SAC) is a PKI middleware application that provides a secure method for exchanging information based on public-key cryptography, enabling trusted third-party verification of user identities.  

Resources and Additional Information

Thales Authentication Service (SAS) is now ThalesTrusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

SAC Using CBA for IBM Notes

IBM Domino and Notes Traveler

IBM DominoSaaS and Web AppsembeddedIBM Domino and Notes Traveler: SaaS and Web portal with Thales Authentication Solutions

IBM® Notes® Traveler (formerly IBM Lotus® Notes Traveler) is mobile email software that provides quick access to email, calendar and contacts from a wide range of mobile devices or tablets. This no charge mobile offering is available for IBM Notes and Domino® users.

Thales Authentication Service (SAS) delivers a fully automated, versatile, and strong authentication-as-a-service solution. With no infrastructure required, Thales Authentication Service provides smooth management processes and highly flexible security policies, token choice, and integration APIs.

Thales Authentication Manager (SAM) is a comprehensive token management system. It is an out-of-the-box solution for Public Certificate Authorities (CA) and enterprises to ease the administration of Thales hardware or software tokens devices. 

Resources and Additional Information

SAS Using RADIUS Protocol for IMC with IBM Domino Notes Traveler

SAM Using RADIUS Protocol for IMC with IBM Domino Notes Traveler

 

IBM Security Access Manager (ISAM): IAM with Thales Authentication Service

IBM Security Access Manager (ISAM)IAMembeddedIBM Security Access Manager (ISAM): IAM with Thales Trusted Access

IBM® Security Access Manager (ISAM) helps you simplify your users' access while more securely adopting web, mobile and cloud technologies. This solution helps you strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation and its mobile multi-factor authentication capability, IBM Verify.

Building on Thales’s award winning authentication service, Thales Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information

Thales Authentication Service (SAS) is now Thales Trusted Access (STA).

 

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

IBM Security Key Lifecycle Manager

IBM Security Key Lifecycle ManagerKey ManagementembeddedIBM Security Key Lifecycle Manager

You can use HSM for storing master key to protect all passwords that are stored in the IBM Security Key Lifecycle Manager database.

You can enable this capability for the new installations of IBM Security Key Lifecycle Manager.

You must add the parameters to the IBM Security Key Lifecycle Manager configuration file to define a Hardware Security Module (HSM).

IBM Security Key Lifecycle Manager supports the following Thales HSMs:

  • Thales Luna SA 4.5
  • Thales Luna SA 5.0
  • Thales Luna SA 6.1
  •  

    Resources and Additional Information

    Hardware Security Module usage in IBM Security Key Lifecycle Manager

    IBM Security Key Lifecycle Manager Support Matrix 

    All Systems Go with Thales and IBM

    IBM i for Power Systems: Application Encryption with SafeNet ProtectApp and SafeNet KeySecure

    IBM i for Power SystemsDatabase and File EncryptionembeddedIBM i for Power Systems: Application Encryption with Thales ProtectApp and Thales KeySecure

    IBM i (including AS/400, i Series, and System i) is an integrated operating environment run on the IBM Power Systems server platform. IBM Power Systems using IBM i is designed to run business applications in an environment with preloaded core middleware intended to reduce setup effort and operational investment. IBM i supports virtual workloads, solutions from third-party ISVs, and IBM solutions such as DB2 and WebSphere.

    Thales KeySecure with Thales ProtectApp integrates with IBM i to encrypt application data as it is generated, helping organizations secure their data immediately in order to meet their security and compliance obligations. Thales ProtectApp uses a comprehensive set of encryption and decryption APIs to secure data from applications written in COBOL, RPG, and Java, among other languages. Because encryption and decryption is transparent, end users will not see any change to their experience - irrespective of the back-end database or file system in use, or the number of times data is backed up, stored, or copied. Additionally, Thales ProtectApp APIs can be used for digital signing and verification, secure hash algorithms (SHA), and hash-based message authentication code (HMAC). Whether it is unstructured data (such as Excel files and PDFs) or structured data (such as credit card number database fields), Thales ProtectApp secures a wide range of sensitive data from applications running on IBM i.

    Additional Information and Resources

    IBM i for Power Systems with Thales ProtectApp and Thales KeySecure solution brief

    IBM Cloud HSM with Citrix Netscaler

    IBM BigInsights

    IBM BigInsights

    IBM BigInsights – The Vormetric Data Security Platform enhances IBM InfoSphere BigInsights security by delivering high-performance data-at-rest encryption, easy-to-use key management, privileged user access control, and detailed security intelligence logs. This extensible platform is tunable to protect data as granular as specific columns within a database, as well as all the data within a given directory or an entire volume on a data node.

    IBM Security

    IBM Security

    IBM’s security portfolio provides the security intelligence needed to help organizations holistically protect their people, infrastructure, data and applications. IBM offers solutions for identity and access management, data security, application development, risk management, endpoint management, network security, and more. IBM Security's Guardium Data Encryption protects critical data with file- and volume-level protection. IBM Security's Guardium Data Encryption complements Guardium Data Activity Monitoring capabilities with file-level encryption and key management for critical data containers, policy-based access controls that decrypt information only for authorized processes and users, and file-level data access logging and alerting. Read more about our IBM eSecurity Partner's comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered protection for sensitive data assets by downloading the solution brief below.