Thales provides advanced encryption services based on high-speed, 256-bit AES encryption for IBM NAS-based storage solutions, featuring redundant components and clustered failover for high reliability. Strengthen existing LDAP, MS AD & NIS controls by adding an additional layer of access controls, secure data for compliance mandates, and protect offline data in archives from unauthorized access or theft.

Resources and Additional Information

CipherTrust Manager and IBM N Series - Solution Brief

DB2 for IBM i is an advanced relational database management system (RDBMS) that is pre-installed on the IBM i operating system. It supports applications and development environments running on the IBM i platform and uses several IBM Power System features, such as Dynamic Logical Partitioning, cost-based query optimizer, Capacity Upgrade on Demand, and PowerVM virtualization. The new FIELDPROC exit point in DB2 for IBM i allows users to secure sensitive application data with transparent encryption using third-party encryption APIs.

Thales ProtectApp is an application encryption solution that integrates with DB2 for IBM i to encrypt data at the field and column level without requiring changes to the database or the format of the fields it secures. With Thales KeySecure, Thales ProtectApp also centralizes application encryption policy and key management to increase the level of control that administrators have over their data. Thales ProtectApp uses a comprehensive set of encryption and decryption APIs to secure data from applications written in COBOL, RPG, and Java, among other languages. Because encryption and decryption is transparent, end-users will not see any change to their experience and the data is secured in the database. In addition to the encryption solution for DB2 for IBM i, Thales ProtectApp offers APIs for digital signing and verification, secure hash algorithms (SHA), and hash-based message authentication code (HMAC), making it a versatile and important component of any organization’s security infrastructure.

Resources and Additional Information

Encrypting Sensitive Data in DB2 for IBM i (AS400) - Solution Brief

IBM's XIV and A9000/A9000R storage systems have several features built specifically for the needs of big data. Built into XIV and A9000/A9000R is AES-256 encryption that secures the entire drive. Thales CipherTrust integrates with these IBM platforms to store and centrally manage the keys for the system’s self-encrypting drives.

Resources and Additional Information

Securing IBM's XIV and A9000/A9000R Storage: Enterprise Key Management with Thales CipherTrust  

IBM WebSphere Application Server is a software platform for deploying enterprise Java based applications utilizing IBM HTTP Server. Websphere allows organizations to extend packaged and legacy programs – including applications from non-IBM servers such as Tomcat, JBoss and Oracle – to the web.

Thales HSMs provides key management security for certificates and certificate-based authentication (including import of trusted CA certificates from software based keystore to hardware based keystores), self-signed certificate generation, and personal certificate requests via the IBM Key Management Utility. In addition, Thales HSMs offloads cryptographic operations such as signing for associated private keys, and accelerates SSL operations to free valuable compute resources on the server.

Thales Authentication Client (SAC) is a public key infrastructure (PKI) middleware that provides a secure method for exchanging information based on public key cryptography, enabling trusted third-party verification of user identities. Thales certificate-based tokens provide secure remote access, as well as other advanced functions, in a single token, including digital signing, password management, network logon, and combined physical/logical access.

Resources and Additional Information

IBM Websphere Application Server and Thales Luna HSM and Thales Data Protection on Demand Integration Guide

Using SAC CBA for IBM WebSphere Application Server

IBM Websphere MQ is a messaging middleware that simplifies the integration of diverse applications and business data across disparate platforms. IBM MQ sends and receives message data through messaging queues to facilitate secure, reliable and assured information exchange between applications, systems, services and file. These queues simplify: business application creation and maintenance, deployment of enterprise-wide messaging, and connectivity for the internet of things and mobile devices.

IBM Websphere MQ integrates with Thales Luna HSM to securely store keys used in SSL transactions.

Resources and Additional Information

IBM Websphere MQ and Thales Luna HSM Integration Guide

IBM DB2 is the database of choice for enterprise-wide solutions Optimized to deliver industry-leading performance while lowering costs, IBM DB2 offers extreme performance, flexibility, scalability and reliability for any size organization.

Resources and Additional Information

IBM DB2 with Thales Luna HSMs Integration Guide

IBM and Thales, via IBM Security Access Manager and Thales Luna HSM, deliver integrated capabilities that enable customers to optimize the security and performance of online communications and transactions. Together, enterprises can harness secure key and certificate storage and robust SSL acceleration to protect their online presence and business applications, along with transactions.

IBM Security Access Manager includes a high-performance web server that allows customers to apply fine-grained security policies to their web-based Security Access Manager environments. ISAM provides single sign-on capabilities and enables customers to apply policies to back-end web application server resources. Using IBM Global Security Kit (GSKit) libraries, ISAM WebSEAL uses encryption to secure network communications. To maintain the integrity of SSL operations, ISAM stores encryption keys at the root of the SSL handshake in Thales Luna HSMs.

Resources and Additional Information

Thales Luna HSM and IBM Security Access Manager Integration Guide

IBM DataPower Gateway is a security and integration platform for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. It enables you to rapidly expand the scope of valuable IT assets to new channels—giving customers, employees and partners access to critical resources. It helps you quickly secure, integrate, control and optimize access to a range of workloads through a single, extensible gateway platform available in both physical and virtual form factors.

Thales Luna Enterprise HSM provides key management security for certificates and certificate-based authentication (including import of trusted CA certificates from software based keystore to hardware based keystores), self-signed certificate generation, and personal certificate requests via the IBM Key Management Utility. In addition, Luna Enterprise HSM offloads cryptographic operations such as signing for associated private keys, and accelerates SSL operations to free valuable compute resources on the server.

Additional Resources:

DataPower Gateway Virtual Appliance and Thales Luna Network HSM Integration Guide