Changes in This Release for Oracle Key Vault

This Oracle Key Vault release introduces new features that enhance the use of Oracle Key Vault in a large enterprise.

Changes for Oracle Key Vault Release 21.1

Oracle Key Vault release 21.1 introduces several new features.

Dual NIC Network Interface Support

Starting with this release, Oracle Key Vault supports the use of two network interfaces, referred to as dual NIC configuration.

In a dual NIC configuration, Oracle Key Vault combines the two network interfaces into a single logical interface using the Linux NIC bonding mechanism to provide redundancy at the network layer. The dual NIC configuration maintains the network availability of an Oracle Key Vault in case one of the interfaces becomes unavailable. Depending upon the dual NIC configuration mode, load balancing of the network traffic may also be achieved.

This type of configuration is particularly useful in large Oracle Key Vault deployments where need for operational continuity is higher despite physical or software failures. Configuring a dual NIC network interface helps to avoid the scenario where, for example, a network interface associated with an Oracle Key Vault server becomes unavailable, which can result in a loss of communication between the Oracle Key Vault nodes and between endpoints and Oracle Key Vault server.

In previous releases, Oracle Key Vault supported only one network interface. When you install and configure Oracle Key Vault in this release, you have the option of using a single network interface (Classic mode) or using dual NIC mode.

LDAP User Authentication and Authorization in Oracle Key Vault

Starting with this release, you can configure authentication and authorization of Oracle Key Vault users to be centrally managed in a Microsoft Active Directory.

This feature benefits large deployment environments where enterprise users are centrally managed in a Microsoft Active Directory. Centrally managing users, as opposed to creating user accounts in different systems and applications, is not only easier and more efficient for administrators, it improves compliance, control, and security. You enable the Microsoft Active Directory users to authenticate with Oracle Key Vault through the use of their directory credentials. You manage the authorization of the directory users in Oracle Key Vault through mapping definitions between Microsoft Active Directory groups and Oracle Key Vault administrative roles or user groups. When a directory user successfully logs in to Oracle Key Vault the first time, Oracle Key Vault automatically creates an Oracle Key Vault user account for this user.

RESTful Services Utility Command-Line Interface for Appliance Management

In this release, the the RESTful service command-line interface has been expanded and redesigned to provide more functionality.

This redesign includes the following:

  • Structured and simplified command-line interface with the following format:
    okv category resource action configuration-options command-options 
  • Profile support in configuration file to centrally administer multiple Oracle Key Vault endpoints.
  • JSON support for command input and output.
  • New commands to support system management tasks and monitoring of deployments, in addition to the enhancements for the current functionality for endpoints, wallets, and security objects.

In previous releases, the RESTful command-line interface covered only endpoint, wallet, and security object management commands. The addition of system management commands, which include commands for backup operations and server operations for standalone, multi-master, and primary-standby environments, benefits large deployments where the automation of these types of configuration is needed.

The previous RESTful services APIs are still supported.

Support for SFTP to Transfer External Backups

Oracle Key Vault now supports the use of SSH Secure File Transfer Protocol (SFTP) for the transfer of (scheduled) external backups to remote backup destinations.

SFTP enables the use of ZFS Storage Appliance as a backup destination. The use of Secure Copy Protocol (SCP) is also supported.

Development Using the Java SDK

This release introduces a new Java language software development kit that you can use to integrate endpoints with the Oracle Key Vault server.

The Java SDK enables developers to create their own custom endpoint integration solutions for Oracle Key Vault.

Development Using the C SDK

This release introduces a new C language software development kit.

The C SDK allows developers to create their own custom endpoint integration solutions for Oracle Key Vault.

Changes for Oracle Key Vault Release 18.6

Oracle Key Vault release 18.6 introduces the following new features.

New Privileges to Enable Regular Administrators to Manage Endpoints and Endpoint Groups

Oracle Key Vault RESTful services are used for automated endpoint enrollment.

Oracle Key Vault regular users can now be authorized to manage endpoints and endpoint groups without having to grant them administrative roles. Previously, the user required the System Administrator role to manage endpoints and Key Administrator role to manage endpoint groups. These are powerful administrative roles. Not all Oracle Key Vault operations necessarily require all the functionality provided by these administrative roles. Users setting up the Oracle Key Vault endpoints using RESTful services need privileges for endpoint enrollment, provisioning and endpoint group setup. With Oracle Key Vault release 18.6, a regular user can be granted create endpoint, manage endpoint, create endpoint group and manage endpoint groups privileges to do just that. Furthermore, the new privileges enable isolation among users managing different set of endpoints and endpoint groups. These users get full control on the management of a set of endpoints and endpoint groups that they are authorized to manage, but they cannot affect any other endpoints or endpoint groups, unlike users with the administrative roles.