Description of the illustration okvag_vm_004.png

This figure describes the Key Vault deployment architecture, which is comprised of endpoints that connect to Oracle Key Vault, Oracle Key Vault itself, and the user interface and backup locations.

Endpoints: Endpoints can be configured with the okvutil endpoint utility, which you use to back up and restore credential files and wallets. The endpoint library includes the PKCS#11 library working with Key Management Interoperability Protocol (KMIP) for the TDE direct connection feature (online master key). The endpoint itself can be a third-party KMIP client database and other clients. These endpoint components connect to the Oracle Key Vault server using KMIP over a Transport Layer Security (TLS) connection.

Oracle Key Vault server: Oracle Key Vault can be deployed in the following environments: standalone, primary and standby, and multi-master clusters.

The client user interface for the Oracle Key Vault server is the Key Vault management console, using an HTTPS connection. The Oracle Key Vault server uses the secure copy protocol (SCP) for remote backup locations.