1. Administrator's Guide
  2. Oracle Key Vault Multi-Master Cluster Operations

A Oracle Key Vault Multi-Master Cluster Operations

There are restrictions and conditions for Oracle Key Vault multi-master cluster operations on cluster nodes.

Table A-1 Oracle Key Vault Multi-Master Cluster Operations on Cluster Nodes

Management Console Tab and Operation Read-Only Node Read-Write Node in Read-Only Restricted Mode Read-Write Node in normal (Read-Write) Mode
Home tab No restrictions No restrictions No restrictions
Endpoints tab
Endpoints
  • Add, Delete
  • Suspend, Resume
  • Reenroll
Endpoint Groups
  • Create Group
  • Delete Group
Update Endpoint Settings
Updated only via replication from a read-write node Updated only via replication from a read-write node Directly updated using client tools on this node

Also updated by replication from other read-write nodes
Keys and Wallets tab
Wallets
  • Create, Delete, Edit
Keys, Secrets & Objects
  • Delete
  • Edit
    • Update
    • Revoke, Destroy
    • Change Wallet Membership
 Updated only via replication from a read-write node Updated only via replication from a read-write node Updated using client tools on this node.

Also updated by replication from other read-write nodes.

Reports tab

Audit

  • Generate audit report
  • Export audit records
  • Delete audit records
Reports
  • Generate any report
Alerts
  • View alerts
  • Configure alerts
 No restrictions No restrictions No restrictions
Users tab
Users
  • Create, Delete
  • Check Conflict Status
Manage Access (User Groups)
  • Update
  • Add, Remove Wallet Access
  • Add, Remove Members
Change Password
Updated only with replication from a read-write node Updated only with replication from a read-write node Updated using client tools on this node

Also updated by replication from other read-write nodes

There are additional considerations and restrictions based on the status of the user name and user group name.
System tab
System Settings
  • Reboot, Poweroff
  • Edit Network Details
  • Edit Network Services
  • Edit System Time
  • Edit DNS
  • Enable FIPS Mode
  • Configure Syslog
  • Enable Audit Vault Integration
 Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node.

The DNS settings and System Time are not set for the cluster here.
System tab
Cluster System Settings
  • Edit System Time
  • Edit DNS
  • Edit Max Disable Node Duration
  • Enable RESTful Services
  • Configure Syslog
 Updated only with replication from a read-write node Updated only with replication from a read-write node Updated using client tools on this node

Also updated by replication from other read-write nodes
System tab
Audit Settings, Scope 'Node'
  • Enable Auditing
  • Replicate Audit Records
  • Send Audit to Syslog
 Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node.
System tab
Audit Settings, Scope 'Cluster'
  • Enable Auditing
  • Replicate Audit Records
  • Send Audit to Syslog
 Updated only with replication from a read-write node Updated only with replication from a read-write node Updated using client tools on this node.

Also updated by replication from other read-write nodes
System tab
Email Settings
  • Edit
 Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node.
System tab
Monitoring Settings, Scope 'Node'
  • Enable Monitoring
  • Limit Access
  • Edit
 Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node.
System tab
Monitoring Settings, Scope 'Cluster'
  • Enable Monitoring
  • Limit Access
  • Edit
 Updated only with replication from a read-write node Updated only with replication from a read-write node Updated using client tools on this node

Also updated by replication from other read-write nodes
System tab
System Backup
  • Configure
  • Perform Backup
  • Perform Restore
 Node is used to update these settings. The updates are local to the node.

A backup can only be restored to a standalone Oracle Key Vault server.

Restoring a backup implies that the entire cluster has failed and needs to be rebuilt.

 Node is used to update these settings. The updates are local to the node.

A backup can only be restored to a standalone Oracle Key Vault server.

Restoring a backup implies that the entire cluster has failed and needs to be rebuilt.

 Node is used to update these settings. The updates are local to the node.

A backup can only be restored to a standalone Oracle Key Vault server.

Restoring a backup implies that the entire cluster has failed and needs to be rebuilt.
System tab
Console Certificate
  • Generate, Upload
 Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node.
System tab
SSH Tunnel Settings
  • Add, Delete
  • Edit
 Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node.
System tab
HSM
  • All operations
 Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node. Node is used to update these settings. The updates are local to the node.
Cluster tab
Management section
  • Add Node
  • Delete Node
  • Force Delete Node
  • Disable Node
  • Enable Node
 A node in the ACTIVE state may be used to add, delete, force delete, or disable a node.

When adding a node, selecting Add Node as a Read-Write Peer creates a read-write pair.

Only a disabled node may enable itself.

Delete and force delete have special considerations as noted.

 A node in the ACTIVE state may be used to add, delete, force delete, or disable a node.

When adding a node, this node cannot be added as a read-write peer to the new node, as it is already in a read-write pair.

Only a disabled node may enable itself.

Delete and force delete have special considerations as noted.

 A node in the ACTIVE state may be used to add, delete, force delete, or disable a node.

When adding a node, this node cannot be added as a read-write peer to the new node, as it is already in a read-write pair.

Only a disabled node may enable itself.

Delete and force delete have special considerations as noted.
Cluster tab
Monitoring
  • View information
  • Enable, Disable link state
 Node can access and update these settings. The updates are local to the node. Node can access and update these settings. The updates are local to the node. Node can access and update these settings. The updates are local to the node.
Cluster tab
Conflict Resolution
  • Edit
  • Accept
 Node can access but not resolve conflicts.

Updates are received only from active read-write nodes in the cluster through replication.

 Node can access but not resolve conflicts.

Updates are received only from active read-write nodes in the cluster through replication.

 Node can access and resolve conflicts.

Updates are propagated to all other nodes in the cluster.
Join read-write pair Only through induction from a read-only node. Requires Add Node as Read-Write Peer set to Yes. Not applicable. Since this node is already a member of a read-write pair, when replication is once again available from this node to its read-write peer, it will return to its read-write state. Not applicable