1 Introduction to Installing and Upgrading Oracle Key Vault

Installing Oracle Key Vault entails ensuring that the environment meets the necessary requirements before you begin the installation and configuration.

1.1 About Oracle Key Vault Installation and Upgrade

Oracle Key Vault is a software appliance that is delivered as an ISO image.

The software appliance consists of a pre-configured operating system, an Oracle database, and the Oracle Key Vault application. You can install Oracle Key Vault on-premises on its own dedicated hardware, as a VM guest into your virtualization platform, or as a compute instance in your OCI tenancy (from the Oracle Cloud Marketplace at https://cloudmarketplace.oracle.com/marketplace/app/OracleKeyVault), and as a compute instance in Microsoft Azure and Amazon AWS.

In this release, you can follow the upgrade paths:

  • Oracle Key Vault release 21.x (for example, 21.2) to the current release, Oracle Key Vault 21.8.
Before you begin the installation or upgrade process for Oracle Key Vault, check the Oracle Key Vault Release Notes for any known issues that you should be aware of.

Note:

Introducing changes to the Oracle Key Vault underlying platform is not recommended. Any changes made to the core platform could prevent the Oracle key Vault software appliance to function effectively. If you make any changes, you are at your own risk and Oracle cannot guarantee proper functioning of the software appliance.

1.2 Oracle Key Vault Deployment Options

You can deploy an Oracle Key Vault multi-master cluster on dedicated hardware or as VM guests.

  • A standalone deployment is simplest to deploy. However, it does not provide continuous availability of the key service in the event an Oracle Key Vault server becomes unavailable. When you first install Oracle Key Vault, it is in a standalone environment. From there, you can configure Oracle Key Vault to be in a multi-master cluster configuration. Oracle recommends that you extend the OKV installation to a multi-master cluster with at least two nodes (one read/write pair).
  • A multi-master cluster configuration allows for up to 16 nodes (an Oracle Key Vault server that has been converted to be a member of an Oracle Key Vault multi-master cluster) and is recommended for deployments requiring high availability. This is the recommended deployment for many reasons, such as data compatibility between nodes, fault tolerance, zero data loss, no passive machines in the system, scalability, and maintenance.
  • Oracle Key Vault can be deployed on a physical server or a VM guest on a virtualized platform. Some capabilities of the virtualization platforms, such as (live) cloning of the Oracle Key Vault cluster nodes, or pausing of the cluster nodes, can lead to system instabilities and are therefore not supported.
  • You can move an Oracle Key Vault server on a virtualized platform to a physical hardware using the below steps.
    In a multi-master cluster environment:
    • Install the Oracle Key Vault server (of the same version) on your preferred compatible hardware
    • Add the new Oracle Key Vault server to the cluster as the new node
    • Delete the existing cluster node that is on the virtualized platform.
    For the standalone deployment:
    • Use the backup to restore into a new standalone Oracle Key Vault server created on a physical hardware.

1.3 Privileges Required for Performing Oracle Key Vault Installations and Upgrades

Oracle Key Vault requires users to have specific privileges to perform installations and upgrades.

You should have the following privileges:

  • For a fresh installation: Privileges to log in to the Oracle Software Delivery Cloud portal to download the current Oracle Key Vault installation software.
  • The root privilege for the server where you will perform the installation or upgrade
  • For upgrade of an existing Oracle Key Vault deployment: Privileges to log in to the Oracle Support portal to download the current Oracle Key Vault upgrade software.
  • For performing upgrades, in addition to the preceding privileges, you must have the Oracle Key Vault System Administrator role to disable and re-enable the upgraded Oracle Key Vault cluster node.

1.4 Oracle Key Vault Pre-Installation Checklist

The pre-installation checklist covers all the requirements to successfully install Key Vault.

Table 1-1 Oracle Key Vault Pre-Installation Checklist

Item# Check Task

1. [ x ]

New changes or issues that you should be aware of

See Oracle Key Vault Release Notes

2. [ x ]

System requirements

Confirm that you have enough CPU, memory, and disk as described in System Requirements.

3. [ x ]

Open all the required network ports in your firewall

For details on network ports, see Network Port Requirements.

4. [ x ]

Supported endpoint platforms

See Supported Endpoint Platforms.

5. [ x ]

Set the COMPATIBLE initialization parameter for the online master encryption key (previously TDE direct connect).

Guidance for setting this parameter for Oracle Database 12.1.0.2 or later is in Supported Endpoint Platforms.

6. [ x ]

Get a fixed IP address, network mask, gateway, and NTP addresses from your network administrator.

You will need this information for Step in Installing the Oracle Key Vault Appliance Software