Agents (Encryption Endpoints)
Agents are devices or applications that use cryptographic keys to encrypt and decrypt data.
Agents obtain encryption key material from OKM over a secure (TLS) session and communicate with KMAs through the agent API (a set of software interfaces incorporated into the agent hardware or software). See How Agents Retrieve Keys from a KMA.
Agents must remain connected to the OKM network in the event an encryption key is needed. KMAs and agents can be logically grouped to create a site, where agents reference KMAs within the site to which they are assigned. Always install and test encryption end points before adding the encryption capability to them.
Types of endpoints include:
- Oracle Database with Transparent Data Encryption (TDE)
- Oracle Solaris 11 ZFS Encryption
- ZFS Storage Appliance
- Encryption Capable Tape Drives
See also: Enroll Agents.