Managed Switches
Oracle recommends a managed switch for connecting KMAs to encryption agents on private service networks. A managed switch supplies connectivity to unmanaged switches and to routers for the wide area service network.
Managed switches:
- Improve serviceability through better switch diagnostics and service network troubleshooting.
- Can minimize single points of failure on the service network through use of redundant connections and spanning tree protocol.
- Provide support for aggregation of the KMA service network interfaces to minimize single point of failure on the KMA's service interface.
Supported Managed Switch Models:
- Brocade ICX 6430 Switch (included in the Switch Accessory Kit)
- 3COM Switch 4500G 24-Port (3CR17761-91)
- Extreme Networks Summit X150-24t Switch Other managed switches can be used but engineering only provides configuration guidance on the switches above.
Port Mirroring
You can mirror ports to use a network analyzer in the service network. Ports can be mirrored on Brocade ICX 6430 switches. For configuration instructions, consult Brocade ICX 6430 Switch Configuration.
Managed Switch Configuration Example
In a managed switch configuration, if either a KMA or managed switch should fail, the agents still have a communication path to the other KMA. The managed switches are connected to unmanaged switches containing redundant paths requiring a spanning tree configuration. (Managed switches must be enabled for spanning tree whenever the cabling includes redundancy.) The service network interfaces are aggregated into a single virtual interface (see Service Network and Port Aggregation).
