1. Installation and Administration Guide
  2. About Oracle Key Manager
  3. Networking
  4. Network Connections on the KMA

Network Connections on the KMA

Each KMA has connections for the management network, service network, and ILOM.

The figure below shows the KMA network connections for the SPARC T7-1. The KMA network connections on a SPARC T8-1 are similar.

Note:

Each Ethernet connection requires an IP address. Addresses not assigned using DHCP must be static.

Figure 1-7 KMA Network Connections Example — SPARC T7-1

Figure showing SPARC T7-1 network connections

Table 1-7 KMA Network Connections - T8-1 and T7-1

Port Connects To Description

SER MGT

Service Rep Laptop

Serial connection to the ILOM. The ILOM IP address is most easily configured using this connection.

NET MGT

Service Rep Laptop

Optional Ethernet connection to the ILOM. This port is not available until you configure the ILOM IP address.

NET 0

OKM GUI

Required connection to the Management Network. This network connects the server to the OKM GUI as well as to other KMAs in the cluster. The Management Network can be local, remote, or a combination of both. Customers are expected to provide the management network.

NET 2

Service Network

Required connection to the Service Network. This network connects the server to the tape drives, either directly or through Ethernet switches.

NET 3

Aggregate Network

Optional connection to the Aggregated Network and provides aggregation with NET 2.

Management Network

The management network connects the KMA to other KMAs in the cluster for peer-to-peer replication.

The OKM Manager GUI, CLI, and other admin tools (such as Remote Console and SNMP) use the management network. Customers are expected to provide the management network. Use a gigabit Ethernet, or faster, connection for optimal replication and performance.

Agents may also connect to the management network if the service network is inappropriate due to its isolation properties. For additional security and to isolate LAN traffic, you may want to use Virtual Local Area Networks (VLANs) to connect to the management network.

Service Network and Port Aggregation

The service network connects the OKM cluster to the agents and isolates key retrievals from other network traffic. The physical ports of the KMA can optionally be aggregated into a single virtual port.

Agents may connect to the OKM cluster by the management network, if desired.

You can optionally aggregate the physical Ethernet interfaces of the service network (NET 2 and NET3) into a single virtual interface. Aggregating these ports provides additional availability — if a failure occurs with either port, the other port maintains connectivity. Make sure the Ethernet switch ports have the correct configuration:

  • Set to auto negotiate settings for duplex (should be full duplex).
  • Set to auto negotiate speed settings, the KMA ports are capable of gigabit speeds.
  • Using identical speeds, such as: both set to 100 Mbps (auto speed negotiating may work fine).

Note:

  • There may be an order or connection dependency. Create the aggregation group on the switch before connecting the KMAs service port.
  • If the aggregated IP address (IPv4 or IPv6) is not responding, reboot the KMA.

A System Dump using the Management GUI will contain aggregated port information. The information is gathered using dladm commands.