OKM Clusters
A cluster is a group of Key Management Appliances (KMAs) that are aware of each other and fully replicate information to each other. The cluster provides encryption endpoints (agents) a high availability service from which they can retrieve keys.
- Clusters must contain a minimum of two KMAs and maximum of 20 KMAs.
- New keys generated at any site replicate to all other KMAs in the cluster.
- You can define sites to provide a logical grouping of KMAs within the cluster, for example a site representing the KMAs in a particular data center. You can associate encryption agents with a specific site to preference KMAs within that site.
- All administrative changes propagate to all other KMAs in the cluster.
- You can cluster multiple KMAs con a dedicated private, local, or wide area network.
- Any KMA in a cluster can service any agent on the network.
- You can use any KMA in the cluster for administration functions.
Note:
KMAs in one cluster will be unaware of those in other clusters.
Monitoring OKM
OKM supports monitoring using remote syslog, SNMP, or Oracle Hardware Management Pack. The Oracle Service Delivery Platform (SDP2) may be deployed for monitoring tape libraries and their encrypting tape drives on the service network.
Mixed Clusters and Upgrading Older KMAs
A mixed cluster contains KMAs running different OKM version. There are compatibility considerations when using a mixed cluster.
- KMAs running an OKM release earlier than OKM 3.1 should not be added to an OKM cluster where there are KMAs are running newer OKM releases. Instead, they should be initialized into their own temporary cluster, upgraded to OKM 3.3 or later, and then reset to factory default settings. They can then be added to the existing OKM cluster.
- Sun Fire X2100/X2200/X4170 M2 KMAs have reached End of Service Life. They should be replaced with SPARC KMAs.