Sample OKM Cluster Configurations

• Single Site OKM Configuration
• Dual Sites OKM Configuration
• Dual Sites OKM Configuration with Disaster Recovery
• Multiple Sites OKM Configuration with Partitioned Library

Single Site OKM Configuration

A single site configuration contains the OKM cluster and agents at a single site.

The figure below shows a single site with two KMAs in a cluster. The service network includes multiple tape drives (agents).

Figure 1-2 Single Site Configuration

Description of "Figure 1-2 Single Site Configuration"

Dual Sites OKM Configuration

A dual site configuration has the OKM cluster split between multiple physical locations.

In the figure below, each site contains a KMA. The KMAs are managed over a wide area network, and both KMAs belong to the same OKM cluster. In this configuration, Oracle recommends geographically-dispersed sites.

Figure 1-3 Dual Site Configuration

Description of "Figure 1-3 Dual Site Configuration"

In the figure below, four KMAs in a cluster are supporting two automated tape libraries and an Oracle database with Advanced Security Transparent Data Encryption (TDE) solution. For more information, refer to Advanced Security Transparent Data Encryption (TDE).

Figure 1-4 Database Example

Description of "Figure 1-4 Database Example"

Dual Sites OKM Configuration with Disaster Recovery

Having multiple geographically disperse sites form the cluster reduces the risk of a disaster destroying the entire cluster.

In the figure below, there are two wide area networks — one for key management and one for service. The OKM GUI communicates with both KMAs in the cluster, and the service wide area network allows either KMA to communicate with the agents.

Figure 1-5 Disaster Recovery Configuration

Description of "Figure 1-5 Disaster Recovery Configuration"

Multiple Sites OKM Configuration with Partitioned Library

When using encryption-capable tape drives, partitions can add a layer of data security. Partitions can:

• Limit access to tape drives and data cartridges.

• Separate different encryption key groups.

• Isolate clients as service centers.

• Be dedicated for specific tasks.

• Give multiple departments, organizations, and companies access to appropriate sized library resources.

The figure below shows two remote sites and a local (main) site, all within one OKM cluster. The main site contains a partitioned library with specific key groups that provide backup facilities for all the KMAs (1–6) and media within the cluster.

For more information about partitioning, see the tape library's documentation.

Figure 1-6 Multiple Site Configuration

Description of "Figure 1-6 Multiple Site Configuration"