1. Installation and Administration Guide
  2. Sites, KMAs, Agents, and Data Units
  3. Manage Data Units
  4. View and Modify Data Units

View and Modify Data Units

View a list of data units associated with the cluster. Modify data unit details.

Available to: Operator (can modify), Compliance Officer (can modify Key Group and Compromise keys), All other roles (can view)
  1. From the Data Units menu, select Data Unit List.
  2. Select a data unit, and then click Details...
  3. On the General tab, modify the information as required.

    Note:

    If the Description field contains the string "PKCS#11v2.20," this represents a special key used for Oracle Database Transparent Data Encryption (TDE). Do not change this field. Doing so can alter the way OKM interacts with TDE.
  4. Click Save.

Data Unit List - Field Descriptions

The following are descriptions of the fields within the Data Unit List of OKM Manager.

  • Data Unit ID - System-generated unique identifier that distinguishes each data unit.
  • External Unique ID - Unique external identifier for the data unit.
    • This value is sent to the OKM by the agent and may not be externally visible to an end user. For LTO Gen 4 and Gen 5 tapes, this is the cartridge serial number burned into the cartridge when it is manufactured. Do not confuse this value with a volser on an optical barcode or in an ANSI tape label. This value is not used for StorageTek tape drives.
  • Description - Describes the data unit.
  • External Tag - Unique external tag for the data unit.
    • For tapes that are in a StorageTek tape library, or tapes that have ANSI standard labels, this field is the volser. If the tape is in a library and has an ANSI label, the library volser (that is, optical bar code) is used if it differs from the volser contained in the ANSI label. For tapes written in stand-alone drives without ANSI labels, this field is blank.
    • For data units written by LTO Gen 4 and Gen 5 tape drives, this field is padded on the right with blanks to fill in 32 characters. It may be more convenient for you to use the "Starts With ~" filter operator instead of the "Equals =" filter operator, so that you do not have to add the blanks to pad the External Tag. For example, if you use the "Starts With" filter, you could enter: "External Tag" ~ "ABCDEF". If you use the "Equals" filter for the same example, you would need to enter: "External Tag" = "ABCDEF " (padded to fill 32 characters).
  • Create Date - Date and time when the data unit was created/registered.
  • Exported - If true, the keys associated with this data unit have been exported.
  • Imported - If true, the keys associated with this data unit have been imported.
  • State - State of the data unit. Possible values are:
    • No Key: Set when the data unit has been created, but has not yet had any keys created.
    • Readable: Set when the data unit has keys that allow at least some parts of the data unit to be decrypted (read).
    • Normal: Set when the data unit has keys that allow at least some parts of the data unit to be decrypted (read). In addition, the data unit has at least one protect-and-process state key that can be used to encrypt data. The data unit is therefore writable.
    • Needs Re-key: Set when the data unit does not have at least one protect-and-process state key. Data should not be encrypted and written to this data unit until the data unit is rekeyed and a new, active key is assigned to it. It is the responsibility of the agent to avoid using a key that is not in protect-and-process state for encryption. The data unit may have keys that are in process only, deactivated, or compromised state. A key in any of these three states can be used for decryption.
    • Shredded: Set when all of the keys for this data unit are destroyed. The data unit cannot be read or written. However, a new key can be created for this data unit, moving its state back to Normal.