1. Installation and Administration Guide
  2. Plug-in Management
  3. View Metrics and Reports about the OKM Cluster

View Metrics and Reports about the OKM Cluster

The Oracle Enterprise Manager Cloud Control administrator can view information about the OKM cluster within OEM.

Information includes a summary, agent performance, and KMA performance. The primary way to gather information about monitored instances of OKM appliances is viewing metrics. As a rule, more “point in time" information is available in raw metric information than in reports.
  1. Log in to Enterprise Manager Cloud Control.
  2. Go to Targets > All Targets and select the OKM Cluster as the target.
  3. From the target's home page, select Oracle Key Manager > Monitoring > All Metrics.
  4. View the categories and information collected from the last collection interval.
  5. The raw metric information that you have access to can be found in Metrics Collected by the Plug-In.

Metrics Collected by the Plug-In

Oracle Enterprise Manager Cloud Control displays a direct mapping of information collected in the target OKM cluster.

The table below shows the mapping information. Information collected by the System Attributes from the Workflow data set indicates items that cannot be enabled/disabled by an administrator. This information is collected through scripts on each OKM storage appliance.

Table 2-1 Metric and Collection Information

Metric Name Column Polling Interval (Minutes)

Response

Status (conditions disabled)

5

Agent Performance

AgentID (key field)

Requests per hour (conditions disabled)

Failures per hour

Warnings per hour

60

Cluster Status

HSM Status (conditions disabled)

KMA Name (key field)

Lag Size (conditions disabled)

Locked status

Ready Keys Backed Up (%)

Responding

Service Responding (conditions disabled)

Version

10

Configuration

Cluster Information

FIPs Mode (conditions disabled)

Latest Backup

Replication Schema Version

Sites

Unenrolled Agents

1440 (1 Day)

Entity Security Violations

Entity ID (key field)

Violations per Hour

60

KMA Availability

KMAs

Not Responding

Responding

10

KMA Lock Status

KMAs

Locked

Unlocked

10

KMA Performance

Requests per Hour (conditions disabled)

Warnings per Hour

KMA Name (key field)

Failures per Hour

60

KMA Security Violations

KMA Name (key field)

Violations per Hour

60

Default Threshold Values

You can set custom thresholds for some metrics within Oracle Enterprise Manager Cloud Control.

The alerts received are contained within the product and are not set as Alerts and Thresholds on the OKM storage appliance itself. The table below shows metrics that have thresholds set with their default values.

Table 2-2 Metrics and Default Threshold Values

Metric/Columns Comparison Operator Warning Critical Purpose

Agent Performance/Failures per Hour

>

5

NA

Issued when an OKM client (such as a tape drive or ZFS Storage Appliance) gets many request failures within the last hour.

Agent Performance/Requests per Hour

<

NA

NA

Issued when an OKM client is not sending any requests within the last hour (users can use this to indicate a client that is not encrypting).

Cluster Status/HSM Status

CONTAINS

NA

NA

Issued when the HSM status text matches a certain condition. CONTAINS can be set to "SOFTWARE" to indicate that a KMA is using software for encryption rather than an SCA6000 card (if installed). CONTAINS can be set to "ERROR" to indicate that an error has occurred with either software or hardware encryption.

Cluster Status/Lag Size

>

NA

NA

Issued if the lag size of a KMA gets large. A large lag size indicates a KMA is way behind on updates.

Cluster Status/Ready Keys Backed Up (%)

<

15

1

Issued if the no keys in the ready key pool have been backed up. If the keys have not been backed up and something happens to the cluster, the keys cannot be retrieved and encrypted data will not be able to be decrypted.

Cluster Status/Service Responding

<

NA

NA

Issued to indicate the service network of a KMA is not responding. 1 indicates the service network is responding, 0 indicates it is not responding, and a blank indicates it is not reachable or the response status is unknown.

Configuration/FIPs Mode

<

NA

NA

FIPs mode is 1 if enabled, 0 if disabled. Users can use this to indicate the cluster is not running in FIPs mode.

Configuration/Replication Schema Version

<

NA

14

Issued if the cluster replication schema version is downlevel. After an upgrade of the cluster, the replication schema version should set to the maximum.

Configuration/Unenrolled Agents

>

NA

NA

Issued to indicate potential incomplete configuration of a cluster if not all agents have yet enrolled.

Entity Security Violations/Violations per Hour

>

1

5

Issued for an OKM client that has multiple security violations within the last hour.

KMA Availability/Responding

<

2

1

Issued when KMAs in the cluster stop responding.

KMA Lock Status/Locked

>

0

NA

Issued when KMAs are locked. KMAs must be unlocked before they can provide encryption keys.

KMA Performance/Failures per Hour

>

5

NA

Issued when a KMA gets many key request failures within an hour.

KMA Performance/Requests per Hour

<

NA

NA

Issued when a KMA has not provided any keys within an hour. Could be used for performance monitoring.

KMA Security Violations/Violations per Hour

>

1

5

Issued for a KMA that has had multiple security violations within the last hour.