Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1683515.1
Update Date:2014-06-18
Keywords:
Solution Type  Technical Instruction Sure

Solution  1683515.1 :   Oracle Key Manager (OKM) - How to Break a Cluster and Relocate the KMAs to Another Site  

Related Items 
    

  • Sun StorageTek Crypto Key Management System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Goal


Solution



Created from <SR 3-9161141141>


Applies to:  

Sun StorageTek Crypto Key Management System - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.



Goal


What is the procedure to break an OKM cluster and move the KMAs to another site?
What is the procedure to follow on how to split an existing OKM cluster?
How to relocate KMAs to another site?
 


Solution


1. Determine if there are agents that are receiving keys from the KMAs that will be relocated to another site.
     - If the KMA is the only source of keys for these drives, change the site ID of the agents in order for the drives to receive keys from another KMA. 
     - Run tests to see if the drives are receiving keys from this KMA.

2. Lock the KMAs that will be relocated
     - On the OKM GUI, select: Local Configuration > Lock/Unlock KMA

3. Offline the KMAs that have been locked.  For each of these KMA's, do the following: 
     - Bring up the KMA's OKM Console and select the "Shutdown KMA" option.
     - Once the shutdown is complete, you can power down the KMA.
  
 4. Move the KMAs and drives to the new location. 
    Note: Well ahead of the scheduled move date, inform the local Oracle account or service manager of the plan to move the equipments to another location.  They will determine if an Oracle Field Engineer is needed to move the equipment in order to avoid voiding the warranty.
.
5. Power up the KMAs and bring up the OKM Console for each server. Change the KMA IP addresses, if needed.
     Note: Earlier versions of OKM do not have options to change the IP addresses from the OKM Console. If such is the case, run Quickstart to 
               configure the KMAs network connections. 
  
6. If there is a problem bringing up the KMA, do the following:
     - Reset the KMA to factory default state 
     - Run the Quickstart program 
     - Join the KMAs to the cluster.

7. When the KMAs have re-joined the cluster, unlock the KMAs through the OKM GUI.

8. Run tests to make sure that drives are able to receive keys from the relocated KMAs.


 


Should problems arise with the KMAs not joining the cluster or drives not receiving keys from the relocated KMAs, open a service request in MyOracle Support and, if possible, attach an OKM system dump.
 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback